AI Governance Frameworks Around the World

As artificial intelligence systems become more powerful and pervasive, governments around the world are grappling with a fundamental question: how do you govern a technology that is evolving faster than any regulatory process can keep pace with? The answer, emerging in different forms across different jurisdictions, is a patchwork of laws, regulations, standards, and voluntary commitments that collectively constitute the global AI governance landscape.

Understanding these frameworks is essential for anyone developing, deploying, or affected by AI systems. Regulatory requirements vary significantly by jurisdiction, and organizations operating internationally must navigate a complex web of overlapping and sometimes conflicting rules. This guide provides a comprehensive overview of the major AI governance frameworks currently in effect or under development.

The EU AI Act

The EU AI Act, which entered into force in August 2024 with phased implementation through 2027, is the world's most comprehensive AI regulation. It establishes a risk-based framework that categorizes AI systems into four tiers and imposes requirements proportional to the risk level.

Risk Categories

• Unacceptable Risk (Banned): AI systems that pose a clear threat to safety, livelihoods, or rights are prohibited outright. This includes social scoring systems by governments, real-time biometric identification in public spaces (with narrow exceptions for law enforcement), manipulative AI that exploits vulnerabilities, and emotion recognition in workplaces and educational institutions.
• High Risk: AI systems used in critical areas such as healthcare, law enforcement, employment, education, and critical infrastructure must meet stringent requirements including risk management systems, data quality standards, technical documentation, human oversight provisions, and accuracy and robustness standards. These systems must be registered in an EU database before deployment.
• Limited Risk: AI systems that interact with users (chatbots, deepfake generators) must meet transparency requirements, including clearly disclosing that users are interacting with an AI system.
• Minimal Risk: The vast majority of AI systems (spam filters, AI-enabled video games) face no additional regulatory requirements beyond existing laws.

General-Purpose AI Models

The EU AI Act also addresses general-purpose AI (GPAI) models, including large language models. All GPAI providers must maintain technical documentation, comply with EU copyright law, and provide information about training data. GPAI models that pose "systemic risk" (defined partly by a compute threshold of 10^25 FLOPs) face additional requirements including adversarial testing, incident reporting, cybersecurity measures, and energy consumption reporting.

The Act's enforcement mechanism includes fines of up to 35 million euros or 7% of global annual revenue for the most serious violations, making it one of the most consequential regulatory frameworks in technology history.

United States: Executive Orders and Sectoral Regulation

The United States has taken a different approach from the EU, relying primarily on executive action, existing regulatory agencies, and voluntary commitments rather than comprehensive legislation.

Executive Orders on AI

President Biden's Executive Order 14110 on Safe, Secure, and Trustworthy AI (October 2023) was the most significant US government action on AI governance. It required developers of the most powerful AI systems to share safety test results with the federal government, directed NIST to develop standards for red-teaming and safety evaluation, and established the US AI Safety Institute within NIST. The order also addressed AI in government, workforce impacts, and civil rights implications.

Subsequent executive actions have continued to shape US AI policy, though the approach remains fragmented across agencies rather than consolidated in a single regulatory framework. The Federal Trade Commission (FTC) has pursued enforcement actions against AI systems that engage in deceptive practices. The Equal Employment Opportunity Commission (EEOC) has issued guidance on AI in hiring. The Food and Drug Administration (FDA) has approved frameworks for AI in medical devices.

State-Level Action

In the absence of comprehensive federal legislation, US states have begun enacting their own AI regulations. Colorado's AI Act (2024) requires transparency for high-risk AI systems used in consequential decisions. Several states have passed laws addressing specific AI applications, including deepfakes in elections, AI in hiring, and facial recognition by law enforcement. This patchwork of state laws creates compliance challenges for organizations operating across multiple states.

China's AI Regulations

China has been among the most active countries in regulating AI, though its approach differs significantly from Western models in both goals and implementation.

Key Regulations

• Algorithm Recommendation Regulations (2022): Require transparency in recommendation algorithms used by internet platforms, including the ability for users to opt out of personalized recommendations and protections against algorithmic discrimination.
• Deep Synthesis Regulations (2023): Address deepfakes and AI-generated content, requiring watermarking, content labeling, and user identity verification for generators of synthetic media.
• Generative AI Regulations (2023): Require that generative AI services adhere to "socialist core values," undergo security assessments before public release, and provide truthful and accurate outputs. Training data must be obtained lawfully and must not infringe intellectual property rights.
• AI Safety Governance Framework (2024): A comprehensive framework addressing AI risk classification, safety requirements, and governance structures across the AI lifecycle.

China's regulatory approach is notable for its speed and specificity. While the EU took years to develop a single comprehensive framework, China has issued multiple targeted regulations in rapid succession, addressing specific AI applications and risks as they emerge. However, enforcement mechanisms are less transparent, and regulations also serve political objectives including content control and social stability.

United Kingdom: Pro-Innovation and Safety-Focused

The UK has positioned itself as pursuing a "pro-innovation" approach to AI governance, initially avoiding prescriptive legislation in favor of principles-based regulation through existing sector regulators.

The UK AI Safety Institute

The UK AI Safety Institute (AISI), established in November 2023, is arguably the UK's most significant contribution to global AI governance. AISI conducts pre-deployment safety evaluations of frontier AI models, develops evaluation methodologies, and publishes research on AI safety. It has evaluated models from major AI labs including OpenAI, Google DeepMind, Anthropic, and Meta before their release in the UK.

