As State-Level AI Laws Multiply Across the U.S., the New York Founder Argues That Companies Treating Compliance as an Afterthought Are Already Losing Ground
For most enterprise technology leaders, AI regulation is a risk to manage. Dan Herbatschek thinks that framing is the first mistake.
The founder and CEO of Ramsey Theory Capital has been making a different case to clients for the better part of a year: organizations that build compliance into the architecture of their AI systems from the start are not just reducing legal exposure. They are building a competitive advantage that compounds over time. The ones waiting until after deployment are not just behind on paperwork. They are behind on fundamentals.
Research released through Ramsey Theory Capital found that more than 60 percent of large organizations now condition AI funding approvals on demonstrable governance maturity, making regulatory readiness a prerequisite for investment rather than a box to check after launch.
A Regulatory Landscape That Moved Faster Than Most Companies Expected
The challenge for global enterprises is not a single AI law, but the growing divergence among major regions in how they define responsibility, risk, and accountability. The United States has taken a decentralized, enforcement-driven approach, with oversight emerging through sector-specific regulators and expanding liability exposure. The European Union has imposed prescriptive, risk-tiered obligations through its AI Act. Asia-Pacific markets are advancing unevenly, with varying rules around data sovereignty and algorithmic accountability.
New York’s newly enacted Responsible AI Safety and Evaluation (RAISE) Act represents one of the most comprehensive state frameworks to date, requiring organizations developing or deploying advanced AI systems to demonstrate transparency, risk awareness, and accountability throughout the AI lifecycle.
For companies operating across multiple jurisdictions, building separate compliance frameworks for each market is neither scalable nor practical. Herbatschek’s answer is what Ramsey Theory Capital calls regulation-by-design: governance logic embedded directly into system architecture so that compliance adapts by geography without fragmenting execution.
Why Most Governance Models Are Already Outdated
The issue Dan Herbatschek identifies is not that enterprises lack compliance policies. It is that those policies were designed for a slower-moving environment.
Traditional governance models rely on manual documentation and periodic reviews. Ramsey theory. That approach worked when AI systems were narrow, contained, and infrequently updated. It does not work when those systems are making real-time decisions across operations, interacting with sensitive data at scale, and touching regulated processes in healthcare, logistics, and financial services simultaneously.
Ramsey Theory Capital’s structured approach integrates AI deployment with cybersecurity infrastructure and enterprise continuity planning across regulated and infrastructure-sensitive industries. The distinction is significant. Governance is not treated as a documentation layer sitting on top of existing technology. It is treated as a design requirement that shapes the technology itself.
The Shadow AI Problem Nobody Is Talking About Loudly Enough
Alongside the regulatory compliance challenge, Herbatschek has been raising a separate alarm about a risk developing inside organizations rather than outside them.
Ramsey Theory Capital sees shadow AI introducing untracked data exposure, regulatory risk, and operational blind spots that many enterprises are not prepared to manage. Unlike traditional shadow IT, AI systems can autonomously generate content, make decisions, and interact with sensitive data at scale.
The scale and speed of that exposure is what makes it different from earlier waves of unsanctioned technology. A rogue SaaS tool creates a data silo. An unsanctioned AI system can create a compliance violation, a reputational incident, and a security breach simultaneously, often before anyone in the organization knows it is running.
Herbatschek’s position is that blanket bans do not work. Organizations that govern AI intelligently gain both trust and velocity. The practical path is governance frameworks that define what tools are permitted, for what purposes, and under what data handling conditions, and that create visibility into what is actually being used across the organization.
Governance as a Balance Sheet Issue
The framing Herbatschek returns to most consistently is financial. AI is not just a technology layer. It is becoming a balance sheet exposure. The companies that quantify AI risk and return on investment will attract capital. Those that cannot will trade at a discount.
That argument is gaining traction in boardrooms. AI governance is no longer an optional feature but is now being treated as a foundational requirement, comparable to financial controls or cybersecurity.
For Dan Herbatschek, that shift validates what Ramsey Theory Capital has argued from the start. Compliance was never just a legal obligation. It has always been an organizational capability, and the companies that built it early are now seeing it pay off.
Ramsey Theory Capital is headquartered in New York with offices in New Jersey and Los Angeles.
About Dan Herbatschek
Dan Herbatschek is the Founder and CEO of Ramsey Theory Capital. He graduated Summa Cum Laude and Phi Beta Kappa from Columbia University, where he studied Mathematics, Philosophy, and Intellectual History. His thesis was awarded the Columbia University Lily Prize. Before founding Ramsey Theory Capital, he worked as an Investment Consultant and Data Management Consultant in New York. He specializes in translating organizational complexity into mathematically grounded technology systems, with expertise across machine learning, data visualization, software development, and regulatory compliance.