Free tool · 12 questions · No signup
AI Compliance Readiness Assessment
Score your AI compliance posture across HIPAA, FINRA, GLBA, GDPR, UAE PDPL, DIFC DPL, CCPA, and NIST AI RMF. Mapped to the controls auditors actually check.
1. Do you have a written AI governance policy?
Frameworks impacted: NIST AI RMF, HIPAA, FINRA
2. Is every AI-generated output logged with model version + prompt fingerprint?
Frameworks impacted: FINRA, HIPAA, GLBA, NIST AI RMF
3. Have you signed BAAs with all AI model providers touching PHI?
Frameworks impacted: HIPAA
4. Do you have a documented Schrems II Transfer Impact Assessment for EU data?
Frameworks impacted: GDPR
5. Is your audit log retained ≥ 6 years for healthcare or ≥ 3 years for financial?
Frameworks impacted: HIPAA, FINRA
6. Do you honor GPC (Global Privacy Control) opt-out signals at the retrieval layer?
Frameworks impacted: CCPA
7. Have you executed a DPA aligned with UAE PDPL Federal Decree-Law 45/2021?
Frameworks impacted: UAE PDPL
8. DIFC-registered? Do you have an Article 35 (automated decision-making) disclosure?
Frameworks impacted: DIFC DPL
9. Do you run fairness testing (4/5 rule) on AI outcomes affecting customers?
Frameworks impacted: NIST AI RMF, FINRA
10. Is there a named accountable individual per AI decision class?
Frameworks impacted: NIST AI RMF, FINRA, HIPAA
11. Can you replay any AI inference call (input, model, output) on 6-month-old data?
Frameworks impacted: FINRA, GLBA, HIPAA
12. Does your reviewer queue document why escalations were triggered?
Frameworks impacted: NIST AI RMF
Compliance readiness score
0
High risk
Quick facts
- HIPAA retention minimum: 6 years for any record touching PHI.
- FINRA Rule 4511 retention: 3 years general, 6 years for some communications.
- UAE PDPL breach window: 72 hours (Federal Decree-Law 45 of 2021).
- DIFC DPL Article 35: mandatory disclosure for high-risk automated decisions.
- CCPA right-to-deletion: 45-day statutory response window.
Get a custom compliance gap report
Book a 30-min Discovery call. We'll map your AI workflows against the frameworks that apply to your sector and identify the highest-leverage gap to close first.