Prototype for internal review
Practical AI governance

AI governance, made practical for mid-market.

Most AI governance tools are built for big-tech security teams. This is built for the rest of us. Plain-language guidance and free tools for the CEOs, CFOs, and general counsel of growing companies that now have to prove AI governance to win and keep enterprise business.

See your AI governance surface Get the briefing
No InfoSec team required. Built for non-technical leaders.
Dec 2027
Provisional new date for EU AI Act high-risk duties
EU Digital Omnibus, pending adoption
24 states + DC
Have adopted NAIC AI guidance for insurers
NAIC model bulletin, 2026
63%
Of breached firms have no AI policy or are still writing one
IBM Cost of a Data Breach, 2025
Free tools

Start by seeing what a buyer already sees.

The category leaders win on free, genuinely useful tools, not gated PDFs. Here is what is live today and what is coming next.

AI Governance Surface Scan Live

See your AI governance the way an enterprise buyer or a cyber insurer does, built from your public signals only. No form to get started, no audit required.

Open a sample scan

AI Policy Grader Coming soon

Paste your AI use policy and get a scored teardown: what is strong, what is missing, and the fixes a buyer or auditor would flag first.

Readiness Assessment Live

A short diagnostic that scores your AI governance maturity, names your tier, and gives you the first moves to make. Eight questions, three minutes.

Take the assessment

AI Law Tracker Coming soon

What each new state and global AI law means for your business, in plain English, kept current so you do not have to read the statutes.

Built for your industry

The pressure looks different in every vertical.

Same wedge, different trigger. Here is what your buyers and regulators are starting to ask, by industry.

AI governance for legal

Law firms and legal departments are adopting AI fast, and clients are starting to ask how it is governed. The risk sits on privilege, client confidentiality, and where AI tools send sensitive matter data.

Do you have an AI use policy?How is privileged data protected in AI tools?Which vendors see client data?

AI governance for insurance

Insurers and brokers face the sharpest dated trigger. NAIC AI guidance is now in force across 24 states and DC, and examiners expect a documented AI governance program for underwriting, pricing, and claims.

How is AI governed in underwriting?Can you show model oversight?Is there a human in the loop?

AI governance for healthcare

Healthcare organizations hold the most sensitive data and face the most scrutiny. Partners and patients want to know how AI touches protected health information, clinical decisions, and vendor tools.

Where does AI touch PHI?Who reviews AI-assisted decisions?How are AI vendors vetted?
Accounting, coming soon
Real estate, coming soon
Architecture and construction, coming soon
Regulations

AI rules, and what they mean for your business.

You do not need to read the statutes. Here is what is changing and what to do about it, in business terms.

EU AI Act

If you have EU customers, staff, or AI in regulated areas

A provisional EU agreement would move stand-alone high-risk AI duties to December 2, 2027, and AI built into regulated products to August 2, 2028, pending formal adoption.

What to do: find out whether any of your AI counts as high-risk, and start a simple inventory now.

NAIC AI guidance (insurance)

If you underwrite or sell insurance

The NAIC model AI bulletin is adopted in 24 states plus DC and expects a documented AI governance program, not a one-time checklist.

What to do: write down how you govern AI across underwriting, pricing, and claims.

Colorado AI law

If you use AI for consequential decisions about Colorado consumers

The original Colorado AI Act was repealed and replaced by SB 26-189. The narrower automated-decision rules take effect January 1, 2027.

What to do: track which AI touches hiring, lending, insurance, or housing decisions.

ISO 42001

What buyers ask for when they want certifiable proof

The first AI management system standard, certifiable through an independent audit. It is the bar a serious governance program builds toward.

What to do: treat it as your target, and start with the controls buyers ask about most.

NIST AI RMF

The common language buyers and auditors use

A voluntary framework built on four jobs: govern, map, measure, manage. No certificate, but the vocabulary everyone else is using.

What to do: use it to organize your program and show your work.

SOC 2 and security questionnaires

If you sell to enterprise buyers

Enterprise buyers are folding AI questions into SOC 2 scopes and vendor security questionnaires. The questions arrive before the deal closes.

What to do: be ready to answer how you govern AI before the questionnaire lands.
Verified as of June 22, 2026. Dates can change. This is general information, not legal advice.
Concept roadmap

Concept roadmap for discussion.

A potential build path, not a delivery commitment. From the free tools live today toward the data and reporting that come with scale.

Available now

  • AI Governance Surface Scan
  • Plain-language explainers
  • Regulation summaries by business impact

Next

  • AI Policy Grader
  • AI Governance Readiness Assessment
  • Live AI law tracker with alerts
  • The mid-market briefing newsletter

Later

  • Auditor and insurer trust scan
  • AI tool register and inventory
  • Security questionnaire auto-answer
  • Board-ready trust reporting
  • Peer benchmarking for mid-market

The mid-market AI governance briefing

Every two weeks: what changed in AI rules and what to do about it, written for non-technical leaders. No jargon, no hype, from the Greenplaces Trust Services team.

You are on the list. This is a prototype, so nothing was sent yet.
Prototype. Email capture is not wired to a backend in this version.