Changelog

Last reviewed: 2026-05-11

This handbook follows Keep a Changelog conventions and Semantic Versioning. Major versions reflect substantive restructures; minor versions add new chapters; patches fix typos and update citations.

v2.0.0 — 2026-05-11

The first major rewrite since v1.0.0. This release brings the handbook up to date with regulatory developments from March 2025 through May 2026, restructures the source from a single 1,917-line HTML file into a multi-page Eleventy site, and adds three new chapters.

Added

New chapter: US State Laws covering Colorado SB 24-205 (delayed to June 30, 2026), Texas TRAIGA, California SB 53 / AB 2013 / SB 942, Utah SB 226, Tennessee ELVIS Act, NYC Local Law 144 (and the December 2025 NYS Comptroller audit), Illinois HB 3773.
New chapter: Copyright & IP covering Bartz v. Anthropic ($1.5B settlement, September 2025), Kadrey v. Meta, ongoing litigation, EU AI Act Article 53 copyright obligations, California AB 2013.
New chapter: Frontier Models consolidating GPAI Code of Practice, CAISI testing agreements, California SB 53, Korea AI Basic Act frontier-safety track, Responsible Scaling Policies, and the International Network of AI Safety Institutes.
/changelog/ page (this page).
Side-by-side multi-page navigation with expandable Legal & Regulatory section.
ISO/IEC 42005:2025 (AI System Impact Assessment) and ISO/IEC 42006:2025 (audit/certification body requirements) added to the ISO chapter.
Print stylesheet and Playwright-based PDF generation to keep web and PDF outputs visually consistent.
Backwards-compatibility shims — legacy URL hashes (#legal-frameworks, #privacy-security, etc.) redirect to the new page paths.

Changed

EU AI Act chapter completely rewritten. Past dates (February 2, 2025 prohibitions; August 2, 2025 GPAI obligations) reframed as enforced fact. The May 7, 2026 Digital Omnibus agreement — rebasing the high-risk Annex III deadline from December 2026 to December 2027, and Annex I from August 2027 to August 2028 — is incorporated with a PENDING flag.
US Federal chapter completely rewritten. Rescinded EO 14110 references removed. EO 14179 (“Removing Barriers to American Leadership in AI”, January 23, 2025), OMB M-25-21 / M-25-22, the America’s AI Action Plan (July 23, 2025), and the December 11, 2025 preemption EO covered. CAISI rebrand documented. TAKE IT DOWN Act covered. EEOC and OFCCP guidance removal noted.
International chapter rewritten to cover Korea AI Basic Act (effective January 22, 2026), Japan AI Promotion Act, China AI labeling measures (effective September 1, 2025), Brazil PL 2338 status, Canada AIDA expiration, UK Blueprint (October 21, 2025), Paris AI Action Summit (February 2025).
Sectoral chapter updated for FDA PCCP Final Guidance (December 2024), OCC Bulletins 2025-26 and 2026-13, CFPB AI Compliance Plan (September 26, 2025).
ISO Standards chapter updated for the publication of 42005:2025 and 42006:2025; certification examples (Anthropic, IBM Granite, UiPath, Changi Airport).
Privacy, Data & Security chapter updated for the NIST GenAI Profile (March 2025 update with poisoning/evasion/extraction/manipulation threat categories), agentic AI considerations.
Technical Safety chapter updated for Constitutional AI, mechanistic interpretability advances, agentic-systems engineering, and safety-case methodology.
Audience Guidance chapter updated to reflect 2025-2026 obligations on each role; frontier-developer additions for executives and practitioners.
Frontier Models model citations refreshed: GPT-5 (Aug 7, 2025), Gemini 3 Pro (Nov 18, 2025), Claude Opus 4.5 (Nov 24, 2025).
References consolidated and updated with current primary sources.

Removed

Forward-looking framing of February 2, 2025 prohibitions and August 2, 2025 GPAI obligations (now in force).
References to EO 14110 as current US policy.
“Emerging” framing for generative AI, EU AI Act transparency, NIST RMF.
ChatGPT as the primary LLM example.
Outdated “Bill C-27 will create AIDA” framing (Bill C-27 prorogued).

Infrastructure

Migrated from single hand-authored index.html (1,917 lines) to Eleventy multi-page source.
Source files now Markdown with YAML front matter; footnotes via markdown-it-footnote.
GitHub Actions workflow rewritten to build the site, generate PDF via Playwright, and deploy to GitHub Pages.
Removed duplicate governance.yml workflow (byte-identical to static.yml).
Repository now follows standard Node project structure: src/, _includes/, _data/, assets/, scripts/, package.json.

v1.0.0 — 2025-03

Initial public release. Single-page HTML; PDF distributed via Microsoft Forms gate. Covered:

ISO/IEC 42001, 23894, 22989.
EU AI Act risk classification and phased timeline (as understood in March 2025).
NIST AI RMF 1.0.
GDPR, CCPA basics.
Six seven-stage AI maturity models.
Audience-specific guidance for practitioners, compliance, executives, policymakers.
Glossary.

Versioning policy

MAJOR — significant restructure, deletion of chapters, or breaking changes to page URLs.
MINOR — new chapter or section; substantive new material.
PATCH — typo fixes, citation updates, link maintenance, small clarifications.