The 5-Layer AI Compliance Stack Your Company Is Missing
By Don Ho, Co-Founder & CEO, Kaizen AI Lab
Published: February 12, 2026
TL;DR: Most companies using AI have zero compliance infrastructure around it. The 5-Layer AI Compliance Stack covers Data Classification, Tool Authorization, Output Verification, Audit Trail, and Incident Response. If you're missing even one layer, you're exposed. Here's how to build the full stack, with the failure stories that prove why each layer matters.
---
You Have an AI Problem You Haven't Noticed Yet
Somewhere in your company right now, someone is pasting customer data into ChatGPT. Someone else is using an AI coding assistant that sends your proprietary code to a third-party server. A third person is using an AI tool to draft client communications that nobody approved, nobody reviewed, and nobody checked against your industry's regulations.
I know this because we assessed a mid-market lender last quarter. Forty people. The IT team told us they used "a couple of AI tools." We found 17. Three were free-tier consumer products processing loan applicant PII. One was a Chrome extension that had been quietly exfiltrating browsing data for six months. Nobody in leadership knew about any of it.
That's the state of AI adoption at most mid-market companies in 2026. The tools arrived faster than the governance frameworks. The compliance gap grows wider every day.
You need a compliance stack. Here are the five layers, each one introduced by what happens when it's missing.
Layer 1: Data Classification
The failure: A healthcare company we assessed had clinicians pasting patient notes into a consumer AI tool to generate referral letters. PHI, diagnoses, medication lists, all of it flowing through a platform with no BAA, no HIPAA compliance, and a privacy policy that explicitly permitted data use for model training. They'd been doing it for eight months. The potential HIPAA exposure was in the millions.
The root cause wasn't malice. It was the absence of a system that told people which data could go where.
Data classification means creating a taxonomy of your company's information and assigning each category a sensitivity level. Four tiers minimum:
Public: Already publicly available. Press releases, marketing materials. These can flow through any AI tool with minimal restrictions.
Internal: Business information that wouldn't cause significant harm if exposed. Internal memos, process documentation, general planning. Approved AI tools with standard enterprise agreements.
Confidential: Customer data, financial records, proprietary processes, employee records. AI tools with zero-retention agreements and specific data processing addendums only.
Restricted: Legally privileged communications, HIPAA-protected information, trade secrets, NDA-covered material. Self-hosted AI systems or tools with the highest contractual protections only.
The classification system needs to be simple enough that every employee can use it without a law degree. Build a decision tree. Three questions, four outcomes. Print it. Post it next to every monitor. If people can't quickly determine what tier their data falls into, they'll default to ignoring the system.
Layer 2: Tool Authorization
The failure: We ran an AI tool audit for a 60-person professional services firm. Their CTO was confident they had "maybe four or five AI tools" in use. The actual count was 23. Fourteen had never been through any procurement or security review. Two were browser extensions with permissions broad enough to read every tab, form field, and password the user entered. One of those extensions was later flagged in a security advisory for data exfiltration.
The gap between what leadership thinks employees are using and what employees are actually using is consistently the widest gap in any AI assessment I've done.
Every AI tool your company uses needs to be evaluated, approved, and documented before anyone touches it. Tool authorization requires a formal process:
Inventory first. Survey your teams. Check browser extensions. Review software licenses. You will be surprised, and not in a good way.
Evaluation criteria for every tool:
- Data handling practices (where does input go? how long is it retained? who can access it?)
- Terms of service (what rights does the vendor claim? are they training on your inputs?)
- Compliance posture (does the tool meet your industry's regulatory requirements?)
- Security architecture (encryption? SOC 2? penetration testing?)
- Integration risk (what other systems does this connect to?)
Maintain an approved tool list for each data classification tier. Update it quarterly. Make it accessible to everyone.
Shadow AI policy. Banning everything doesn't work. People route around bans. The better approach: make the approved tools good enough that people don't feel the need to go rogue, while establishing clear consequences for using unauthorized tools with sensitive data.
The Extension Problem
In late 2025, security researchers discovered that over 260,000 people had installed Chrome extensions marketed as "AI assistants" that were actually stealing API keys, session tokens, and browsing data. An unauthorized AI browser extension in your environment is a data exfiltration tool with a friendly interface.
Your tool authorization layer needs to include browser extension policies. Enterprise browser management. Extension whitelisting. Regular audits.
Layer 3: Output Verification
The failure: You already know this one. A Wisconsin DA used AI to draft filings in a 74-count criminal case. The AI hallucinated case law. The court caught it. All 74 counts dismissed. Before that, attorneys in Mata v. Avianca submitted six fabricated case citations. Before that, dozens of unreported incidents where AI-generated errors made it into client-facing documents, financial filings, and regulatory submissions.
