AI rules racing security

The EU set a staggered roll-out: certain prohibitions and literacy requirements took effect on February 2, 2025, while the bulk of high‑risk compliance obligations are scheduled to apply from August 2, 2026 ([dlapiper.com)]. The EU created a central European Artificial Intelligence Office to supervise general‑purpose AI and coordinate enforcement across member states ([digital-strategy.ec.europa.eu)], and the law carries penalties up to €35 million or 7% of global turnover for the most serious breaches ([artificialintelligenceact.eu)]. Major non‑EU economies are choosing different routes while signalling alignment: Japan passed an AI Promotion Act on May 28, 2025 focused on an “innovation‑first” approach ([fpf.org)], Singapore published a Model AI Governance Framework for Generative AI in January 2024 and continues to use principles‑based tools ([imda.gov.sg)], and Switzerland announced in February 2025 it will favour sector‑specific amendments rather than a full EU‑style Act. ([homburger.ch)] The U.S. federal executive branch moved to preempt state AI laws with an executive order dated December 11, 2025 — “Ensuring a National Policy Framework for Artificial Intelligence” — which directs the Attorney General to form an AI Litigation Task Force within 30 days to challenge state laws deemed inconsistent with federal policy ([whitehouse.gov)]. Senators and lawmakers including Sen. Ted Cruz have publicly urged a single federal standard to avoid a fifty‑state patchwork at events such as Politico’s AI & Tech Summit, while legal firms warn the administration’s preemption push faces constitutional and practical limits that could trigger litigation ([meritalk.com)]. Analysts at Gartner projected on March 17, 2026 that custom AI applications will drive 50% of enterprise cybersecurity incident‑response work by 2028, a figure the firm presented at its Security & Risk Management Summit in Sydney on March 16–17, 2026 ([gartner.com)].