Information not provided.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Laws specifically addressing AI have not been introduced in Brazil yet. The Brazilian Federal Senate's Bill No. 2338 of 2023 (Brazilian AI Bill) seeking to legislate for the development, implementation, and responsible use of AI systems in Brazil was proposed on 3 May 2023 and is progressing through the legislation adoption process. The Brazilian AI Bill was approved by the Federal Senate on 10 December 2024 and has been passed to the Chamber of Deputies for analysis, where it is awaiting to be discussed, potentially amended and voted on. If approved, it will be submitted to be sanctioned by the President of the Republic. The proposal has been the subject of extensive debate with various entities in the technology sector, among the houses of the National Congress. However, it is not yet possible to predict when the Bill will be enacted into law. The Brazilian AI Bill emphasises the protection of fundamental rights and the implementation of safe and reliable AI systems, focusing on human centrality, respect for human rights and the support of democratic values. It also encourages innovation through regulatory sandboxes, allowing entities to experiment with AI technologies under specific conditions (draft Article 55).

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

AI-specific laws have not yet passed in Canada. An Artificial Intelligence and Data Act (AIDA) was proposed as part 3 of Bill C-27 in June 2022 but did not come into force. It had a stated purpose of:

• regulating international and interprovincial trade and commerce in artificial intelligence systems by establishing common requirements, applicable across Canada, for the design, development and use of those systems; and
• prohibiting certain conduct in relation to artificial intelligence systems that may result in serious harm to individuals or harm to their interests.

(Section 4, AIDA).

AIDA died on the order paper in January 2025 when Prime Minister Trudeau prorogued government, and it is not clear when or if it (or any AI-related laws) will be re-introduced at the national level. However, we can learn from the government’s experience with AIDA, which faced significant criticism on two key fronts during the legislative process. First, AIDA was introduced as part of a sweeping set of privacy reforms, which diluted parliamentary focus on AI-specific issues and may have created regulatory overlap with the broader omnibus legislation. Second, the government’s lack of meaningful public prior consultation prior to introduction of AIDA resulted in an unusual scenario where, because the initial framework deferred critical details to yet-to-be-written regulations, regulators were essentially required to re-write core components to add needed nuance and detail while Parliament debated the original proposal.

Even though there is no AI-specific legislation, AI-related rules appear in some other provincial legislation. For example:

• Quebec’s privacy legislation imposes transparency and disclosure obligations on organizations that use personal information to render a decision based exclusively on the automated processing of that personal information.
• As of January 2026, Ontario’s Employment Standards Act, 2000 will require employers that advertise publicly-advertised job postings to disclose to applicants when they implement AI to screen, assess, or select applicants (see Ontario confirms new regulations addressing pay transparency and job posting requirements).
• In November 2024, Ontario’s government passed the Strengthening Cyber Security and Building Trust in the Public Sector Act, establishing public sector transparency, accountability and risk management frameworks for the use of AI.

Laws specifically addressing AI have not been introduced in Chile yet. On 7 May 2024 a bill to regulate artificial intelligence systems (Chilean AI Bill) was proposed, seeking to promote the creation, development, innovation and implementation of AI systems serving human beings, in respect of democratic principles and the fundamental rights of individuals against the harmful effects that certain uses could have on them.

There is no single comprehensive AI law in the People's Republic of China (PRC). Instead, rules relating to the use and deployment of AI are found in a number of specific laws, regulations and mandatory national standards that regulate different subcategories of AI technologies and services. These include:

• The Interim Measures for the Management of Generative Artificial Intelligence Services (GenAI Measures), which came into force on 15 August 2023 and are the first piece of generative AI-specific regulation for the PRC, regulating the development and application of generative AI technology. The GenAI Measures apply to the use of generative AI technology to provide services that generate contents (including any texts, images, audios, and videos) to the 'public within the PRC' (which has a very wide interpretation). The GenAI Measures outline service providers' obligations in various areas, including model training, content management, service management and user protection.

