AI platforms rarely announce governance restructuring through conventional channels. Changes to training disclosures, jurisdiction designations, and consent frameworks are distributed across multiple documents, revised incrementally, and implemented without structured notification. ConductAtlas detected several governance restructuring patterns in May 2026 that would have been difficult to identify from any single document version alone.
This report documents three patterns detected through continuous governance monitoring between May 5 and May 17, 2026.
1. Meta/Threads: AI Training Disclosure Redistribution
Between May 6 and May 17, 2026, ConductAtlas detected a three-part restructuring of AI training disclosure language across Meta's governance documents for the Threads platform.
Timeline
| Date | Document | Change Detected |
|---|---|---|
| May 6, 2026 | Threads Terms of Use | Removed five sentences disclosing AI training data use and references to Meta AI terms |
| May 14, 2026 | Meta AI Labeling Policy | Added language establishing that user interactions with Meta AI will be used to improve AI systems |
| May 17, 2026 | Threads Privacy Policy | Added AI training language with narrowed consent scope, referencing only AI terms instead of Meta Terms, AI terms, and Privacy Policy collectively |
What This Means
The AI training disclosure was not removed from Meta's governance framework. It was redistributed. The original Terms of Use language explicitly stated that user interactions with AI systems would be used to train Meta AI models and referenced separate Meta AI terms. After removal on May 6, similar language appeared in the Meta AI Labeling Policy on May 14 and the Threads Privacy Policy on May 17.
The restored language differs from the original in one important respect: the consent scope was narrowed. The prior version required users to agree to Meta Terms, AI terms, and the Privacy Policy collectively. The updated version references only Meta's AI terms. This reduces the number of documents a user explicitly consents to while maintaining the same underlying data practice.
This pattern is significant because reading any single document version in isolation would not reveal the full restructuring. A user reviewing the Terms of Use after May 6 would see no AI training disclosure. A user reviewing the Privacy Policy after May 17 would see AI training language that appears newly added rather than restored from a different document.
Governance Implications
This restructuring increases document fragmentation around AI training governance language. The full governance structure is distributed across multiple documents.
Before and After
Five sentences disclosed that user interactions with AI systems would be used to train Meta AI models. Users agreed to Meta Terms, AI terms, and Privacy Policy collectively.
AI training language restored but consent scope narrowed to AI terms only. References to Meta Terms and Privacy Policy removed from agreement scope.
The redistribution of disclosure language across documents affects how users understand and consent to data practices. When AI training disclosures exist in Terms of Use, they are typically encountered during account creation. When the same disclosures exist only in a Privacy Policy or AI-specific terms, users may not encounter them unless they navigate to those documents separately.
Under the EU AI Act Article 13 transparency requirements and GDPR Article 13 disclosure obligations, the location and accessibility of processing disclosures may be relevant to compliance assessments. The California Consumer Privacy Act similarly requires that privacy disclosures be reasonably accessible at the point of collection.
Monitor Threads governance changes → Monitor Meta governance changes →
2. TikTok Ads: Controlling Entity Jurisdiction Shift
On May 5, 2026, ConductAtlas detected that TikTok Ads replaced its U.S.-specific privacy policy with language covering "other regions." The controlling entity changed from TikTok USDS Joint Venture LLC, a U.S.-based entity, to TikTok Pte. Ltd., registered in Singapore.
What Changed
The prior privacy policy was structured for U.S. users and referenced U.S. legal frameworks. The updated policy addresses "other regions" and designates a Singapore entity as the data controller.
Before and After
U.S.-specific privacy policy. Controlling entity: TikTok USDS Joint Venture LLC. U.S. legal frameworks referenced.
Global privacy policy covering "other regions." Controlling entity: TikTok Pte. Ltd., Singapore. U.S.-specific language removed.
This restructuring changes which privacy laws govern the processing of user data.
U.S. users who originally signed up under American legal protections are now subject to the terms of a Singapore-registered entity. Dispute resolution, regulatory oversight, and available consumer protections differ between U.S. and Singapore jurisdiction.
Regulatory Context
Jurisdiction shifts affect the enforceability of consumer protection frameworks. Under CCPA/CPRA, California residents have specific rights that apply to businesses processing their data. Whether those rights apply when the controlling entity is registered in Singapore depends on the entity's business relationships and data processing activities within California. The GDPR applies based on where data subjects are located rather than where the controller is registered, but enforcement mechanisms and available remedies differ by jurisdiction.
Monitor TikTok Ads governance changes →
Compare TikTok Ads governance provisions in the ConductAtlas archive.
3. Supabase: Delaware to Singapore Entity Migration
On May 6, 2026, one day after the TikTok Ads jurisdiction shift, ConductAtlas detected that Supabase updated its legal entity from a Delaware corporation to a Singapore-based company. The same update introduced an explicit "I Accept" consent mechanism replacing implicit sign-up acceptance and added a new section addressing AI-powered customer support tools.
What Changed
Supabase moved its governing entity from Delaware to Singapore. The same update replaced implicit sign-up acceptance with an explicit "I Accept" button and added a new section disclosing AI-powered customer support tools.
Before and After
Delaware corporation. Implicit acceptance through account creation. No AI tool disclosures.
Singapore-based company. Explicit "I Accept" button required. New section disclosing AI-powered customer support tools.
The combination of jurisdiction change, consent mechanism revision, and AI disclosure in a single update represents a comprehensive governance restructuring rather than an incremental edit.
The Singapore Pattern
Two unrelated platforms shifted governing jurisdiction toward Singapore within the same week. These decisions may be independently motivated. But the pattern is worth monitoring.
Singapore's Personal Data Protection Act differs from U.S. state privacy laws and the GDPR in scope, enforcement, and available remedies.
Organizations using Supabase for infrastructure should review whether the jurisdiction change affects existing data processing agreements, vendor risk assessments, or compliance obligations.
Monitor Supabase governance changes →
Review Supabase governance provisions in the ConductAtlas archive.
Why Multi-Document Monitoring Matters
Each of the three patterns documented above involves governance changes that would be difficult to identify from a single document review.
The Meta/Threads restructuring spanned three documents over 11 days. The TikTok and Supabase jurisdiction shifts were independently significant but form a recognizable pattern only when observed together.
Traditional approaches to governance review do not capture these restructuring patterns. Reading terms of service when creating an account or reviewing policies periodically misses the movement.
Governance language moves between documents. Consent scopes narrow. Jurisdictions shift. None of these changes come with conventional announcements. Continuous monitoring with version history and cross-document comparison is required to maintain accurate governance understanding.
ConductAtlas monitors governance documents across 56 AI platforms and 325+ platforms total, maintaining version history, structured provision extraction, and change detection. When governance language is restructured rather than simply modified, the longitudinal archive provides the context needed to understand what changed and why it matters.
What You Can Do
If your organization or personal workflow relies on any of the platforms discussed in this report:
Review current governance terms directly. ConductAtlas maintains archived versions for Threads, Meta, TikTok Ads, and Supabase.
Assess jurisdiction implications. If you have data processing agreements or vendor compliance requirements, verify whether jurisdiction changes affect your obligations.
Monitor for ongoing restructuring. A single review captures a snapshot. Continuous monitoring captures the trajectory. Track AI vendor governance changes across your platform stack.
Primary Sources
All governance documents referenced in this report are archived in the ConductAtlas governance archive with SHA-256 content verification and version history.