Regulatory Landscape Beyond EU

Overview

AI regulation is accelerating globally. The EU AI Act gets the most attention, but US state laws, sector-specific guidance, and international frameworks are creating a patchwork of compliance requirements that enterprises must navigate.

United States

Federal Level

There is no comprehensive federal AI law as of early 2026. Instead, regulation comes through executive orders, agency guidance, and enforcement of existing laws.

Source	What It Does	Status
Executive Order 14110 (Oct 2023)	Directs agencies to develop AI safety standards, requires reporting for large model training runs	Active — implementation ongoing
NIST AI RMF	Voluntary risk management framework	Active — widely adopted
FTC enforcement	Using existing consumer protection authority against deceptive AI practices	Active — multiple enforcement actions
EEOC guidance	AI in hiring must comply with Title VII anti-discrimination	Active
CFPB guidance	AI in lending must comply with fair lending laws, adverse action notices	Active
SEC guidance	Broker-dealers can't use AI to place firm interests ahead of investors	Active
FDA AI/ML guidance	Framework for AI-based medical devices	Active — evolving

State Level

States are moving faster than the federal government.

State	Law	Focus	Effective
Colorado	SB 24-205	Deployers of high-risk AI must conduct impact assessments, notify consumers, disclose AI use	Feb 2026
Illinois	AI Video Interview Act	Employers must notify applicants of AI use in video interviews, get consent	Active
Illinois	BIPA (Biometric Information Privacy Act)	Applies to AI using biometric data — facial recognition, voice analysis	Active — heavy litigation
California	Various bills in progress	Transparency, algorithmic accountability, deepfake disclosure	Multiple timelines
New York City	Local Law 144	Annual bias audits for automated employment decision tools	Active
Texas	HB 2060	Requires disclosure when AI is used in certain government decisions	Active
Connecticut	SB 1103	AI inventory and impact assessments for state agencies	Active

Key Takeaway for Enterprises

Even without a federal law, US companies face regulatory risk from: existing anti-discrimination laws applied to AI (EEOC, CFPB), state-specific AI laws (Colorado is the most comprehensive), and sector-specific regulator guidance (SEC, FDA, FINRA).

Sector-Specific Regulation

Financial Services

Regulator	Guidance	Key Requirements
FINRA	AI in securities industry	Model risk management, explainability, supervision of AI-generated communications
OCC / Fed	SR 11-7 (Model Risk Management)	Applies to AI/ML models — validation, monitoring, governance
CFPB	Fair lending + AI	Adverse action notice must explain AI-driven denials, can't use "the algorithm decided"
SEC	Predictive data analytics	Broker-dealers must manage conflicts of interest in AI-driven recommendations

Healthcare

Regulator	Guidance	Key Requirements
FDA	AI/ML-Based SaMD Framework	Pre-market review for AI medical devices, continuous monitoring for adaptive algorithms
HHS / OCR	HIPAA + AI	AI processing PHI must comply with HIPAA — applies to cloud AI services
CMS	AI in Medicare/Medicaid	Transparency and oversight requirements for AI used in coverage decisions

Government / Defense

Framework	Scope	Key Requirements
DoD AI Principles	Military AI	Responsible, equitable, traceable, reliable, governable
FedRAMP	Cloud AI for government	AI services must meet FedRAMP security requirements
NIST AI 100-1	Federal AI use	Trustworthy AI characteristics — valid, reliable, safe, secure, accountable

International

Jurisdiction	Framework	Status
EU	AI Act	Phased implementation 2024-2026
UK	Pro-innovation approach	Sector-specific, no single AI law — regulators (FCA, ICO, CMA) issue own guidance
Canada	AIDA (Artificial Intelligence and Data Act)	Proposed — focuses on high-impact systems
China	Multiple AI regulations	Active — algorithmic recommendation rules, deep synthesis rules, generative AI rules
Japan	AI Guidelines for Business	Voluntary, principles-based
Singapore	AI Verify, Model AI Governance Framework	Voluntary governance toolkit with testing framework
Brazil	AI Bill (PL 2338/2023)	Under legislative review — risk-based approach similar to EU
India	No comprehensive AI law	Advisory approach — NITI Aayog principles

Compliance Strategy

Multi-jurisdictional approach:

Baseline to the strictest applicable standard — if you operate in the EU, the AI Act is your floor
Map state-specific requirements — Colorado and NYC have specific obligations
Sector-specific overlay — add FINRA, FDA, or other sector requirements on top
Monitor actively — AI regulation is moving fast. Assign someone to track changes quarterly
Build for transparency — almost every regulation requires some form of AI disclosure, documentation, or explainability. Building these capabilities once covers most frameworks

Regulatory Monitoring Resources

AI Policy Observatory (OECD): Tracks AI policy across 50+ countries
Stanford HAI AI Index: Annual report on global AI regulation trends
IAPP AI Governance Resource Center: Privacy-focused AI regulation tracking
State AI legislation trackers: Multi-state Legislative Service, National Conference of State Legislatures

AI Security Book