• The Administrative Provisions on Deep Synthesis in Internet-based Information Services (Deep Synthesis Provisions) came into force on 10 January 2023 and apply to the provision of internet-based information services using deep synthesis technologies within the PRC. Deep synthesis technology is broadly defined, and includes any technology that employs deep learning, virtual reality, or other algorithms that are synthetic or generative (such as text/Q&A generation, image generation and voice attribute editing). The Deep Synthesis Provisions impose compliance obligations on various players, including providers of deep synthesis services, providers of technical support for deep synthesis services and users of such services. Particularly, there is a requirement for deep synthesis service providers to verify the real identity of users (by way of mobile phone number, ID card number, unified social credit code or national online identity authentication services) before they can release the services to the users.

• The Administrative Provisions on Recommendation Algorithms in Internet-based Information Services of the Cyberspace Administration of China came into force on 1 March 2022 (Recommendation Algorithms Provisions) and apply to any entity that uses recommendation algorithm technologies to provide internet-based information services within PRC. This includes the use of algorithm technologies, including generation and synthesis technology, personalised pushing technology and ranking and selection technology, etc., to provide users with information. The Recommendation Algorithms Provisions also emphasise the protection of the user. Service providers are required to inform users about the provision of algorithm services, including the principles behind them, their intended purposes and how they operate.
• The Measures for the Labeling of Artificial Intelligence Generated and Synthesized Content (AIGC Labelling Measures) took effect on 1 September The AIGC Labelling Measures apply to online information service providers that offer AI generative and synthetic services. Such providers are required to add different types of explicit and/or implicit labels to AI-generated content based on contexts, and to restrict the dissemination of non-labelled content via their service platforms either by user terms or by implementing technical measures.
• The mandatory national standard the Cybersecurity Technology—Labelling Method for Content Generated by Artificial Intelligence (AIGC Labelling Standard) took effect on 1 September 2025. The AIGC Labelling Standard implements the AIGC Labelling Measures and sets out detailed standards, specifications, and operational procedures for labelling AI-generated content. 
• The Provisional Measures on the Administration of Human-like Interactive Artificial Intelligence Services (Draft for Public Comments) were released on 27 December 2025 to solicit public comment till 25 January 2026. The draft applies to AI services that present simulated human personality traits, thinking patterns and communication styles, and interact with users emotionally through text, images, audio, video or other means. It has a particular focus on addressing psychological risks by requiring providers to warn users against excessive use and to intervene when users show signs of addiction.
• The Amendment to the Cybersecurity Law took effect on 1 January 2026. A general clause on AI is introduced, stating that the government will improve ethical norms for AI while strengthening AI risk monitoring and assessment and safety oversight — potentially paving the way for further AI regulations.

During the 2025 National People’s Congress, several delegates proposed the drafting of a specific AI law to address emerging risks, encourage innovation and establish a more consistent AI governance system. In particular, the possibility of classifying AI services into different risk categories and regulating them accordingly has been discussed.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

 

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Laws specifically addressing AI have not yet been introduced in Hong Kong.  

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

On 16 February 2024 the ruling party's project team on the 'Evolution and Implementation of AI' released 'the rough draft of the Basic Law for the Promotion of Responsible AI'. This rough draft of the AI Act intends to propose legal governance for frontier AI models. Frontier AI models are recognised as high-performance, general-purpose AI models capable of performing a wide variety of tasks and are as capable or more capable than today's most advanced models. The AI Act seeks to minimise risks and maximise benefits through appropriate AI governance.

Subsequently, the Act on Promotion of Research and Development, and Utilization of AI-related Technology (the “AI Act”) was enacted on 28 May 2025, and promulgated on 4 June 2025, with many of its provisions (except for certain sections) coming into force on the same day. While the AI Act primarily serves as a basic framework law targeting the national and local governments, it also sets forth responsibilities for AI-utilizing business operators to proactively strive to improve the efficiency and sophistication of their business operations and to create new industries through the use of AI-related technologies, as well as to cooperate with measures implemented by national and local governments.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Laws specifically addressing AI have not been introduced in Mauritius yet.

