Visual guides to the regulation. Reports on the implementation. Writing from inside seven years of trust & safety, online safety, and compliance work.
Longer-form analyses and ongoing monitoring of where the laws below are being applied, contested, or quietly worked around. Filed from inside the operational layer.
Safety, security, adoption, and the real cost of moving fast. Data, timelines, case studies, and research from inside the industry on what the wave of frontier-AI deployment has actually produced so far.
Read the report → Field note · May 2026Meta's opt-in camera roll suggestions launched in the EU and UK on 16 April 2026. The two-toggle anatomy, the AI Terms underneath, regional carve-outs (Illinois & Texas excluded), peer comparison against Apple, Google and Snapchat, and the 30,000-photo insider breach disclosed nine days before launch.
Read the field note → Live tracker · QuarterlyEach quarter, Ofcom publishes an industry bulletin signalling which Parts of the Online Safety Act it's animating through codes, guidance, supervision, or enforcement. 5 editions tracked, plotted against the Act coming alive.
Open the tracker → Compliance report · Mar 2026Applicability, Part 5 vs Part 3 duties, age assurance, CSEA reporting, Category 1 obligations. The practical walk-through of one of the UK Online Safety Act's hardest test cases.
Read the report →Each guide breaks the statute down to its operational implications. Color-coded by jurisdiction.
Risk pyramid, prohibited practices, Annex III high-risk domains, GPAI, timeline, penalties, decision tree.
Read → AI · EU · How-toSector-by-sector implementation guide. Fourteen sectors with concrete steps, common mistakes, artefact templates, and the self-test.
Read → EUThe four-tier hierarchy, due diligence duties, VLOP obligations, transparency reporting, systemic risk.
Read → EUGatekeeper designation, the Article 5/6/7 obligations, market investigations, enforcement procedure.
Read → EUPrinciples, lawful bases, data subject rights, transfers, breach notification, DPIAs, fines.
Read → EU · UKPrivacy and Electronic Communications Regulations: cookies, marketing consent, traffic data.
Read → UKThree pillars of duty: illegal content, child safety, and fraudulent advertising & transparency. Layered by service category, enforced by Ofcom.
Read → US · CaliforniaCalifornia consumer privacy: rights, business obligations, sale opt-outs, sensitive personal information.
Read → USChildren's Online Privacy Protection Act: verifiable parental consent, data minimisation, FTC enforcement.
Read → USTelephone Consumer Protection Act: prior express consent, autodialer rules, DNC, statutory damages.
Read → USCommercial email rules: header accuracy, opt-out, sender identification, FTC penalties.
Read → APAC · SingaporePersonal Data Protection Act: consent obligations, DNC registry, data breach notifications, mandatory DPO.
Read → APAC · AustraliaAustralian Privacy Principles, NDB scheme, OAIC enforcement, the ongoing Stage 2 reforms.
Read →The dates that matter across the laws this site covers. Past, present, and what's queued next. Filter by jurisdiction or scroll the lot.
Platform governance at the centre, jurisdictions radiating out, frameworks at the edges. Click any node to open its guide.
