Here’s a number that should get your attention: 1.2 seconds. That’s how long an AI algorithm at Cigna spent reviewing each medical claim before approving or denying it. In just two months, this system processed over 300,000 claims at lightning speed.
Efficient? Absolutely.
Legal? That’s now the subject of multiple lawsuits, and it’s just one example of how AI governance failures are costing companies billions in settlements, legal fees, and destroyed reputations.
If you’re running a manufacturing company, distribution operation, or any business deploying AI systems right now, you’re navigating a regulatory landscape that’s evolving faster than your AI models can learn. And unlike your algorithms, ignorance of these compliance requirements won’t improve with more data. It’ll just get more expensive.
The Regulatory Reality No One’s Talking About
Let’s address the elephant in the boardroom: there’s no comprehensive federal AI law in the United States. Yet.
What we have instead is something far more challenging: a patchwork of state regulations, industry-specific requirements, and international frameworks that vary wildly depending on where you operate and what your AI actually does.
The EU AI Act took effect in stages throughout 2025, creating the world’s first comprehensive AI regulatory framework. It classifies AI systems by risk level. High-risk applications in employment, credit decisions, and critical infrastructure face strict compliance requirements, including mandatory risk assessments, human oversight, and detailed documentation.
If you’re doing business in Europe or with European companies, you’re already subject to these rules, whether you know it or not.
Meanwhile, Colorado enacted the nation’s first comprehensive state AI law, requiring developers and deployers of “high-risk” AI systems to implement reasonable care standards and provide detailed impact assessments. California followed with multiple AI regulations taking effect in 2025 and 2026, covering a range of areas, including automated hiring decisions and healthcare communications.
And that’s just the beginning. Thirty-eight states have enacted roughly 100 AI-related laws, with more coming.
Here’s what keeps me up at night on behalf of my clients: most business leaders I talk to don’t even know which of their systems qualify as “high-risk AI” under these various frameworks. They’re using AI for quality control, demand forecasting, supplier evaluation, and pricing decisions without realizing that each of these applications might trigger different compliance obligations depending on the jurisdiction.
When AI Governance Goes Wrong: Real Consequences
Meta learned this lesson the hard way, settling with Texas for $1.4 billion. That’s the largest privacy-related payout ever obtained by a single state. The issue? Their facial recognition feature automatically identifies people in photos without explicit consent, violating Texas’s biometric privacy laws.
That’s $1.4 billion for a feature many users didn’t even know was analyzing their faces.
The health insurance cases are even more troubling. When an AI system is making life-or-death decisions about medical claims in 1.2 seconds per case, we’ve crossed a line from efficiency into recklessness. UnitedHealth, Cigna, and Humana are all facing lawsuits over AI-driven claim denials, with plaintiffs arguing that rapid-fire algorithmic rejections lack basic due diligence.
In some cases, patients were discharged early based on AI recommendations and later died. These aren’t just compliance failures. They’re human tragedies wrapped in legal liability.
And it’s not just tech giants and insurers. Manufacturing companies using AI for hiring decisions, pricing algorithms, or quality assessments face similar risks. If your AI system exhibits bias in employment decisions, you’re not just violating new AI regulations. You’re potentially violating decades-old civil rights laws that now have teeth in the AI era.
Understanding AI Compliance Requirements: What Actually Matters
The core of most AI regulations centers on three fundamental principles: transparency, accountability, and fairness. Let me break down what this means in practice for your business.
Data Privacy and AI Training
Every AI system learns from data, and that’s where the first compliance challenge emerges. The General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and newer regulations explicitly cover AI-generated and AI-processed personal information.
Suppose your AI training data includes customer information, employee records, or any personal data. In that case, you need explicit consent frameworks, data minimization practices, and clear documentation of what data you’re using and why.
California’s amended Consumer Privacy Act now clarifies that personal information exists in various formats, including AI-generated data. This isn’t theoretical. Companies are facing lawsuits for using customer data to train AI models without proper consent, even when that data came from seemingly innocuous sources like customer service chats or website interactions.
Algorithmic Bias and Fairness Testing
This is where most companies are flying blind. Your AI system might be perpetuating discriminatory patterns you’d never consciously choose, simply because it learned from historical data that embedded societal biases. The Colorado AI Act and similar state laws now require regular bias testing for high-risk AI applications, particularly in hiring, housing, credit, and healthcare decisions.
