AI 'Regulatory Stacks' Emerge Globally
Regulators in the US, China, and the EU are creating divergent frameworks for AI, leading to a world of distinct "regulatory stacks." A lead at the US National Institute of Standards and Technology (NIST) noted on a recent podcast that a global AI solution may soon need to meet three or more different standards for risk management, transparency, and explainability to achieve compliance in major markets.
- The EU's AI Act, which entered into force on August 1, 2024, establishes a risk-based framework that classifies AI systems as unacceptable, high, limited, or minimal risk. Obligations for high-risk systems, which include applications in critical infrastructure, education, and law enforcement, are set to take effect on August 2, 2026. - In the U.S., the federal approach prioritizes innovation, as exemplified by a January 2025 executive order aimed at repealing certain safeguards to foster AI expansion. This contrasts with state-level initiatives like California's SB 1047, which focuses on stringent safety standards for high-cost AI models, creating a complex domestic regulatory patchwork. - China has adopted an agile, state-directed regulatory approach, issuing targeted rules for specific areas like deep synthesis and generative AI. While a comprehensive, high-level AI law was removed from the 2025 legislative agenda in favor of pilots and standards, the long-term goal is to become a global AI innovation center by 2030. - The NIST AI Risk Management Framework (AI RMF), first released in January 2023, is a voluntary guide that has become a de facto standard in the U.S. A significant update in July 2024 introduced a specific profile for generative AI, addressing risks such as hallucinations and intellectual property leakage. - International standards bodies are developing frameworks to promote interoperability and ethical AI. Key examples include ISO/IEC 42001, the first international standard for an AI Management System, and the IEEE P7000 series, which addresses ethical considerations in AI design. - Geopolitical competition heavily influences AI standardization, with the U.S. aiming to counter Chinese influence in international bodies like the ITU. This rivalry creates a risk of a "digital iron curtain," with incompatible technical standards dividing global AI ecosystems. - The EU's AI Act is positioned to have a "Brussels Effect," potentially setting a de facto global benchmark for AI ethics and regulation, similar to the GDPR's impact on data privacy. However, unlike with privacy, the U.S. and China are more actively competing to establish their own regulatory models as international standards. - Companies face significant compliance challenges due to these diverging frameworks; an AI model deemed "limited-risk" in the U.S. could be reclassified as "high-risk" under the EU AI Act or face prohibitions in China. This fragmentation is forcing firms to consider "forum-shopping"—locating different business activities in jurisdictions with the most favorable regulations.
