Jurisdictions
Built for real regulatory environments across three jurisdictions.
Jurisdiction
European Union
The EU AI Act establishes comprehensive, risk-based obligations for AI systems operating in European markets. Unlike general compliance frameworks, the AI Act requires product-level assessments based on use case and risk classification.
Risk-Based Classification
The EU AI Act classifies AI systems into four risk tiers: unacceptable, high, limited, and minimal. Each tier carries distinct obligations. LedgerAI maps your products to the correct tier and surfaces applicable requirements.
Why Product-Level Mapping Matters
The EU AI Act does not regulate "AI companies"-it regulates AI systems. A single organization may deploy both minimal-risk chatbots and high-risk recruitment tools. Each product needs distinct compliance tracking.
LedgerAI maintains product-specific compliance records, ensuring that obligations, controls, and evidence align with each system's regulatory classification.
Jurisdiction
United States
US AI regulation operates through a sectoral and multi-layered framework. Federal guidance (e.g., NIST AI RMF), state laws (e.g., California, Colorado), and industry-specific regulations (e.g., FCRA for credit, HIPAA for healthcare) all apply simultaneously.
Fragmented Compliance Landscape
Unlike the EU's unified framework, US organizations must navigate federal frameworks, state mandates, and vertical regulations. A healthcare AI operating in California faces: NIST guidance, California CPRA obligations, and HIPAA requirements.
Why Product-Level Mapping Matters
Because US regulation varies by sector and geography, product-level tracking is essential. A recruitment AI operating in NYC needs different controls than a customer service chatbot in Texas.
LedgerAI tracks obligations across federal, state, and sectoral requirements-mapped to each product's deployment context.
Jurisdiction
South Africa
South Africa's AI governance framework combines POPIA (Protection of Personal Information Act) data protection requirements with emerging AI-specific regulations and sectoral frameworks.
POPIA and AI Systems
POPIA establishes data protection obligations that apply to AI systems processing personal information. Automated decision-making, profiling, and data minimization requirements all impact AI product design and operation.
Emerging AI Governance
South Africa is developing AI-specific governance frameworks. The Presidential Commission on the Fourth Industrial Revolution and sector-specific regulations (e.g., financial services) are establishing product-level compliance expectations.
Why Product-Level Mapping Matters
South African AI compliance requires understanding which products process personal information, how automated decisions are made, and what sector-specific rules apply. Generic company-level policies do not address product-specific obligations.
LedgerAI maps South African requirements to individual AI products, tracking POPIA obligations alongside emerging AI-specific frameworks.
Cross-Border Compliance
Operating Across Jurisdictions
Most AI products operate in multiple markets. A single chatbot may serve EU, US, and South African users-facing distinct obligations in each jurisdiction.
LedgerAI tracks jurisdiction-specific obligations for each product. You don't maintain three separate compliance systems-you maintain one system with jurisdiction-aware mappings.
When a product changes markets, LedgerAI updates applicable obligations. When regulations change in one jurisdiction, only affected products are flagged.