AI Regulation Is Coming. How to Prepare Your Firm Now

The European Union's AI Act moved forward again this week. The final text is being negotiated, but the broad strokes are clear: AI systems will be categorized by risk level, and high-risk systems (anything affecting legal rights or financial decisions) will face substantial regulation.

If you're thinking "that's EU stuff, we're a US firm," you're missing the point. The US will regulate AI. Maybe not this year. Probably within 18 months. And it will likely be influenced by what the EU does.

Professional services firms need to start preparing now. Not because you need to panic, but because the firms that get ahead of regulation will have competitive advantages that their competitors won't match for years.

What's Coming in the EU AI Act

The EU framework categorizes AI systems by risk level:

Prohibited Risk: AI used to manipulate human behavior, create social credit scores, or use subliminal techniques. This is basically banned.

High Risk: AI used to make decisions affecting legal rights, employment decisions, financial eligibility, or law enforcement. These need documentation, testing, human oversight, and transparency.

Limited Risk: AI that interacts with people (chatbots, for example) needs to disclose that it's AI.

Minimal Risk: Everything else is lightly regulated.

For professional services, most of what you'd be doing falls into "high risk"—AI analyzing contracts to advise on legal strategy, AI predicting client profitability, AI supporting hiring decisions. These will need compliance infrastructure.

What the US Will Likely Do

The US hasn't passed comprehensive AI regulation yet, but the signals are clear. The White House is focused on AI governance, there are bipartisan concerns about AI safety, and states are starting to regulate. California, New York, and Massachusetts all have AI-adjacent regulation in progress.

US regulation will probably look different from the EU—more focused on consumer protection and less prescriptive about specific controls—but it will come. My guess is somewhere in the 12-24 month window.

How Professional Services Firms Should Prepare

1. Inventory Your AI Use

Start now: what AI are you using and where? Not just official tools, but shadow AI too—employees using ChatGPT on their own. You can't comply with regulation you don't even know about.

2. Document Your Process

High-risk AI regulation requires documentation: what the system does, what data it uses, what it decides, how errors are handled, how it's monitored. This is easier to do now as you implement AI than to retrofit later.

If you're going to use AI for anything that affects client advice or internal decisions, document why you chose that AI, how you validated it, what controls are in place, and how you monitor for errors.

3. Build Oversight Into Your AI Implementation

Regulation will require human oversight of high-risk AI decisions. Don't design your systems to be fully autonomous. Design them to inform human decision-makers. Make it part of your workflow, not an afterthought.

4. Focus on Transparency

Regulation is coming, in part, because people are suspicious of AI. Firms that are transparent about their AI use—with clients, with employees, with regulators—will have easier compliance paths.

If you're using AI in client deliverables, disclose it. If you're using it in hiring decisions, tell candidates. If you're using it in billing or staffing, tell your staff.

5. Work with Your Professional Liability Carrier

Make sure your insurance covers AI. Some carriers are adding explicit exclusions for AI-related incidents. You want to know that before you need it.

The Competitive Advantage

Here's the secret: the firms that get ahead of AI regulation will have better systems, clearer processes, and more client trust than their competitors.

When regulation comes, firms that have been doing this thoughtfully will barely notice. Firms that have been moving fast and breaking things will have to stop and retool.

That's where the advantage lies. Start preparing now. Your future self will thank you.