AI regulation in the US and EU is diverging in ways that matter for every company building or deploying AI. The two largest Western economies are taking fundamentally different approaches, and understanding both is essential for anyone in the AI space.
The EU Approach: thorough Legislation
The EU AI Act is the world’s first thorough AI law. It classifies AI systems by risk level and applies different rules to each:
Banned: Social scoring, manipulative AI, most real-time biometric surveillance.
High risk: AI in hiring, credit scoring, healthcare, law enforcement — requires extensive documentation, testing, and oversight.
Limited risk: Chatbots and deepfakes — must be labeled as AI.
Minimal risk: Everything else — no specific requirements.
General-purpose AI: Foundation models face transparency requirements; the most powerful face additional safety obligations.
The Act is being implemented in phases, with full enforcement by August 2026. Companies operating in Europe must comply or face fines of up to 7% of global revenue.
The US Approach: Fragmented and Evolving
The US has no thorough federal AI law. Instead, AI governance is a patchwork of:
Executive orders. President Biden’s 2023 AI Executive Order established reporting requirements for frontier AI models and directed federal agencies to develop AI guidelines. The current administration’s approach to AI governance continues to evolve.
Agency-specific rules. The FTC addresses AI-related consumer protection issues. The FDA regulates AI medical devices. The SEC looks at AI in financial services. Each agency applies existing authority to AI within its domain.
State laws. States are filling the federal vacuum. Colorado passed an AI discrimination law. California has proposed multiple AI bills. Illinois requires disclosure of AI in hiring. The result is a growing patchwork of state-level AI regulations.
Voluntary commitments. The White House secured voluntary safety commitments from major AI companies — including safety testing, watermarking, and information sharing. These commitments are not legally binding.
Key Differences
Scope. The EU Act covers all AI systems in the EU market. US regulation is sector-specific and incomplete — many AI applications face no specific regulation.
Enforcement. The EU Act has clear enforcement mechanisms and significant penalties. US enforcement depends on which agency has jurisdiction and what existing laws apply.
Risk classification. The EU classifies AI systems by risk level with specific requirements for each. The US doesn’t have a comparable classification system.
Transparency. The EU requires transparency about AI use in many contexts. US transparency requirements are limited and inconsistent.
Innovation vs. protection. The US approach prioritizes innovation and flexibility. The EU approach prioritizes consumer protection and fundamental rights. Both have trade-offs.
What This Means for Companies
If you operate in both markets: You need to comply with both frameworks. In practice, this often means building to the EU standard (which is stricter) and applying it globally. This is the “Brussels Effect” — EU regulation becoming the de facto global standard.
If you’re US-only: Don’t ignore EU regulation. If your AI products could be used by EU residents (which is likely for any internet-based service), you may need to comply with the EU AI Act.
If you’re building foundation models: Both the EU and US have specific requirements for the most powerful AI models. The EU’s requirements are more detailed; the US requirements are evolving.
Compliance strategy: Start with the EU AI Act as your baseline. Layer on US federal and state requirements as applicable. Document everything — both frameworks emphasize transparency and accountability.
The Convergence Question
Will the US and EU approaches converge over time?
Arguments for convergence: Companies want consistent rules. International trade agreements may push toward harmonization. The underlying concerns (safety, fairness, transparency) are shared.
Arguments against convergence: Different political cultures and priorities. The US values innovation and market freedom more; the EU values consumer protection and rights more. These differences are deep and unlikely to disappear.
The likely outcome: Partial convergence on specific issues (safety testing for frontier models, transparency requirements) with continued divergence on broader approach (thorough vs. sector-specific regulation).
My Take
Neither approach is clearly better. The EU’s thorough framework provides clarity but risks being too rigid and burdensome. The US’s fragmented approach provides flexibility but creates uncertainty and gaps.
For companies, the practical advice is the same regardless of which approach you prefer: build AI systems that are transparent, fair, safe, and well-documented. These principles are common to both frameworks, and they’re also just good engineering practice.
The regulatory space will continue to evolve. Companies that build responsible AI practices now — not because they’re required to, but because it’s the right thing to do — will be best positioned regardless of how regulation develops.
🕒 Last updated: · Originally published: March 13, 2026