DiscloseAI
AI chatbot disclosure laws now carry $1,000+ per-violation fines in California alone. Scan any website, detect AI touchpoints, and generate jurisdiction-correct compliance notices in minutes.
The Idea
Every business using an AI chatbot, AI-generated content, or automated decision-making on their website now faces a patchwork of disclosure laws. California SB 243 (effective January 2026) lets consumers sue for $1,000 per undisclosed chatbot interaction. Colorado's AI Act (June 30, 2026) mandates conspicuous notice whenever consumers interact with AI. The EU AI Act Article 50 (August 2, 2026) requires labeling of all AI-generated content and deepfakes. Most small businesses have no idea which laws apply to them. DiscloseAI crawls your website, detects AI touchpoints (chat widgets, AI-generated images, automated forms), maps them against applicable regulations based on where you operate and sell, and generates ready-to-paste disclosure notices, compliance badges, and legal language. Think cookie consent banners, but for AI transparency.
Why Now
Three deadlines are stacking up in the next 90 days. Colorado AI Act goes live June 30, 2026. EU AI Act Article 50 transparency rules become enforceable August 2, 2026. Meanwhile, California SB 243 is already live and creating legal exposure today. DLA Piper published a January 2026 report noting that AI disclosure laws on commercial chatbot interactions "are on the rise" across multiple US states including Maine, Illinois, and Hawaii. The National Cybersecurity Alliance launched a public awareness campaign about AI impersonation. Businesses using tools like Intercom, Drift, Tidio, or any AI chatbot provider are exposed right now. The fines are not theoretical: California grants private right of action with statutory damages. One angry customer, one lawsuit.
How to Build
Two-phase product. Phase one: website scanner. User enters their URL. A headless browser (Playwright) crawls the site, detecting chat widgets (Intercom, Drift, Tidio, Crisp, Zendesk), AI content markers, automated form handlers, and any existing disclosure text. Phase two: compliance engine. User selects where they operate and where their customers are located. Claude API maps detected AI touchpoints against a regulation database covering EU AI Act Article 50, California SB 243, Colorado AI Act, Maine Chatbot Disclosure Act, Illinois AI Video Interview Act, and NYC Local Law 144. Output: a branded compliance report (PDF) plus copy-paste code snippets for disclosure badges, first-message chatbot notices, privacy policy AI addendum, and terms of service AI clauses. Stack: Next.js, Playwright for crawling, Claude API for analysis, Stripe for payment.
Revenue Model
Freemium with clear upgrade path. Free: scan one URL, get a basic compliance score showing how many AI touchpoints were found and which jurisdictions create risk. Starter ($99 one-time): full multi-jurisdiction audit report, disclosure text for all detected touchpoints, code snippets for badges, chatbot first-message templates. Pro ($39/month): ongoing monitoring with alerts when new regulations take effect, automatic re-scans monthly, compliance badge hosted on our CDN that stays current, and email alerts if your chatbot provider changes their default disclosure behavior. Agency ($149/month): scan up to 20 client websites, white-label reports, bulk generation. Target: the estimated 2.5 million websites using AI chatbots globally. At 300 Pro subscribers, that is $11,700 MRR.
Effort
One to two weeks for MVP. Day 1-2: build the regulation database by extracting requirements from published legal analyses (DLA Piper, Baker McKenzie, NYU Compliance and Enforcement blog all have detailed breakdowns). Day 3-4: website scanner using Playwright to detect common chat widget signatures and AI content markers. Day 5-6: Claude API integration to map findings against the regulation database and generate jurisdiction-specific disclosure text. Day 7: PDF report generation, Stripe checkout, landing page. Week two: add the hosted compliance badge (a small JavaScript embed that displays the right disclosure for each visitor based on their location), monthly re-scan automation, and the agency dashboard. The technical pattern mirrors Pitchsite and Content Engine builds Rees has done before.
Reddit Signal
Direct Reddit threads about AI disclosure compliance tools are limited, but the underlying pain signal is strong across adjacent channels. An internet lawyer blog post titled "Are You Required to Disclose When Website Users Are Interacting with an AI Bot?" surfaced repeatedly in search results, indicating high search demand. The Webstacks blog published "The Complete Guide to AI Disclosure Requirements" noting the fragmented regulatory landscape. DLA Piper's widely cited report on rising chatbot disclosure laws generated significant discussion. On Reddit specifically, r/smallbusiness and r/legaladvice regularly surface questions about chatbot compliance. The demand is more "business owner Googling frantically" than "Reddit thread with 500 upvotes," but that search-driven intent converts better for B2B tools.
Risk
Three risks worth flagging. First, regulatory fragmentation means the database needs constant updates. New state laws pass regularly, and interpretations shift. The Pro subscription model handles this (recurring revenue funds ongoing maintenance), but early versions might miss edge cases. Second, the scanner cannot catch every AI touchpoint. Custom-built chatbots without standard widget signatures will need manual input. Third, large compliance platforms like ComplianceAgent and Drata are moving into AI compliance broadly. However, they charge $49 to $199 per scan and target enterprises. The opportunity is in the small business segment: the freelancer running Tidio on their Shopify store who has no idea California SB 243 applies to them. Cookie consent tools (Cookiebot, CookieScript) have not expanded into AI disclosure yet, leaving a gap.
Verdict
DiscloseAI sits at a genuine regulatory inflection point. Three major deadlines within 90 days, existing fines already enforceable in California, and most small businesses completely unaware. The "cookie consent banner for AI" framing is immediately understandable and solves a real positioning problem. The main question is whether the market develops fast enough before enterprise players absorb this niche. But with a $99 one-time entry point versus enterprise pricing of $199+, there is a clear wedge for the SMB segment. Score reflects strong timing and clear demand, tempered by regulatory complexity and the risk of being absorbed.
Strong timing play with three regulatory deadlines converging in 90 days. The "cookie consent for AI" positioning is clean and the SMB pricing wedge is real. Execution risk is moderate: the regulation database needs ongoing maintenance, and enterprise compliance tools could absorb this niche. But right now, there is no simple, affordable tool that tells a small business owner exactly what AI disclosures they need and gives them the code to paste. That gap is real and closing fast.