The common thread: AI generates confident-looking output, and humans treat confidence as accuracy.
My take on this is blunter than most consultants will be: output verification is not a nice-to-have layer you get to eventually. It's the layer that determines whether AI helps your company or destroys it. Every other layer is about preventing unauthorized use. This layer is about making authorized use safe.
Output verification requires:
Human review protocols. Every AI-generated document that leaves your organization must be reviewed by a qualified human. For legal documents, a licensed attorney. For financial documents, a qualified financial professional. For customer communications, someone authorized to speak for the company. Not skimmed. Reviewed.
Fact-checking workflows. Every factual claim needs independent verification. Citations need to be checked. Statistics need to be confirmed. Names and dates need to be validated. AI hallucinations aren't bugs. They're inherent to how large language models generate text.
Output logging. Record what AI generated and what the human reviewer changed. This creates a quality improvement loop and a liability shield. If something goes wrong, you can demonstrate that a review process was in place.
Confidence thresholds. For automated AI outputs (chatbots, auto-responses), establish thresholds below which the system escalates to a human. If the AI isn't confident in its output, a person looks at it before it ships.
Layer 4: Audit Trail
If you can't prove what happened, you can't defend what happened.
An audit trail captures every interaction between your organization and AI tools. Who used what tool. When. What data went in. What output came out. What review occurred. What approval was given.
Three reasons this matters:
Regulatory compliance. The EU AI Act mandates detailed logging for high-risk AI systems. US state laws are following. Colorado's AI Act, when it takes effect, will require documentation of AI-assisted decision-making. Without an audit trail, you can't demonstrate compliance.
Litigation defense. When your company's AI usage is challenged in court (and the question is when, not if), you need to show reasonable processes. An audit trail is evidence of due diligence. The absence of an audit trail is evidence of negligence.
Internal accountability. Audit trails tell you who's doing what. They identify misuse patterns. They reveal which tools are actually in use versus sitting unused. They provide the data to improve your compliance posture over time.
What to Log
At minimum:
- User identity (who initiated the interaction)
- Tool identity (which AI tool was used)
- Timestamp
- Data classification tier of inputs
- Input summary (or a hash/reference for sensitive content)
- Output summary
- Review status (reviewed by whom, when)
- Disposition (used, modified, or discarded)
This doesn't require manual entry for every interaction. API-level logging captures interaction metadata. Review workflows capture the human approval chain. Good tooling automates most of this.
Layer 5: Incident Response
Things will go wrong. An employee will paste customer SSNs into an unauthorized AI tool. An AI chatbot will give a customer harmful advice. A regulatory investigation will demand documentation you don't have.
Layer 5 is your plan for when the other four layers fail.
Detection. How do you know something went wrong? Monitoring. Alerts. Regular audits. Employee reporting channels. The faster you detect, the more options you have.
Classification. Not every incident is the same severity. A marketing intern using Midjourney for a social post is different from a compliance officer pasting regulated data into a consumer AI tool. Response scales with severity.
Containment. Stop the bleeding. Revoke access. Disable the tool. Quarantine affected data. Prevent the incident from expanding while you determine the full scope.
Assessment. What data was exposed? What regulatory obligations are triggered? What contractual obligations are implicated? What's the potential harm?
Notification. Depending on the incident, you may need to notify regulators, affected individuals, contractual counterparties, or law enforcement. Know your notification obligations before an incident occurs. Researching them during a crisis is too late.
Remediation. Fix the root cause. Update the policy. Retrain the team. Improve the tooling. Every incident should make your compliance stack stronger.
Documentation. Document everything about the incident and the response. This protects you in regulatory inquiries and litigation. It also builds institutional knowledge about AI risk.
Where Most Companies Are Today
If you're realizing you don't have any of these five layers, you're in the majority. Most mid-market companies have adopted AI tools with zero compliance infrastructure.
The tools moved faster than the governance. But now that you know what the stack looks like, the clock is running. The regulatory environment is tightening. Courts are issuing decisions like Heppner. State AI laws are going live in 2026.
You don't have to build all five layers at once. Start with Data Classification. It's the foundation everything else sits on. Then work through the layers in order. Each one compounds on the previous.
But start. Because "we didn't know" stops being a defense the moment you finish reading this article.
---
Kaizen AI Lab builds AI compliance infrastructure for mid-market companies. We can assess your current posture and build a 5-Layer Compliance Stack customized to your industry and regulatory environment.
Take the AI Compliance Readiness Assessment: acra.kaizenailab.com
Learn more: kaizenailab.com
Book a call: cal.com/dhoesq/kaizen