US and EU AI Regulations Continue to Diverge
A new review of the global AI regulatory landscape highlights a growing divergence between American and European approaches. While the EU’s risk-based AI Act is becoming a global reference point, the US remains fragmented with sector-specific rules and state-level initiatives. Large technology companies are reportedly investing in dual-track compliance systems to navigate the different legal environments.
- The EU AI Act's phased implementation began in August 2024 and will continue through August 2027. Prohibitions on "unacceptable risk" AI, such as government-run social scoring, will apply from February 2025, with rules for general-purpose AI (GPAI) models following in August 2025. Full enforcement for high-risk systems will start in August 2026. - In contrast to the EU's comprehensive law, the primary US federal guidance is the National Institute of Standards and Technology (NIST) AI Risk Management Framework (RMF), a voluntary set of standards for managing risks. Federal policy has emphasized an "innovation-first" approach, particularly under the "America's AI Action Plan," which aims to secure US global dominance in AI. - International standards bodies are developing guidelines that interact with these regulations; ISO/IEC JTC 1/SC 42 serves as the primary international committee for AI standardization, focusing on the entire AI ecosystem. The EU has commissioned harmonised standards from CEN and CENELEC to support the AI Act, though their work is expected to extend into 2026. - Penalties for non-compliance with the EU AI Act are substantial, reaching up to €35 million or 7% of a company's global annual turnover, creating significant financial incentive for companies to establish robust compliance programs. High-risk systems, such as those used in critical infrastructure or employment, face the most stringent obligations, including conformity assessments and registration in an EU database. - The geopolitical divergence is stark: the EU's strategy aims to set a global standard through the "Brussels Effect," making its values-based rules a de facto international norm. Meanwhile, the US frames its approach as a strategic competition with China, prioritizing speed and leadership over comprehensive regulation. - While the US lacks a federal AI law, a patchwork of state-level legislation is emerging as a key compliance challenge. For example, Colorado's AI Act, with requirements taking effect in 2026, introduces a risk-based approach focused on preventing algorithmic discrimination. - The EU AI Act has a significant extraterritorial reach, applying to any company that places an AI system on the EU market or whose AI output is used in the EU. This requires US-based companies with European customers or users to adhere to the Act's requirements, irrespective of the lighter regulatory environment in their home country.
