AI Law, Regulation, and Compliance¶

Summary¶

Surveys the EU AI Act, US executive orders, state AI laws (Colorado AI Act, NYC AEDT), sector-specific rules (HIPAA, ECOA/FCRA, FERPA), copyright and training-data provenance, and AI in contracts and procurement.

Role in the course: Equip students to participate credibly in the AI compliance conversations every IS organization is now having.

Concepts Covered¶

This chapter covers the following 20 concepts from the learning graph:

EU AI Act
AI Risk Tier
Unacceptable Risk AI
High Risk AI
Limited Risk AI
Minimal Risk AI
US AI Executive Order
Colorado AI Act
NYC AEDT Law
AI in Healthcare HIPAA
AI in Lending ECOA
AI in Education FERPA
Copyright and Training Data
AI Procurement Clause
Vendor System Card Review
AI Cross-Border Transfer
Automated Decision-Making
Right to Explanation
AI Liability
AI Disclosure Requirement

Prerequisites¶

This chapter builds on concepts from:

Welcome back

Iris the hummingbird waves hello Welcome to Chapter 21. The previous chapter handed you the responsible-AI playbook. This chapter is what happens when the regulators arrive with their own version of the playbook and ask, very politely, to see your paperwork. We will walk the EU AI Act, the U.S. executive orders, the early state laws, the sectoral overlays, the copyright fight over training data, and — because this is where AI law actually lives in your day job — the procurement clause. By the end you will be able to classify a use case into a risk tier, read a system card without believing the marketing, and tell the difference between automated decision-making and a chatbot that just sounds important.

A quick note before we start. This chapter is educational, not legal advice. AI law is moving fast and varies by jurisdiction; for any specific compliance decision, consult counsel.

Why AI Law Is Its Own Thing¶

Most regulations from Chapter 15 — GDPR, HIPAA, SOX, PCI-DSS — were written for systems that behaved according to human-specified rules. AI behaves according to rules learned from data, breaking three assumptions general law was built on.

Intentionality. Traditional regulation asks "what did you decide to do?" AI makes decisions whose details no individual person decided. A rule "deny if FICO < 620" is auditable in five minutes; a 12,000-feature opaque ensemble is auditable in five months, if at all. Regulators have responded by demanding oversight of the system, not just operator intent.

Attribution. When AI harms someone, who is responsible — model developer, deployer, integrator, configurer? The EU AI Act assigns distinct duties to providers and deployers; the U.S. uses a patchwork. We return to this under AI liability.

Scale. A discriminatory model can produce a million consistent, polite, biased decisions before anyone notices — qualitatively different from a single biased loan officer. AI law tends to require systemic controls (bias audits, conformity assessments, monitoring, disclosure) rather than only after-the-fact remedies.

The shape of the field: existing law keeps applying and a layer of AI-specific obligations sits on top. "We comply with HIPAA, so we're fine to deploy clinical AI" misses the second layer. This chapter is mostly about that second layer.

The EU AI Act: The Anchor Text¶

The EU AI Act is the EU's comprehensive AI regulation, the first of its kind globally. Politically agreed in late 2023 and entering force in stages through 2027, it does for AI what GDPR did for personal data: sets a global default that any organization with European users has to engineer toward. Like GDPR, it is extraterritorial — a U.S. company providing an AI system used in the EU is on the hook.

The Act's core move is risk-based regulation: it does not regulate "AI" as a single thing but classifies systems by their risk to fundamental rights, safety, and the rule of law and applies proportional obligations. That structural choice is one of the most important ideas in modern tech regulation, and nearly every AI law that has followed has copied it.

AI Risk Tier¶

An AI risk tier is a categorical risk classification that determines which legal obligations apply. The EU AI Act defines four tiers — unacceptable, high, limited, and minimal. Crucially, the tier attaches to the use case, not the underlying model. The same large language model can be a minimal-risk creative-writing assistant, a limited-risk customer-service chatbot, a high-risk hiring screener, or an unacceptable-risk social-scoring engine, depending on deployment.

The risk tier is the structural fix against "regulate everything the same." Applying conformity assessments to spam filters would collapse under its own paperwork; not applying them to credit scorers would fail the purpose. The tier model lets the burden scale with the harm.