Blueprint

The Government of Mauritius, through the Ministry of Information Technology, Communication and Innovation (MITCI)  has published  A Blueprint for Mauritius – A Bridge to the Future – Digital Transformation 2025-2029, dated May 2025 (Blueprint) as a strategic framework to guide the country’s digital transformation, including the development of AI governance structure.  

The Blueprint announces the formulation of the Mauritius National Data Strategy (2025-2030) which inter alia aims at preparing Mauritius for a safe, trustworthy and ethical adoption of Artificial Intelligence (AI).

The National Data Strategy will include:

• Creation of a Data Management office
• Adoption of a Data Governance Framework
• Adoption of a Data Sharing Policy and Protocol
• Adoption of a Data Retention Policy
• Creation of a National Government Data Warehouse, which will in turn create:
  • Data Assurance
  • Data Sovereignty
  • Open Data and access to public information
  • Data Architecture and Harmonisation v. Data Usability
  • Data Literacy and Skills

This strategic direction is structured around four pillars and five enablers, which are as follows:

The Pillars:

1. The Foundation: State of the Art Information Structure;
2. Human Capital: Digital Skills for all;
3. Economy: Innovation and private sector growth; and
4. Planet: a Sustainable and resilient digital future.

The Enablers:

1. Digital public infrastructure;
2. Legal and regulatory reform;
3. Institutional governance;
4. Cyber resilience and trust; and
5. Data governance and AI.

The four strategic pillars represent Mauritius’ core objectives for digital transformation across government, economy, society and infrastructure, while the five enablers provide the essential conditions that support the successful implementation of these pillars.

National AI Strategy

As per the Blueprint, in line with the Government Programme 2025-2029, a National Artificial Intelligence (AI) Strategy will be formulated. The core objective is to leverage the potential of AI to significantly propel economic growth and enhance efficiency across various sectors of the economy and the society.

 

Laws specifically addressing AI have not been introduced in Mexico yet.  A draft bill to regulate AI (AI Bill) was presented to the Senate, by Ricardo Monreal Ávila, member of the Parliamentary Group of the MORENA Party, on 2 April 2024 aiming to create the first legal framework for artificial intelligence systems in Mexico, seeking to allow the country to take advantage of the benefits of using AI in various fields of application, whilst protecting the rights of third parties, users and the general public.

Article 1 of the AI Bill states that its objectives are to:

• Regulate the development, marketing and use of artificial intelligence systems;
• Ensure respect for the human rights of consumers and users and avoid any form of discrimination when using artificial intelligence systems;
• Protect intellectual property rights; and
• Facilitate the national development of artificial intelligence systems.

The AI Bill further aims to regulate AI applying a risk approach, classifying AI as either (i) unacceptable risk; (ii) high-risk; or (iii) low-risk. The AI Bill also provides that an authorisation must be obtained from the Federal Telecommunications Institute to be able to market such AI systems in Mexico.

To date, the project has not been discussed by the Science and Technology Commission and the Legislative Studies Commission of the Senate.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Laws specifically addressing AI have not been introduced in New Zealand, and, based on the current Government's recent policy decisions in respect of AI, New Zealand is unlikely to see any economy-wide specific AI legislative reforms in the foreseeable future. Instead, AI is regulated through existing technology-neutral laws, such as the Privacy Act 2020 (Privacy Act), consumer protection laws, and New Zealand's intellectual property and human rights legislation.

Laws specifically addressing AI have not been introduced in Nigeria yet.

In February 2025, The Artificial Intelligence Management and Finance Institute (AIMFIN) (Establishment) Bill, 2025 (HB. 2063) was brought before the House of Representatives for first reading. In May 2025, another bill, the National Institute of Artificial Intelligence and Robotic Studies (Establishment) Bill, 2025 (HB.2243) was brought for first reading on the floor of the House of Representatives.

There are a number of Nigerian laws that by virtue of their provisions and scope, indirectly apply to AI. These include laws on data protection, fundamental rights, intellectual property, employment and labour laws etc. 

