The New Rules of AI: A Global Legal Overview
The rapid advancement of artificial intelligence technologies has prompted a global response in the form of evolving legal frameworks aimed at regulating their use and impact. Entering 2026, jurisdictions worldwide continue to grapple with the complexities of AI regulation, striving to balance innovation with the need for oversight.
As AI continues to transform industries, businesses must navigate a complex regulatory environment while balancing innovation with compliance. This report highlights current legal frameworks and offers strategic insights for companies seeking to leverage AI responsibly. By understanding the regulatory landscape and implementing robust compliance measures, organizations can harness the potential of AI while safeguarding against legal and ethical pitfalls.
European AI Regulatory Frameworks
Globally, the European Commission has taken the lead in regulating AI through several key laws:
- AI Regulatory: AI Act
- Personal Data Privacy and Protection: EU General Data Protection Regulation (GDPR)
- Intellectual Property: Copyright Directive, etc.
- Data Sharing and Cloud Services: Data Act
- Cybersecurity Act: Network and Information Systems Directive
- Online Platforms: Digital Services Act
- Antitrust: Digital Markets Act
The EU AI Act has entered into force as the world’s first comprehensive AI-focused law. It applies to companies with a physical presence in the European Economic Area (EEA) and, notably, to companies without a physical presence in the EEA in certain circumstances. The act regulates two types of AI: foundational models (general-purpose AI models, or GPAI models) and applications built on GPAI models (AI systems).
The AI Act imposes a tiered set of obligations based on the risk associated with different GPAI models and AI systems, ranging from minimal-risk to high-risk and prohibited categories. Importantly, the European Commission on November 19, 2025, published its “digital omnibus” legislative proposals, aiming to amend multiple major EU digital regulatory laws, notably the AI Act and the GDPR. If enacted into law, these proposals are intended to ease AI-related compliance obligations, including:
- Deferring the date on which the AI Act’s rules relating to “high-risk” AI systems come into effect.
- Allowing providers of GPAI models additional time to update documentation and processes.
- Narrowing the scope of what information is considered “personal data” under the GDPR.
- Making it easier to train GPAI models on personal data that is subject to the GDPR.
These proposals, while welcome news for companies active in the EU, will be considered in more detail early in 2026, and there is no guarantee that they will be enacted into law.
United Kingdom AI Regulatory Frameworks
The United Kingdom, which has adopted a relatively compliance-lite approach to AI regulation, published its AI Opportunities Action Plan. This plan seeks to position the nation as a global leader in AI technology, leveraging both private and public sector solutions to enhance public services and drive economic growth. The plan emphasizes the creation of data centers and technology hubs, focusing on AI safety and regulation that aligns with pro-growth ambitions.
United States AI Regulatory Frameworks
The United States has taken a bold step with the release of “America’s AI Action Plan,” which outlines a strategic framework for securing the nation’s dominance in AI through innovation, infrastructure development, and international diplomacy. This plan marks a significant shift toward a deregulated environment, encouraging private sector-led innovation while emphasizing the importance of AI systems being free from ideological bias.
State-level initiatives in the United States, such as California’s AI transparency law and Texas’s Responsible AI Governance Act, reflect a growing recognition of the need for tailored AI regulations that address specific risks while fostering innovation. These efforts are complemented by the Federal Trade Commission’s Operation AI Comply, which aims to address deceptive AI practices and ensure consumer protection. The US Securities and Exchange Commission’s focus on cybersecurity and AI underscores the importance of regulatory vigilance in safeguarding against potential risks.
The White House’s December 2025 executive order marks a major shift toward a unified national policy framework for AI, with broad implications for technology companies, state governments, and regulated industries. It aims to establish a minimally burdensome national standard for AI policy, limiting state-level regulatory divergence.
Asian AI Regulatory Frameworks
In Asia, Singapore’s Infocomm Media Development Authority launched the Model AI Governance Framework for Generative AI to address concerns and facilitate innovation in generative AI (GenAI). India is actively shaping its AI regulatory landscape with initiatives and guidelines for responsible AI development and deployment but lacks specific AI laws. India is also considering AI-related laws to serve as a companion to its Digital Personal Data Protection Act 2023.