Unacceptable Risk AI¶

Unacceptable-risk AI is the category the AI Act simply prohibits — uses considered incompatible with fundamental rights regardless of accuracy, consent, or business justification. The prohibited list includes social scoring by public authorities, real-time biometric identification in public spaces (with narrow law-enforcement exceptions), manipulative AI that causes harm, AI that exploits vulnerabilities of specific groups (children, people with disabilities), emotion recognition in workplaces and schools, and untargeted scraping of facial images for recognition databases.

The "no amount of paperwork makes this legal" framing is unusual in tech regulation. If your use case is on this list in the EU, you do not work on a compliance plan; you work on a different use case.

High Risk AI¶

High-risk AI carries the bulk of the AI Act's substantive obligations. A system is high-risk if it is (1) a safety component of a product already regulated under EU product-safety law (medical devices, machinery, vehicles), or (2) used in one of eight Annex III sensitive areas — biometric ID, critical infrastructure, education, employment, essential services, law enforcement, migration, and administration of justice.

Provider obligations are extensive: a lifecycle risk-management system, data quality and governance for training/validation/test data, technical documentation, automatic record-keeping, transparency information for deployers, human-oversight design, accuracy/robustness/cybersecurity requirements, conformity assessment before market placement, registration in an EU database, and CE marking — the same conformity mark on toasters and medical equipment, now extended to algorithms.

Deployers (organizations that use a high-risk system, distinct from providers who build it) must follow the system's instructions, ensure competent human oversight, monitor and report serious incidents, conduct a fundamental-rights impact assessment in certain contexts, and inform affected individuals.

The footgun: over-classification. Risk-averse organizations sometimes label everything "high risk" to be safe. The unintended consequence is enormous overhead on systems that do not warrant it, slower deployment of beneficial low-risk AI, and — perversely — less attention on the systems that genuinely are high-risk because the team is buried in paperwork.

Limited Risk AI¶

Limited-risk AI captures systems whose primary regulatory concern is transparency: chatbots, emotion-recognition (where permitted), biometric categorization, and AI-generated or manipulated content (deepfakes, synthetic media). The obligation is much lighter — essentially "tell people they are interacting with AI" and label synthetic content — but real. A chatbot must disclose it is a chatbot; an AI-generated image used in news or political content must be labeled. The goal is informed interaction, not gatekeeping.

Minimal Risk AI¶

Minimal-risk AI is everything else: spam filters, video-game AI, inventory forecasting, low-stakes recommendation systems, most business-productivity AI. No specific obligations under the AI Act beyond voluntary codes. The Act explicitly leaves room for innovation in this tier — which is most of the AI economy — by not regulating it.

EU AI Act risk tier	Examples	Provider/deployer obligations
Unacceptable	Social scoring, real-time public biometric ID, manipulative AI	Prohibited; no compliance pathway
High	Hiring screeners, credit scoring, medical-device AI, law-enforcement risk	Risk management, data governance, technical docs, oversight, conformity, CE
Limited	Chatbots, deepfakes, emotion recognition, biometric categorization	Transparency: disclose AI use; label synthetic content
Minimal	Spam filters, AI inventory forecasts, game NPCs, productivity assistants	No specific obligations; voluntary codes encouraged

Diagram: The EU AI Act Risk Pyramid

Type: interactive-infographic sim-id: eu-ai-act-risk-pyramid
Library: vis-network
Status: Specified

A vis-network pyramid diagram with four horizontal tiers stacked vertically: Unacceptable Risk at the apex (smallest, in coral), High Risk below it (in amber), Limited Risk under that (in slate-blue), and Minimal Risk as the broad base (in mascot-emerald). Each tier displays sample use cases as clickable nodes attached to its rung: social scoring and real-time biometric ID at the top; hiring screeners, credit scoring, and medical AI in the high-risk band; chatbots, deepfakes, and emotion recognition in the limited band; spam filters, recommendation systems, and inventory forecasts at the base. A side panel shows the obligation set that applies to each tier, dynamically expanding as a tier is selected. To work around the vis-network horizontal-edge label rendering bug, edges use a slight y-offset (e.g., 480 to 490).

Color palette: pyramid tiers form a gradient from coral (apex) through amber and slate-blue to mascot-emerald (base). Use-case nodes inherit their tier's color at 70% opacity. Obligation panel uses muted gold accents.