The Ministry of Digitalisation and Public Governance has issued a proposal for a law implementing the Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) into Norwegian law. The proposal was open for public hearing until 30 September 2025.

The proposed law is named "Artificial Intelligence Act" or "Lov om kunstig intelligens" in Norwegian, and will implement the EU AI Act in full.

In November 2024, the Presidency of the Council of Ministers, through the Secretariat of Government and Digital Transformation (National Authority), published the Bill of Regulation of AI Law (Bill of Regulation). The Bill of Regulation develops various regulatory aspects regarding the responsible use of AI, such as prohibited activities and high-risk issues. The Bill of Regulation has been made available for public consultation to receive recommendations regarding its content and is therefore subject to further changes.

On 5 July 2023, Law No. 31814, Law Promoting the Use of Artificial Intelligence (AI Law) was published, which aims to promote and guarantee the ethical, sustainable, transparent and responsible use of AI within the framework of the national digital transformation process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Laws specifically addressing AI have not yet been introduced in Singapore.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

On December 26, 2024, the 'Framework Act on the Development of Artificial Intelligence and the Establishment of Foundation for Reliability' (AI Act) passed the plenary session of the National Assembly. The AI Act is expected to take effect around January 2026.   

The AI Act is prepared to advance AI development and promote self-regulation by establishing a framework of the following initiatives:(i) formulating a master plan for AI by the Minister of the Ministry of Science and ICT (MSIT), creating the National AI Committee/NAIC under the President’s office, establishing the AI Policy Center, and establishing the legal foundation for the AI Safety Institute’s operations, (ii) supporting industries related to the development and promotion of AI technology, including establishing standards for AI technology, and (iii) enacting and announcing the “AI Ethics Principles” to support self-verification and certification by AI-related organizations, thus ensuring the safety and reliability of AI, and establishing the legal basis for autonomous ethics committees in the private sector.

Furthermore, the AI Act stipulates various obligations for AI business operators such as operators involved with high-impact AI, businesses offering generative AI products or services, and operators whose AI training compute usage surpasses. It also requires that operators lacking a domicile or business location within Korea must appoint a domestic agent to comply with the proposed regulatory framework and empowers the Minister of MSIT with the authority to conduct fact-finding inspections and to issue suspension or corrective orders where necessary.

The AI Act is the first statute to govern legal requirements specific to AI technologies and products in Korea. 

Please note that AI in South Korea will still be regulated by existing rules governing personal information, copyright, and telecommunications. Therefore, the existing obligations and requirements under these laws and regulations will continue to apply to AI-related business and services.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Regulation (EU) 2024/1689 of the European Parliament and of the Council on harmonised rules on artificial intelligence (EU AI Act) was published in the Official Journal of the European Union on 12 July 2024. It entered into force on 1 August 2024, although many of its provisions come into force on specific dates:

• 2 February 2025: General provisions and provisions relating to prohibited AI practices and AI literacy (Chapter 1 and Chapter 2).
• 2 August 2025: Provisions relating to general-purpose AI (GPAI) models (e.g. generative AI).
• 2 August 2026: Most other provisions (including requirements for Annex III high-risk AI systems).
• 2 August 2027: Provisions relating to high-risk AI systems that are safety components of products or products themselves (i.e. AI systems covered by Annex I).

A new EU Product Liability Directive, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products (Product Liability Directive), was published in the Official Journal of the European Union on 18 November 2024 and entered into force on 8 December 2024. Member States have until 9 December 2026 to implement the Product Liability Directive into national law. The Product Liability Directive modernises the EU-level strict product liability regime, preserving the core principles of the previous law while adapting to new technologies by extending the scope to include software and AI. This regime is still limited to certain types of damages and applies only to consumers and other natural persons.

As part of its Digital Omnibus package, the European Commission has proposed amendments to the EU AI Act. While the Act’s core structure remains unchanged, the revisions aim to make compliance more amenable to businesses including shifting the burden of the AI literacy requirement, expanding reliefs for SMEs and "small mid-caps" and providing a new exemption from EU database registration. The proposals also suggest a delay in the applicability for rules for high-risk AI systems and some transparency requirements. Further updates are expected later in 2026 as the proposal makes its way through the European legislative process.

