Why did we build this product?

The rise of AI regulations globally (EU AI Act, U.S. Executive Order, state-level laws) is creating urgent demand for organizations to identify and manage their AI-related risks. Our customers need a way to evaluate their AI systems and ensure compliance across jurisdictions, frameworks, and internal policies, while also ensuring a defensible audit trail. AI Risk is our response to that need.

What problem is AI Risk solving?

AI Risk provides a structured and defensible assessment process to identify and document risks tied to the use of AI systems. It supports organizations in evaluating regulatory exposure, applying consistent risk frameworks, and establishing AI governance across legal, privacy, security, and compliance teams.

Who will use this product?

AI Risk is intended for cross-functional teams that include Compliance, Legal, AI Governance, and Risk Management. AI Steering committees and their component members. AI steering committees and executives responsible for AI governance risk and compliance will find this especially valuable.

What makes this different from other AI governance tools?

Unlike general-purpose risk registers or generic GRC tools, AI Risk: Codifies regulatory guidance (e.g., EU AI Act, NIST RMF) into configurable assessments. Supports multi-framework alignment and documentation. Provides built-in auditability and traceability.

What are the top use cases?

Regulatory Alignment: Mapping AI systems to the EU AI Act or NIST AI RMF. Pre-Deployment Review: Assessing risk before releasing a model or tool. Cross-Functional Collaboration: Legal, compliance, and AI teams jointly evaluating risk. Audit Trail: Documenting decisions and rationale for audits and regulators.

Will this tie into incident workflows?

Yes. Incidents involving AI system misuse or harm can trigger assessments. Likewise, risk findings can link back into Compliance or Privacy obligations when thresholds are met.

Can I see reporting by risk level or framework coverage?

Yes. Assessments will support: Risk distribution by system | Framework coverage dashboards | Gaps or missing documentation

Can AI Risk handle multiple systems or models at once?

Yes. Assessments are per system/model but the interface will support a portfolio-level view.

Is this built to scale with new regulations?

Yes. New frameworks, jurisdictions, or internal review processes can be added via configuration. We plan to provide prebuilt updates for major regulatory shifts post-GA.

How does AI Risk integrate with existing AI governance software?

Radar AI Risk connects seamlessly with other AI governance tools, enabling centralized oversight without the need to replace existing systems.

Can AI Risk support high level reporting for executives and boards?

Yes. The platform offers high level dashboards and scorecards designed for leadership to quickly assess organizational AI risk posture.

How does AI Risk help with training data compliance?

AI Risk tracks and documents training data quality, provenance, and use, ensuring compliance with privacy and ethical guidelines.

Is Radar AI Risk suitable for organizations just beginning to adopt AI?

Absolutely. Whether you are starting small or scaling enterprise-wide, Radar AI Risk provides the structure to manage compliance from the beginning of development and deployment.

Search Results | RadarFirst

Surprising stats on third-party vendor risk and breach likelihood

This article by Mahmood Sher-Jan is the third in a series of articles published with the IAPP Privacy Advisor, on the topic of establishing program metrics and benchmarking your privacy incident management program. In previous installments of this series, we learned fewer than one in 10 privacy incidents rise to the level of a data breach requiring […]

Celebrating Our First Year as RADAR, Inc.

[…] incident notification obligations to streamline guidance and prioritization Interactive Regulatory Map within the Law Overviews for a visual interface while navigating the intricacies of state and federal privacy laws Ransomware guidance for HIPAA, with risk factor options that allow RADAR customers to profile and assess a ransomware incident in accordance to newly issued OCR […]

Portland Business Journal: Data Breached? This Portland Company is Here to Help

[…] that data breaches in the U.S. increased 40 percent in 2016, hitting an all-time high. And, if that wasn’t bad enough, today’s increasingly complex and rapidly changing privacy regulations are putting many companies at risk for non-compliance with federal, state, and even international data breach notification laws. Recently, I talked with Mahmood Sher-Jan, CEO at RADAR, […]

Arkansas Enacts State Insurance Department General Omnibus Bill (SB 247)

[…] of this law. Looking for additional reading? It is interesting to note that this act has not been largely covered by news outlets or in the usual privacy industry and legal resources. What the new breach notification requirement in Arkansas means for privacy and security teams If notification to Arkansas residents is required by […]