Interactivity: clicking a tier highlights it and dims the others, displaying that tier's obligations in the side panel. A "classify a use case" button presents sample AI systems (a hiring resume screener, a customer-support chatbot, a real-time CCTV face matcher, a fantasy-football lineup recommender) and prompts the user to drag each into the correct tier, providing feedback with the legal reasoning.

Layout: vertical pyramid with side panel, full canvas width, height ~620px. Canvas resizes on window resize.

Learning objective (Bloom: Analyzing): Students can classify a proposed AI system into the correct EU AI Act risk tier, identify the obligations that follow, and explain the structural reason the AI Act uses risk tiers rather than uniform regulation.

Implementation: vis-network, deployed at /information-systems/sims/eu-ai-act-risk-pyramid/.

The U.S. AI Executive Order and the Federal Approach¶

Where the EU produced one comprehensive AI statute, the United States operates through a patchwork: a federal executive order, sectoral agency rulemaking, and a growing collection of state laws. Feature or bug depends on who you ask; what is unambiguous is that IS organizations operating across U.S. jurisdictions face a genuinely fragmented compliance picture.

The U.S. AI Executive Order — the umbrella term for the series of presidential directives on AI safety, security, and trust, beginning with EO 14110 in October 2023 and revised in subsequent administrations — is the closest thing the U.S. has to a federal AI baseline. Executive orders cannot create new private-sector obligations the way a statute can, but they direct federal agencies and contractors, with substantial downstream effect.

Principal moves of the executive-order regime: requiring developers of the most powerful foundation models to share safety-test results with the federal government under the Defense Production Act; directing NIST to develop the AI RMF and related guidance; requiring federal agencies to designate Chief AI Officers, publish use-case inventories, and conduct impact assessments; directing OMB to issue AI procurement guidance; and tasking sectoral regulators (HHS, Education, Treasury, EEOC, CFPB) with publishing domain-specific guidance. The executive order does not say "do not deploy biased AI"; it instructs agencies that already enforce anti-discrimination law to apply that law to AI.

The federal AI agencies-of-record worth knowing:

NIST — AI RMF and technical guidance.
EEOC — AI in employment decisions.
CFPB — AI in consumer finance and lending.
FTC — AI deception, unfair practices, and consumer-protection enforcement.
HHS / OCR — AI in healthcare, layered on HIPAA.
Education Department — AI affecting students, layered on FERPA.
OMB — federal-agency AI use and procurement policy.

State AI Laws: Where the Action Is¶

Federal U.S. AI legislation has not produced a comprehensive statute. States have not waited.

Colorado AI Act¶

The Colorado AI Act (SB 24-205, enacted 2024, effective 2026) is the first comprehensive U.S. state AI law, with structure echoing the EU AI Act's risk-tier approach. It applies to consequential decisions — employment, education, financial services, essential government services, health care, housing, insurance, and legal services — made or substantially influenced by a "high-risk artificial intelligence system."

Colorado imposes duties on both developers and deployers. Developers must use reasonable care to avoid algorithmic discrimination and provide deployers with documentation sufficient for risk management — purpose, intended use, known limitations, evaluation results, training-data summary. Deployers must implement a risk-management policy, conduct impact assessments, notify consumers when AI is used in a consequential decision, provide an explanation on adverse decisions, and offer correction or appeal. Enforcement is by the state attorney general; no private right of action.

NYC AEDT Law¶

The NYC AEDT Law (Local Law 144, in force since 2023) is narrower but practically influential because of NYC's role as an employment market. AEDT stands for Automated Employment Decision Tool. Employers using such tools on candidates or employees residing in NYC must (1) conduct an annual independent bias audit, (2) publish a summary of audit results, and (3) notify candidates of the tool, the data considered, and provide at least 10 business days' notice.

The bias audit must measure selection rates and impact ratios across race/ethnicity and sex categories, consistent with established disparate-impact methodology. Enforcement is by NYC's Department of Consumer and Worker Protection. NYC AEDT is the prototypical targeted, transparency-and-audit approach to AI regulation: it bans nothing; it requires you to measure, publish, and disclose. Several other jurisdictions have proposed similar laws.

