Regulatory analysis and practical guidance for organizations deploying AI in finance, healthcare, and legal — written by the team building the infrastructure.
Smaller RIAs face a June 3, 2026 deadline for the SEC's amended Regulation S-P. If you're running any AI tool in your advisory workflow, you have specific gaps to close: vendor contract updates, incident response plan amendments, and tenant isolation verification. Here's what must change before the clock runs out.
Read the analysis →HHS enforcement theory on AI and HIPAA is settled: covered entities are responsible for what their AI vendors do with PHI. Shared model access, unlogged inference calls, and incomplete BAAs are the three failure modes appearing in enforcement actions.
Read the analysis →Six control failures appearing in AI company SOC 2 Type II audits in 2026: unlogged inference calls, shared model access, undocumented accuracy metrics, subprocessor gaps, and incident response plans that don't cover AI failures.
Read the analysis →€35M or 7% of global turnover. August 2, 2026. The EU AI Act's high-risk obligations apply to US companies serving EU clients. Articles 10-15 require technical controls — logging, grounding, human oversight, accuracy benchmarks — not documentation.
Read the analysis →Sturna's compliance scans cover Reg S-P, HIPAA, SOC 2, and EU AI Act requirements. Under 60 seconds. No account required.
Run a Compliance Scan →