AI regulation is evolving rapidly around the world, and keeping up with the changes is essential for anyone building or deploying AI systems. Here’s a thorough update on the global AI regulatory space.
The EU AI Act
The EU AI Act is the most thorough AI regulation in the world:
Risk-based approach. AI systems are classified by risk level — unacceptable (banned), high-risk (heavily regulated), limited risk (transparency requirements), and minimal risk (no specific requirements).
Banned practices. Social scoring, real-time biometric surveillance in public spaces (with exceptions), and AI systems that manipulate human behavior in harmful ways.
High-risk requirements. AI systems used in healthcare, education, employment, law enforcement, and critical infrastructure must meet strict requirements — risk assessments, data quality standards, human oversight, and transparency.
General-purpose AI. Foundation models (like GPT-4, Claude, Gemini) face specific obligations — technical documentation, copyright compliance, and transparency about training data. The most powerful models face additional requirements including adversarial testing and incident reporting.
Timeline. The Act entered into force in 2024, with different provisions taking effect over 2025-2027. Most obligations are now active or will be soon.
United States
The US takes a more fragmented approach:
Federal level. No thorough federal AI law yet. The Biden administration’s Executive Order on AI (2023) established guidelines but isn’t legislation. Various agencies (FTC, FDA, EEOC) are applying existing laws to AI.
State level. States are passing their own AI laws. Colorado’s AI Act regulates high-risk AI in insurance and employment. California has multiple AI-related bills. Illinois requires disclosure of AI in hiring. The patchwork of state laws creates compliance complexity.
Sector-specific. The FDA regulates AI in medical devices. The SEC is examining AI in financial services. The FTC is enforcing against deceptive AI practices.
China
China has been proactive in AI regulation:
Algorithm regulation. Rules requiring transparency in recommendation algorithms, with users able to opt out of algorithmic recommendations.
Deepfake regulation. Requirements for labeling AI-generated content and obtaining consent for deepfakes of real people.
Generative AI rules. Regulations requiring generative AI services to be registered, content to align with “socialist core values,” and training data to be lawful.
Data protection. China’s Personal Information Protection Law (PIPL) affects how AI systems can collect and use personal data.
United Kingdom
The UK is taking a “pro-innovation” approach:
Sector-specific regulation. Rather than a single AI law, the UK enables existing regulators (FCA, Ofcom, CMA, ICO) to regulate AI within their domains.
AI Safety Institute. The UK established the world’s first AI Safety Institute, focused on evaluating frontier AI models for safety risks.
Voluntary commitments. The UK has secured voluntary safety commitments from major AI companies, though these lack legal enforcement.
Key Trends
Convergence on risk-based approaches. Most jurisdictions are adopting risk-based frameworks similar to the EU AI Act, though with different specifics.
Focus on transparency. Requirements for disclosing AI use, labeling AI-generated content, and explaining AI decisions are becoming universal.
Copyright battles. The question of whether training AI on copyrighted data is legal remains unresolved in most jurisdictions. Court decisions in the next 1-2 years will be pivotal.
International coordination. The G7, OECD, and UN are working on international AI governance frameworks, but progress is slow.
What This Means for Businesses
Compliance is becoming mandatory. If you deploy AI in the EU, you must comply with the AI Act. If you operate in multiple jurisdictions, you face a complex compliance space.
Documentation matters. Keep records of your AI systems — training data, model evaluations, risk assessments, and deployment decisions. Regulators will ask for these.
Transparency is expected. Disclose when AI is being used, especially in customer-facing applications. Label AI-generated content.
My Take
AI regulation is inevitable and, on balance, positive. Clear rules create a level playing field and build public trust in AI systems. The challenge is getting the balance right — too much regulation stifles innovation; too little allows harm.
The EU AI Act is the current gold standard, and its influence is spreading globally. Businesses should use it as a baseline for compliance, even if they don’t operate in the EU. The direction of travel is clear: AI regulation is coming everywhere.
🕒 Last updated: · Originally published: March 14, 2026