Laws specifically addressing AI have not been introduced in Thailand yet. Previously, a Draft Royal Decree on Artificial Intelligence System Service Business was published for public hearing in October 2022. A Draft Act on the Promotion and Support of AI Innovations in Thailand as well as its subordinated regulations, i.e. a Draft Notification Regarding AI Innovation Testing Center (AI Sandbox) and a Draft Notification Regarding Guideline for Setting Criteria and Risk Assessment Methods from the Use of Artificial Intelligence System, were also published and the latest public hearing was held in August 2023.  At present, the Electronic Transactions Development Agency (ETDA) has been assigned to revisit those draft laws and subsequently released a Draft Principles of the Law on Artificial Intelligence for public hearing in June 2025.

Laws specifically addressing AI have not been introduced in Turkey yet. However, in June 2024, a draft AI bill was presented before Turkish Parliament for committee review, aiming to construct a regulatory framework concerning the use of AI. If the draft bill passes the review, it will be proposed to the Grand National Assembly of Turkey to be adopted as law. The draft bill consists of eight articles that addresses risk management and assessment, compliance and audit, violations and sanctions.

There is no unified federal law or emirate level law in the UAE that has a primary focus on regulating AI. Instead, AI is governed through a patchwork of non-AI-specific laws and non-binding guidelines.

However, the Dubai International Financial Centre (DIFC) – a financial free zone in the UAE that has its own civil and commercial laws, based on English common law – has introduced specific provisions in the DIFC’s Data Protection Regulations to address the processing of personal data in connection with AI systems (including as part of the training process).

The legal framework in the UAE is complex and comprises multiple jurisdictions. There are federal laws, emirate level laws and laws in specific free zones, as well as binding sectoral rules and regulations. This guide does not cover sectoral rules and regulations.

A specific law addressing AI has not been implemented in the UK yet.

Two Private Members' Bills relating to the regulation the use of AI systems are currently progressing through the legislative system. The first relates to decision-making processes in the public sector, the Public Authority Algorithmic and Automated Decision-Making Systems Bill, introduced to the House of Lords by Lord Clement-Jones on 9 September 2024. The second is Lord Holmes' Artificial Intelligence (Regulation) Bill introduced on 4 March 2025 (although a version of the Bill had existed in the prior Parliamentary session before the 2024 General Election), which would establish a central AI Authority, regulatory sandboxes and require an AI officer for organisations deploying AI.

In the King's Speech of 17 July 2024, the UK Government announced that it will seek to:

"establish the most appropriate legislation to place requirements on those working to develop the most powerful artificial intelligence models" (para. 7, page 7).

Whilst there had been some speculation in 2025 that the UK might move more strongly towards a broader cross-sector AI regulation focussed on managing the risks of AI, this has not been the case. In the latter half of the year, the UK government reaffirmed its sector-based approach and in particular the message that it sees AI as a critical component of UK economic growth. 

In October 2025, the Government announced its blueprint for AI regulation, which identified some of the tools it sees as necessary to deliver this growth and drive modernisation of key UK sectors.  Part of these proposals include the use of regulatory sandboxes in key sectors (such as healthcare, professional services, transport, and the use of robotics in advanced manufacturing) to foster responsible development of AI.  While the proposals are cross sector in nature, the focus appears to be more on reducing barriers to growth. The government launched a call for evidence, which closed on 7 January 2026, to seek views on the AI Growth lab and so we can expect to see more concrete proposals later in the year.

There are many UK laws beyond the scope of this resource (relating to data protection, intellectual property, human rights, equalities, employment laws, etc.) that impact various aspects of AI development, deployment and use.

On data protection for example, the Data (Use and Access) Act 2025 (DUAA) received Royal Assent on 19 June 2025. Although not an AI-specific statute, the DUAA is expected to play a significant role in the UK's AI ecosystem by improving access to and use of data across regulated sectors, in turn, supporting AI development and innovation.