IAPP Matchup: The Philippines’ Data Privacy Act and the General Data Protection Regulation

This article By Alex Wall, CIPP/E, CIPP/US, CIPM, was originally published in the IAPP Privacy Tracker. In the IAPP Privacy Tracker series, industry expers look at laws from across the globe and match them up against the EU General Data Protection Regulation. The aim is to help determine how much duplication of operational effort […]

Data protection is a team sport: Benchmark data tells the story

This article by Mahmood Sher-Jan is the second in a series of articles published with the IAPP Privacy Advisor, on the topic of establishing program metrics, data protection, and benchmarking your privacy incident management program. In the last installment of this benchmarking series, we analyzed the percentage of privacy incidents that rise to the level of […]

New York Department of Financial Services Cybersecurity Regulation Adds Breach Notification Obligation for Financial Institutions

[…] Department of Financial Services Cybersecurity Rules Revised and Delayed, Hogan Lovells New York Department of Financial Services Revises Cybersecurity Proposal: Greater Flexibility and Delayed Compliance Deadlines, Proskauer Privacy Law Blog New York Revamps Proposed Cybersecurity Regulation for Financial Services and Insurance Entities, National Law Review If you’re a current RADAR customer, you are already […]

Three Data Breach Developments to Watch: Increasingly Complex State and Federal Privacy Laws

In a recent webinar I had an opportunity to discuss some of the emerging developments I’ve seen in privacy laws at the state and federal level. The topics covered in the webinar – increasing stringency in state laws, varying penalties for noncompliance across state jurisdictions, and recent federal penalties and what they could mean […]

Reduce Risk and Simplify Compliance: Insurance CIO Outlook Top 10 Security System Solution Providers

[…] part of the special edition listing the Top 10 Security System Solution Providers for 2017. The insurance arena today is a highly susceptible space with frequently changing privacy regulations, a high volume of personal information, and ever increasing sophisticated cyber-attacks. In case of a security or privacy incident, fast response and consistent regulatory assessment […]

RADAR Named a Top 10 Security System Solution Provider by Insurance CIO Outlook

[…] help ensure compliance with complex and changing data breach laws. It is the only incident response management platform on the market that assesses, profiles, and scores data privacy and security incidents based on a multi-factor and multi-jurisdictional risk assessment, and provides decision-support guidance based on state and federal data breach laws. “My motivation and […]

Privacy & Security Together: A Risk-Based Approach to Incident Response Management in Compliance and Ethics Professional

[…] by Mahmood Sher-Jan, CCHPC, CEO and founder of RADAR, Inc., was originally published on the Compliance & Ethics Blog. Click here to view the original version of this article. Threats to the privacy and security of sensitive data are unavoidable. 2017 is proving to be no different. In its 2016 Internet Security Threat Report, Symantec estimates that more than half […]

Teamwork Wins the Game: Four Insights from RADAR’s Privacy & Security Pros

In the race to protect customers and companies against the dangers of a data breach, privacy and security often compete for scarce resources. This can make it easy to forget who the real enemy is—the rising tide of privacy and security incidents. By recognizing the valuable role each team plays, privacy and security can […]

Landmark OCR Enforcement Action for Lack of a Timely Breach Notification

What Does it Mean for Privacy and Security Professionals? Last week, the Office for Civil Rights (OCR) announced the first ever enforcement settlement for lack of a timely breach notification – a fine of $475,000 for Presence Health, a large healthcare network serving Illinois. In the course of investigating the breach, OCR determined that […]

Trends and Lessons from the Biggest Data Breaches of 2016

[…] from the previous year. From these breaches we can draw on common factors and identify a few trends in the biggest disclosures of regulated data last year. Privacy and the Internet of Things New and emerging technologies surfaced new and emerging vulnerabilities to exploit in 2016 – a prime example being the botnet attack […]

Changes in Breach Notification Law: Illinois Personal Information Protection Act

[…] Attorney General of data breaches that do not trigger notice to the Secretary of HHS under the HITECH Act,” writes Bruce Sarkisian on the Alston & Bird Privacy & Data Security Blog. In her article, Illinois data breach law amended and includes new twists, Linn Freedman also comments: “Interestingly, the new law also requires […]