This week’s biggest compliance signal is in the US, where the FTC doubled down on AI claims enforcement with actions and inquiries targeting facial recognition, accuracy claims, deceptive AI marketing, and chatbot safety. In California, several bills moved forward on employment AI, utility infrastructure AI, social media AI models, and healthcare AI, with hearings set for May 4 on the most operationally sensitive proposals. Internationally, ISO/IEC 42001:2023 is now the key AI management systems baseline, while NIST refreshed its AI RMF hub and companion materials, reinforcing the need to keep governance programs aligned to current implementation guidance.
US Federal & State Regulation
FTC escalates AI bias claims enforcement
The FTC alleged that IntelliVision falsely claimed its facial-recognition software was unbiased. The agency’s action shows that AI fairness, bias, and accuracy representations are now squarely in enforcement scope when they are not properly substantiated.
Why it matters: Teams marketing model performance or non-discrimination claims need evidence files, legal review, and documented testing before those claims go public. Weak substantiation now creates direct FTC risk, not just reputational exposure.
Read source →FTC targets deceptive AI claims and schemes
The FTC’s Operation AI Comply sweep highlights deceptive AI claims, scams, and unfair practices as an active enforcement priority. The initiative signals sustained scrutiny of how AI tools are advertised and sold.
Why it matters: Compliance teams should review product pages, demos, testimonials, and marketing language for deception risk. This is a prompt to tighten claims governance and preserve remediation records if statements need to be corrected.
Read source →FTC finalizes Workado order on accuracy claims
The FTC finalized an order against Workado for misrepresenting the accuracy of its AI content-detection product. The order reinforces that unsupported performance claims are an enforcement issue, not a marketing issue.
Why it matters: Any team publishing AI accuracy metrics should have competent and reliable evidence ready before launch. Legal and compliance review should be mandatory for externally facing performance claims.
Read source →FTC probes child-safety controls in companion chatbots
The FTC issued 6(b) orders to seven AI chatbot companies to examine testing, monitoring, and harm mitigation for children and teens. This is an investigative step, but it shows the agency is focusing on consumer AI safety controls and age-related risks.
Why it matters: Consumer AI providers should be ready to show how they test, monitor, and escalate harms, especially for younger users. Child-safety disclosures, red-teaming records, and moderation procedures may now be examined very closely.
Read source →California advances employment AI bill
California SB 947 was set for hearing on May 4, 2026. The bill would target automated decision systems in employment, so hiring and HR teams should expect possible new compliance obligations.
Why it matters: Employers using AI in recruiting or employment decisions should inventory systems now and check bias testing, notice, and human-review controls. The hearing date makes this a near-term policy risk, not a distant watch item.
Read source →NIST AI RMF
California utility AI safety bill heads to hearing
California SB 1011 was set for hearing on May 4, 2026. The proposal would cover utility infrastructure AI safety, oversight, and workforce protection, making it relevant to critical infrastructure operators using AI.
Why it matters: Utilities and critical infrastructure teams should inventory AI use in operational workflows and test safety, resilience, and workforce-impact controls. The bill could drive regulator-facing evidence requests and new operational obligations.
Read source →California AI labor-impact reporting bill advances
California AB 2545 moved out of committee on April 16 and was re-referred to Appropriations on April 20, 2026. The bill points toward possible reporting obligations tied to AI’s labor-market impact.
Why it matters: Employers may need workforce data and internal reporting processes if the bill progresses. Compliance teams should watch whether it creates disclosure duties that require ongoing data collection.
Read source →California social media AI bill amended
California AB 2169 was read a second time and amended on April 23, 2026. The bill continues legislative attention on artificial intelligence models used by social media platforms.
Why it matters: Platforms should monitor the amended text for obligations around content moderation, recommendation systems, or model governance. This is a sign that AI-specific platform regulation remains active in California.
Read source →NIST refreshes AI RMF hub and resources
NIST updated its AI RMF hub to reflect the April 7, 2026 critical infrastructure concept note. The hub remains the canonical entry point for current AI RMF materials, including companion resources.