AISI represents a novel governance model: rather than setting rules through legislation, it provides an independent, technically sophisticated evaluation capability that complements the regulatory activities of sector-specific regulators. Its evaluations have influenced both lab practices and government policy.

Regulatory Framework

The UK's 2023 AI regulation white paper outlined five cross-cutting principles for existing regulators to apply: safety, security, and robustness; transparency and explainability; fairness; accountability and governance; and contestability and redress. Rather than creating a new AI regulator, the UK assigns responsibility to existing bodies (Ofcom, FCA, ICO, etc.) within their domains.

However, following the AI Safety Summit at Bletchley Park and growing international consensus on the need for stronger governance, the UK has signaled a shift toward more binding regulation, including potential legislation addressing frontier AI systems and mandatory incident reporting.

OECD AI Principles

The OECD AI Principles, adopted in May 2019 and updated in 2024, represent the most widely endorsed international framework for AI governance. Signed by over 40 countries, they establish five principles for responsible stewardship of trustworthy AI:

1. Inclusive growth, sustainable development, and well-being: AI should benefit people and the planet.
2. Human-centred values and fairness: AI systems should respect human rights, democratic values, and diversity, and include appropriate safeguards to ensure fairness.
3. Transparency and explainability: Stakeholders should be able to understand AI outcomes and challenge them.
4. Robustness, security, and safety: AI systems should function safely and securely throughout their lifecycle.
5. Accountability: Organizations and individuals developing or deploying AI should be accountable for its proper functioning.

While the OECD principles are not legally binding, they have been enormously influential in shaping national regulatory frameworks. The EU AI Act, US executive orders, and numerous national AI strategies explicitly reference the OECD principles as a foundation.

Industry Self-Regulation

In addition to government regulation, the AI industry has developed various self-regulatory mechanisms:

Voluntary Commitments

In July 2023, the White House secured voluntary commitments from leading AI companies (Amazon, Anthropic, Google, Inflection, Meta, Microsoft, OpenAI) to manage AI risks. These commitments included pre-deployment safety testing, sharing safety information with governments and researchers, investing in interpretability research, and developing technical mechanisms to identify AI-generated content.

Responsible Scaling Policies

Several AI labs have adopted responsible scaling policies (RSPs) that tie increases in AI capability to demonstrated safety measures. Anthropic's RSP, for example, defines capability thresholds ("AI Safety Levels") and specifies the safety and security measures required before training or deploying models that exceed each threshold. This approach creates a structured framework for managing risks as capabilities increase.

Industry Standards

Standards bodies including ISO, IEEE, and NIST are developing AI-specific standards. ISO/IEC 42001 (AI Management Systems) provides a framework for organizations to manage AI responsibly. NIST AI RMF (AI Risk Management Framework) offers a structured approach to identifying, assessing, and mitigating AI risks. These standards provide practical tools for implementing governance principles.

"Effective AI governance requires a combination of binding regulation, technical standards, institutional capacity, and industry responsibility. No single mechanism is sufficient."

Emerging Approaches

International Governance

The Bletchley Declaration (November 2023), signed by 28 countries and the EU, established that frontier AI safety is a matter requiring international cooperation. Subsequent summits in Seoul and Paris have built on this foundation, establishing information-sharing mechanisms and working toward common evaluation standards. The UN has established an AI Advisory Body to develop global governance recommendations.

Compute Governance

An emerging approach focuses on governing the computational resources needed to train powerful AI systems, rather than the AI systems themselves. Since training frontier AI models requires specialized hardware (advanced GPUs and TPUs) produced by a small number of manufacturers, controlling access to compute could provide a choke point for governance. Export controls on advanced AI chips (such as US restrictions on chip exports to China) represent an early form of compute governance.

Model Evaluation and Auditing

A growing consensus supports mandatory pre-deployment evaluation of frontier AI systems by independent third parties. This approach, modeled on practices in industries like pharmaceuticals and aviation, would require AI developers to demonstrate that their systems meet safety standards before public release. AI safety institutes in the UK, US, and other countries are developing the evaluation methodologies needed to support such a regime.

The Future of AI Governance

Several trends will shape the future of AI governance:

• Convergence: Despite different starting points, regulatory approaches are converging around common principles (risk-based classification, transparency requirements, safety evaluation). International cooperation will likely accelerate this convergence.
• Adaptive regulation: Traditional regulatory processes are too slow for rapidly evolving AI capabilities. New approaches, including regulatory sandboxes, agile governance frameworks, and technically-informed institutions like AI safety institutes, are needed.
• Open-source challenges: Governing open-source AI models presents unique challenges. Once model weights are publicly released, usage restrictions are difficult to enforce. Governance approaches must balance the benefits of open access with the risks of uncontrolled deployment.
• Enforcement gaps: Even well-designed regulations are only effective if enforced. Many jurisdictions lack the technical expertise and institutional capacity to monitor compliance and enforce AI-specific regulations.

AI governance is at an inflection point. The frameworks established today will shape the development and deployment of AI for decades to come. Getting governance right requires balancing innovation with safety, national interests with international cooperation, and speed with deliberation. The stakes are immense: effective governance could help ensure that advanced AI serves humanity, while ineffective governance could leave us vulnerable to the technology's greatest risks. The work of building robust, adaptive, and globally coordinated AI governance is among the most important challenges of our time.