Free AI Governance Policies:
250+ Regulations, Laws, and
Standards in One Suite

A unified suite covering 250+ AI laws, regulations, and frameworks across the US, EU, and 30+ other countries, including the healthcare-specific laws and frameworks (CHAI, FUTURE-AI, TEHAI, CONSORT-AI, MI-CLAIM-GEN, MEDIC) generic GRC tools do not track. Adopt the suite as a starting point, and stay current with quarterly updates.
Download the AI Policy Suite
250+

Regulations & Frameworks

30+

Countries Across
The US & EU

Free

With Quarterly Updates

Cover every AI law your program is exposed to

Tap any category to expand. Every entry maintained by Pacific AI’s legal and policy team, refreshed every quarter.
  • NIST AI Risk Management Framework (AI 100-1). Federal-government-aligned framework for governing, mapping, measuring, and managing AI risk.
  • NIST AI RMF Generative AI Profile. Companion profile for managing risks specific to generative AI systems.
  • NIST Privacy Framework (PF). Voluntary framework for managing privacy risk across the data lifecycle.
  • NIST Cybersecurity Framework (CSF). Industry-standard cybersecurity risk management framework.
  • ISO/IEC 42001:2023. International standard for AI management systems.
  • ISO/IEC 23894:2023. International standard on AI risk management.
  • ISO/IEC 5259-4:2024. Data quality for analytics and machine learning.
  • ISO/IEC NP TS 12831. Testing for AI systems (under development).
  • CHAI. Coalition for Health AI. Assurance Standards Guide and Applied Model Card framework.
  • FUTURE-AI. Framework for Use of AI in Healthcare Research and Evaluation.
  • TEHAI. Trustworthy and Ethical Assurance for Health AI.
  • CONSORT-AI. Consolidated Standards of Reporting Trials, AI extension; reporting guidelines for AI clinical trials.
  • MEDIC. Minimum Information about a Medical AI evaluation.
  • QUEST. Framework for human evaluation of LLMs.
  • STARD-AI. Reporting guidelines for AI diagnostic accuracy studies.
  • MI-CLAIM-GEN. Reporting guidelines for generative AI in clinical applications. (Descriptor corrected per audit)
  • AMA. Principles of augmented intelligence.
  • WHO. Two related publications: Ethics and governance of artificial intelligence for health and Generating Evidence for AI-Based Medical Devices. (Consolidated per audit)
  • CRAFT-MD. Conversational Reasoning Assessment Framework for Testing in Medicine.
  • TRIPOD-LLM. Transparent Reporting for Prognostic and Diagnostic Models using LLMs.
  • TRIPOD-AI. Updated guidance for reporting clinical prediction models.
  • SPIRIT-AI. Standard Protocol Items for Interventional Trials, AI extension.
  • HAIRA. Healthcare AI Governance Maturity Model.
  • TPLC. Total Product Lifecycle framework for healthcare AI/ML.
  • OPTICA. Organizational Perspective Checklist for AI Solutions Adoption.
  • SALIENT. End-to-End Clinical AI Implementation Framework.
  • AHRQ & AIMHD. Guiding principles to address algorithm bias.
  • Model Facts Label for HTI-1. Compliance framework by Duke Institute for Health Innovation.
  • Title VII of the Civil Rights Act of 1964. Foundational anti-discrimination law in employment.
  • Section 1981 of the Civil Rights Act of 1866. Equal contract rights.
  • The Equal Pay Act of 1963. Wage equality protections.
  • The Age Discrimination in Employment Act of 1967.
  • Titles I and V of the Americans with Disabilities Act of 1990 (ADA).
  • The Pregnant Workers Fairness Act.
  • The Genetic Information Nondiscrimination Act.
  • ACA Section 1557. Nondiscrimination in health programs and activities.
  • HHS HTI-1. Health Data, Technology, and Interoperability rule.
  • EEOC Guidance on AI in Employment. Use of AI to assess job applicants and employees.
  • CFPB Guidance on Black-Box Credit Models.
  • FDA Draft Guidance on AI for Regulatory Decision-Making. Drug and biological products.
  • FDA Draft Guidance for Developers of AI-Enabled Medical Devices.
  • FDA 21 CFR Part 892. Radiological computer-assisted detection and diagnosis software.
  • Executive Order 14179. Removing barriers to American leadership in AI.
  • America’s AI Action Plan.
  • New York City Local Law 144. Automated employment decision tools.
  • Illinois AI Video Interview Act.
  • Virginia HB 747. Artificial Intelligence Developer Act.
  • Colorado SB24-205. Consumer protections for AI Effective Feb 1, 2026, phased
  • Illinois HB 3773. Illinois Human Rights Act.
  • California AB 2013. Training data transparency.
  • California AB 2855. Artificial Intelligence.
  • California SB 896. Generative AI Accountability Act.
  • California SB-942. AI Transparency Act.
  • Texas HB 149 (TRAIGA). Responsible AI Governance Act Effective Jan 1, 2026
  • Texas SB 1964. Regulation of AI by governmental entities.