Law	Scope	Risk-tier approach	Key obligations	Enforcement
EU AI Act	All AI in EU market or affecting EU persons	Four-tier (unacceptable to minimal)	Conformity assessment, technical docs, oversight, registration, CE marking	EU Commission + national authorities
Colorado AI Act	High-risk AI used in consequential decisions	Single high-risk category	Risk management, impact assessment, consumer notice, right to explanation, appeal	CO Attorney General
NYC AEDT	Automated employment decision tools, NYC residents	None (sector-specific)	Annual bias audit, public results, candidate notification	NYC DCWP

Heads up

Iris waves a caution flag The regulators have entered the chat, and they are not all in the same chat room. A single hiring tool used across the U.S. and the EU may simultaneously trigger the EU AI Act (high-risk Annex III), Colorado's consequential-decisions duties, NYC AEDT's audit-and-disclose rules, EEOC scrutiny under Title VII, and ECOA-adjacent doctrines if it touches financial services. This is compliance multiplexing, and the structural fix is to design once for the strictest applicable regime — usually the EU AI Act — and then adjust per jurisdiction. Trying to comply jurisdiction-by-jurisdiction from scratch is how IS teams burn out.

Sectoral Overlays: AI on Top of the Old Rules¶

The pre-AI sectoral regulators have not waited for new AI statutes; they apply the laws they already enforce to AI systems in their domain. The pattern: the sectoral rule still applies, and the AI characteristics create additional obligations.

AI in Healthcare HIPAA¶

AI in healthcare HIPAA applies HIPAA to AI systems processing protected health information (PHI). The Privacy Rule, Security Rule, and Breach Notification Rule apply fully. A vendor processing PHI to train or run a model is a business associate and must sign a BAA, materially constraining what they may do with the data. AI-specific overlays: clinical AI as a medical device may require FDA clearance via the SaMD (Software as a Medical Device) pathway; ONC certification rules for clinical decision support require disclosure of source attributes and training characteristics; HHS Office of Civil Rights enforces Section 1557 nondiscrimination against clinical AI producing disparate outcomes. The footgun: a "we will not train on your data" promise from a generic AI vendor is not a BAA. PHI cannot flow to a vendor without one, regardless of training posture.

AI in Lending ECOA¶

AI in lending ECOA applies the Equal Credit Opportunity Act and Fair Credit Reporting Act (FCRA) to AI-driven credit decisions. ECOA prohibits credit discrimination on protected bases; FCRA governs consumer-reporting information. The CFPB has been explicit: lenders using AI models are responsible for the same anti-discrimination outcomes as lenders using human underwriters, and the adverse-action notice requirement applies — when credit is denied or terms worsened, the lender must provide specific and accurate reasons.

That requirement collides directly with opaque models. The CFPB's 2023 guidance clarified that "the model said no" is not a specific reason, and the legal duty does not bend for opaque AI. Lenders must use explainable models, layer explainability tooling on top, or accept the legal exposure. There is no fourth option called "the model is too complicated to explain."

AI in Education FERPA¶

AI in education FERPA applies the Family Educational Rights and Privacy Act to AI systems handling student education records. FERPA limits how schools share student records and grants inspection and correction rights. AI-specific concerns include AI proctoring and behavioral analytics, tutoring systems that retain student work, AI-driven admissions and discipline decisions, and third-party ed-tech vendors. Department of Education guidance emphasizes that schools remain responsible for vendor practices under FERPA's school official exception and direct control requirement: a school cannot delegate compliance to a vendor. State student-privacy laws (like California's SOPIPA) often layer further restrictions.

Sector	Pre-AI regime	AI-specific overlay	Notable footgun
Healthcare	HIPAA, HITECH	FDA SaMD pathway, ONC algorithm transparency, OCR Section 1557 nondiscrimination	Generic AI vendor without a BAA; PHI in third-party training corpus
Lending	ECOA, FCRA, Reg B	CFPB adverse-action specificity, anti-discrimination outcomes for AI models	Opaque model with no per-decision explainability; proxy-variable disparate impact
Education	FERPA, COPPA	DoE guidance on AI vendors, school-official exception, state student-privacy laws	Ed-tech vendor that "anonymizes" but retains rights to use data for model training

Pause here

Iris is thinking Notice the pattern across the regimes you have just met. Every one of them — EU AI Act, Colorado, NYC AEDT, ECOA, FERPA — converges on three operational asks: classify the system by risk, test it for disparate harms, and tell the people it affects. Memorize that triplet. The specific statutes will keep changing for years; the triplet will not. An IS organization that can do those three things repeatably will adapt to whatever law passes next year, and an organization that cannot will be playing compliance whack-a-mole forever.