The most relevant amendments impacting the use of AI in the UK are those related to automated decision making, which took effect on 5 February 2026. The previous regime generally prohibited solely automated decisions (with no meaningful human involvement), including profiling, that had a significant legal effect, unless there was explicit consent or it was necessary for the entry into or performance of a contract. The DUAA moves the dial to a more permissive framework, aimed at reducing compliance burdens while in parallel mandating new safeguards (outlined in more detail in our guide to Data Protection Laws of the World).

Automated decision making is now permitted with those new safeguards implemented, unless special category data (e.g. health data) is involved, and organisations can now rely on legitimate interests as a lawful basis (i.e. instead of consent which is hard to obtain, or contractual necessity, which was often difficult to establish for efficiency gains).  

Notably, the DUAA clarifies that human review must be "substantive and informed," i.e. a human must be able to challenge or override an AI-driven decision or profile generation, but they don't necessarily need to be involved at all stages. This is important, as the Information Commissioner's Office has indicated that enforcement action may be prioritised where automated decision-making systems fail to offer meaningful human intervention, or where the lack of these safeguards could lead to significant discrimination or unfair treatment of individuals.

AI laws and Proposed Laws

In the U.S., artificial intelligence (AI) is regulated at both the federal and state levels. While the U.S. lacks a unified federal AI law, the states have been active in modifying existing laws to account for AI and, in some cases, passing targeted AI-specific legislation.

This section outlines the major enacted laws at both federal and state levels, highlighting how states have taken the lead in adapting existing legal frameworks and introducing AI-specific laws in the absence of a comprehensive federal approach.

Federal AI legislation landscape

The federal regulatory landscape for AI remains limited in scope. Although a significant volume of AI-related legislation has been introduced in Congress, only one standalone statute intended to regulate the posting and distribution of AI-generated content has been enacted to date: 

• Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act (TAKE IT DOWN Act): Although the statute does not regulate AI systems directly, it requires online platforms to delete flagged non-consensual intimate imagery, including AI-generated deepfakes, within 48 hours. The law creates criminal penalties for distributing content and empowers the Federal Trade Commission (FTC) to enforce compliance. 

Accordingly, federal policy is more defined by proposals than binding obligations, and most operational guidance continues to come from executive actions and agency-level enforcement.

Potential federal framework

On 11 December 2025, President Trump signed an Executive Order (EO) aimed at creating a national policy framework for AI to ensure American dominance in the field. The EO seeks to replace the existing patchwork of state laws—which the Trump Administration views as burdensome and detrimental to innovation—with a unified standard.

To achieve this, the EO outlines a two-pronged strategy: challenging existing state AI laws in court and establishing a new federal regulatory framework that would preempt them. A new task force, led by the Attorney General (AG), will be created to raise legal challenges to state laws that are viewed as unconstitutional or otherwise conflicting with federal regulations. Additionally, the EO directs the Secretary of Commerce to evaluate state AI legislation. The proposed federal framework will focus on key areas such as child safety, censorship prevention, and copyright protection, while preempting conflicting state-level regulations.

State-level AI legislation landscape

The lack of comprehensive federal AI legislation has led to a proliferation of state-level laws and regulations, with many more bills working their way through state legislatures in 2026. Some of these laws establish frameworks and requirements that impact both public- and private-sector use of AI technologies.

In 2025, all 50 states, Puerto Rico, the Virgin Islands, and Washington, D.C., introduced AI-related legislation. According to the National Conference of State Legislatures, 38 states adopted or enacted approximately 100 AI‑related measures. What materially changes in 2026 is enforceability: several major state AI laws take effect, significantly increasing the need for cross‑state governance frameworks, comprehensive inventories, and demonstrable evidence of controls.

