The new rules of artificial intelligence

For most of the past decade, artificial intelligence developed at a pace that left governments watching from the sidelines, alternately alarmed and dazzled, unsure whether to intervene and, if so, how. That period of regulatory paralysis is over. Across the European Union, Asia, and scattered corners of the United States, the laws are arriving, some comprehensive, some targeted, some still half-drafted, and the question is no longer whether AI will be regulated, but how different models of regulation will collide with each other and with an industry that has no intention of slowing down.

The EU's landmark and what it actually bans

The European Union's AI Act remains the most significant piece of AI legislation anywhere in the world. It entered into force on August 1, 2024, and is being phased in, with prohibited AI practices already banned since February 2025 and full application of high-risk system rules due by August 2026. The structure is built on a tiered approach to risk. At the top of the hierarchy sit the outright prohibitions, practices so threatening to fundamental rights that no business justification can salvage them.

These include AI applications that manipulate users, exploit vulnerabilities, or enable mass biometric surveillance. Real-time remote biometric identification in public spaces and emotion recognition in schools and workplaces are banned outright. Social scoring systems, the kind that assign citizens ratings based on their behavior, are prohibited. More recently, the EU extended its prohibitions to so-called "nudifier" applications, AI systems that generate or manipulate sexually explicit images or audio without consent, effective December 2026, with fines of up to €35 million or 7% of annual worldwide turnover.

Below the prohibited tier sit high-risk systems: AI used in hiring, credit scoring, education, law enforcement, and border control. These are not banned, but they are tightly governed, subject to mandatory risk assessments, human oversight requirements, and detailed technical documentation. Companies whose AI systems generate synthetic content must disclose this to users, and chatbots must identify themselves as AI. The penalties for violations are steep enough to concentrate the minds of even the largest technology firms.

The act evolves

What is notable about the EU AI Act in 2026 is that it is already being amended, barely two years after it entered into force. On May 7, 2026, negotiators from the Council, the European Parliament, and the Commission reached a provisional agreement on the Digital Omnibus on AI, the first set of amendments to the Act since its adoption. The changes reflect a tension that has run through European AI policy from the start: the fear of falling behind American and Chinese competitors in the global AI race.

Compliance deadlines for high-risk AI systems have been pushed back, standalone systems must now comply by December 2027, and AI embedded in regulated products such as medical devices and vehicles by August 2028. The original AI literacy obligation, which required companies to ensure their staff achieved a certain level of AI understanding, has been softened: providers and deployers are now required to take appropriate measures to support the development of AI literacy, rather than guarantee any specific outcome. The core framework, the prohibitions, the risk tiers, the fines, remains intact.

The American patchwork

The contrast with the United States could hardly be more striking. The US has no comprehensive federal AI law. Its regulatory landscape features three competing forces: an executive branch seeking deregulation, Congress moving toward children's safety legislation, and states legislating rapidly.

A December 2025 executive order established a national AI policy framework designed to preempt conflicting state laws and promote AI innovation with minimal regulatory burden, and created a Department of Justice task force to challenge state AI laws deemed overly burdensome. Meanwhile states have moved faster than Washington: in 2025 alone, all 50 states introduced AI legislation, and 38 states adopted approximately 100 measures. Colorado requires reasonable care to prevent algorithmic discrimination. New York City mandates bias audits for automated hiring tools. Illinois requires employers to notify job candidates when AI has influenced hiring or promotion decisions. The result is a compliance map of extraordinary complexity for any company operating nationally.

China and the rest of the world

China's approach to AI regulation is often misunderstood in Western coverage. It is a different philosophy of rules. China's generative AI regulations have been in force since August 2023, requiring security assessments, content labeling, and restrictions on unnecessary data collection. An amended Cybersecurity Law, explicitly referencing AI, became enforceable in January 2026, adding requirements for AI security reviews and data localization. The difference from the EU model is not regulatory intensity; it is regulatory purpose. Where Brussels centers individual rights, Beijing centers national security and social stability.

Elsewhere, South Korea finalized its AI Framework Act in January 2025, strengthening transparency and safety requirements, while Japan enacted a lighter-touch AI Promotion Act in May 2025, encouraging voluntary cooperation with government safety measures rather than mandating compliance. By early 2026, more than 72 countries had launched over 1,000 AI policy initiatives.

The deeper question

The volume of legislation is not the same as coherent governance. What the world currently has is a patchwork, Europe's comprehensive framework, America's state-level scramble, China's security-first model, Asia's cautious voluntarism, and technology companies are navigating all of it simultaneously. The EU's AI Act was designed to be a global standard-setter, the way GDPR became a template for data protection law worldwide. Whether it will succeed in that ambition, or whether the competitive pressures of the AI race will gradually hollow it out from within, is the defining regulatory question of the next decade.