AI clearance review

Newcomb does the reading. Your counsel still decides.

Before anyone ships, Newcomb checks each AI system against your laws, contracts, policies, and your vendors' terms, then assembles a sourced clearance record counsel can review — what changed, what applies, what is missing, and what it would take to clear.

Request access View sample clearance packet

Sample clearance packet

Underwriting fraud model

in-house · ready for counsel

Ready for counsel

Clearance state

Ready for counsel

Sources checked

Open conditions

Trace state

Sourced record

Counsel decision needed

Appears clearable with conditions

Owner: M. Chen, Compliance

Confirm adverse-action trigger and approve the clearance conditions.

What's easy to miss

An AI-notice obligation buried in 14 customer contracts.
Vendor terms that bar training on the data you submit.

What applies, and why

23 requirements across Colorado SB26-189, the NAIC bulletin, your AI policy, and 4 contracts — each linked to the exact clause.

Trace reference

Source → obligation → customer notice condition

Every line traces back to its source.

Design partners

Now selecting a small group of design partners in insurance, financial services, and healthcare.

Proof artifact

A sourced clearance record, already assembled

This synthetic sample shows the record Newcomb is built to produce: source excerpts, obligations, evidence gaps, affected contracts, the counsel decision block, and the trace from authority to condition.

Explore sample review

Sample clearance packet

Underwriting fraud model

in-house · ready for counsel

Ready for counsel

Clearance state

Ready for counsel

Sources checked

Open conditions

Trace state

Sourced record

Counsel decision needed

Appears clearable with conditions

Owner: M. Chen, Compliance

Confirm adverse-action trigger and approve the clearance conditions.

What's easy to miss

An AI-notice obligation buried in 14 customer contracts.
Vendor terms that bar training on the data you submit.

What applies, and why

Pre-deployment impact assessment
Colorado SB26-189 §6-1-1703(3) — A high-risk insurance use — required before the model is first deployed.
Consumer notice when AI informs an adverse decision
Colorado SB26-189 §6-1-1703(4) — Fraud scoring can contribute to a denial.
Written AI-use notice to affected customers
Master Services Agreement §11.2 — 14 accounts — These contracts require notice before AI touches their data.
No training on submitted data
Northwind Risk AI Terms §4.1 — The vendor bars using your submissions to train — it has to be enforced.
Annual bias testing and recordkeeping
NAIC Model Bulletin §4.3 — Adopted by your state DOI.

+18 more requirements, each linked to its clause.

Who it affects

14 customer accounts with AI-notice clauses; 3 reinsurer agreements that require disclosure of automated underwriting.

Evidence gaps

Pre-deployment impact assessment is drafted but not filed.
Northwind training-exclusion confirmation is present; Maryland addendum is still missing.
Three reinsurer notices need the automated-underwriting disclosure.

Open fact: Whether the output drives an adverse action, and which states the model serves.

What it would take to approve

Confirm the adverse-action trigger, file the impact assessment, and send the AI-use notice to the 14 affected accounts.

Source excerpts

Master Services Agreement §11.2

“Provider shall give Customer at least thirty (30) days’ written notice before applying any automated or artificial-intelligence system to Customer Data.”

Source → obligation → customer notice condition

Northwind Risk AI Terms §4.1

“Customer Submissions will not be used to train, retrain, or fine-tune the Services or any other model.”

Vendor terms → evidence requirement → clearance condition

Sources checked and ruled out

Texas TRAIGA (no Texas deployment), the EU AI Act (no EU data subjects), and NYC Local Law 144 (not a hiring tool).

Every line traces back to its source.

Illustrative sample — fictional facts, not legal advice.

Your AI obligations don't live in one place.

Some are in the law. Some are in a customer contract nobody has reread since it was signed. Some are in your own AI policy, or in the standard terms of a model vendor a team just started using. You have to find all of them before anyone ships, and the one that slips through is the one that resurfaces later, in an audit or a complaint, when it's hardest to fix.

The hard part was never the speed of the review. It's that the thing you need to catch is usually the thing that's easy to miss.

A full review, not a questionnaire.

Describe an AI system in plain language. Newcomb returns a clearance packet, leading with the obligations that are easiest to overlook, then everything that applies, each line tied to the clause it came from and the accounts it touches. It closes with the open facts the review still needs, what it would take to approve, and a record of every source checked and ruled out.

You read a finished position, not a pile of yes-or-no answers you still have to turn into one.