Automated Decision-Making and the Right to Explanation¶

Two terms get used interchangeably in casual conversation but mean specific and different things in law: automated decision-making and right to explanation. Get these clear and a lot of AI law becomes legible.

Automated decision-making (ADM), principally from GDPR Article 22, is a decision based solely on automated processing — including profiling — that produces legal effects or similarly significantly affects the data subject. Three properties combine: solely automated (no meaningful human involvement), legal-or-similarly-significant impact, and profiling counts as automated processing. ADM is narrower than "AI" — much AI use is not ADM because a human reviews the output, and some ADM uses no AI at all (a hard-coded rule that auto-rejects job applications is ADM without any model in sight).

GDPR Article 22 grants four rights when subject to ADM:

The right not to be subject to ADM at all, with limited exceptions (necessary for a contract, authorized by law, or based on explicit consent).
The right to meaningful information about the logic involved and the significance and envisaged consequences.
The right to human intervention — a human review and reconsideration.
The right to contest the decision.

The right to explanation is the data-subject-facing right to an intelligible account of why an automated decision was made. Whether GDPR creates a strong individual-level right has been debated by scholars; in practice, the combination of Article 22, Articles 13–15 (transparency obligations), and Recital 71 produces a regime where data subjects can demand meaningful information about the logic of ADM decisions. The Colorado AI Act, the EU AI Act's deployer obligations, and ECOA's adverse-action notice all create related rights. Whatever the precise anchor, the operational reality is the same: organizations using AI for consequential decisions must produce an intelligible per-decision explanation when asked.

The transparency obligation (a duty of the provider or deployer) is distinct from the right to explanation (a right of the affected individual). Transparency operates at the system level — model cards, public documentation. Right to explanation operates at the decision level — "why was my application denied?" Conflating them produces compliance plans that satisfy neither.

Diagram: ADM Decision Flow When a Subject Requests Explanation

Type: interactive-infographic sim-id: adm-explanation-request-flow
Library: vis-network
Status: Specified

A vis-network flow diagram showing what happens when a data subject who has been subject to an automated decision requests an explanation. The flow begins at an "adverse decision rendered" node, branches to "subject notified per regime requirements" (GDPR Article 22, Colorado AI Act consumer notice, ECOA adverse-action notice, NYC AEDT candidate notice), continues to a "subject submits explanation request" node, then enters a triage process: classify the regime that applies, retrieve the per-decision explanation artifact (SHAP, feature contributions, decision rationale), draft a human-readable explanation, route through legal/privacy review for any sensitive disclosures, and deliver to the subject within the regime's timeline. A parallel branch shows the subject's right to human review and contestation, leading to a re-decision node. Failure modes are highlighted: missing per-decision logs, opaque model with no faithful explanation method, vendor model where the deployer cannot retrieve features. To work around the vis-network horizontal-edge label rendering bug, edges use a slight y-offset (e.g., 480 to 490).

Color palette: subject-facing nodes in mascot-emerald, internal-process nodes in slate-blue, regime-specific branches in amber, failure-mode callouts in coral, success/delivery nodes in muted gold.

Interactivity: hovering a regime branch reveals that regime's specific timeline and content requirements. A "simulate a request" button walks through a sample case (a denied loan, a rejected job application, a flagged insurance claim) showing the artifacts produced at each step. A "what if we cannot explain" toggle highlights which steps fail when the model is too opaque or per-decision logs were not retained.

Layout: left-to-right flowchart with parallel review/contestation branch, full canvas width, height ~640px. Canvas resizes on window resize.

Learning objective (Bloom: Applying): Students can trace an explanation request from subject notification through delivery, identify the artifacts each step requires, and explain why per-decision logging is a precondition for compliance with the right to explanation.

Implementation: vis-network, deployed at /information-systems/sims/adm-explanation-request-flow/.

