It’s very state-by-state, and that leaves a lot of interpretation open for companies. It would be more prudent for businesses to take a proactive approach—evaluate which standards apply across all the regions they operate in, and build policy around those.
As Europe sets sweeping mandates for AI and data privacy, U.S. companies remain tangled in a fractured, state-by-state compliance mess—one that leaves businesses exposed and often unprepared for risks. High costs and entrenched inefficiencies remain barriers to companies wanting to improve their regulatory measures. But AI holds the potential to cut through the bulk and deliver needed solutions.
Patrick Jacolenne, CEO of Datalogiq 360 and Founder of CoComply, sees firsthand how AI could shape-shift compliance.
State by state: "We’re typically lagging compared to other regions," Jacolenne says. "Take the EU—they’ve adopted overarching mandates like the EU AI Act, while here in the U.S., we leave it up to the states. Even with something as critical as data privacy, we’re still piecing it together one state at a time." Jacolenne's companies provide AI-powered solutions for data governance, certification, and data management. Keeping up-to-date on each state's requirements (and more importantly, effectively educating customers) is a challenge.
California’s Consumer Privacy Act (CCPA) is one prominent example, but it only applies to companies operating in or serving California residents. That, Jacolenne argues, creates room for dangerous interpretations. "It’s very state-by-state, and that leaves a lot of interpretation open for companies," he explains. "It would be more prudent for businesses to take a proactive approach—evaluate which standards apply across all the regions they operate in, and build policy around those."
Adapting to the EU: With many North American companies operating globally, Jacolenne advocates for adopting international best practices like the GDPR or the EU AI Act—even if the business isn’t strictly required to. "If you’re a North American company, why not apply the same standards here that you would in Europe?" he says. "Start with strong internal policies to monitor and govern your data. That kind of proactivity is what sets resilient companies apart."
Most companies avoid investing in compliance because it’s expensive. But, AI and innovation as a whole could play a role where they deliver economies of scale and efficiencies in-house.
Just one report: But the barrier to action isn’t just regulatory confusion—it’s cost. In financial services, especially among community banks, compliance can be a heavy burden. "On average, a single regulatory report costs a bank $10,000 to $12,000 to produce, just based on labor," Jacolenne says. "And that’s just one report."
Breaking down the math: Depending on the size of the bank, six to twenty different agencies might request information, resulting in a staggering twelve to fifty reports each month. Each report demands data validation and compliance checks—tasks that consume thousands of man-hours. "The bulk of that time is spent validating data," Jacolenne explains. "That’s where AI and innovation come in. Let’s say we analyze 50 loans. We find that 49 meet all regulatory criteria and one doesn’t. Instead of reviewing all 50 manually, now you just need an expert to look at one."
Economies of scale: Jacolenne believes AI can deliver real efficiencies by streamlining the most labor-intensive parts of compliance, allowing companies to shift from reactive to proactive without blowing budgets. "Most companies avoid investing in compliance because it’s expensive. But, AI and innovation as a whole could play a role where they deliver economies of scale and efficiencies in-house."
