EU:EU AI Act — high-risk system obligations phasing in through Aug 2026USA:8 new US state privacy laws now in force (DE, IA, NE, NH, NJ, MN, MD, TN)Maryland:Maryland Online Data Privacy Act now effective — strictest US data-minimization rules yetCalifornia:CCPA updates: ADMT, risk assessments & cybersecurity audit rules finalizedColorado:Colorado AI Act takes effect 2026 — duty of care for high-risk AIIndia:India's DPDP Act rules notified — consent, breach notice & data-fiduciary duties incomingEU:GDPR enforcement intensifies — AI-training data & dark-pattern fines on the riseGlobal:Cross-border transfer scrutiny grows — DPF, SCCs & data-localization rules tightening
0

Field notes

Working notes on AI governance, privacy, and compliance. Written by the people doing the job.

Practical guides, regulatory deep dives, and lessons from working inside regulated-data programs. No vendor marketing — the stuff our customers actually want to read.

01 · Recent posts

More from the field.

AI GOVERNANCE

June 11, 2026

What Is AI Governance? Definition, Framework & How It Works

A clear definition of AI governance, the core pillars, how it differs from data governance, and how it maps to the EU AI Act, NIST AI RMF, and ISO 42001.

9 min read

COMPLIANCE

June 11, 2026

EU AI Act and GDPR: What Enterprises Must Do

How the EU AI Act and GDPR overlap, what each requires, the compliance deadlines through 2027, the penalties, and a practical checklist for enterprises.

10 min read

SECURITY

June 11, 2026

How to Prevent Data Leakage in LLMs and Generative AI

Where generative AI leaks sensitive data — training, prompts, retrieval, outputs — and the layered controls that stop it.

9 min read

AI GOVERNANCE

June 11, 2026

AI Risk Frameworks: NIST AI RMF vs ISO 42001 vs EU AI Act

How the three main AI risk frameworks differ, how they fit together, and which to use — voluntary method, certifiable standard, and binding law.

9 min read

DATA PRIVACY

June 11, 2026

Data Discovery and Classification for AI: Find PII Before Models Do

You cannot govern data you cannot see. What to classify, how automated classification works, and how it protects AI pipelines.

8 min read

COMPLIANCE

June 11, 2026

Consent Management in the Age of AI

AI creates new uses of personal data, each needing its own lawful basis. How consent and lawful basis work, and what good AI consent management looks like.

8 min read

COMPLIANCE

June 11, 2026

DPIA for AI Systems: When You Need One and How to Run It

When a Data Protection Impact Assessment is required for AI, how it relates to an EU AI Act FRIA, and a step-by-step way to run one.

8 min read

AI GOVERNANCE

June 11, 2026

AI Governance Platform: Capabilities and How to Choose

The core capabilities of an AI governance platform, how it differs from MLOps and GRC, and a buyer's checklist for evaluating one.

9 min read

AI GOVERNANCE

October 5, 2025

AI Governance Best Practices for Enterprise

Effective AI governance frameworks for responsible AI deployment, model risk management, and EU AI Act readiness.

8 min read

DATA PRIVACY

October 1, 2025

Data Mapping and Discovery: A Practical Guide

Step-by-step approach to discovering, mapping, and classifying sensitive data across cloud, hybrid, and on-prem systems.

10 min read

COMPLIANCE

September 28, 2025

CCPA vs GDPR: Key Differences Explained

Similarities, divergences, and the operational moves needed to be compliant with both — without duplicating effort.

7 min read

DATA PRIVACY

September 25, 2025

PII Detection Strategies for Modern Enterprises

Modern techniques for identifying personal information in structured, semi-structured, and unstructured data.

9 min read

HEALTHCARE

September 20, 2025

HIPAA Compliance for Healthcare Organizations

Practical guide to HIPAA compliance: patient data protection, breach prevention, and the audit trail your reviewer expects.

11 min read

FRAUD PREVENTION

September 15, 2025

Synthetic Fraud Prevention with AI

How AI-powered systems can detect and prevent synthetic identity fraud before it costs you a regulatory inquiry.

8 min read