AI risk by sector
See how OBEXGATE
applies to you.
AI risk does not look the same in every organisation. A restaurant worries about allergen answers. A medical practice worries about patient data. A startup worries about global exposure. What they all have in common is that the rules are already in force, and most organisations do not know what has attached to them.
The EU AI Act is already enforcing. GDPR covers AI that touches personal data. Fines do not wait for you to be ready.
Choose the setting closest to how you use AI.
Restaurant
Your AI never stops serving. One wrong answer can become your liability.
Restaurants may use AI to answer menu questions, support ordering, handle allergen requests, recommend items, or collect customer details. That means the risk is not only whether the AI is helpful, but whether it gives a safe, accurate, and properly disclosed answer. One wrong allergen response is not just a customer complaint. It is a liability question. OBEXGATE helps identify where AI touches personal data, customer safety, disclosures, and operational responsibility before a mistake reaches a diner.
Tech Startup
You scaled the product. Your AI exposure scaled with it.
Funded and fast-growing startups often add AI across product, support, analytics, onboarding, and internal workflows before governance catches up. If users cross borders, your exposure may cross borders too. The EU AI Act, GDPR, and sector-specific obligations attach the moment you are live, not the moment you are ready. OBEXGATE helps teams map where AI touches personal data, automated outputs, global obligations, and regulatory exposure without slowing product momentum unnecessarily.
Solo Dev
Your app may be fire. You still need the extinguisher.
Solo developers and vibe-coded app builders can ship quickly, but speed does not remove responsibility. If your app collects names, emails, personal information, user prompts, payments, or AI-generated outputs, you may already have governance and disclosure obligations. Global use means global exposure. A small app with users in the EU is subject to EU law. OBEXGATE helps identify basic AI risk exposure before your app grows beyond what you can easily fix.
Solopreneur
Your AI works like a team member. You are still the accountable one.
Solopreneurs often use AI for customer messages, marketing, lead capture, fulfilment, scheduling, advice, or service delivery. The tools may feel lightweight, but the risks can become real when personal data, inaccurate claims, or customer reliance are involved. When something goes wrong, there is no team to spread accountability across. It comes back to you. OBEXGATE helps solo operators understand where AI needs clearer boundaries, disclosures, and review.
SMB
Your small team moves fast on AI. One slip can become a regulator's fine.
Small businesses are adopting AI for customer service, payments, operations, marketing, hiring, and admin support. The problem is that AI risk can appear before anyone has formally assigned ownership. Regulators do not make exceptions for small size. They ask whether the obligation existed, not whether you had capacity to meet it. OBEXGATE helps SMBs spot the gaps around personal data, disclosures, AI-generated outputs, and basic governance before those gaps become expensive.
Insurance
You insure everyone's risk. Who covers your AI?
Insurance brokerages may use AI to draft communications, summarise client needs, support policy comparisons, generate marketing, or assist internal operations. That creates exposure around personal data, client reliance, regulated advice, and professional responsibility. When AI assists in a client-facing process, the professional accountability does not transfer to the model. OBEXGATE helps brokerages assess where AI should be reviewed, documented, limited, or disclosed.
Medical Practice
Your AI reads patient data instantly. HIPAA still holds you accountable.
Medical practices may use AI for intake, summaries, documentation support, scheduling, patient communications, or operational triage. Even when AI improves efficiency, patient data, output accuracy, and auditability remain critical. AI does not inherit your professional obligations. It inherits your exposure while you keep the accountability. OBEXGATE helps practices identify where AI touches protected information, clinical workflows, disclosures, and review obligations.
Dental Practice
On the surface, your AI looks healthy. The X-ray shows the liability.
Dental practices may use AI for appointment handling, intake, treatment explanations, billing support, patient reminders, or record summaries. The risk is not only whether the tool is convenient, but whether it handles patient data and patient-facing outputs responsibly. Hidden AI liability does not show up until it becomes a compliance problem, a trust problem, or both. OBEXGATE helps reveal that exposure before it surfaces.
Chiropractic Practice
Your practice is aligned. Is your AI?
Chiropractic practices may use AI for intake, patient messaging, appointment workflows, marketing, documentation support, or educational content. When AI touches health information or patient-facing claims, alignment has to include privacy, accuracy, and review. A misaligned AI output that reaches a patient carries the same professional weight as a misaligned treatment plan. OBEXGATE helps identify where AI needs clearer safeguards before it creates a gap in patient trust or compliance.
Enterprise
Your AI is already inside the organisation. The question is whether governance is there too.
Enterprise AI often spreads through internal tools, vendor platforms, copilots, analytics, support systems, and employee workflows before central oversight can see the full picture. That creates risk around authority, accountability, data handling, output review, and cross-border exposure. Shadow AI is the gap between what IT approved and what teams are actually using. OBEXGATE helps organisations identify where AI operates, who has authority, and what needs to be assessed, documented, or controlled.
Government
Public-sector AI needs more than efficiency. It needs accountable authority.
Government and public-sector AI may affect access, eligibility, services, communications, triage, records, procurement, and public trust. Efficiency gains can create serious risk if decision authority, transparency, data use, and human review are unclear. When AI makes or influences a decision about a member of the public, the accountability for that decision does not disappear. It attaches to the authority that deployed it. OBEXGATE helps public-sector teams identify where AI requires governance, documentation, review, and escalation before operational shortcuts become public failures.
Education
AI is entering the classroom, the office, and the student record. Governance has to follow.
Education providers may use AI for student support, admissions, tutoring, grading assistance, communications, accessibility, admin workflows, or research. These uses can involve student data, vulnerable users, automated outputs, and institutional accountability. Student data carries heightened protection requirements in most jurisdictions. An AI system handling it without review is not a minor operational detail. OBEXGATE helps education teams identify where AI use needs review, disclosure, safeguards, and documentation.
Not sure where you fit?
If you use AI, you likely have some level of exposure.
If your organisation uses AI in a website, app, workflow, chatbot, customer service process, marketing system, healthcare process, internal operation, or decision-support workflow, you likely have some level of AI risk exposure. OBEXGATE helps you find the first layer of that exposure quickly, at no cost, and without requiring a compliance team or legal background.
Free assessment. No account required. Results in minutes.
OBEXGATE main page Free Risk Assessment Pre-Qualification Report Governance Foundation Report
Information contained is not legal or financial advice or a guarantee of outcome. Regulatory requirements change and should be verified against current published guidance, legislation, and regulator materials. Sector examples are illustrative and do not constitute a formal assessment of any specific organisation's obligations.