Why did we build this product?

The rise of AI regulations globally (EU AI Act, U.S. Executive Order, state-level laws) is creating urgent demand for organizations to identify and manage their AI-related risks. Our customers need a way to evaluate their AI systems and ensure compliance across jurisdictions, frameworks, and internal policies, while also ensuring a defensible audit trail. AI Risk is our response to that need.

What problem is AI Risk solving?

AI Risk provides a structured and defensible assessment process to identify and document risks tied to the use of AI systems. It supports organizations in evaluating regulatory exposure, applying consistent risk frameworks, and establishing AI governance across legal, privacy, security, and compliance teams.

Who will use this product?

AI Risk is intended for cross-functional teams that include Compliance, Legal, AI Governance, and Risk Management. AI Steering committees and their component members. AI steering committees and executives responsible for AI governance risk and compliance will find this especially valuable.

What makes this different from other AI governance tools?

Unlike general-purpose risk registers or generic GRC tools, AI Risk: Codifies regulatory guidance (e.g., EU AI Act, NIST RMF) into configurable assessments. Supports multi-framework alignment and documentation. Provides built-in auditability and traceability.

What are the top use cases?

Regulatory Alignment: Mapping AI systems to the EU AI Act or NIST AI RMF. Pre-Deployment Review: Assessing risk before releasing a model or tool. Cross-Functional Collaboration: Legal, compliance, and AI teams jointly evaluating risk. Audit Trail: Documenting decisions and rationale for audits and regulators.

Will this tie into incident workflows?

Yes. Incidents involving AI system misuse or harm can trigger assessments. Likewise, risk findings can link back into Compliance or Privacy obligations when thresholds are met.

Can I see reporting by risk level or framework coverage?

Yes. Assessments will support: Risk distribution by system | Framework coverage dashboards | Gaps or missing documentation

Can AI Risk handle multiple systems or models at once?

Yes. Assessments are per system/model but the interface will support a portfolio-level view.

Is this built to scale with new regulations?

Yes. New frameworks, jurisdictions, or internal review processes can be added via configuration. We plan to provide prebuilt updates for major regulatory shifts post-GA.

How does AI Risk integrate with existing AI governance software?

Radar AI Risk connects seamlessly with other AI governance tools, enabling centralized oversight without the need to replace existing systems.

Can AI Risk support high level reporting for executives and boards?

Yes. The platform offers high level dashboards and scorecards designed for leadership to quickly assess organizational AI risk posture.

How does AI Risk help with training data compliance?

AI Risk tracks and documents training data quality, provenance, and use, ensuring compliance with privacy and ethical guidelines.

Is Radar AI Risk suitable for organizations just beginning to adopt AI?

Absolutely. Whether you are starting small or scaling enterprise-wide, Radar AI Risk provides the structure to manage compliance from the beginning of development and deployment.

