What regulations does Regulatory Signals cover?

Regulatory Signals continuously monitors GDPR, CCPA/CPRA, the EU AI Act, ePrivacy/cookies rules, and a growing catalog of global privacy and AI obligations. New regulations are added as they are enacted.

How often does Regulatory Signals re-scan my site?

Continuous monitoring runs on a configurable cadence — typically daily for Professional and Enterprise plans, and weekly for Starter. Ad-hoc re-scans can be triggered at any time from the dashboard.

Is my scan data encrypted?

Yes. Data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Scan artifacts are stored with per-tenant isolation and role-based access controls.

Does Regulatory Signals provide legal advice?

No. Regulatory Signals provides automated compliance monitoring, detection, and evidence. Output is intended to assist qualified privacy, security, and legal professionals. It is not a substitute for legal advice.

Can I export compliance evidence for auditors?

Yes. All scans generate an exportable audit trail including timestamped findings, raw evidence, and remediation status — suitable for internal audits, DPIAs, and external assessments.

How does the EU AI Act readiness check work?

The free AI Act check classifies your system into prohibited, high-risk, limited-risk, or minimal-risk categories using Article 6/Annex III criteria, then surfaces the specific obligations that apply.

Do you offer a free trial or free scan?

Yes. You can run a free compliance scan on the homepage and use the AI Act readiness tool at no cost. Paid plans add continuous monitoring, alerting, and evidence export.

EU AI Act Enforcement Starts August 2026: What Your Business Must Do Now

The EU AI Act's prohibited practices rules kicked in February 2025. The August 2026 deadline for high-risk AI systems is approaching fast. Here's the practical checklist every AI developer and deployer needs.

The EU AI Act is no longer theoretical. The first enforcement wave — banning prohibited AI practices like social scoring and real-time biometric surveillance — came into force in February 2025. The August 2026 deadline for high-risk AI systems is now months away, and regulators are not waiting.

If your business builds, deploys, or uses AI systems in the EU, here is what you need to know.

What Happens in August 2026

From 2 August 2026, all high-risk AI systems must comply with the full obligations in Chapter III of the EU AI Act. That means:

Risk management system — documented, continuously updated (Article 9)
Data governance — training data documented, bias tested (Article 10)
Technical documentation — full system design, capabilities, limitations (Article 11)
Logging and record-keeping — automatic logging for traceability (Article 12)
Transparency — clear instructions for users and deployers (Article 13)
Human oversight — design must enable human intervention (Article 14)
Accuracy, robustness, and cybersecurity — tested and validated (Article 15)

Non-compliance fines reach €30 million or 6% of global annual turnover, whichever is higher.

Who Is "High-Risk"?

High-risk covers AI used in:

Critical infrastructure (power grids, water, transport)
Education (student assessment, admissions)
Employment (CV screening, performance monitoring, termination decisions)
Essential services (credit scoring, insurance risk, benefits eligibility)
Law enforcement (predictive policing, evidence evaluation)
Migration (visa applications, border control)
Justice (legal interpretation, case outcomes)

If your AI touches any of these — even as a component inside a larger system — you are likely in scope.

The Practical Checklist

1. Classify your AI systems now

Walk every AI system your organisation builds or uses against Annex III of the Act. Classification is the foundation — everything else depends on it.

2. Appoint a responsible person

High-risk systems need a named individual accountable for compliance. For EU-based companies this is straightforward. For non-EU companies deploying into the EU, you need an EU representative.

3. Start your technical documentation

Article 11 requires documentation before market placement. Start building it now. Key sections: intended purpose, design logic, training data sources, performance metrics, known limitations.

4. Implement a risk management process

Not a one-off audit — a continuous process (Article 9 is explicit). Document residual risks. Run tests. Update the record.

5. Register on the EU database

High-risk AI systems (other than law enforcement) must be registered in the EU's public AI database before deployment. The registration portal is open.

6. Prepare your conformity assessment

Some high-risk systems require third-party conformity assessment; others allow self-assessment. Know which path applies to you before August.

What Regulators Are Already Doing

National authorities in France, Germany, Italy, and the Netherlands have already named their competent authorities under the Act. The European AI Office is coordinating enforcement across the GPAI (general-purpose AI) track. Do not assume enforcement starts in August — investigations for pre-August conduct are possible.

How Regulatory Signals Helps

Regulatory Signals can scan your AI system's public-facing properties, classify its risk tier under the EU AI Act, and generate the five policy documents you need:

Technical documentation (Article 11)
Risk management summary (Article 9)
Data governance statement (Article 10)
Human oversight protocol (Article 14)
Transparency notice (Article 13)

All documents are timestamped and bundled into a downloadable audit pack — the kind of evidence regulators ask for first.

The August 2026 deadline is closer than it looks. Compliance infrastructure takes time to build. Start the classification now.