Why it matters: Governance teams should keep internal AI risk references aligned with the latest NIST postings. This matters for control mapping and for showing that your program tracks current framework materials.
Read source →NIST adds GenAI profile for AI RMF
NIST’s generative AI profile provides a formal extension of the AI RMF for generative AI deployments. It is a published implementation reference for mapping GenAI risks, controls, and residual issues.
Why it matters: Organizations using GenAI should map use cases to this profile and update testing, monitoring, procurement, and incident response workflows. It gives compliance teams a concrete way to evidence GenAI-specific governance.
Read source →ISO Standards
ISO/IEC 42001:2023 becomes AI governance baseline
ISO/IEC 42001:2023 is now published as the first AI management system standard. It gives organizations a formal baseline for AI governance, audit readiness, and potential certification.
Why it matters: Companies developing or using AI should treat this as the benchmark for roles, responsibilities, evidence, and continual improvement. It also creates a practical mapping point for security, privacy, and quality programs.
Read source →ISO opens guidance work for 42001 implementation
ISO has opened work on implementation guidance for ISO/IEC 42001. The work item suggests future detail on competency and operational expectations for AI management systems.
Why it matters: Teams already aligning to 42001 should expect more specific implementation guidance and possibly new training expectations for governance roles. This is worth tracking if you are building an AI certification or assurance program.
Read source →Other jurisdictions / frameworks
NIST AI program page consolidates ongoing resources
NIST’s ITL AI Program page now serves as a consolidated watchpoint for ongoing AI work and related resources. The page is informational rather than binding, but it helps teams track new AI RMF-adjacent publications and webinars.
Why it matters: Compliance teams can use it as a standing monitor for future framework updates and implementation material. That lowers the risk of missing a resource that later becomes relevant to governance or audit practice.
Read source →NIST AI RMF development page records lessons learned
NIST’s AI RMF development page documents the framework’s release history and lessons-learned process. It is mainly background material for understanding how the framework may evolve.
Why it matters: This is useful for governance documentation and crosswalks that need to cite the current AI RMF version. It also gives teams a place to watch for future changes that could require control updates.
Read source →AI RMF playbook remains key implementation companion
NIST’s AI RMF Playbook remains an implementation companion to the framework. It translates framework concepts into operational controls and governance workflows.
Why it matters: Teams can use it to design controls, training, and documentation that stand up in audits or internal reviews. It is especially useful for organizations trying to operationalize AI risk management without starting from scratch.
Read source →Federal appropriations law enacted
Congress enacted the Consolidated Appropriations Act, 2026, but the source material does not identify an AI-specific change. It remains a broader enacted law status item rather than a direct AI obligation.
Why it matters: Compliance teams should still watch for AI-related riders or downstream agency guidance that could affect oversight or enforcement capacity. For now, there is no identified AI compliance action item in the source.
Read source →State court docket may become AI-relevant
Kevin Kulak v. Itshak On is listed as a state court matter, but the source material provides no substantive AI holding. It is best treated as a placeholder watch item until a merits decision appears.
Why it matters: Do not treat the listing as a compliance change yet, but monitor the docket for AI evidence or liability issues. If a ruling develops, it could become relevant to litigation and risk theories.
Read source →On Our Radar
May 4 California hearings: SB 947 and SB 1011 are both set for hearing on May 4, making this the most immediate state-level AI policy date to watch.
FTC AI claims enforcement: The FTC’s recent actions and inquiries show a clear focus on AI marketing, bias claims, and consumer safety. Expect legal and compliance reviews of product claims to become more stringent.
ISO 42001 adoption: With ISO/IEC 42001:2023 now published, organizations using or selling AI should decide whether to align, certify, or map controls to it in their assurance programs.
GenAI control mapping: NIST’s generative AI profile gives teams a practical way to document GenAI-specific risks and controls. It is a strong candidate for updating governance, procurement, and incident response playbooks.