But here’s the challenge: bias testing isn’t a one-time checkbox exercise. As your AI models evolve with new data, new biases can emerge. You need continuous monitoring systems that flag when your AI’s decisions start skewing in ways that could indicate discriminatory patterns.
Transparency and Explainability
Regulators increasingly demand that companies explain how their AI systems make decisions. The “black box” defense (claiming your AI is too complex to explain) won’t protect you in court or during regulatory investigations.
The National Institute of Standards and Technology (NIST) AI Risk Management Framework, now referenced by multiple state laws, requires organizations to maintain detailed documentation of model development, training data sources, and decision-making logic.
For manufacturing and distribution companies, this gets practical quickly. If your AI recommends rejecting a supplier or flagging a quality issue, can you explain why? If your pricing algorithm adjusts rates for certain customer segments, can you demonstrate the decision wasn’t discriminatory?
These aren’t philosophical questions. They’re legal requirements with significant penalties for non-compliance.
Building Your AI Governance Framework: Beyond Checkbox Compliance
Here’s where most compliance approaches fail: they treat AI governance as a paperwork exercise rather than a strategic imperative. The companies that are getting this right aren’t just checking regulatory boxes. They’re building comprehensive frameworks that make AI a competitive advantage rather than a liability time bomb.
Establish Clear Accountability
Every AI system in your organization needs an owner. Someone responsible for its compliance, performance, and risk profile. This isn’t your Information Technology (IT) department’s job alone. Your AI governance committee should include representatives from legal, operations, Human Resources (HR), and executive leadership.
When things go wrong (and eventually, something will), you need clear lines of accountability and decision-making authority.
Implement Continuous Monitoring
AI systems aren’t static. They evolve with new data, model updates, and changing operating environments. Your compliance approach must evolve with them.
Set up automated alerts for performance anomalies, bias indicators, and regulatory triggers. Many companies discover compliance issues only when regulators come knocking. By then, you’re playing defense with one hand tied behind your back.
Conduct Regular Risk Assessments
Map your AI systems against current regulatory requirements, but don’t stop there. Anticipate where regulations are heading. If you’re using AI in hiring, pricing, or credit decisions, expect increasing scrutiny. If you’re processing biometric data (including voice recordings), prepare for stringent consent and security requirements.
Risk assessment isn’t about paranoia. It’s about being prepared.
Document Everything
In AI litigation and regulatory investigations, documentation is your first line of defense. Maintain detailed records of your AI development processes, training data sources, bias testing results, and decision-making protocols.
When someone challenges your AI system’s decision, comprehensive documentation can mean the difference between a quick resolution and years of expensive litigation.
Human Oversight Protocols
One lesson from the healthcare AI failures is clear: some decisions are too important for algorithms alone. Define explicit thresholds for when human review is mandatory. This isn’t about distrusting your AI. It’s about recognizing that AI systems, no matter how sophisticated, lack the contextual judgment and ethical reasoning that complex decisions require.
The Insurance Gap You Probably Don’t Know About
Here’s something most companies discover too late: your traditional liability insurance probably doesn’t cover AI-related claims. Insurers are developing AI-specific liability policies precisely because standard coverage was never designed for algorithmic decision-making, data privacy violations, or AI-driven negligence.
Talk to your insurance broker about AI coverage before you need it. These policies are evolving rapidly, and early adopters are securing better terms than companies scrambling for coverage after an incident.
Your Competitive Advantage in Disguise
I’ll leave you with a perspective shift: AI compliance isn’t just about avoiding penalties. It’s about building trust.
Your customers, employees, and partners are increasingly aware of AI’s role in business decisions. Companies that can demonstrate responsible AI practices, transparent decision-making, and genuine accountability will differentiate themselves in crowded markets.
The manufacturers and distributors who embrace AI governance proactively aren’t just protecting themselves from regulatory risk. They’re positioning themselves as trustworthy partners in an age of algorithmic anxiety. That’s worth more than any marketing campaign.
The question isn’t whether AI regulations will affect your business. They already do. The question is whether you’ll lead with proactive governance or react to expensive wake-up calls. Based on 30 years of watching companies navigate transformative change, I can tell you which approach builds sustainable competitive advantage.
Geoff Marlow brings three decades of strategic leadership experience, helping manufacturing and distribution companies navigate complex business challenges. Contact Marlow Advisory Group to discuss AI governance frameworks tailored to your industry and risk profile.