Copyright and Training Data¶

Copyright and training data is the unsettled legal question of whether copyrighted works may be used to train AI models without the rights holder's permission. As of 2026, this is the most unsettled area in AI law, and IS organizations that build, fine-tune, or even consume AI models are exposed.

U.S. fair-use analysis dominates early case law: defendants argue training is transformative use; plaintiffs argue wholesale ingestion of protected expression cannot be fair use, especially when models can reproduce originals. Major lawsuits against OpenAI, Anthropic, Meta, Stability AI, and others are working through the courts. The EU has taken a different path: the Copyright Directive's text-and-data-mining (TDM) exception applies unless the rights holder has opted out via machine-readable means, and the AI Act requires general-purpose model providers to publish a "sufficiently detailed summary" of training content.

Risk indicators that should make an IS organization look hard at training-data provenance:

The model was trained on web-scraped data without documented filtering for opt-outs or clearly infringing sources.
The vendor cannot or will not disclose training-data sources at any granularity.
The model can reproduce substantial passages of named works on prompt.
The use case competes with the original works (AI image generation in a market built on licensed photography).
The deployment jurisdiction recognizes a TDM opt-out and the vendor cannot demonstrate they honored it.
Vendor IP indemnification is absent or narrow.

The structural unintended consequence: copyright uncertainty is pushing some organizations to avoid openly licensed training data because they cannot tell what is safe — the opposite of what the legal regime intends. Vendor-published training-data summaries (required in the EU, increasingly volunteered elsewhere) are the practical mechanism that lets downstream users tell the difference.

AI Cross-Border Transfer¶

AI cross-border transfer applies the data-transfer regime from Chapter 15 (GDPR transfer rules, Schrems II, SCCs) to data flowing into and out of AI systems. Mostly the same regime, with AI-specific wrinkles:

Inference traffic is transfer. A European user's prompt sent to a U.S.-hosted model is a transfer of personal data; full Schrems II analysis applies.
Training data is transfer. Pulling EU personal data into a non-EU training corpus needs SCCs and a transfer impact assessment.
Model parameters may contain personal data. A model that memorized training examples can encode personal data — making the model artifact itself a potential export concern, especially for fine-tuned models.
Data residency requires model residency. If data must stay in-region, the AI provider must keep both inference and model infrastructure in-region. Many vendors now offer regional deployments for this reason.

Practical impact: contracts with AI vendors must specify model and inference region, address prompt/output retention, prohibit cross-region transfer for training, and integrate with the customer's existing transfer-impact-assessment process.

AI Disclosure Requirement¶

The AI disclosure requirement is the growing family of obligations that AI use must be disclosed to affected people. Duties vary by jurisdiction and context, and stacking them is usually right:

EU AI Act limited-risk transparency. Chatbots must disclose they are AI; deepfakes and AI-manipulated content must be labeled; emotion-recognition and biometric-categorization systems must inform individuals.
EU AI Act high-risk deployer notice. Individuals subject to high-risk AI decisions must be informed.
Colorado AI Act consumer notice. Consumers subject to consequential AI decisions must be told.
NYC AEDT candidate notification. Candidates must be told AEDTs are in use, what data is considered, and bias-audit results must be public.
CFPB / ECOA adverse-action specificity. Adverse credit decisions need specific reasons — an indirect disclosure of model logic.
State and federal deepfake laws. A growing patchwork covers AI-generated political content, non-consensual synthetic media, and election deepfakes.
FTC enforcement of "AI washing." False or misleading claims about AI capabilities or use can be unfair-or-deceptive practices under Section 5 of the FTC Act.

The unifying principle: people affected by AI deserve to know, with enough specificity to act. The failure mode is disclosure theater — burying the AI notice on page nine of a privacy policy. Regulators increasingly look for prominent and contextual disclosure, at the moment of interaction.

AI in Contracts: Where the Law Actually Lives¶

For most IS organizations, AI law shows up not as a court case but as a contract clause. Procurement and vendor management are the practical interface where AI law becomes operational.

AI Procurement Clause¶

An AI procurement clause is the set of contract terms an organization includes in vendor agreements involving AI — whether the vendor provides an AI product, embeds AI in a SaaS service, or uses AI in delivered services. The clause is the leverage point where the responsible-AI program from Chapter 20 and the legal regime from this chapter become enforceable promises.