These laws and regulations impose transparency and disclosure obligations, prohibit deceptive uses of generative AI, and seek to mitigate algorithmic discrimination in certain domains. The following list includes the principal state laws shaping AI regulation in the U.S. and a few examples of some of the narrower AI-focused laws:

California

• California has enacted significant AI-related legislation, establishing new requirements for transparency, safety, and accountability across various AI applications. California’s SB53, the Transparency in Frontier Artificial Intelligence Act (TFAIA), was signed into law on 29 September 2025, and took effect on 1 January 2026. It requires large frontier AI developers to publish transparency reports and annually update a public frontier AI safety framework describing how they assess and mitigate “catastrophic risk,” secure unreleased model weights, and respond to critical safety incidents. Further, California’s AB2013, Generative Artificial Intelligence: Training Data Transparency Act (TDTA) was signed into law 28 September 2024, and took effect 1 January 2026. The TDTA requires AI developers to publicly post a high-level summary of the datasets used to train generative AI systems or services made available to the public since January 2022, enumerating specific categories of required disclosures.
• During 2025, the California state legislature continued to pass many AI-related bills, most of which took effect on 1 January 2026. Signed into law on 13 October 2025, the California AI Transparency Act (AB853) mandates that developers of generative AI must embed “provenance data” into digital content to verify its authenticity and origin. (This law has staggered effective dates through 1 January 2028.) AB489, signed into law on 11 October 2025, prohibits the use of AI to falsely imply that advice or services are being provided by a licensed healthcare professional. Further, enacted on 13 October 2025, SB243 imposes specific safety protocols on “companion bots,” requiring them to prevent harmful conversations and regularly remind users that they are interacting with an AI. Other new laws, also enacted on 13 October 2025, create liability for services that enable deepfake pornography (AB621) and bar defendants from claiming an AI “autonomously caused the harm” in civil actions (AB316).

Colorado 

• Colorado enacted the Consumer Protections for Interactions with AI Act (Colorado AI Act) in May 2024, and it is scheduled to take effect on 30 June 2026. It is recognized as the first comprehensive statute in the U.S. specifically targeting “high-risk” AI systems. The law requires developers and deployers of qualifying AI applications to exercise reasonable care in preventing algorithmic discrimination, mandates clear documentation of AI activities, and holds entities accountable for the outputs of their AI systems. By categorizing certain AI deployments as “high-risk,” the Colorado AI Act imposes heightened responsibilities in critical areas such as employment, healthcare, lending, housing, and government services.

Illinois

• In August 2025, Illinois enacted the Wellness and Oversight for Psychological Resources Act, which imposes significant restrictions on the use of AI in mental healthcare. The law, effective immediately, broadly prohibits any entity without a professional license from offering therapy services, a rule that explicitly includes services delivered via AI, and bars licensed healthcare professionals from delegating therapeutic decisions to AI systems.

Kentucky

• Signed and effective on 24 March 2025, Kentucky’s AI Governance Act (SB4) establishes a comprehensive framework for AI use within state government. It calls for adoption of uniform AI policy standards and creates a governance committee to oversee ethical, transparent, and responsible AI use across state agencies. It includes provisions for human oversight, public disclosure, and protection of personal and business information.

Nevada

• On 5 June 2025, Nevada enacted AB406, which makes it a deceptive trade practice to misrepresent the capabilities of AI in mental healthcare. The law prohibits offering AI systems that are programmed to perform services that would constitute the practice of professional mental healthcare if done by a person. Furthermore, providers are barred from marketing or otherwise representing that their AI systems are capable of delivering such care. AB406 took effect on 1 July 2025.

New York

• New York enacted the Responsible AI Safety and Education (RAISE) Act on 19 December 2025, which establishes a comprehensive regulatory framework for developers of large-scale “frontier” AI models.[1] Effective on 1 January 2027, this law requires large developers to implement and publicly disclose a detailed “safety and security protocol” designed to mitigate the risk of “critical harm,” defined as events causing mass injury or over USD 1 billion in damages. It also requires developers to report any “safety incident” that demonstrates an increased risk of such harm to the state attorney general within 72 hours.
• Further, New York enacted a first-of-its-kind law requiring advertisers to disclose the use of AI-generated individuals in commercial advertising on 11 December 2025. The law mandates a conspicuous disclosure when a “synthetic performer”—a digitally created asset made with generative AI to resemble a human who is not an identifiable person—is featured in a visual or audiovisual advertisement. This rule is narrowly targeted at AI-generated actors and does not apply to audio-only ads, deepfakes of real performers, or AI enhancements of real performers. This law takes effect on 9 June 2026.
• Enacted on 11 December 2021, New York City’s Local Law 144 regulates the use of “automated employment decision tools” (AEDTs) in hiring and promotion decisions. Effective since 5 July 2023, the law imposes three core obligations on employers: they must conduct an annual independent bias audit to assess whether the tool has a disparate impact on candidates based on race, ethnicity, or sex; they must post a summary of the audit results publicly on their websites; and they must provide notice to candidates that an AEDT is being used and of their right to request an alternative screening process.

