Governance deadlines loom

Artificial intelligence governance is moving from voluntary guidance to dated legal obligations, with the European Union’s main rules applying from August 2, 2026. (digital-strategy.ec.europa.eu) The European Union’s Artificial Intelligence Act, Regulation (EU) 2024/1689, was published on July 12, 2024 and entered into force on August 1, 2024. Article 113 says the law applies from August 2, 2026, with some earlier milestones already in effect, including rules that started on February 2, 2025 and August 2, 2025. (eur-lex.europa.eu) The law uses a risk ladder: some uses are banned, high-risk systems face controls, and the European Artificial Intelligence Office plus national market surveillance authorities will enforce it. Each European Union member state was supposed to designate national competent authorities by August 2, 2025. (digital-strategy.ec.europa.eu) At the same time, companies are being handed more concrete playbooks for how to run artificial intelligence inside a business. The International Organization for Standardization published ISO/IEC 42001 in December 2023 as the first artificial intelligence management system standard, aimed at organizations that develop, provide, or use artificial intelligence systems. (iso.org) The United States still lacks a single federal artificial intelligence law, but the National Institute of Standards and Technology has kept expanding its voluntary framework. Its Artificial Intelligence Risk Management Framework was released on January 26, 2023, followed by a Generative Artificial Intelligence Profile on July 26, 2024 and a concept note on April 7, 2026 for a critical infrastructure profile. (nist.gov) Those documents do not create penalties on their own, but they give regulators and auditors a common checklist. The National Institute of Standards and Technology says the framework is meant to help organizations build trustworthiness into the design, development, use, and evaluation of artificial intelligence systems. (nist.gov) Enforcement in the United States is arriving through older consumer-protection laws and state statutes rather than a single national rulebook. On September 25, 2024, the Federal Trade Commission launched “Operation AI Comply” and announced five cases involving fake-review tools, “AI Lawyer” claims, and business-opportunity schemes marketed with artificial intelligence hype. (ftc.gov) The Federal Trade Commission said those cases showed there is “no AI exemption from the laws on the books.” In one of the sweep’s headline cases, the agency said DoNotPay had not tested whether its chatbot matched the performance of a human lawyer before making claims that it could. (ftc.gov) States are adding their own deadlines. Colorado’s 2024 artificial intelligence law was originally set to take effect on February 1, 2026, but a 2025 bill pushed that date to June 30, 2026. (leg.colorado.gov 1) (leg.colorado.gov 2) Colorado’s law requires developers and deployers of high-risk systems to use reasonable care against algorithmic discrimination, complete impact assessments, and give consumers notice and a chance to appeal some consequential decisions. Utah took a narrower path in 2024, creating an Artificial Intelligence Policy Act that requires disclosure in some regulated settings and sets up an Office of Artificial Intelligence Policy plus a learning-laboratory program. (leg.colorado.gov) (le.utah.gov) The practical change is that governance is no longer just a policy memo or an ethics page on a website. By mid-2026, companies selling or deploying artificial intelligence in Europe, Colorado, and other regulated settings will face fixed dates, named enforcers, and written expectations for how they test, document, monitor, and explain their systems. (digital-strategy.ec.europa.eu 1) (digital-strategy.ec.europa.eu 2) (leg.colorado.gov)