VVektorIndex
Live compliance deadlines

AI & Data Compliance Deadlines
Developers Must Meet in 2026

Every regulation has a deadline. Every deadline has a developer behind it, scrambling to implement something they've never built before. This is your complete guide — with exact technical requirements and drop-in code packages for each law.

🚨 Highest Urgency — Act Now

🇪🇺23d left
EU AI Act Art. 50
August 2, 2026 — Application date
Fine: €15 million or 3% of global annual turnover
🇺🇸ACTIVE NOW
Colorado AI Act
July 1, 2026 — EFFECTIVE NOW
Fine: $20,000 per violation (Colorado AG enforcement)
🇺🇸ENFORCED
HIPAA + AI (PHI in LLMs)
ACTIVE — HHS OCR AI guidance issued 2023. First AI-specific fines in 2024.
Fine: $100 – $1.9 million per violation category per year
🇺🇸ENFORCED
NYC Local Law 144
ACTIVE since July 5, 2023 — NYC is auditing employers NOW
Fine: $500 first violation, $1,500 per subsequent violation PER APPLICANT
🇪🇺23d left
EU AI Act GPAI
August 2, 2026 — Full GPAI obligations apply
Fine: €30 million or 6% of global annual turnover
🇿🇦ENFORCED
POPIA (SA)
ACTIVE ENFORCEMENT — Fines being issued now
Fine: R10 million or 10 years imprisonment
🌐ENFORCED
Multi-Tenant RLS
NOT a deadline — a live engineering risk that can destroy your company overnight
Fine: GDPR: €20M. POPIA: R10M. Plus class action. Plus lost customers.
🇪🇺ENFORCED
EU DORA (Financial AI)
ACTIVE since January 17, 2025 — ESAs conducting first compliance reviews
Fine: 1% of average daily worldwide turnover per day of infringement
🇺🇸ENFORCED
CFPB ECOA/FCRA AI Rules
ACTIVE — CFPB issued guidance Sep 2023. Enforcement actions ongoing.
Fine: Up to $50,000 per day per violation. Class action exposure.
🇺🇸ENFORCED
Illinois BIPA (Biometrics)
ACTIVE — Courts awarding class action damages. Amazon paid $5.5M in 2023.
Fine: $1,000 per negligent violation, $5,000 per intentional/reckless violation
🇪🇺ENFORCED
GDPR Art. 22
ACTIVE ENFORCEMENT — reinforced by EU AI Act 2026
Fine: €20 million or 4% of global annual turnover
🇺🇸ACTIVE NOW
US AI Laws 2026
Colorado active July 1. Texas, Illinois, Virginia bills advancing.
Fine: Varies by state — $5,000–$20,000 per violation
🇺🇸ENFORCED
SOC 2 Type II
Enterprise buyers require SOC 2 Type II before signing — no deadline but blocks every deal
Fine: Not a fine — but no SOC 2 = no enterprise customer
🇰🇪ENFORCED
Kenya DPA (2019)
ACTIVE — Data Commissioner issuing enforcement notices since 2023.
Fine: KSh 5 million (~$38,000 USD) per violation
🌐ACTIVE NOW
ISO 42001 (AI Management)
Published December 2023 — Enterprise RFPs now requiring ISO 42001 certification.
Fine: Not a fine — but required to win enterprise AI contracts in 2026
🇸🇦ENFORCED
Saudi Arabia PDPL
ACTIVE enforcement since September 2023. SDAIA auditing proactively.
Fine: SAR 5 million (~$1.3M USD) per violation + operational suspension
🇺🇸ENFORCED
Colorado SB 21-169 (Insurance AI)
ACTIVE — Colorado Division of Insurance conducting examinations
Fine: $100,000 per violation + license suspension

🇪🇺Europe

🌎Americas

🇺🇸
Colorado AI Act
Colorado, USA
ACTIVE NOW

Colorado SB 24-205 became effective July 1, 2026. It requires developers and deployers of 'high-risk AI systems' — those...

Max fine: $20,000 perSee implementation →
🇧🇷
LGPD (BR)
Brazil
ENFORCED

Brazil's LGPD is fully enforced by the ANPD (National Data Protection Authority). With 214 million internet users and on...

Max fine: R$50 millionSee implementation →
🇺🇸
US AI Laws 2026
United States
ACTIVE NOW

Following Colorado's AI Act (effective July 1, 2026), Illinois, Texas, Virginia, and California are advancing AI-specifi...

Max fine: Varies bySee implementation →
🇺🇸
HIPAA + AI (PHI in LLMs)
United States
ENFORCED

Using OpenAI, Anthropic, or any LLM API with patient data (PHI) without a signed Business Associate Agreement (BAA) is a...

Max fine: $100 See implementation →
🇺🇸
NYC Local Law 144
New York City, USA
ENFORCED

NYC Local Law 144 requires any employer using an AI AEDT (automated employment decision tool) for NYC-based hiring to: (...

Max fine: $500 firstSee implementation →
🇺🇸
CFPB ECOA/FCRA AI Rules
United States
ENFORCED

CFPB requires lenders using AI models to provide specific, accurate adverse action notices — 'algorithmic' is not suffic...

Max fine: Up toSee implementation →
🇺🇸
Illinois BIPA (Biometrics)
Illinois, USA
ENFORCED

Illinois BIPA applies to any AI system processing biometric identifiers: facial recognition, voiceprint, fingerprint. AI...

Max fine: $1,000 perSee implementation →
🇨🇦
Canada AIDA (Bill C-27)
Canada
144d left

Canada's AIDA classifies high-impact AI systems with extensive obligations: impact assessments, registration with ISED, ...

Max fine: CAD 10MSee implementation →
🇺🇸
Colorado SB 21-169 (Insurance AI)
Colorado, USA
ENFORCED

Colorado SB 21-169 prohibits insurers from using algorithms or predictive models that unfairly discriminate based on rac...

Max fine: $100,000 perSee implementation →

🌏Asia-Pacific

🌍Africa

🌍Middle East

🌐Global

Need the drop-in code solution?

Every compliance requirement on this page has a corresponding downloadable TypeScript/Next.js package. Drop it into your codebase — no compliance consultant needed.

Browse All Developer Tools →