  • New York SB 822. Disclosure of automated employment decision tools.
  • New York SB 7543. Legislative oversight of automated decision-making.
  • Maine HP 1154. Transparency in consumer transactions involving AI.
  • Montana HB 178. Limit government use of AI systems.
  • Arizona HB 2175. Prohibition on AI for claims involving medical judgment.
  • California SB 1120. Regulation of health plans using AI for utilization review Effective Jan 1, 2025
  • California AB 3030. AI-generated patient communications must include disclaimer and instructions to contact a human.
  • California AB 489. Prohibits AI from implying healthcare licensure Effective Jan 1, 2026
  • Maryland HB 820. Health insurance, utilization review, use of AI.
  • Texas SB 1188. AI use in clinical settings, disclosure requirements Effective Sep 1, 2025
  • Texas SB 815. Automated systems and adverse determinations in claims.
  • Nebraska LB 77. Ensuring Transparency in Prior Authorization Act.
  • Nevada AB 406. Prohibition of AI providing professional mental healthcare Effective Jul 1, 2025
  • Oregon HB 2748. Prohibition on non-human entities using the title of nurse.
  • Utah HB 452. Mental health chatbot disclosure and privacy requirements Effective Mar 2025
  • Illinois HB 1806 (WOPR Act). Bans AI-only therapy Signed Aug 2025
  • Virginia 32.1-127. Patient access to intelligent personal assistant in clinical facilities.
  • California Consumer Privacy Act (CCPA).
  • California Privacy Rights Act (CPRA).
  • Texas Data Privacy and Security Act.
  • Colorado Privacy Act.
  • Delaware Personal Data Privacy Act.
  • Connecticut Data Privacy Act.
  • Virginia Consumer Data Privacy Act.
  • Utah Consumer Privacy Act.
  • Utah AI Policy Act.
  • Montana Consumer Data Privacy Act.
  • New Hampshire SB 255. Expectation of privacy.
  • Oregon SB 619. Protections for personal data of consumers.
  • Minnesota HF 2309. Consumer rights regarding personal data.
  • Minnesota HF 4757. Minnesota Consumer Data Privacy Act.
  • Indiana SB 5. Consumer data protection.
  • Colorado SB 22-113. Artificial Intelligence Facial Recognition.
  • California Bolstering Online Transparency Act.
  • California AB 2602. Contracts against public policy.
  • California AB 2839. Elections: deceptive media in advertisements.
  • California AB 1836. Use of likeness: digital replica.
  • Colorado HB 1147. Candidate election deepfake disclosures.
  • Florida HB 919. AI use in political advertising.
  • Florida SB 1798. Sexually related offenses.
  • Georgia §16-11-90. Prohibition on nude or sexually explicit electronic transmissions.
  • Hawaii SB 309. Privacy in the first degree.
  • Illinois HB 2123. Nonconsensual Dissemination of Private Sexual Images Act.
  • Illinois HB 3773. Limit predictive analytics use.
  • Minnesota HB 1370. Nonconsensual dissemination of deepfake sexual images.
  • New York S1042A. Unlawful dissemination of intimate images.
  • South Dakota SB 120. Record, privacy, manipulated image.
  • Texas §21.165. Unlawful production or distribution of certain videos.
  • Texas SB 441. Unlawful creation of sexually explicit deepfakes.
  • Texas HB 581. Age verification for AI-generated sexual material.
  • Virginia §18.2-386.2. Unlawful dissemination of images of another.
  • Nebraska LB 383. Prohibition of generated child sexual abuse material.
  • EU AI Act (Regulation (EU) 2024/1689). Risk-tier classification, transparency obligations, and conformity assessments for high-risk AI Phased through 2026–2027
  • EU General-Purpose AI Code of Practice.
  • GDPR (Regulation (EU) 2016/679).
  • Digital Services Act.
  • Digital Markets Act.
  • Ethics guidelines for trustworthy AI.
  • Guidelines on AI system definition.
  • Guidelines on prohibited AI practices.
  • Guidelines for providers of general-purpose AI models.
  • OpenAI Usage Policy.
  • Anthropic Usage Policy.
  • Microsoft Enterprise AI Services Code of Conduct.
  • AWS Responsible AI Policy.
  • Google Generative AI Prohibited Use Policy.
  • Meta Seamless Acceptable Use Policy.
  • Cohere Labs Acceptable Use Policy.
  • John Snow Labs AI Acceptable Use Policy.
  • Mistral Usage Policy.
  • Snowflake Acceptable Use Policy.
  • Databricks Open Model Acceptable Use Policy.
  • United States
  • United Kingdom
  • Canada
  • Germany
  • France
  • Italy
  • Spain
  • Sweden
  • Norway
  • Switzerland
  • Netherlands
  • Belgium
  • Ireland
  • Austria
  • Poland
  • Japan
  • South Korea
  • Taiwan
  • Singapore
  • Thailand
  • Indonesia
  • India
  • Australia
  • Israel
  • United Arab Emirates
  • Saudi Arabia
  • Turkey
  • Brazil
  • Mexico
  • Argentina

Each country tracked for its specific national AI, data, and healthcare regulation. New countries added quarterly as legislation passes.

