Four sets of teeth, one question.

Most AI-governance maps treat manipulation as one risk among dozens. The law does not. Manipulation is behaviour regulators prohibit outright — and every regime on this page, in its own legal language, asks a company the same question: did you know what your model was doing to users, and what did you do about it?

EU AI Act — Articles 5 & 50

The EU's flagship AI law. Article 5 outright prohibits manipulative or deceptive techniques that materially distort behaviour and cause significant harm, and the exploitation of vulnerabilities of age, disability or socio-economic situation — in force since February 2025. Article 5(1)(f) also prohibits emotion recognition in workplaces and schools. Article 50 requires telling users they are talking to an AI.

What companies must do: Know whether your system's actual behaviour crosses the Article 5 line — not whether your policy says it shouldn't. Document that assessment. Disclose AI interaction.

Penalties: Up to €35M or 7% of global turnover — the Act's highest penalty tier.

California SB 243

Companion-chatbot duties, live in 2026: AI-status disclosure, self-harm protocols with crisis referral, and minor-specific safeguards.

What companies must do: Disclose AI status, implement crisis-referral protocols, add minors' safeguards — and be able to show they actually fire.

Penalties: A private right of action at $1,000 per violation — enforcement by any affected user, not just the state.

New York GBL Article 47

AI-companion safeguards, in force since late 2025: disclose that the companion is an AI, and refer users expressing self-harm to crisis services.

What companies must do: Build disclosure and crisis-referral into the product, and keep evidence that both work.

Penalties: Up to $15,000 per day.

FTC Act §5 + state attorneys general

The unfair-and-deceptive standard predates AI and already reaches manipulative design. An FTC 6(b) study of companion chatbots is underway, and multi-state AG enforcement is moving — e.g. Pennsylvania v. Character.AI.

What companies must do: Treat manipulation as a live consumer-protection exposure today — no new statute required.

Penalties: Consent decrees, civil penalties, state AG suits.

The pipeline: KIDS Act, GUARD Act, Illinois WOPR

The federal KIDS Act passed the House and awaits the Senate — not yet law. The GUARD Act (introduced) would bar minors from AI companions. Illinois already bans AI-delivered psychotherapy.

What companies must do: Track the pipeline and design for the strictest common denominator — retrofitting safeguards after enforcement is the expensive path.

Penalties: Pending — but the direction is one-way.

Every one of these asks the same question: did you know what your model was doing to vulnerable users — and what did you do about it? A dated, independent audit and a remediation log is a different answer from nothing.

Beyond the enforcement map, other major regimes point the same direction — evidence that manipulation is where AI regulation worldwide is converging, not a US–EU quirk.

China — three regulations in force

The Algorithmic Recommendation Provisions (2022) restrict algorithms that induce addiction or excessive consumption and require an opt-out of algorithmic feeds. The Deep Synthesis Provisions (2023) require labeling and consent for synthetic media. The Interim Measures for Generative AI (2023) impose content duties and minor-protection obligations on providers.

Australia — voluntary standard, mandatory direction

A Voluntary AI Safety Standard (2024) with proposed mandatory guardrails for high-risk AI; regulator guidance names manipulative design as a target.

These regimes are tracked in the framework's regulatory mapping. The enforcement map above focuses on the jurisdictions our clients sell into.

Governance asks whether your process is documented. These laws ask what your model did.

Governance platforms map processes — registries, policies, documentation. Necessary. But Article 5, SB 243 and §5 are not process rules: they prohibit behaviour. The only way to answer them is to test what your system actually does to users, turn by turn. That is the audit we built. Every red line maps to the clauses above; every finding traces to transcript evidence; the result is a dated, independent record — the difference between "we didn't know" and "we knew, and here is what we did."

Start the free self-screen → Apply for the founding cohort →