AI Usage Risk Assessment For Maryland, DC, Virginia and Pennsylvania Organizations
Your Staff Are Probably Using AI Tools You Have Never Reviewed. Here Is How To Find Out What That Means For Your Organisation.
A free self-assessment covering five risk areas: what AI tools your team is using, what data is going into them, whether your governance meets current compliance expectations, where your insurance and legal exposure sits, and whether you would know if something went wrong.
Takes under fifteen minutes. No technical background needed. Built for decision-makers in nonprofits, construction, and manufacturing across the Baltimore and DC region.
Get Your Free AI Risk Assessment
Fill out the form to receive your free assessment.
AI Compliance Risk For Maryland And Virginia Organisations In 2026
Most Organisations Do Not Have A Clear Picture Of What Their Staff Are Doing With AI Tools. That Gap Is Now A Compliance Problem.
Free AI tools are accessible from any browser, any device, and any account that a staff member controls. Many of them are already embedded in the software your organisation uses every day. Microsoft Copilot, Google Gemini, AI writing assistants, AI summarisation tools built into browsers, standalone platforms like ChatGPT. These tools are not rogue. They are useful. But when staff use them for work tasks without guidance, data follows.
A grant proposal that pulls from a funder’s confidential briefing. A HR email drafted using a thread that includes a staff member’s personal information. A bid document summarised in a consumer AI tool that stores and potentially trains on everything submitted. None of these require malicious intent. They require nothing more than a useful tool and an unreviewed habit.
This assessment gives you the visibility to get ahead of those questions before they are asked.
Maryland’s Online Data Privacy Act is now actively enforced. Virginia’s High-Risk Artificial Intelligence Act takes effect in July 2026. Cyber insurance underwriters are adding AI-specific questions to renewal questionnaires. Organisations that cannot demonstrate basic AI governance are finding premiums increase or coverage is harder to obtain. Funders and auditors are beginning to ask the same questions.
What The AI Usage Risk Assessment Covers
Five Areas That Determine Whether Your AI Exposure Is Managed Or Simply Unexamined
AI Tool Awareness
Whether you know which tools your staff are using, including those embedded in existing platforms, and whether there is any process for reviewing or approving new ones.
Data Exposure
What types of organisational data are going into AI tools, whether staff have been told what is off limits, and whether any regulated or sensitive data may have already been submitted without oversight.
Policies and Governance
Whether your organisation has a written AI policy, whether a named individual owns it, and whether staff actually know what they are and are not allowed to do.
Compliance and Insurance Exposure
Whether your AI tool usage creates obligations under MODPA, Virginia’s AI Act, CMMC, or your cyber insurance policy, and whether leadership has been briefed on what that means.
Incident Readiness
Whether your team knows how to report an AI-related incident, whether your response plan covers AI scenarios, and whether leadership would have visibility if something went wrong.
Each section ends with a reflection prompt and a score. Your total score out of 25 sites in one of three bands that tell you where your organisation stands and where to focus first.
Who Needs An AI Usage Risk Assessment In This Region
Built For The People Who Would Have To Explain AI Risk To A Board, An Insurer, Or An Auditor
Executive Directors and CEOs
You will be the first person an auditor, funder, or insurer asks about AI governance. This assessment tells you what you need to know before that conversation happens.
Operations and Compliance Managers
You are probably already managing the tools your team uses. This assessment tells you whether that oversight extends to AI, and where the gaps are.
IT Managers and Technology Leads
You likely know which platforms have AI features. This assessment helps you frame that risk for leadership and build the governance case you need.
CFOs and Finance Leaders
Cyber insurance renewals, MODPA obligations, and potential liability from unreviewed AI usage all carry financial implications. This assessment helps you quantify where the exposure sits.
If your role means you would be asked to answer for AI-related data risk in a board meeting, a renewal conversation, or an audit, this assessment is for you.
AI Compliance Requirements For Maryland, DC, Virginia And Pennsylvania Organisations
The Compliance Landscape Changed In 2025 And 2026. Here Is What That Means For Organisations In This Region.
