← All posts

Industry Verticals

30 posts on industry verticals.

B2B SaaS with AI Features: How Enterprise Security Reviews Now Block the Deal

B2B SaaS vendors that added AI features in the last twelve months are now meeting an enterprise security review process that did not exist when the product was scoped. Buyers ask about identity context at the model API call, per-decision audit records, prompt-level data classification, and the deployment regime under the EU AI Act. Sales cycles stall on questions the engineering team did not anticipate. This piece walks through what enterprise security reviews now ask of SaaS-with-AI vendors, where most product architectures are exposed, and the inspection layer that closes the gap before procurement does.

b2b-saasai-compliancesecurity-revieweu-ai-actenterpriseaudit
Read post →

EU AI Act for Healthcare: What Articles 6, 12, and Annex III Require of Hospital AI Deployments

EU AI Act high-risk classification applies to several healthcare AI use cases including AI as a safety component of medical devices under Article 6(1) and the Annex III categories covering access to essential services, biometric categorization, and emergency triage. From August 2, 2026, hospitals deploying these AI systems take on deployer obligations under Article 26 and have to support providers in meeting Articles 8 through 17. The Medical Device Regulation and the EU AI Act layer for software-as-a-medical-device. The architecture that satisfies the high-risk regime is per-decision audit records that capture identity, data class, policy state, and decision outcome on the hospital side.

healthcareeu-ai-actmedical-devicesmdrai-compliancehospital-ai
Read post →

AI-Assisted SOAP Notes Under HIPAA: What the Audit Trail Has To Show

Clinicians using generative AI to draft SOAP notes from ambient recordings of patient encounters trigger the HIPAA Security Rule the moment PHI enters the prompt. The audit controls expectation under 45 CFR 164.312(b), the access control expectation under 164.312(a), and the transmission security expectation under 164.312(e) all attach. Vendor BAAs cover the vendor side; the covered entity has to produce its own evidence on its own side of the API. This piece walks through the architecture that satisfies the Security Rule for ambient-AI scribe workflows.

healthcarehipaasoap-notesai-scribephi-redactionaudit-controls
Read post →

Public Sector AI Compliance: OMB M-24-10, NIST AI RMF, and the State AI Laws That Apply to Agencies

OMB Memorandum M-24-10, issued March 28, 2024, set the AI governance baseline for federal civilian agencies including risk management for rights-impacting and safety-impacting AI, a Chief AI Officer designation, and public inventories of AI use cases. The Office of Personnel Management AI guidance, the Department of Homeland Security AI framework, and DOD Responsible AI Strategy add agency-specific obligations. The NIST AI Risk Management Framework provides the technical baseline. State-level laws including Colorado SB 24-205, Connecticut SB 2, and California AB 2930 add overlays on state-agency and state-contractor AI. The architecture that supports the OMB-required risk management has the same shape as private-sector high-risk AI compliance.

governmentpublic-sectorai-complianceomb-m-24-10nist-ai-rmffedramp
Read post →

Law Firm ChatGPT Confidentiality: ABA Opinion 512 and the Architecture Privilege Survives

ABA Formal Opinion 512, issued July 29, 2024, sets the duty of competence, confidentiality, and supervision standards for lawyers using generative AI tools. Model Rule 1.6 confidentiality, Rule 1.1 competence, and Rule 5.3 supervision of nonlawyer assistance all attach to AI workflows that touch client information. State bar opinions from California, Florida, New York, and Pennsylvania add jurisdiction-specific overlays. The architecture that supports a defensible position under examination is per-decision audit records that show what client data the AI received and what the firm did with the output.

legallaw-firmai-complianceaba-opinion-512confidentialityprivilege
Read post →

Insurance AI Pricing Under the EU AI Act and NAIC Bulletin: The High-Risk Architecture

Life and health insurance pricing using AI is classified as high-risk under EU AI Act Annex III point 5(c). The NAIC Model Bulletin on the Use of AI Systems by Insurers adopted in December 2023 has been incorporated by twenty-five US state insurance regulators as of 2025. Colorado SB21-169 sets concrete obligations for life insurers using external consumer data. The combined regime requires per-decision audit records, governance documentation, third-party risk management, and demonstrable testing for unfair discrimination across protected classes.

insuranceai-complianceeu-ai-actnaicaudithigh-risk-ai
Read post →