Kensink Labs
ComplianceDirect LLM · compliance-awareProduction grade
FINE-TUNING · COMPLIANCE

Fine-tuning compliance, region by region. Every law that bites a tuned LLM.

Fine-tuning is a compliance event, not just an engineering one. It shifts liability allocation, triggers new disclosures, and in the EU can flip a deployer into a provider with full GPAI obligations. We name the laws, the dated deadlines, and the 20 controls that keep an enterprise fine-tune defensible in audit.

EU AI ActGDPRISO 42001NIST AI RMFFedRAMPHIPAA
Start a conversation →Fine-tuning hub →
Regions covered
14 (US, EU, UK, CA, IN, SG, ME, APAC, LATAM, AFR)
Headline laws
EU AI Act, GDPR, AB 2013, Colorado AI Act, DPDP, China GenAI
Frameworks
NIST AI RMF, ISO 42001, OECD, G7 HAIP
Default certification
ISO/IEC 42001:2023
[THE SUBSTANTIAL-MODIFICATION TRAPDOOR]

The single Article that turns a deployer into a provider.

EU AI Act Article 25: a deployer becomes a provider when they (a) put their name or trademark on a high-risk system, (b) make a substantial modification that keeps it high-risk, or (c) modify intended purpose so the system becomes high-risk. For GPAI, the Commission's July 2025 Guidelines set 'significant modification' at one-third of the upstream training compute. Most enterprise LoRA fine-tunes are nowhere near that threshold, but rebranding alone flips you. We run the assessment in week one. It is the cheapest control on this page.

[THE 2026 REGULATORY CALENDAR]

Eleven dated deadlines worth tracking.

From California AB 2013 (training-data summary, January 2026) to the EU AI Act full enforcement (August 2027). Each row is dated, each is sourced, each is on our re-validation cycle.

Date
Law
What it requires
Region
Jan 2026
California AB 2013
Public training-data summary for any GenAI released since Jan 1 2022 serving CA users
US (CA)
Jan 2026
California SB 53
Frontier AI Frameworks public, critical-incident reporting to OES (>10^26 FLOPs)
US (CA)
Jan 2026
Illinois HB 3773
Employment AI discrimination ban with notice and disclosure
US (IL)
Jan 2026
South Korea AI Basic Act
High-impact AI obligations, mandatory GenAI output labelling
Korea
Jun 2026
Colorado AI Act (SB 24-205)
High-risk AI impact assessments, risk management policy, consumer notice
US (CO)
Aug 2026
EU AI Act high-risk
Annex III obligations + Article 50 output marking + GPAI penalties enforceable
EU
Aug 2026
California SB 942
Free public detection tool + C2PA provenance metadata on covered outputs
US (CA)
Dec 2026
Australia Privacy Act APP 1.7-1.9
Privacy policy disclosure for substantially automated decisions
Australia
May 2027
Canada OSFI E-23
Model risk management expanded to all FRFIs including GenAI
Canada
May 2027
India DPDP Rules
Consent, breach notification, erasure, DPO for Significant Data Fiduciaries
India
Aug 2027
EU AI Act (full)
All Articles in force, pre-existing GPAI models must comply
EU
[POSTURE BY REGION]

What an enterprise must have, by jurisdiction.

Fourteen regions, the headline law, and the controls that actually bite for a fine-tuned LLM. Where a law is in flux (Brazil PL 2338, Canada AIDA replacement), we flag the status.

Fourteen regions, the headline law, the controls that bite.

Where a law is in flux (Brazil PL 2338, Canada AIDA replacement), the status is flagged.

