TIER 2 · REGULATORY WATCH · PERSONAL AI ASSISTANTS AND IDENTITY-BOUND AI
Provenance infrastructure / for personal AI.
AI assistants generating work products, research, and professional advice create an emerging provenance gap. The commercial model is B2B2C: Yolo provides audit infrastructure to platform providers (OpenAI, Anthropic, Microsoft, Google) who embed it as a compliance feature for enterprise customers — not direct-to-consumer. Specialty consumer AI (therapy, legal advice, mental health apps) faces immediate enforcement risk right now; hyperscale platforms activate on the first major CCPA ADMT or FTC enforcement action. GDPR Article 22 grants EU users the right to explanation for automated decisions. The infrastructure to answer "who decided what and when" doesn't exist at platform scale today.
REGULATORY OBLIGATIONS
GDPR
Active · EU
Article 22 — automated decision-making
Individuals have the right to explanation for automated decisions with significant effects. AI assistants making scheduling, financial, or professional recommendations that users act on are within scope. Right to explanation requires a durable, independent audit record.
EU AI Act
Aug 2 2026 / Dec 2 2027*
Article 13 — transparency for general-purpose AI
General-purpose AI systems must disclose that content is AI-generated and provide meaningful information about AI decision-making. Verifiable agent identity satisfies the "which AI system" component. Decisional logs satisfy the "what it decided" component.
Academic / professional integrity
Emerging
AI authorship and provenance
Universities, bar associations, medical boards, and professional certification bodies are developing policies on AI-assisted work. Verifiable provenance records allow individuals to demonstrate authentic, documented AI assistance rather than undisclosed generation.
COPPA / CIPA
Active · US
Minor user AI protections
AI assistants deployed in educational contexts involving minors face children's privacy and safety requirements. Tamper-evident interaction logs provide the evidence trail required for compliance and incident response.
EU AI Act Article 50
Aug 2 2026 / Dec 2 2027*
Transparency obligations for GPAI and synthetic content
EU AI Act Article 50 requires providers of AI systems that interact with persons to disclose AI identity, and providers of GPAI generating synthetic content to apply machine-readable AI provenance markers. Distinct from Article 13 general transparency — Article 50 applies to chatbots and consumer AI interaction surfaces directly. Verifiable agent identity via ERC-8004 satisfies the identity disclosure component; decisional logs satisfy the provenance component.
CCPA ADMT — California (Jan 2025 draft)
Draft rules · California
Automated Decision-Making Technology regulations
California Privacy Protection Agency (CPPA) January 2025 draft ADMT rules require businesses to provide pre-use notice for automated decision-making technology and honor opt-out rights. AI assistants making consequential recommendations to California consumers are within scope. Tamper-evident records of ADMT decisions satisfy the documentation requirements and support opt-out honoring verification.
FTC Section 5 unfair or deceptive practices enforcement: Rite Aid (2023) AI surveillance ban and Character.AI investigations establish that consumer AI harms without documented audit trails create FTC liability. NYC Local Law 144 (AEDT): bias audit and public notice requirements for automated employment decisions. Texas Responsible AI Governance Act (RAGA) and Colorado AI Act (February 2026): state-level algorithmic accountability requirements now in force in major markets. Combined: no major US state is without active AI accountability requirements.
* EU AI Act Annex III enforcement date: August 2, 2026 (legally operative). EU Digital Omnibus provisional agreement (May 7, 2026) proposes extending to December 2, 2027 — not yet formally enacted. Prepare for the earlier date.
HOW YOLO SATISFIES IT · PRIMITIVE → REQUIREMENT
PRIMITIVE
REQUIREMENT SATISFIED
AUDIT CHAIN
GDPR Article 22 right-to-explanation record
Every AI assistant recommendation logged with a durable, portable, independently verifiable record. Users can access their own decision history. Regulators can query without trusting the platform. The record survives the platform it was generated on.
IDENTITY REGISTRY
AI system identity disclosure · version tracking
Each AI assistant instance has a verifiable identity. Users and regulators can confirm which AI model made which recommendation. Identity is portable across model updates — the track record is not lost when the underlying model changes.
Consequential tier for scheduling, financial, and professional recommendations. High-stakes tier for financial transactions, crisis flagging, and regulated-domain advice. Under Strict-B, Yolo records THAT a decision or crisis-flag occurred — a content hash plus non-identifying metadata (model version, timestamp, decision type) — NEVER the content of the conversation. The readable record stays with the originator; the chain only proves the event existed and was not altered.
AUDIT CHAIN AND IDENTITY REGISTRY ARE LIVE ON BASE MAINNET TODAY.
PRICING · DECISIONAL LOGGING TIERS
ROUTINE
$0.0001 / event
Routine events
CONSEQUENTIAL
$0.01 / event
Consequential events
HIGH-STAKES
$0.10 / event
High-stakes events
VOLUME NOTE
Hyperscale platform partnership: 100M MAU × ~10 AI interactions/day = 1B routine events/day → flat enterprise contract $5M–$50M/year. Specialty consumer AI (therapy, mental health, legal advice apps): 500K MAU × 5 interactions/day = ~$100K/year at routine tier. High-stakes ($0.10/event) for financial transactions, crisis flagging, regulated-domain advice.
SCALE
Hyperscale platform partnerships (OpenAI, Anthropic, Google, Microsoft, Meta, xAI): $5M–$50M+/year. Mid-tier consumer AI (Character.AI, Perplexity, Mistral, Cohere): $250K–$2M/year. Specialty consumer AI in regulated domains (therapy, legal, medical advice): $50K–$500K/year. Per-user revenue is negligible; platform embedding is the revenue model.
WHO BUYS THIS
OpenAI · Anthropic · Google DeepMind · Microsoft · Perplexity · Character.AI · Cohere · Mistral · Inflection · Meta AI · xAI (Grok) · Amazon Alexa AI · Apple Siri / Intelligence · Replika · Poe (Quora) · Woebot Health · Wysa · Spring Health AI · Noom AI · Headspace AI · Monica AI · Jasper AI · You.com
WHAT THIS REPLACES
GDPR Article 83(2) fine: up to 4% of global annual turnover or €20M. Italian Garante OpenAI €15M (Dec 2024). Dutch DPA Clearview €30.5M. CCPA ADMT enforcement fines (draft rules Jan 2025). FTC Section 5 enforcement action: Rite Aid 2023 AI surveillance ban — same risk profile for consumer AI without documented audit trails.
ACTIVATION TRIGGER
Specialty consumer AI is already active — FTC investigations into consumer-AI providers are ongoing, EU GDPR enforcement against consumer AI is live (e.g., the Italian Garante's €15M OpenAI fine, Dec 2024), and EU AI Act Article 50 transparency obligations for consumer-facing AI take effect August 2, 2026. Hyperscale activates when CCPA ADMT rules finalize, the FTC opens major enforcement against a frontier model provider, or an Article 50 transparency violation lands on a hyperscale platform.