A strong AI procurement clause typically addresses:

Disclosure. Vendor identifies all AI components, including embedded features and third-party model dependencies.
Use of customer data. Customer data may not train vendor models without explicit consent; outputs belong to the customer.
Training data and IP indemnification. Vendor warrants its training data and indemnifies against IP claims on outputs.
Risk classification. Vendor identifies the EU AI Act tier (or equivalent) and confirms tier-appropriate compliance.
Bias audit and explainability. Vendor performs regular bias audits and provides per-decision explanation tooling sufficient for the customer's right-to-explanation and adverse-action obligations.
Security and data residency. Standard data-protection terms, plus model and inference region commitments.
Model change notice. Advance notice of material model changes (version upgrades, fine-tuning, retirements) so the customer can re-assess.
Audit rights. Customer may audit, or accept third-party attestations (ISO/IEC 42001, SOC 2, AI-specific assessments).
Incident notification. Defined-timeframe notice of AI incidents — bias issues, hallucination patterns, model security breaches.
Subprocessor / model-supply-chain disclosure. Identifies upstream model providers and data suppliers; customer can object to changes.
Regulatory cooperation. Vendor supports customer compliance and regulator inquiries about the vendor's AI.

The procurement clause is the highest-leverage place an IS organization influences AI law in practice. A well-drafted clause turns abstract regulatory obligations into specific vendor commitments, enforceable in litigation, audits, and the next renewal.

Vendor System Card Review¶

A vendor system card is a structured document published by a vendor describing a specific AI system: intended use, training-data summary, evaluation results, known limitations, fairness and safety testing, and operational guidance. Vendor system card review is the procurement-side discipline of reading, evaluating, and verifying those documents before adoption.

A useful review asks:

Does it name the specific model and version, with update history?
Does it describe training data with enough specificity to assess provenance, IP, and demographic coverage?
Does it report evaluations for the customer's use case, or only generic benchmarks?
Does it document fairness testing across populations relevant to the customer?
Does it disclose known failure modes, jailbreaks, and hallucination patterns?
Does it provide operational guidance — appropriate prompts, off-label-use warnings, oversight recommendations?
Does it map to NIST AI RMF, ISO/IEC 42001, or other frameworks the customer uses?
Is it dated, versioned, and updated when the model changes?

The footgun is system card theater: marketing-glossy documents that look comprehensive and convey almost no decision-grade information. Reject cards that fail these questions, the same way you would reject a SOC 2 report that omitted the material controls. A confusing card is worse than no card because it produces false confidence.

Procurement clause topic	Why it matters
AI component disclosure	You cannot govern what you do not know is there
No-train-on-customer-data	Prevents your data from becoming someone else's competitive advantage
IP indemnification	Shifts copyright/training-data risk to the party who created it
Risk-tier alignment	Maps vendor obligations to the regulatory regime that applies to you
Bias audit and explainability	Operationalizes ECOA, NYC AEDT, EU AI Act, Colorado obligations
Model change notice	Lets you re-assess before silent vendor updates change behavior
Subprocessor / model-supply-chain	Surfaces upstream dependencies that carry their own risk
Incident notification	Triggers your AI incident response on a defined clock
Audit rights / third-party attestations	Lets you verify rather than only trust
Regulatory cooperation	Vendor helps you respond to regulator inquiries about their system

Iris's Tip

Iris shares a tip When a vendor pushes back on the no-training-on-customer-data clause, ask exactly which AI features stop working without that permission. Most of the time the answer is "none of the ones you are paying for" — the training right was in the boilerplate because their last customer never asked. The clause that gets the loudest pushback is usually the one most worth keeping, and the second-loudest is usually IP indemnification. Pro move: negotiate both early in the deal, when the vendor's salesperson still has the authority to say yes, not the week before contract signature.

AI Liability¶

AI liability is the legal question of who is responsible — and through what doctrines — when AI causes harm. The picture is genuinely unsettled. The IS-relevant question is less "who will win the case law" than "where does my organization sit in the chain of responsibility?"