Legal

Software Schedule – Radar Privacy™

Radar Privacy™. The “Radar Privacy™” product includes the following features:
1. Single Sign-On Support (SAML 2.0)
2. Multi-factor Authentication
3. Full access to Radar data breach regulatory map and library
4. Full access to Reports, Trends, and Benchmarking
5. Application Program Interfaces (APIs) for integration
6. Detailed Email Feature (DEF). “Detailed Email Feature” allows for the submitted incident information to display in the incident confirmation email, whereas without this feature enabled, Radar by default sends limited information (discovered date, incident ID) in incident confirmation emails. DEF enabled upon separate mutually executed agreement at no additional charge.
7. Multiple Incident Groups (MIG). “Multiple Incident Groups” determine which Dimensions a User is permitted to view, and provides access control to Dimensions based on organizational structure. MIG enabled upon separate mutually executed agreement at no additional charge.
8. RadarFirst Breach Guidance Engine^TM. The “RadarFirst Breach Guidance Engine^TM” is a proprietary algorithm that drives automated risk assessment for Incidents.
Incident. One Entitlement per Incident. An “Incident” is an event or occurrence that has been submitted to Radar Privacy™ for assessment. Incidents that are submitted but voided are not counted towards entitlement consumption. Incidents are entitled on an annual basis. Customer is subject to monthly overage billing at a rate of 120% per incident if usage exceeds Annual Incident Limit by 10% with more than 1 month remaining on annual term. The rate is calculated as annual subscription fee, divided by annual limit, multiplied by overage %. Overage charges, if any, will be aggregated in a monthly invoice subject to Customer’s standard payment terms. Radar will make reasonable efforts to notify Customer when its incident consumption approaches 80% of entitlement. “Measurement Period” means each 12-month term of the applicable Subscription Term.
User. A “User” is an individual who participates in the creation and/or ongoing administration of the Service through the Radar Privacy™ product. User entitlements are defined and tracked per product.
1. Registered User. One Entitlement per Registered User. A “Registered User” can sign in to Radar Privacy™ and have access to specific dimensions and features based on their role.
2. Guest User. No Entitlement required. “Guest Submitters” do not have Radar Privacy™ logins, and are typically employees of an organization that use forms to submit new incidents. A Guest User has access only to the Guest Submission Form or to the external assignee dashboard.
Guest Submission Form. No Entitlement required. A “Guest Submission Form” is a feature of the Product that enables Users to document and report new incidents.
Playbook. One Entitlement per Playbook. A “Playbook” is a customizable workflow that establishes a repeatable, organizationally compliant, and well-documented approach to incident management.
Dimension. One Entitlement per Dimension. A “Dimension” is used to collect Incident data and run a risk assessment. Dimensions allow for standard and custom fields and can be made available for guest submission.
Custom Record. One Entitlement per Custom Record. A “Custom Record” is utilized as a data repository and ensures that the stored data is available for reference at the Dimension level.
Regulatory Coverage. One Entitlement per Jurisdiction. Coverage for national, regional, local, and state privacy laws with a data breach requirement.
1. US States. “US States” entitlement includes regulatory coverage for state and local laws across all 50 states in the United States.
2. HIPAA. “HIPAA” entitlement includes regulatory coverage for the Health Insurance Portability and Accountability Act.
3. GLBA. “GLBA” entitlement includes regulatory coverage for the Gramm-Leach-Bliley Act.
4. Regulation S-P. “Reg S-P” entitlement includes regulatory coverage for the US Securities and Exchange Commission’s Regulation S-P.
5. FTC. “FTC” entitlement includes regulatory coverage for the Federal Trade Commission’s Health Breach Notification Rule and Safeguards Rule.
6. FCC. “FCC” entitlement includes regulatory coverage for the Federal Communication Commission’s Breach Notification Rules.
7. Canada. “Canada” entitlement includes regulatory coverage for all laws and regulations, including PIPEDA, across Canada and all Canadian Provinces.
8. Europe. “Europe” entitlement includes regulatory coverage for all laws and regulations, including GDPR, across Europe.
9. APAC. “APAC” entitlement includes regulatory coverage for all laws and regulations across the Asia Pacific region.
10. LATAM. “LATAM” entitlement includes regulatory coverage for all laws and regulations across Latin America.
11. Middle East. “Middle East” entitlement includes regulatory coverage for all laws and regulations across the Middle East.
12. Africa. “Africa” entitlement includes regulatory coverage for all laws and regulations across Africa.
Third-Party Notifications Module. The “Third-Party Notifications Module” allows Customer to manage contractual notification obligations for upstream and downstream business relationships with clients, service providers, and business associates.
Notification Letters Module. The “Notification Letters Module” generates notification letters based on pre-defined templates and maintains a repository of all letters generated.
Cloud Training Account. A “Cloud Training Account” is a way to access Radar Privacy™ in a non-production environment with the intent of testing and training Users.
Integrations. One Entitlement per Integration. Connect existing applications directly to the Radar^® platform.
1. Radar Connector for ServiceNow. API Connector for ServiceNow integrations. This Connector is required for ServiceNow IT Service Management and ServiceNow Security Incident Response.
2. ServiceNow IT Service Management. Integration for ServiceNow IT Incident Management via the Radar Connector for ServiceNow. A customer must be entitled to Radar Connector for ServiceNow in order to have functionality of ServiceNow IT Service Management.
3. ServiceNow Security Incident Response. Integration for ServiceNow Security Incident Response via the Radar Connector for ServiceNow. A customer must be entitled to Radar Connector for ServiceNow in order to have functionality of ServiceNow Security Incident Response.
4. Splunk Integration. Integration for Splunk.
5. IMAP Integration. Integration for IMAP.
6. Slack Integration. Integration for Slack.
7. MS Teams Integration. Integration for Microsoft Teams.
8. Bamboo Integration. Integration for Bamboo.
9. CSV Import Integration. Integration for CSV import.
10. Bespoke Integration. Integration for a custom need.

How to Contact Us

If you have any questions about these legal agreements and terms, RadarFirst can be contacted via email at [email protected] or you may send a letter to:

ATTN: Legal
RADAR, LLC
520 SW 6th Ave
Suite 200
Portland, OR 97204
USA