Mobile health applications and devices (“mobile health apps”) play increasingly important roles in the lives of individuals interested in self-regulating their personal health behaviors. While some appear to be simply consumer products and services, many are embedded in regulatory programs aimed at compliance with expert guidelines. In this paper, we draw on de Vaujany et al.’s framework for organizational IT-based regulation systems to consider how systems operate in open and distributed contexts in which actors have strong agency and regulation is indirect and voluntary. To do so, we consider how IT artifacts become embedded in practices, how data are implicated in regulatory feedback loops, and how individual, organizational and technological actors are mobilized and with what regulatory outcomes. We develop an instrumental case study as a vignette of five regulatory episodes (continuous glucose monitoring systems used by persons with diabetes) to examine how expert rules materialized in mobile health apps, data about bodily states, and IT features such as displays and alarms “nudge” individuals towards compliance with self-regulatory guidelines and practices. Through this analysis, we identify two related regulatory affordances of mobile health apps for predicting and surveilling personal health. We theorize how multilevel networks composed of trifecta of rules, IT artifacts, and practices develop as a regulatory lattice through which social regulation is realized. We conclude by considering the broader implications of this analytical approach to study voluntary, data-enriched regulatory systems.