The doctrinal threads in play:

Product liability. When AI is part of a tangible product (medical device, vehicle, industrial control), product-liability doctrines apply and the manufacturer is in the line of fire.
Negligence. Providers and deployers can be sued for failing to exercise reasonable care. The "reasonable AI deployer" standard increasingly maps to NIST AI RMF and ISO/IEC 42001 — not following them is exhibit A in a negligence claim.
Sectoral statutory liability. ECOA, FCRA, Title VII, ADA, and HIPAA create liability regardless of whether AI was involved; AI does not insulate the deployer.
Contractual liability. Vendor-customer risk allocation via indemnification, liability limits, and warranties — i.e., the procurement clause again.
Emerging AI-specific liability. The EU AI Liability Directive (proposed; evolving) and Product Liability Directive revisions create presumptions of causation in some AI cases, easing the plaintiff's burden.
Vicarious and joint liability. Deployers may be liable for harms produced by AI they integrated, customized, or prompted in contributing ways.

The framing is sober: AI liability is best managed upstream through good procurement, documentation, impact assessments, monitoring, and incident response — the practices Chapter 20 introduced and this chapter has anchored in law. By the time AI liability reaches a courtroom, the answer is usually visible in the artifacts produced months earlier.

The Feedback Loop That Will Define the Next Five Years¶

AI law is not static; it is an evolving system in feedback with the technology. Harms surface, regulators respond, vendors adapt, deployment patterns shift, new harms surface. The loop will not close in this decade. The IS-organization implication is structural: build for adaptability, not for a single regulatory snapshot. The organizations that fare best maintain an AI inventory they can re-classify, procurement clauses they can update at renewal, impact-assessment processes already aligned with the substance of likely new rules, and a working relationship with counsel who reads regulatory drafts before they become law.

Putting It All Together¶

AI law is a layered, multijurisdictional regime whose layers each address something distinct.

The EU AI Act is the global anchor; the AI risk tier model — unacceptable, high, limited, minimal — is the structural idea other regimes have copied.
The U.S. AI Executive Order drives federal-agency AI use and directs sectoral regulators to apply existing law to AI.
The Colorado AI Act and NYC AEDT Law carry the most concrete U.S. state obligations today; both echo the EU's risk-and-audit shape.
Sectoral overlays — AI in healthcare HIPAA, AI in lending ECOA, AI in education FERPA — keep their pre-AI rules and add AI-specific guidance on top.
Automated decision-making under GDPR Article 22 and the right to explanation create individual rights distinct from system-level transparency obligations.
Copyright and training data is the most unsettled area; AI cross-border transfer layers AI-specific concerns onto the existing transfer regime.
AI disclosure requirements stack across regimes; prominent, contextual, specific disclosure is the converging standard.
The AI procurement clause is where AI law meets day-to-day IS work; vendor system card review turns vendor documentation into decision-grade information.
AI liability is a reminder that all the above is enforceable, and the upstream artifacts — inventory, AIA, audits, monitoring, contracts — are what the courtroom or regulator will ask to see.

A graduate walking into a meeting where someone is pitching a new AI vendor should ask, in order: Which EU AI Act tier? Which U.S. sectoral regimes apply, and is each addressed in the contract? What does the system card actually say for our use case? What is the no-training, IP-indemnification, model-change-notice, incident-notification, and audit-rights posture? Can we deliver on the right to explanation tomorrow? Where is the model hosted? And — if this AI causes a harm we did not anticipate, who is on the hook, and have we documented enough to defend our position?

Those are the questions that separate IS professionals who participate in AI compliance conversations from those who lead them.

Nicely done

Iris celebrates You just walked the global AI legal landscape: the EU AI Act and its four risk tiers, the U.S. executive-order regime, the Colorado AI Act and NYC AEDT, the HIPAA / ECOA / FERPA overlays, automated-decision-making and right-to-explanation, the unsettled copyright fight, cross-border transfer, disclosure stacking, the procurement-clause leverage point, system-card review, and the AI liability picture that ties everything together. Twenty concepts, one chapter, a compliance vocabulary sharper than most "AI Counsel" job postings. The next chapter pivots to AI security — adversarial inputs, prompt injection, model supply chain. The good news: most of the responsible-AI and legal machinery you just built is exactly the substrate AI security operates on top of. Onward.

References¶

See Annotated References