MODPA
Maryland – In Effect
Maryland's Online Data Privacy Act
Took effect in October 2025 and entered full enforcement in April 2026. The law requires organisations to limit data collection and processing to what is strictly necessary for a defined purpose. When staff enter personal data into AI tools that have not been reviewed for compliance, that is a MODPA exposure. Penalties reach up to $25,000 per repeat violation. The law’s narrow nonprofit carve-out means most Maryland nonprofits are covered, not exempt.
VA AI ACT
Virginia – July 2026
Virginia's High-Risk Artificial Intelligence Act
Passed in February 2025 and takes effect July 1, 2026. It introduces obligations for organisations deploying AI in consequential decisions and applies directly to businesses operating in northern Virginia. For manufacturing and construction firms in the region, this adds a second compliance layer alongside existing data protection obligations.
CMMC
Federal – November 2026
Cybersecurity Maturity Model Certification
For construction and manufacturing organisations with federal contracts or government clients, the FY2026 National Defense Authorization Act has directed the Department of Defense to incorporate AI security requirements into the CMMC framework. The November 2026 CMMC enforcement deadline is relevant for any firm in southern Pennsylvania or northern Virginia with defense-related work.
CYBER INSURANCE
Carriers – 2025-2026
Cyber Insurance
Cyber insurers are moving separately from legislation. AI-specific questions have appeared in renewal questionnaires across major carriers in 2025 and 2026. Organisations that cannot describe their AI governance programme clearly are seeing premiums increase and in some cases coverage denied.
This assessment is built around these specific pressures. It is not a generic checklist. It reflects the compliance environment your organisation is actually operating in right now.
What Happens After You Download The Assessment
Work Through It Once And You Will Know Where To Focus First
The assessment is designed to be completed by someone with both operational and leadership visibility into your organisation. You do not need technical expertise. You need honest answers about what is actually in place today versus what exists in theory.
Some sections will be quick. Others may surface uncertainty you have been aware of but have not had time to address. That uncertainty is the point. It tells you where your AI exposure is highest and where a conversation with your team or a trusted adviser is warranted.
There is no sales sequence waiting on the other side of this download. You complete the assessment, you see your score, and you decide whether the results raise questions worth exploring further.
If they do, we offer a free, no-obligation call to talk through what you found. No pitch. A practical conversation about your organisation’s specific situation.
Free AI Security Posture Call For Nonprofits, Construction Firms, And Manufacturers In Maryland, DC, Virginia And Pennsylvania
If The Assessment Raises Questions, A Short Conversation Can Help You Understand What They Mean For Your Organisation Specifically
We work with nonprofits, construction firms, and manufacturers across Maryland, Washington DC, northern Virginia, and southern Pennsylvania. We understand the specific compliance pressures this region creates in 2026 and we know how to help organisations like yours get ahead of AI risk without overhauling everything at once.
The free AI Security Posture Call is a thirty-minute working conversation. We will review your assessment results, identify where your biggest exposures sit, and tell you what a sensible first step looks like given your size, sector, and current posture. You do not need to be an OmegaCor client to book this call.
Review your assessment results with an experienced Baltimore-area IT adviser who understands your sector
Understand which of your five section scores represent the most urgent attention and why
Get a clear picture of your MODPA, Virginia AI Act, or CMMC exposure as it applies to AI tool usage
Identify a realistic first step based on your organisation’s size and resources
Receive a straight answer on next steps with no obligation to engage further
We have supported organisations across Maryland and the DC region for over a decade. We will give you a useful conversation, not a sales pitch.
FOR NON PROFITS
We understand donor data obligations, MODPA’s nonprofit carve-out, and the compliance expectations of Maryland and DC-based funders. We will tell you exactly what a funder or insurer is likely to ask about your AI governance and whether your current position answers it.
FOR CONSTRUCTION
We understand project data sensitivity, federal contract compliance requirements, and the practical IT pressures of managing systems across office and jobsite environments. We will help you understand where AI tool usage creates risk in your specific operating context.
