TL;DR — The EU AI Act created the world’s first comprehensive AI regulatory framework, the US remains a patchwork of executive orders and 1,000+ state-level bills, and China is pursuing state-directed development with AI labeling requirements. Industry self-regulation fills some gaps but lacks enforcement teeth. Governance is losing the race against capability — and the consequences of that gap are becoming concrete.
The Governance Deficit
For most of AI’s recent history, regulation was a theoretical concern. Companies shipped models, users adopted them, and lawmakers watched from the sidelines, uncertain what exactly they were looking at. That era is over. The EU AI Act entered into force in 2025. The US issued sweeping executive orders. China mandated AI content labeling. Over sixty nations published formal AI strategies.
Yet for all this activity, the fundamental dynamic hasn’t changed: governance trails capability by years, not months. By the time a regulation is drafted, debated, passed, and implemented, the technology it addresses has already evolved. This isn’t a failure of political will — it’s a structural mismatch between the speed of software development and the pace of democratic lawmaking.
Understanding the major regulatory approaches — and their trade-offs — matters for anyone building, deploying, or affected by AI systems. The rules being written now will shape how AI develops for decades.
The EU: Risk-Based Regulation at Scale
The European Union’s AI Act represents the most ambitious attempt to regulate artificial intelligence comprehensively. Rather than targeting specific applications, it creates a tiered risk framework covering AI systems across all use cases.
The structure assigns AI systems to risk categories with escalating obligations. Unacceptable risk applications — social scoring systems, real-time biometric surveillance in public spaces, manipulative AI targeting vulnerable populations — are banned outright. High-risk systems face extensive requirements: transparency obligations, human oversight mandates, conformity assessments, and detailed documentation. Limited and minimal risk systems operate under lighter obligations.
The timeline is phased. Prohibited AI practices and AI literacy obligations took effect in February 2025. General-purpose AI model obligations became applicable in August 2025. Full application across all provisions arrives in August 2026, with high-risk AI in regulated products extended to August 2027. Penalties are substantial: fines up to 35 million euros or 7% of global turnover for the most serious violations.
The Numbers — The EU AI Act imposes fines up to 35 million euros or 7% of global turnover. Member states must establish regulatory sandboxes by August 2026. Over 60 countries have published formal AI strategies — but the EU is the only one with a binding, comprehensive framework in force.
The EU approach has implications far beyond its borders. Companies wanting access to EU markets must comply regardless of where they’re headquartered. This “Brussels effect” — where EU regulation becomes de facto global standard — already shaped technology governance through GDPR. Early signs suggest the same dynamic is emerging for AI. Multinational companies are building compliance into their global products rather than maintaining separate EU versions, effectively exporting European standards worldwide.
The criticism is that Europe is regulating what it doesn’t build. The continent has no frontier model lab comparable to OpenAI, Anthropic, or DeepSeek. Skeptics argue the EU is optimizing for risk management in an industry where risk-taking drives progress. Supporters counter that establishing trust frameworks is precisely what enables broader adoption — and that someone needs to set guardrails before the technology outpaces any possibility of governance.
The US: Fragmentation by Design
American AI governance presents a stark contrast to European comprehensiveness. No federal AI legislation has passed. Instead, a patchwork of executive orders, agency actions, and state-level bills creates a fragmented landscape that some view as innovation-friendly chaos and others see as a regulatory vacuum.
The December 2025 executive order marked a significant shift. It revoked the previous administration’s AI framework and directed the Attorney General to establish an AI Litigation Task Force — not to enforce federal AI rules, but to challenge state AI laws as obstructing national policy. Over 1,000 AI-related bills were introduced across US states in 2025. Federal preemption could invalidate many of them, leaving no binding national framework in their place.
The philosophical differences from European regulation are real. Where the EU prioritizes precautionary protection, the US approach emphasizes innovation and competitiveness. Where the EU creates comprehensive frameworks, the US relies on sector-specific agency action — FDA for medical AI, SEC for financial AI, FTC for consumer protection. The assumption is that existing regulatory authority, combined with market forces, will address AI-specific risks without purpose-built AI legislation.