Texas

• Texas enacted the Texas Responsible AI Governance Act (TRAIGA) on 22 June 2025, establishing foundational duties for state agencies, developers, and deployers of AI systems operating within Texas. The law went into effect on 1 January 2026, and prohibits state agencies from certain uses of social scoring and biometric data. Developers and deployers face prohibitions on the intentional misuse of AI for certain types of behavioral manipulation, unlawful discrimination, deepfakes, and infringement of constitutional rights. TRAIGA provides protections for organizations that follow recognized frameworks, such as the National Institute of Standards and Technology (NIST) AI Risk Management Framework, as well as a 60-day cure period for violations, and the creation of a regulatory sandbox.

Utah 

• Utah employed a relatively comprehensive approach to AI oversight by adopting, and making effective, the AI Policy Act (SB149) on 1 May 2024. This legislation requires professionals in regulated occupations – such as law, medicine, and financial services – to disclose their use of generative AI tools during high-risk interactions, such as when providing sensitive advice or handling personal data. Additionally, consumers must be informed if they explicitly inquire whether they are interacting with AI.

A handful of other U.S. states have considered and rejected broad AI laws. In addition, numerous other states and localities have enacted specific statutes or municipal ordinances that regulate discrete aspects of AI. The following list includes several such examples:  

Maine

• Maine enacted “An Act to Ensure Transparency in Consumer Transactions Involving Artificial Intelligence” (the Maine AI Chatbot Disclosure Act) on 12 June 2025. Effective 23 September 2025, the law establishes targeted disclosure requirements for AI‑driven interactions. It generally prohibits businesses (and other persons) from using an AI chatbot – or similar text‑ or voice‑based computer technology – in trade or commerce in a manner that may mislead or deceive a reasonable consumer into believing they are interacting with a human, unless the business provides a clear and conspicuous disclosure that the interaction involves AI.

Maryland

• Maryland enacted HB820 on 20 May 2025, regulating how health insurance plans and related entities may use AI in coverage and treatment decisions made in utilization management and review decisions. Effective 1 October 2025, the law requires covered entities to ensure that the AI tool’s determinations are grounded in the enrollee’s individual clinical information, do not replace the role of a health care provider, and are applied fairly and equitably without resulting in unfair discrimination.

Pennsylvania

• On 7 July 2025, Pennsylvania enacted Act 35 (formerly SB649) to address the malicious use of AI-generated deepfakes. Effective 5 September 2025, the law establishes criminal penalties for generating (or creating and distributing) a forged digital likeness with intent to defraud or injure, or with knowledge and intent to facilitate fraud or injury by another – including where the actor knows or reasonably should know the audio or visual at issue is forged.

Illinois

• Illinois enacted HB3773 on 9 August 2024, amending the Illinois Human Rights Act to regulate the use of AI in employment decisions, prohibiting discriminatory practices. Effective 1 January 2026, the law requires employers to provide notice to applicants and workers if they use AI for hiring, discipline, discharge, or other workplace-related purposes.

This continued surge in state legislative activity reflects a wide range of approaches and priorities – from establishing task forces to study AI’s impact to imposing specific obligations on companies deploying AI systems. This dynamic landscape may underscore the growing value of state-level action in the absence of federal guidance, and organizations are encouraged to closely monitor both enacted laws and pending legislation in the jurisdictions in which they operate.