FOR MANUFACTURING
We understand operational technology environments, supplier data sensitivity, and the Virginia and Pennsylvania compliance landscape for manufacturers with federal or government-adjacent clients. We will help you assess your AI exposure in the context of your actual operations.
IT Support For Maryland, DC,Virginia And Pennsylvania Organizations
Verticals - Nonprofits, construction, and manufacturing
%
State Region - Maryland, DC, Virginia, Pennsylvania
MODPA Ready
Compliance advice built around current Maryland law
NO Obligation
Free call, no pitch, no pressure
AI Compliance Questions From Maryland, DC, Virginia And Pennsylvania Organizations
Common Questions From Leaders Thinking About AI Risk For The First Time
Does MODPA apply to nonprofits in Maryland?
Yes, for most nonprofits. MODPA’s nonprofit carve-out is narrow and applies only to first responder organisations and those supporting law enforcement fraud investigations. Most Maryland nonprofits that collect donor data, manage client records, or process any personal information are covered by the law. The assessment includes a section specifically addressing compliance obligations for nonprofit organisations.
What is shadow AI and why does it matter?
Shadow AI refers to AI tools that staff use for work tasks without formal approval or oversight. This includes standalone platforms like ChatGPT, AI features embedded in browsers, and AI capabilities built into software your organisation already uses. The risk is not the tool itself. The risk is that data enters these platforms without any review of where it goes, how it is stored, or whether its use is compliant with your obligations. The assessment’s first section addresses exactly this question.
Our organisation is small. Do these compliance requirements actually apply to us?
MODPA applies to organisations processing personal data of at least 35,000 Maryland consumers annually. That threshold is deliberately lower than other state privacy laws and will capture many mid-sized nonprofits, construction firms, and manufacturers operating in the region. For organisations below that threshold, cyber insurer expectations and funder requirements often create equivalent practical obligations even where legal requirements do not directly apply. The assessment is useful regardless of your size.
We already have a cybersecurity policy. Does that cover AI?
Almost certainly not. Most cybersecurity policies written before 2024 do not address AI tool usage specifically. They cover data handling, access controls, and incident response in terms of existing systems and known platforms. AI tools introduce a new category of data flow that most policies do not contemplate: staff voluntarily submitting data to third-party platforms via consumer-facing tools. The assessment’s governance section addresses this gap directly.
What does Virginia's AI Act mean for our business if we operate in northern Virginia?
Virginia’s High-Risk Artificial Intelligence Act takes effect July 1, 2026. It focuses primarily on AI systems used in high-stakes decisions affecting individuals, such as employment, lending, housing, and healthcare. Construction and manufacturing organisations using AI tools in operational contexts may fall within scope depending on specific use cases. The act requires developers and deployers of high-risk AI to conduct impact assessments and implement governance controls. The assessment and the follow-up posture call can help you determine whether your current AI usage triggers obligations under the act.
What counts as an AI tool for the purposes of this assessment?
For the purposes of this assessment, an AI tool is any platform or software feature that uses artificial intelligence or machine learning to generate, summarise, analyse, or process content based on input from your staff. This includes large language model tools like ChatGPT, Claude, and Gemini, AI writing assistants, AI features in Microsoft 365 and Google Workspace, AI summarisation tools in browsers or productivity apps, and any tool where a staff member provides input and the tool generates a response. If your staff are using it to do work, it is in scope.
What happens after I download the assessment?
You receive the assessment, complete it at your own pace, and see your score across five risk areas. There is no automated follow-up sequence and no obligation to contact us. If your results raise questions you want to explore further, you can book a free thirty-minute AI Security Posture Call with our team. The call is a practical working conversation about your specific situation, not a sales pitch. You can book it at omegacorit.com or by calling 410-246-4708.
Download The Free AI Usage Risk Assessment
Find Out Where Your Organisation Stands On AI Risk Before An Insurer, Auditor, Or Funder Asks The Question First
OmegaCor Technologies | Baltimore, MD | 410-246-4708 | info@omegacorit.com | omegacorit.com
Serving nonprofits, construction firms, and manufacturers across Maryland, Washington DC, northern Virginia, and southern Pennsylvania.