AI Governance Remains Critical Despite Political Pendulum Swings
As businesses increasingly rely on AI and generative AI for myriad applications, a new body of “AI law” is forming, and some legal requirements are now in effect. AI governance has become a mandatory compliance function that organizations must prioritize immediately rather than postponing until next quarter or next year.
The Patchwork of AI Law
The landscape of AI law is complex and varies widely across jurisdictions. Some regions are enacting new regulations, while others are retracting existing ones. As the political atmosphere shifts, regulatory retrenchment has emerged as a key theme in 2025.
Hardline AI regulatory regimes that previously dominated headlines are now being scaled back. For instance, at the federal level in the U.S., the Trump administration has undone several Biden-era AI executive orders, leading federal agencies to recalibrate their enforcement priorities. Observers note that agencies such as the FTC and SEC are expected to focus primarily on clear cases of fraud rather than pursuing broader or more innovative regulatory actions.
State-Level Developments
At the state level, the Colorado AI Act is currently under scrutiny for potential amendments, including a bill introduced in April 2025. In addition, recent vetoes of high-profile AI bills by the governors of California and Virginia highlight the ongoing tensions in AI legislation. The U.S. House Energy and Commerce Committee has proposed a 10-year moratorium on enforcing state AI laws in a recent draft budget reconciliation bill.
Meanwhile, across the Atlantic, the EU Commission has withdrawn the draft AI Liability Directive and is reportedly considering amendments to the EU AI Act to ease certain requirements.
Emergence of New Regulations
Despite the apparent pullback in certain regulations, the realm of AI governance is not stagnant. Newly enacted state laws in the U.S., particularly in California, Illinois, New York, and Utah, address critical issues such as:
- Algorithmic discrimination and automated decision-making
- Disclosure of AI usage
- Impersonation, digital replicas, and deepfakes
- Watermarking of AI-generated content
- Data privacy and biometric data
State attorneys general have reiterated their commitment to enforcing existing laws against unlawful uses of AI, emphasizing that AI regulation remains a pressing concern. Furthermore, the ongoing AI “copyright war” continues to evolve, as various lawsuits in the U.S. and beyond test the boundaries of copyright infringement and fair use in relation to AI training and outputs.
The EU AI Act
Notably, the first requirements of the EU AI Act went into effect in February 2025. Companies utilizing AI within the EU are now subject to an “AI literacy” requirement, mandating measures to ensure a sufficient level of AI literacy among employees or individuals operating or using AI systems. The extraterritorial nature of the AI Act means it also applies to U.S. companies that use AI systems within the EU or produce outputs intended for use in the EU.
Mandatory employee training regarding the responsible use of AI is now a crucial aspect for compliance.
Conclusion
In summary, while there may be a trend towards softening AI regulation in some areas, this is not a universal truth. The importance of enterprise AI governance cannot be overstated. New “AI law” requirements are being implemented, with others on the horizon. Regulatory bodies, state attorneys general, and plaintiffs are keen to apply existing laws to emerging technologies. Additionally, organizations must be mindful of potential self-inflicted issues, such as data leakage, along with the reputational and public relations risks tied to AI-related missteps.
Fortunately, there are common threads within the complex landscape of AI regulation. Established guidance, such as the NIST AI RMF and ISO/IEC 42001:2023, offers valuable insights for responsible AI governance. These frameworks not only assist in compliance but may also provide statutory safe harbors or affirmative defenses under laws like the Colorado AI Act. Leveraging these resources is essential for organizations in navigating the evolving AI landscape.
