Visual guides to the regulation. Reports on the implementation. Writing from inside seven years of trust & safety, online safety, and compliance work.
Each guide breaks the statute down to its operational implications. Color-coded by jurisdiction.
Risk pyramid, prohibited practices, Annex III high-risk domains, GPAI, timeline, penalties, decision tree.
Read → AI · EU · How-toSector-by-sector implementation guide. Fourteen sectors with concrete steps, common mistakes, artefact templates, and the self-test.
Read →The four-tier hierarchy, due diligence duties, VLOP obligations, transparency reporting, systemic risk.
Read → EUGatekeeper designation, the Article 5/6/7 obligations, market investigations, enforcement procedure.
Read → EUPrinciples, lawful bases, data subject rights, transfers, breach notification, DPIAs, fines.
Read → EU · UKPrivacy and Electronic Communications Regulations: cookies, marketing consent, traffic data.
Read →California consumer privacy: rights, business obligations, sale opt-outs, sensitive personal information.
Read → USChildren's Online Privacy Protection Act: verifiable parental consent, data minimisation, FTC enforcement.
Read → USTelephone Consumer Protection Act: prior express consent, autodialer rules, DNC, statutory damages.
Read → USCommercial email rules: header accuracy, opt-out, sender identification, FTC penalties.
Read →Longer-form analyses and ongoing monitoring of where the laws above are being applied, contested, or quietly worked around. Filed from inside the operational layer.
A short field note from a research conversation with fresh Cornell graduates on how AI is landing with the Class of 2026. The word that kept coming up was "robbed." Filed in the same week as Meta's 8,000-person layoff and a string of commencement-speech boos at Arizona, UCF, Middle Tennessee State, and Glendale Community College.
Read the field note → Field note · May 202618 min readThe UK CMA's 9 March 2026 framework for businesses deploying AI agents in consumer-facing roles — the first guidance of its kind from any major consumer-protection authority. The four operational requirements, the four worked examples, the legal stack underneath (CRA 2015, CPRs 2008, CCAR Regs 2013, DMCCA 2024), and why the deployer carries everything — including what was supplied by a third party.
Read the field note → Field note · May 202622 min readAgentic AI and the gap between user authorization and platform authorization. After Amazon v. Perplexity (9 March 2026) and the CMA's same-day guidance, a three-layer authorization stack, three peer-reviewed sources, and a fifty-state US patchwork pulling against federal preemption.
Read the field note → Report · May 202624 min readSafety, security, adoption, and the real cost of moving fast. Data, timelines, case studies, and research from inside the industry on what the wave of frontier-AI deployment has actually produced so far.
Read the report → Field note · May 202619 min readMeta's opt-in camera roll suggestions launched in the EU and UK on 16 April 2026. The two-toggle anatomy, the AI Terms underneath, regional carve-outs (Illinois & Texas excluded), peer comparison against Apple, Google and Snapchat, and the 30,000-photo insider breach disclosed nine days before launch.
Read the field note → Live tracker · Quarterly6 min readEach quarter, Ofcom publishes an industry bulletin signalling which Parts of the Online Safety Act it's animating through codes, guidance, supervision, or enforcement. 5 editions tracked, plotted against the Act coming alive.
Open the tracker → Compliance report · Mar 20267 min readApplicability, Part 5 vs Part 3 duties, age assurance, CSEA reporting, Category 1 obligations. The practical walk-through of one of the UK Online Safety Act's hardest test cases.
Read the report →The dates that matter across the laws this site covers. Past, present, and what's queued next. Filter by jurisdiction or scroll the lot.
Platform governance at the centre, jurisdictions radiating out, frameworks at the edges. Click any node to open its guide.