The same policy library ships as
the default in Governor

  • The 250+ regulations, frameworks, and standards in this library are also the default policy library that ships with Governor, the AI control tower in Pacific AI’s platform. Customers who deploy Governor get the entire library connected to automated risk assessment from day one, beyond what a downloadable PDF set could provide.
  • Every AI project on the register and every vendor in the supply chain is automatically checked against the applicable subset of the 250+ policies, with gaps flagged and controls proposed. There is nothing to draft, nothing to maintain, no governance lawyer on retainer to write the next version when a new state law passes.
  • Customers can override defaults, upload their own policies, mark some not-applicable per jurisdiction, and add organization-specific overlays. The default behavior is full coverage across all 250+ regulations, automatically refreshed every quarter.

What happens when new legislation passes

AI legislation is moving fast. Dozens of state laws have passed in 2025 and 2026, with the pace still accelerating. The work of tracking, interpreting, and operationalizing each one falls on healthcare governance teams, unless the platform does it for them.

For Example: One Cluster of Five State Laws Governing AI Impersonation of Clinicians

California AB 489
Prohibits AI from using terms, letters, or design elements implying possession of a healthcare license.
Nevada AB 406
Prohibits AI from providing professional mental or behavioral healthcare.
Utah HB 452
Disclosure and privacy requirements for mental-health chatbots.
Illinois HB 1806
(WOPR Act)
Bans AI-only therapy and AI-therapy advertising.
Texas SB 1188
Requires licensed practitioners using AI to act within scope, review AI-generated content, and disclose AI use to patients.

With a generic GRC tool, every new law means doing this manually:

  • Notice each law passed
  • Hire counsel to interpret it
  • Write internal policies
  • Update risk assessments for every AI system
  • Build pre-release tests
  • Configure production monitors
  • Repeat for every new law

How Pacific AI automates this away

When a new law like California AB 489 passes, Pacific AI propagates the change end-to-end, in four automated steps.
01

Policy Suite

Automated
Policy & Test Cases Drafted

Pacific AI’s legal and policy team reviews the law, drafts the corresponding policy and the test cases that operationalize it, and publishes the update in the next quarterly Policy Suite refresh. Customers do not write policies; the policies arrive.

02

Governor

Automated
Risk Assessment Re-Runs

Every AI project on the register is automatically re-evaluated. Governor flags affected projects (patient-facing AI chatbots), proposes new required controls (verifying the system does not impersonate a licensed clinician), and re-routes to the right approval workflow.

03

Gatekeeper

Automated
New Tests in CI/CD

The red-team library is updated with new test cases, adversarial prompts designed to test whether the chatbot can be induced to claim licensure or provide care that requires it. Customers’ next CI/CD release runs the new tests automatically; failures block the release.

04

Guardian

Automated
Production Drift Detection

The same test suite runs continuously against deployed AI systems, throttled. If a production system that was compliant last week is now non-compliant against the new law, drift is detected within hours.

With Pacific AI, the full chain happens automatically:

  • Legislation tracked

  • Tests built

  • Monitors configured

  • Policy drafted

  • Risk assessed

  • Audit trail captured

The customer does not write a policy, draft a control, build a test, or configure a monitor. Every step arrives as part of the quarterly platform update. This is the kind of governance program a non-healthcare platform structurally cannot deliver.

Stay current as regulation evolves

We update the AI Governance Policy Suite for you, every quarter, free.
Q1 2026

Pacific AI Governance Policy Suite Release Notes

Read more →
Q4 2026

Pacific AI Governance Policy Suite Release Notes

Read more →
Q3 2026

Pacific AI Governance Policy Suite Release Notes

Read more →

Before You Get Started

The AI Policy Suite is a living framework — open, adaptable, and maintained quarterly. A few things to keep in mind as
you deploy it in your organization.

Framework, not legal advice

The Pacific AI Policy Suite is a starting framework, not legal advice. Organizations should consult their own compliance counsel to determine which policies apply to their specific systems, jurisdictions, and operations.

Maintained quarterly

Pacific AI maintains the suite to reflect publicly known legislation, regulations, and frameworks. Organizations are responsible for verifying currency against their own regulatory exposure and compliance program.

License

Use the AI Policy Suite freely under its open license — modify and adapt for your organization’s specific needs. (License terms to be confirmed by marketing before publishing.)

Get Started

AI governance platforms have a reputation for taking months to stand up and a capital budget to maintain. Pacific AI is built
differently. There is nothing to buy, nothing to negotiate, and no implementation project before you can use the platform.

Deploys in Minutes

CloudFormation or Managed Apps, inside your AWS or Azure tenant.

Platform Core $0 Forever

Unlimited users, systems, policies, tests, audit trails. Pay only per AI credit.

Agent-Ready

MCP-native integration with agentic AI systems out of the box.

Install from AWS Marketplace Install from Azure Marketplace

Build the full AI governance program

Pacific AI’s advisory services help organizations build the full program: training, change management, committee design, embedded leadership, and executive support.

12-Week AI Accelerator

Forward Deployed Experts (12 months)

Private LLM Deployment

Explore advisory services