Quick Answer The EU AI Act is the most comprehensive AI regulation in force as of 2026 — high-risk AI systems face mandatory compliance requirements, and foundation model providers (OpenAI, Anthropic, Google, Meta) face transparency obligations. The US has rolled back Biden-era executive orders in favor of voluntary commitments and sector-specific rules. China has separate mandatory registration requirements for generative AI products serving Chinese users.

Three major regulatory regimes now shape how AI is built and deployed globally: the EU AI Act (binding), US federal policy (fragmented and voluntary), and China’s generative AI rules (mandatory registration). For any company building AI products that touch users in multiple jurisdictions, understanding these frameworks is no longer optional.

đź“‹ Key Takeaways

  • EU AI Act enforcement began August 2024; full compliance deadlines for high-risk systems hit August 2026
  • US policy shifted under the Trump administration: the Biden AI Executive Order was revoked; emphasis is on "innovation-first" voluntary standards
  • China requires mandatory government registration for generative AI models serving Chinese users
  • Foundation model providers (GPT-4o, Claude, Gemini, Llama) face the most significant compliance burden under EU rules
  • Prohibited AI practices in the EU include social scoring, real-time biometric surveillance, and subliminal manipulation

EU AI Act: The Global Baseline

The EU AI Act is a risk-tiered regulation that applies to any AI system deployed in the EU, regardless of where the company is based. American and Asian AI companies building products for European users must comply.

Risk tiers:

Risk LevelExamplesRequirements
UnacceptableSocial scoring, mass biometric surveillanceProhibited entirely
High-riskMedical diagnosis, hiring systems, critical infrastructureConformity assessment, documentation, human oversight
Limited riskChatbots, AI-generated contentTransparency obligations (disclose AI use)
Minimal riskSpam filters, recommendation systemsNo specific obligations

General-Purpose AI (GPAI) rules apply specifically to foundation models like GPT-4o, Claude, Gemini, and Llama. Requirements:

  • Technical documentation of training data, capabilities, and limitations
  • Copyright compliance policies for training data
  • Energy consumption transparency
  • Cybersecurity measures

Models exceeding 10^25 FLOPs of training compute — “systemic risk” models — face additional obligations: adversarial testing, incident reporting to the EU AI Office, and capability evaluations.

Timeline:

  • February 2025: Prohibited practices ban took effect
  • August 2025: GPAI model rules took effect
  • August 2026: Full high-risk system compliance required
€35MMax fine for prohibited AI (or 7% revenue)
€15MMax fine for other violations (or 3% revenue)
10^25FLOPs threshold for "systemic risk" models
27EU member states affected

US AI Policy: The Regulatory Rollback

The Biden administration’s October 2023 Executive Order on AI established significant voluntary safety commitments from major AI labs and instructed federal agencies to develop AI guidelines for their sectors.

The Trump administration revoked the Biden AI Executive Order in January 2025 and replaced it with an executive order prioritizing “maintaining American AI leadership” and removing “barriers to American AI innovation.” The shift is significant:

What changed: Mandatory risk assessment requirements, oversight of frontier model development, and mandatory safety testing before deployment were removed from federal requirements. They became voluntary.

What remained: Sector-specific rules (FDA for medical AI, FTC for deceptive AI, CFPB for AI in financial services) continue to apply. The US approach is now: “let agencies regulate AI in their domains, don’t create blanket AI legislation.”

Congress: No comprehensive federal AI legislation has passed as of mid-2026. Multiple bills have been introduced; the political will for broad AI regulation is limited given concerns about hampering US competitiveness relative to China.

State-level: Several US states — California, Colorado, Texas, Illinois — have passed or are considering AI-specific laws covering automated decision systems, transparency requirements, and AI bias auditing. A patchwork of state rules creates compliance complexity for US companies.

China: Mandatory Registration and Content Rules

China’s approach to AI regulation is simultaneously more centralized and more targeted:

Generative AI Service Administration Rules (2023, updated 2025): Any company offering generative AI products to users in China — including Chinese language text generation, image generation, and audio synthesis — must register with the Cyberspace Administration of China (CAC) and submit to a security assessment.

Requirements include:

  • Training data provenance documentation
  • Content moderation to prevent material that “undermines social stability”
  • User registration with real-name verification
  • Incident reporting for security issues
  • Prohibition on generating content that promotes “subversion of state power”

Practical implications: This is why Western AI products like ChatGPT, Claude, and Gemini are blocked in China — they would need to submit to content control requirements that conflict with their own policies. Chinese AI companies like Baidu’s Ernie Bot, ByteDance’s Doubao, and Moonshot’s Kimi have completed registration and operate legally.

How Major AI Companies Are Responding

OpenAI: Has published model cards, safety evaluations, and usage policies. Complies with EU GPAI requirements. Has not accepted Chinese registration requirements — ChatGPT remains blocked in China.

Anthropic: Most compliance-forward major lab. Claude’s Constitutional AI and Responsible Scaling Policy pre-date EU requirements and align closely with their framework. Anthropic has explicitly excluded certain use cases from Claude.

Google: Dealing with EU AI Act compliance across Gemini and cloud AI products. Has the additional complexity of Android/Search being considered potential “systemic risk” platforms.

Meta: Open-sourcing Llama creates a compliance question — if Meta publishes model weights, the downstream user is responsible for compliance, not Meta. This is an explicit regulatory arbitrage in Meta’s open-source strategy.

ℹ️ For Developers Building AI Products If your product uses AI to make decisions about people in the EU (hiring, lending, medical assessment), you're in the high-risk category and need conformity assessment documentation. If you're building a chatbot or content tool, the main requirement is disclosing that users are interacting with AI. Consult legal counsel for specific compliance requirements.

What’s Coming: The Next Wave

EU AI Act enforcement: The full compliance machinery will be tested in 2026 as the first high-risk system deadlines hit. Expect significant fines for early violations — the EU has used GDPR enforcement as a revenue mechanism and will likely do the same with AI.

AI copyright cases: Multiple lawsuits over training data copyright (New York Times vs. OpenAI, authors’ class actions) will produce precedents that affect whether training on public web data requires licensing.

US federal AI legislation: Political dynamics make comprehensive legislation unlikely before 2027, but state-level rules will continue to multiply, increasing compliance costs for US-based AI companies.

International coordination: G7 and OECD frameworks attempt to harmonize AI governance across major economies. Progress is slow but directionally toward shared transparency and safety reporting standards.

Also see: AI Market Statistics 2026 · OpenAI vs Anthropic vs Google · Chinese AI Companies 2026 · Meta AI Strategy 2026