See the sample packet

We hold the laws. You bring only what's yours.

You never upload a statute or a vendor's standard terms. Newcomb holds those and keeps them current: the EU AI Act, Colorado SB26-189, Texas TRAIGA, Illinois HB 3773, NYC's hiring-algorithm rules, California's generative-AI disclosures, the NAIC bulletin variants, NYDFS Circular Letter 7, and the major model providers' terms. You connect only the documents that are actually yours.

EU AI ActHeld & monitored

Colorado SB26-189Held & monitored

Texas TRAIGAHeld & monitored

Illinois HB 3773Held & monitored

NYC's hiring-algorithm rulesHeld & monitored

California's generative-AI disclosuresHeld & monitored

NAIC bulletin variantsHeld & monitored

NYDFS Circular Letter 7Held & monitored

Major model providers' termsHeld & monitored

A rule changes Tuesday. By Wednesday, you know which systems it touches.

Newcomb watches the laws, the regulators, and the vendor terms it holds for you. When something changes, a lawyer on our editorial team reviews it, and every system that relied on what changed is already flagged for another look. Nothing quietly goes out of date.

Questionnaires don't read your contracts.

How Newcomb compares to a questionnaire, a GRC platform, and outside counsel.
Tool	Reads law and your contracts	Catches what's buried	Reviews the system, not just paperwork	Stays current
A questionnaire	No	No	No	No
A GRC / risk platform	Some	No	Some	No
Outside counsel	Yes	Sometimes	Per question	No
Newcomb	Yes	Yes	Yes	Yes

A questionnaire

Reads law and your contracts: No
Catches what's buried: No
Reviews the system, not just paperwork: No
Stays current: No

A GRC / risk platform

Reads law and your contracts: Some
Catches what's buried: No
Reviews the system, not just paperwork: Some
Stays current: No

Outside counsel

Reads law and your contracts: Yes
Catches what's buried: Sometimes
Reviews the system, not just paperwork: Per question
Stays current: No

Newcomb

Reads law and your contracts: Yes
Catches what's buried: Yes
Reviews the system, not just paperwork: Yes
Stays current: Yes

Request access

Ready before anyone asks.

Newcomb maps the obligations, names the affected contracts, and gathers the evidence, most of the way to a finished review. Your counsel reviews it, edits it, approves it, and owns the position for the company. The software never makes a quiet legal call on its own, and every source and decision stays traceable, ready for the board, an auditor, a reinsurer, or a regulator before they ask.

Security

Your documents stay yours.

You're connecting customer contracts and internal policies to a tool. So we built it the way we'd want a vendor to build it — and held it to the kind of terms Newcomb flags when it reads anyone else's.

Newcomb never trains on your data.

No model is trained or fine-tuned on anything you connect, and there’s no code path that could. The only place "no training" appears in the product is the detector that catches it missing from a vendor’s terms.

Your tenant is isolated.

Every record is walled off by tenant and enforced in code and in tests — with an ethical wall for conflicts and an audit log of what was accessed.

Access is least-privilege.

Five defined roles, multi-factor authentication, and admin actions gated behind it. Multi-factor secrets are encrypted at rest with AES-256-GCM.

The app won’t run unprotected.

In production it refuses to start unless authentication is on and a strong key is set — enforced by a test that fails the build, not by policy.

You can leave with everything.

Export or close your tenant whenever you want, through MFA-gated controls.

Who this is for

Built for the person every AI project lands on.

You're the general counsel, chief compliance officer, or AI risk lead at an insurer, bank, hospital system, or another regulated company, and AI projects are arriving faster than you can review them, each one a chance to miss something in a contract or a new law.

From the founder

I built Newcomb to do the reading I used to do by hand.

I'm an IP and AI attorney, and before that I studied math and machine learning. For years I advised some of the largest and most innovative AI companies on exactly this problem: which obligations actually attach to a system before it ships, and which ones are buried where no one is looking.

Newcomb came out of applying formal, mathematical techniques to that work — turning law, contracts, and vendor terms into something a machine can reason over precisely instead of approximately. I review every formalization myself. The software reads; the legal judgment is mine, and it stays traceable to its source.

If you're the person every AI project lands on, I'd like to hear what's landing on you. I read every request and reply within a business day.

— Howard Glucksman, Founder

Request access

Tell us about an AI system you'd like reviewed

Howard Glucksman, Founder.