AI Regulatory Landscape

The world's first comprehensive AI regulatory framework. Takes a risk-based approach, categorizing AI systems into four risk tiers: unacceptable risk (banned), high risk (regulated), limited risk (transparency obligations), and minimal risk (voluntary codes).

The NIST AI Risk Management Framework provides voluntary guidance for managing AI-related risks across organizations. Organized around four core functions: GOVERN, MAP, MEASURE, and MANAGE. Widely adopted as best practice guidance.

The first international standard for AI management systems (AIMS). Provides a certifiable framework for responsible AI development and deployment, analogous to ISO 27001 for information security.

The General Data Protection Regulation (GDPR) imposes significant requirements on AI systems that process personal data. Key provisions include automated decision-making restrictions (Article 22), data minimization, purpose limitation, and the right to explanation.

UK's approach to AI safety combines the AI Safety Institute (AISI) for frontier AI evaluation, sector-specific guidance from regulators, and a principles-based voluntary code. More flexible than the EU AI Act.

Executive Order 14110 on Safe, Secure, and Trustworthy AI, signed October 2023. Requires safety testing reports for frontier AI systems, establishes federal AI governance, and directs agencies to develop sector-specific guidance.

China's Interim Measures for the Management of Generative Artificial Intelligence Services regulate AIGC (AI Generated Content) services in China. Enforced by the CAC (Cyberspace Administration of China). Strict content controls and security assessments required.

IEEE's Ethically Aligned Design (EAD) is a comprehensive framework for ethical AI and autonomous systems. Covers human rights, well-being, data agency, effectiveness, transparency, accountability, and AI weaponization.

The Artificial Intelligence and Data Act (AIDA) is Canada's proposed federal AI regulation, introduced as part of Bill C-27. It takes a risk-based approach similar to the EU AI Act, with requirements for high-impact AI systems and new oversight powers for a proposed AI and Data Commissioner.

Singapore's Model AI Governance Framework provides detailed and practical guidance for private sector organizations deploying AI. Developed by PDPC (Personal Data Protection Commission), it emphasizes human-centric AI and provides implementation guides with practical examples.

Australia's AI Ethics Framework, developed by the Department of Industry, Science and Resources, provides eight principles for ethical AI use by Australian government agencies and businesses. Supplemented by mandatory guardrails for high-risk AI in government procurement.

The OECD Principles on Artificial Intelligence were adopted in May 2019 and endorsed by G20 leaders, making them the first intergovernmental standard on AI. They provide high-level principles for responsible AI stewardship that have influenced national AI strategies worldwide.

The G7 Hiroshima AI Process was launched at the 2023 G7 Summit to develop international guiding principles for advanced AI, particularly foundation models. It produced the International Guiding Principles and a Code of Conduct for AI developers that align with safety, transparency, and trustworthiness goals.

India's Digital Personal Data Protection Act 2023 (DPDP Act) establishes the first comprehensive data protection law in India with significant implications for AI systems processing personal data of Indian citizens. AI systems using personal data for training, inference, or decision-making must comply.

SOC 2 Type II, while not AI-specific, has become the de facto security and trust certification for AI SaaS companies. Auditors are increasingly developing AI-specific criteria covering model governance, training data security, bias testing, and algorithmic fairness alongside traditional security trust service criteria.

The US Federal Trade Commission applies existing consumer protection laws to AI systems, prohibiting deceptive claims about AI capabilities, biased algorithms causing discriminatory harm, and unfair AI-driven practices. The FTC has issued guidance and begun enforcement actions against AI companies for misleading claims.

The FDA has developed a regulatory framework for AI/ML-based Software as a Medical Device (SaMD). As AI models continuously learn and evolve post-deployment, the framework addresses how manufacturers can update models while maintaining safety and effectiveness. Requires pre-market submission for high-risk devices.