Region
Headline law
Must-have for fine-tuners
EU
AI Act 2024/1689Article 25 substantial-modification assessment, Annex IV technical doc, training-data public summary (GPAI), Article 50 output marking, GDPR Art 35 DPIA, EDPB Opinion 28/2024 anonymity assessment, ISO 42001 increasingly required
US (federal)
NIST AI RMF + sectoralNIST AI RMF + Gen AI Profile (600-1) alignment, FedRAMP if government sales, sectoral (HIPAA / FDA / SEC / FINRA), SOC 2 Type II
US (CA)
AB 2013 + SB 53 + SB 942Training-data public summary (Jan 2026), Frontier Framework + incident reporting if >10^26 FLOPs (Jan 2026), detection tool + C2PA provenance (Aug 2026)
US (CO + NY + IL)
Colorado AI Act + NYC LL144 + IL HB 3773High-risk AI impact assessment + risk policy + consumer notice (CO, Jun 2026), annual bias audit + LL144 candidate notice (NYC), AI employment notice (IL, Jan 2026)
UK
ICO AI guidance + PRA SS1/23ICO AI + ADM compliance + DPIA, PRA SS1/23 model risk for finance, AISI Inspect for frontier deployments, sectoral regulator engagement
Canada
PIPEDA + Quebec Law 25 + OSFI E-23PIPEDA + Quebec ADM notice and human review, ISED Voluntary Code (if signatory), OSFI E-23 for FRFIs (May 2027)
India
DPDP Act + MeitYDPDP consent + notice framework (May 2027), MeitY synthetic-media labelling, sectoral RBI and SEBI MRM guidance
Singapore
PDPA + GenAI Governance FrameworkPDPA AI advisory alignment, Model AI Governance Framework adoption, AI Verify testing, MAS Veritas for finance
UAE + KSA
PDPL + SDAIA GuidelinesRegional PDPL compliance, SDAIA AI Ethics + GenAI Guidelines, ISO 42001 increasingly required for government tenders
China
GenAI Measures + Algorithm FilingCAC algorithm filing + GenAI security assessment (public-facing), real-name auth, output labelling, training-data lawfulness review
Japan
APPI + AI Promotion ActAPPI compliance, AI Promotion Act cooperation, METI Guidelines for Business adherence
Korea
PIPA + AI Basic ActPIPA compliance, AI Basic Act high-impact obligations (Jan 2026), mandatory GenAI output labelling
Australia
Privacy Act + AI Safety StandardAPP 1.7-1.9 ADM transparency (Dec 2026), Voluntary AI Safety Standard guardrails, OAIC GenAI guidance
Brazil
LGPD + PL 2338 (pending)LGPD compliance, ANPD AI guidance, PL 2338 readiness (Senate-approved, Chamber pending)
[VERTICAL OVERLAYS]

Industry layers stack on top of horizontal laws.

Healthcare, finance, public sector + defense, critical infrastructure. The four verticals where a fine-tune draws the most distinct compliance burden across regions.

Industry layers on top of horizontal laws.

The four verticals where a fine-tuned LLM draws the most distinct compliance burden across regions.

Vertical
US
EU
UK
Asia
Healthcare
HIPAA + FDA AI/ML SaMD + PCCP + ONC HTI-1 + stateMDR/IVDR + GDPR Art 9 + AI Act high-risk Annex IIIMHRA SaMD + UK GDPRLocal health data laws, DPDP health-data consent (IN), PDPA (SG)
Finance
SEC/FINRA supervision + sectoral MRM + state lawsDORA + MiFID II + AI Act Annex III (credit scoring, insurance)PRA SS1/23 + FCA Mills ReviewMAS FEAT + Veritas (SG), RBI + SEBI (IN), JFSA (JP), FSC (KR)
Public + defense
FedRAMP Mod/High + DoD IL4/5/6 + ITAR/EAR + NIST AI RMFAI Act limited defense exemption + GDPROSA + DSIT Blueprint + AISI evaluationsSovereign cloud + national procurement laws
Critical infrastructure
CIRCIA + NIST CSF 2.0 + sectoral (NERC CIP, TSA)NIS2 + Cyber Resilience Act + AI Act high-riskNIS Regulations 2018 (as amended)Critical Information Infrastructure laws (SG, IN)
[THE 20-CONTROL CHECKLIST]

The controls we put on every enterprise fine-tune.

Each is grounded in an actual law or framework citation. We ship a customised version with every engagement; this is the base list.

01

Article 25 substantial-modification assessment

Compute ratio (tuning compute / upstream compute), intended-use diff, risk-profile diff. Written conclusion on provider/deployer status under EU AI Act Article 25.

02

EU AI Act training data summary

Populated using the AI Office template (July 24, 2025) for any GPAI-class model.

