15 REGULATIONS. 4 CONTINENTS. ONE EVALUATION. — Colorado SB 26-189 (Jan 1, 2027) · EU AI Act (Phased) · NYC LL144 · SR 11-7 · Texas · California · South Korea · UK · China · GDPR — View all →
How it works
Regulations
United States — Federal
Banking & Lending (SR 11-7)Enforcing
United States — States
California — EmploymentEnforcing California — HealthcareEnforcing California — ADMT (CCPA)Jan 1, 2027 ColoradoJan 1, 2027 IllinoisEnforcing New York CityEnforcing TexasEnforcing
European Union
EU AI ActPhased EU — GDPR Article 22Enforcing
International
United KingdomEnforcing South KoreaEnforcing ChinaEnforcing CanadaWithdrawn BrazilDraft
View all regulations →
Tools
AI exposure assessmentFree Regulation checkerFree Constitution BuilderFree
Evidence Certification Request Evaluation
AVAAS · AI Exposure Assessment

The risk lands where your AI meets people.

Answer a few questions about how your organization uses AI. Get an immediate read on where your deployments are most likely to attract regulatory, legal, and reputational risk, and how your posture lines up against the obligations now arriving.

Free About 5 minutes No signup Private
This is exposure guidance, not a certification or legal advice. It shows you where the pressure is building and what closes the gap. It does not certify any system or determine compliance, and it is no substitute for your own counsel.
Your organization Step 1 of 5
Where are the people your AI systems touch?

Customers, applicants, employees, patients, or users. Select all that apply.

What is your primary line of business?
How many people do your AI-assisted decisions affect each year?
Do you build AI that other businesses deploy to affect people?

This changes where liability can land.

Where does AI touch a person?

For each area, tell us whether AI is not used, assists a human who decides, or makes or materially drives the decision.

Do any of these systems produce a legal or otherwise significant effect on a person?

A denial, a price, an eligibility outcome, an employment result, access to a service.

Is there meaningful human review before the outcome reaches the person?
Do any systems profile people or generate predictive or behavioral scores?
What can an affected person do today?

Select all that are available to them.

Which of these do you hold or are you pursuing?
Is there a named person or team accountable for AI risk?
Have you run bias, fairness, or impact assessments on systems that affect people?
Do you monitor deployed AI on an ongoing basis?

For drift, errors, and harmful outcomes, not just at launch.

For AI systems you buy from vendors, what do your contracts cover?

Select all that apply. Skip if you build everything in-house.

Do you rely on a vendor's own assurances as your basis for trusting their AI?
If a vendor's AI harmed someone, do you know today where the liability would sit?