Brought to you by ExecReps.ai — AI-powered executive presence coaching for teams.

Subscribe to Product Coalition — Join thousands of product professionals getting smarter about product strategy every week. Subscribe here

I worked in construction with my dad from the time I was a teenager right through to 21. Before a single wall went up, we would spend hours checking pipework, reading blueprints, tracing electrical cabling in the ground and in the ceiling. I remember thinking it was tedious. My dad would say: "The cost of fixing it later is always ten times the cost of getting it right now."

He was talking about buildings. But he could have been talking about product.

These are the writers who keep Product Coalition sharp. Practitioners running real products, sharing the compliance lessons most teams learn the expensive way. Every article in this issue comes from someone who has felt the weight of a regulatory surprise or a hidden cost that never made it onto the roadmap.

In product development, we tend to move fast and break things until the legal department walks into the room. Then the mood shifts. I have started paying closer attention to how often the real cost of a feature has nothing to do with engineering hours, and everything to do with the fine print nobody read until it was too late. My dad's rule from the building site still applies: the cost of fixing it later is always worse.

The Regulatory Hammer Is Already Swinging

I read Baker Nanduru's piece, The EU AI Legislation Sets the Bar for Safety and Compliance, and it hit me like a cold shower. Baker writes that "any EU citizen can file a complaint against an AI System provider" and that "AI creators will be fined a max of 7% of the worldwide total company turnover or $43 million, whichever is higher, for severe compliance breaches." That number is staggering.

I keep thinking about how many founders build features with total disregard for these borders. Baker points out that "most foundational model providers like OpenAI, Stability.ai, Google, and Meta failed to comply with the new EU AI Act." The top two reasons? Copyright issues with training data and lack of risk disclosure. It makes me wonder if we have reached a point where compliance is no longer a checkbox exercise but a primary product feature. As Baker puts it, "those who neglected safety by default despite having global ambitions must adapt quickly, despite the associated costs and time investments." The bill always comes due.

What I Am Hearing on the Podcast

I had Julie Harris on the podcast to talk about designing AI products for high-stakes problems. She said something that stuck with me:

"If you think about auditability, whether it's in financial services where there's regulation and there's supervisors and there's auditors, or whether it's in something like defence where, if something goes wrong, there could be public inquiries, you need to be able to go back to the moment in time that you made a decision and say why you made that decision."

That is the compliance cost nobody budgets for. Not the fine. The audit trail. The infrastructure to prove, retroactively, that every decision had a reason.

And then Rowland Graus put it differently when we talked about blockchain product management:

"It's not that, oh, I want to do this thing that's illegal. It's, I want to do this thing. I think it should be legal. I don't know that it's legal. And nobody else does either. The lawyers don't know. Politicians don't know. You get different guidance from different federal agencies. And so it's like this gray area that is just very draining and difficult."

That gray area is where most product teams actually live. The cost is not just financial. It is cognitive. It is strategic. Every decision gets slower because nobody can tell you whether you are on the right side of the line.

The Cost You Never Budgeted For

This brings me to the way we track what we build. Martin Michalik wrote Know The Development Costs: Why Product Managers Need to Go Beyond Sprint Estimates and Story Points, and he hits a nerve: "Accounting and tracking development costs aren't usually the virtues they're known for. After all, what are all the costs compared to the satisfaction of their users?"

I find myself nodding because I have been that product person who just wants to ship the cool thing. Martin is right that "PMs are often unaware of total projected costs, or, for the worse, they ignore them. ROI discussions never take place, and the product direction and strategy are never challenged."

He shares a quote from Ryan Singer that reframes everything: "An appetite is completely different from an estimate. Estimates start with a design and end with a number. Appetites start with a number and end with a design." I want to apply this to compliance. If you have an appetite for a new feature, you must have an appetite for the legal and regulatory guardrails required to keep that feature alive. If you do not include those costs in your initial design, you are setting your team up for a future of firefighting.

Martin asks, "Do you know how much it cost to build your last feature? Would you build it again if you knew the total cost in advance?" Heavy question.

When the Model Gets It Wrong

Sriram Parthasarathy explains in Analyzing and Communicating Business Risks When Deploying a Predictive Model that accuracy is not the only metric that matters. He writes, "Say we do 80% accuracy. This means model got 20% wrong. What is the cost or the impact of the incorrect predictions on the business? Is this manageable or is it severe?" I think about how often we celebrate a 90% accuracy rate while ignoring the catastrophic cost of the 10% failure.

Sriram uses healthcare as his example, where the cost of a mistake involves more than money: "The cost for incorrectly tagging a patient as compliant even though they are non-compliant is very high. This has a significant business risk because you are providing sensitive data to the customer who is not compliant." The financial impact is not limited to the product itself.

Nathan McKinley adds in Total Cost of Ownership (TCO): What Organizations Need To Know that we have to broaden our scope. "Understanding the price offered by cloud providers or the cost of managing workloads is insufficient to estimate the actual cloud cost." And buried in that total cost? "Any violation of regulations can lead to legal costs."

It is a full cycle. You build a model to save money. You fail to account for the compliance cost of that model. The model makes a mistake, or it runs afoul of a regulator, and your total cost of ownership triples overnight.

Rachel Wolan told me on the podcast how Webflow handles this:

"We do not train on our customer data. That, full stop. We have security, privacy, legal teams that review all of our products at the point when you have a spec. We have built out custom GPTs for product managers to run their products through for each of those just so you can get early flags."

That is what operationalised compliance looks like. Not a review gate at the end. A system that flags issues before you have committed resources.

Move Compliance to the Starting Line

I wonder if we are entering an era where the most valuable product managers are not the ones who can ship the fastest, but the ones who can map out the entire financial and legal risk profile of a feature before the first line of code is written. It is not as exciting as a launch party. It does not look great on a résumé to say you stopped a feature from being built because the compliance costs outweighed the potential revenue.

But I suspect that is the only way to build a sustainable business in the current environment. We have spent a decade treating compliance as a hurdle to be cleared at the end of the race. It is time to move it to the starting line.

If you knew that a feature would require an extra twenty percent of your budget just to satisfy new regulations, would you still push it to production today?

Baker Nanduru opened the EU AI Act's fine print so you did not have to. Martin Michalik challenged every PM who has ever skipped the cost conversation. Sriram Parthasarathy showed what happens when a model's 20% failure rate meets a real patient. Nathan McKinley forced us to add the legal line to the cloud budget. And on the podcast, Julie Harris, Rowland Graus, and Rachel Wolan brought the compliance conversation out of the legal department and onto the product roadmap. This is what 12 years of practitioner publishing looks like.

Sources:

• Baker Nanduru, "The EU AI Legislation Sets the Bar for Safety and Compliance," Product Coalition

• Martin Michalik, "Know The Development Costs: Why Product Managers Need to Go Beyond Sprint Estimates and Story Points," Product Coalition

• Sriram Parthasarathy, "Analyzing and Communicating Business Risks When Deploying a Predictive Model," Product Coalition

• Nathan McKinley, "Total Cost of Ownership (TCO): What Organizations Need To Know," Product Coalition

• Julie Harris, EP77: Designing AI Products for High Stakes Problems, Product Coalition Podcast

• Rowland Graus, EP67: Breaking Blockchain Barriers, Product Coalition Podcast

• Rachel Wolan, EP96: Designing for AI Disruption, Product Coalition Podcast

👋 Jay