03

California AB 2013 training-data disclosure

Public-website disclosure for any GenAI released since January 1, 2022 serving California users.

04

Model card per OECD format

Intended use, training and tuning data summary, evaluation results, known limitations, copyright posture.

05

System card per Anthropic / OpenAI patterns

End-to-end deployment context, guardrails, incident channels.

06

DPIA per GDPR Article 35

Mandatory if processing involves systematic and extensive evaluation, large-scale special category data, or large-scale monitoring.

07

EDPB Opinion 28/2024 anonymity assessment

Documented 'negligible probability' analysis or fall back to lawful basis under Article 6 (typically legitimate interest with three-part balancing test).

08

Right-to-erasure procedure

Documented Article 17 handling, with Article 17(3) proportionality memo where unlearning is infeasible. Plan periodic retrain on cleaned corpus.

09

Dataset provenance manifest

Per dataset: source, acquisition method, licensing, PII flag, copyright posture, robots.txt + TDM opt-out check, contract reference.

10

Output marking and watermarking

C2PA v2.3 manifests + SynthID-class invisible watermark + visible disclosure. EU AI Act Article 50 (Aug 2026), China GenAI Measures, California SB 942 (Aug 2026).

11

EU AI Act conformity assessment

Annex VI (internal control) or Annex VII (notified body); EU Declaration of Conformity; CE marking for high-risk.

12

Bias and fairness audit

Independent annual audit (NYC LL144, Illinois SB 315, Colorado AI Act, EU AI Act Article 10). Protected-class testing methodology documented.

13

Adversarial robustness + red-team report

AISI Inspect or equivalent harness; NIST ARIA; EU AI Act Article 15 (high-risk) and Article 55 (GPAI systemic risk).

14

Signed checkpoints + dataset hashes

Sigstore / in-toto attestations per training run. Dataset hash maps to checkpoint hash maps to inference endpoint.

15

Customer-managed keys + regional weights residency

For EU customers, weights at rest under customer-controlled KMS in EU region.

16

Cross-border transfer documentation

EU SCCs + TIA per Schrems II; UK IDTA; India DPDP cross-border rules; UAE Article 23 PDPL.

17

FedRAMP boundary doc

Weights, tuning infra, inference plane, prompt logs all inside the authorization boundary. Plan of Action and Milestones for inherited controls.

18

ISO/IEC 42001 AI management system

Establish and certify; covers ~70% of EU AI Act high-risk documentation; increasingly demanded in Saudi, UAE, Singapore tenders.

19

Incident reporting channels

EU AI Act Article 73 (serious incident reporting), G7 HAIP framework, NIS2 (24h early warning, 72h notification), CIRCIA (US), California SB 53 (critical incidents to OES).

20

Model risk inventory

Single source of truth: every tuned variant with owner, intended use, validation status, monitoring, approval signature, deployment scope. Required by PRA SS1/23, OSFI E-23, MAS FEAT, RBI guidance, SEC/FINRA expectations.

[CERTIFICATIONS WORTH THE EFFORT]

What buyers ask for, in 2026.

ISO/IEC 42001:2023

AI management system. The dominant cert in 2026. ~70% of EU AI Act high-risk doc requirements. Mandatory in many SA / UAE / SG tenders.

SOC 2 Type II

AICPA TSC 2017. Required by most enterprise buyers. Apply to training pipeline, model registry, eval harness, inference plane.

HITRUST CSF v11.5

April 2025 release maps to NIST AI RMF v1.0 + ISO 23894. 51 AI risk management control requirements. Best for healthcare + federal.

FedRAMP Mod / High

Required for US federal sales. 12 to 18 months from kickoff. Boundary doc must include the model training environment + inference plane.

[WHAT YOU GET]

What's documented at handoff.

1 assessment
Article 25 substantial-modification memo
1 DPIA
GDPR Article 35, with EDPB Opinion 28/2024 anonymity analysis
1 model card
OECD format, audit-ready
20 controls
Checklist customised to region + vertical
[COMMON QUESTIONS]

What buyers ask before they sign.

