Regulatory Intelligence
IRIS tracks AI law changes that affect your agents — including Colorado SB 26-189 updates — and tells you when your compliance posture needs attention.
Check for updates
iris regulatory check --framework colorado-ai-act
Compares bundled regulatory knowledge against your active frameworks and flags changes that may require policy or assessment updates.
List tracked frameworks
CI-friendly watch mode
iris regulatory watch --fail-on-change
Exit non-zero when regulatory changes affect your agents — useful in scheduled CI jobs.
History and apply
iris regulatory apply --update-id <id>
Colorado AI Act (SB 26-189): Effective January 1, 2027. IRIS bundles track obligation changes so iris regulatory check surfaces what matters for your registered agents.
California CCPA/CPRA ADMT: Regulations effective January 1, 2026. Significant-decision ADMT requirements from January 1, 2027. Risk assessment filing due April 1, 2028. Bundle ID: ccpa-admt.
China PIPL: In effect since November 1, 2021. Compliance Audit Management Measures effective May 1, 2025. Bundle ID: china-pipl. Cross-border transfer restrictions are among the strictest globally — involve China counsel.
HIPAA 2025 NPRM: Proposed Security Rule update (January 2025) explicitly requires AI tools in risk analysis. Section 1557 non-discrimination for AI in patient care effective May 1, 2025.
NYC Local Law 144 (AEDTs): Effective July 5, 2023. DCWP is actively fining HR tech companies — $375–$1,500 per violation per day. Requires annual independent bias audit, public disclosure, and candidate notice before AEDT use. Bundle ID: nyc-ll144. Run iris regulatory check --framework nyc-ll144.
Illinois AI Video Interview Act: Effective January 1, 2020 (820 ILCS 42). First US state law regulating AI video interviews. Consent before recording is the most enforced provision. Bundle ID: illinois-ai-video. Run iris regulatory check --framework illinois-ai-video.
AIUC-1: Voluntary third-party certifiable standard for AI agents (Schellman is the first accredited auditor). IRIS tracks AIUC-1 control updates and surfaces changes that affect evidence export mappings. Bundle ID: aiuc-1. Run iris regulatory check --framework aiuc-1 quarterly — AIUC-1 publishes changelog updates that may affect B006 sub-control evidence requirements.
ISO/IEC 42001:2023: IRIS's ISO 42001 mapping is derived from AIUC-1's published crosswalk (dated 2025-09-18), not independent ISO interpretation. When AIUC-1 updates its crosswalk, ISO coverage tiers may shift. Bundle ID: iso-42001. Run iris regulatory check --framework iso-42001 to verify the crosswalk is still current — IRIS warns if the crosswalk is older than 100 days.