Research notes

Analysis of AI regulation and compliance patterns — from the Regula project.

Newsletter

The Implementation Layer

Newsletter on the gap between AI governance theory and organisational reality. Practical frameworks, implementation lessons, and honest analysis.

When AI Systems Don't See You

Bias testing gaps · 35-year paper trail · peer-reviewed evidence

Switching from ChatGPT to Claude

What you're actually moving · data governance · prompt translation

From AI hype to AI governance

The gap between governance theory and organisational reality
Regula 2 May 2026 Topic: EU AI Act · Digital Omnibus · Trilogue

The Omnibus Trilogue Failed. The August 2026 Deadline Is Back.

The first political trilogue on the Digital Omnibus ended without agreement on 28 April after 12 hours. The sticking point was conformity assessment for AI in regulated products. The original August 2026 deadline is now the only safe planning baseline.
Analysis 25 April 2026 Topic: EU AI Act · Compliance · Code Scanning

Questionnaires tell you what you said. Code scanning shows what you did.

Questionnaires and code scanning cover different halves of the EU AI Act. Neither replaces the other. Together, they produce something closer to defensible compliance.
Regula 25 April 2026 Topic: EU AI Act · AI Frameworks · Compliance

We scanned 5 AI frameworks for EU AI Act compliance. Here’s what 389 patterns found.

562 findings across PyTorch, HuggingFace Transformers, LangChain, LlamaIndex, and CrewAI. The framework you pick shapes your compliance surface before you write a line of code.
Regula 25 April 2026 Topic: EU AI Act · Article 5 · Prohibited practices

EU AI Act Article 5 is already live: scanning your code for prohibited AI practices

Article 5 has been enforceable since February 2025 with fines up to EUR 35 million. Most developers don’t know this. Here is what the 8 prohibited categories look like in code, what Regula flags, and what to do about it.
Regula 25 April 2026 Topic: EU AI Act · Digital Omnibus · Deadlines

August 2026 or December 2027? A developer’s guide to the Omnibus uncertainty

Two dates, one law, nobody knows which applies. A three-track framework for deciding what to build now, what can wait, and why planning for August is the engineering-rational choice even if December wins.
Regula 17 April 2026 Topic: EU AI Act · Startups

Most startups are ignoring the EU AI Act. Here’s when that stops being rational.

The dominant Reddit/HN sentiment is to ignore it until fines land. For now, that’s defensible. Three specific triggers change the calculus — and two have nothing to do with enforcement.
Regula 10 April 2026 Topic: EU AI Act · Open-source compliance

I scanned 10 open-source AI apps for EU AI Act compliance

553 findings across 218,000-star projects — what compliance actually looks like in real codebases.
Regula 10 April 2026 Topic: EU AI Act · Risk classification

What EU AI Act risk tiers look like in your code

Zero code examples exist in the top-ranking content for EU AI Act risk classification. This post fills that gap: real Python snippets for each of the four tiers — prohibited, high-risk, limited-risk, minimal-risk — with actual regula check output showing what gets flagged and why. Includes the grey zones and honest precision figures.
Regula 10 April 2026 Topic: EU AI Act · Applicability

Does the EU AI Act apply to your AI app? A developer’s guide

A five-step decision tree for developers: does your product use AI, do you have EU users, are you a provider or deployer, what risk tier, what are your obligations? Every legal reference cites a specific Article. Ends with the automated version: regula assess.
Regula 10 April 2026 Topic: EU AI Act · Digital Omnibus

The EU AI Act Omnibus delay: what developers actually need to know

The Digital Omnibus on AI proposes pushing high-risk deadlines from August 2026 to December 2027. The first trilogue failed on 28 April after 12 hours. Original Aug 2026 deadline in play. Here is what is actually happening, what it means for each risk tier, and whether you should wait or act now. Every claim is primary-source linked.
Live tracker Last updated: 8 April 2026 Topic: South Africa

South Africa's draft National AI Policy: what Cabinet approved, and what it means for code

Cabinet approved the draft National Artificial Intelligence Policy for public comment on 2 April 2026. The gazette has not yet published the text, but the direction is clear: a sector-specific multi-regulator governance model, a 60-day comment window, and sector-specific regulations in 2027/2028. Live tracker plus POPIA and King V baseline plus five things South African organisations should do now.
Analysis Last updated: 7 April 2026 Topic: Corporate AI governance

How Regula maps to the AICDI corporate AI governance gaps

The 2026 UNESCO and Thomson Reuters Foundation AI Company Data Initiative report analysed 2,972 global companies across 11 GICS sectors and 7 regions, and found large gaps between AI adoption and AI governance. This piece maps each AICDI gap to what Regula actually does — honest about what a static code scanner can address (model registry, human oversight verification, Article 9–15 gap assessment, conformity evidence) and what it cannot (board oversight, worker protection policies, training programmes, environmental impact assessments).
Markdown mirror Topic: South Africa

South Africa draft National AI Policy — markdown version

The same South Africa content as the live landing page, rendered as markdown on GitHub. Useful if you want to diff the page against the git history, or if you are reading in a context where the live site is not convenient.