Will a typical enterprise fine-tune make us a 'provider' under the EU AI Act?
Probably not. The Commission's July 2025 GPAI Provider Guidelines interpret 'significant modification' for GPAI as using more than one-third of the upstream model's training compute. Most enterprise LoRA fine-tunes use under 0.1% of that. Article 25 still flips you to provider if you rebrand the model, change intended purpose so the system becomes high-risk, or put your trademark on it. We run the substantial-modification assessment in week one and document the conclusion.
What does GDPR Article 17 erasure actually require for fine-tuned weights?
EDPB Opinion 28/2024 sets a 'negligible probability' standard for anonymity. If you cannot prove anonymity, Article 17 erasure obligations apply at the weights layer. Machine unlearning is research-stage. The practical posture: design for retrainability (snapshot the tuning corpus, version every dataset, plan periodic retrain on the cleaned corpus). Document Article 17(3) proportionality if you decline to unlearn on practicality grounds.
Is ISO 42001 worth the certification effort?
Yes. ISO/IEC 42001:2023 (AI management system, the AI analog of 27001) is the dominant certification path in 2026. Audits we have seen indicate it covers approximately 70% of EU AI Act high-risk documentation requirements. It is increasingly mandatory in Saudi, UAE, Singapore government tenders. Time to certify: 6 to 12 months depending on current maturity.
Can we fine-tune on production logs that contain PII?
Carefully. The pipeline must redact PII (Presidio at ingest), document the lawful basis (typically legitimate interest with three-part GDPR test, or consent), and keep the unredacted source under access control and minimum-necessary scoping. The training corpus and the production logs should never be the same artifact. Cross-border transfers of the training data need SCCs + TIA. Healthcare PHI needs a BAA with the training vendor.
What is the substantial-modification 'trapdoor' and how do we avoid it?
It is the EU AI Act's Article 25 rule: a deployer becomes a provider (with the full set of provider obligations) when they rebrand a system, make a substantial modification that keeps it high-risk, or change intended purpose so the system becomes high-risk. For GPAI, the one-third-compute threshold is the bright line. The trap is rebranding: ship a fine-tuned 'YourCorp AI' and you have just inherited every provider obligation, including the public training-data summary, the model card, and (if the base was GPAI with systemic risk) the Article 55 obligations. Keep the upstream brand visible if you are not ready to be a provider.
What about US export controls on tuned model weights?
In flux as of May 2026. The BIS interim final rule from January 2025 (ECCN 4E091 covering closed-weight models trained with >10^26 operations) was rescinded May 13, 2025. Replacement rule has not been published. Open-weight models in the public domain remain excluded per the EAR's published carve-out. ITAR applies if the model is specially designed for defense end-use. We track replacement rule status quarterly.
[RELATED FINE-TUNING TOPICS]

Worth a look next.

01 · FINE-TUNING

Methods

SFT, LoRA, QLoRA, DoRA, DPO, SimPO, ORPO, KTO, GRPO/RFT, distillation, model merging. Every named technique with when it earns the build.

Read more
02 · FINE-TUNING

Data pipeline

Sourcing, PII redaction (Presidio), synthetic data (Distilabel, Nemotron), DEITA quality scoring, MinHash + SemDedup, labeling vendors, feedback loops.

Read more
03 · FINE-TUNING

Platforms

OpenAI RFT, Anthropic on Bedrock, Vertex, Azure Foundry, Databricks Mosaic, Together, Predibase, NeMo Customizer, Modal, Lambda. Side-by-side with our take.

Read more
04 · FINE-TUNING

By data + compute scale

Under 1k examples to over 1M, single A10G to 128 B200. Indicative cost, recommended method, hardware tier.

Read more
05 · FINE-TUNING

Custom model build

Continued pretraining, SFT, preference optimization (DPO, SimPO, ORPO), reasoning distillation (R1 lineage), model merging (TIES, DARE). The full build pipeline.

Read more
FINE-TUNING · COMPLIANCE · KENSINK LABS

Bring the use case. We will bring the compliance posture.

Region-by-region assessment, vertical overlay, signed audit trail. We do the substantial-modification analysis in week one and a model card in week eight. Sized to the residency you need, the certification you sell on.
Start a conversation →All fine-tuning topics