Key Takeaway — The US has no federal AI legislation. Over 1,000 state-level AI bills were introduced in 2025, but federal preemption efforts could invalidate many of them — potentially leaving neither federal nor state guardrails in place.
This fragmentation creates real compliance challenges. A company deploying AI in healthcare across multiple states navigates different requirements in each jurisdiction. But it also creates space for experimentation that comprehensive regulation might foreclose. Whether this balance serves American interests depends on your assessment of which risk is greater: too little regulation allowing harm, or too much regulation stifling innovation.
China: Development Under State Direction
Chinese AI governance reflects the country’s broader approach to technology: rapid development combined with state control and strategic integration into national objectives.
AI labeling rules took effect in September 2025, requiring disclosure when content is AI-generated. The “AI Plus” plan released in August 2025 sets ambitious integration targets: 70% AI penetration across key industries by 2027, rising to 90% by 2030. Draft rules on “human-like AI” chatbots restrict emotional manipulation — reflecting concerns about social stability rather than individual privacy.
The approach is explicitly dual-use. China’s civil-military fusion doctrine means no clear boundary exists between commercial AI development and national security applications. Companies developing consumer AI contribute to state capabilities whether they intend to or not. A unified AI law is under development but remains years away. In the meantime, regulations address specific concerns — algorithmic recommendation, generative AI, deepfakes — without a comprehensive framework.
What makes China’s approach distinctive is its orientation toward deployment speed rather than deployment safety. The government wants AI integrated into the economy as rapidly as possible, with controls focused on political stability and social order rather than the individual rights emphasis of Western frameworks. Export controls on advanced chips have complicated this ambition but haven’t fundamentally altered it — as DeepSeek demonstrated by building competitive models with constrained hardware.
Industry Self-Regulation: Necessary but Insufficient
In the gaps between government frameworks, industry self-regulation has emerged as a de facto governance layer. Major AI labs publish responsible use policies, conduct safety evaluations, and participate in voluntary commitments. Anthropic’s responsible scaling policy, OpenAI’s safety frameworks, and Google’s AI principles represent genuine attempts to self-govern.
The track record is mixed. Voluntary commitments have produced real safety research, red-teaming practices, and deployment guardrails that wouldn’t exist under pure market incentives. But self-regulation faces an inherent credibility problem: companies set their own rules, judge their own compliance, and face no external consequences for violations. When commercial pressure conflicts with safety commitments, the incentive structure favors shipping.
Important — Industry self-regulation has produced meaningful safety research, red-teaming practices, and deployment guardrails. But it faces a structural credibility problem: companies set their own rules and judge their own compliance. When commercial pressure conflicts with safety commitments, history suggests which wins.
The open-source community adds another dimension. Models released under permissive licenses — Meta’s Llama, Mistral’s offerings, community fine-tunes — operate largely outside any governance framework. Once weights are public, no responsible use policy constrains downstream applications. This democratization provides genuine benefits — access, transparency, academic research — but also means that governance frameworks built around controlling deployment become partially irrelevant.
The Labor Policy Gap
Perhaps the most consequential policy failure is in labor market response. Over 54,000 US jobs were explicitly attributed to AI displacement in 2025, as detailed in our analysis of who’s actually getting displaced. Yet no country has implemented labor market interventions matching the scale of projected disruption.
Retraining programs exist but underwhelm. Germany’s Kurzarbeit system includes training components with mixed effectiveness evidence. Singapore’s SkillsFuture initiative provides universal access to skill development and shows promising early results. US programs remain fragmented across states with limited documented impact. The six-to-twenty-four-month timeline for meaningful career transitions means workers displaced today face a gap that current programs cannot bridge.
Safety net proposals proliferate but rarely become policy. Universal basic income pilots continue in Finland, Kenya, and various US cities without generating clear consensus. Wage insurance proposals — compensating workers for pay cuts after displacement — haven’t achieved significant implementation. The pattern suggests policy will lag significantly behind displacement, leaving individuals to navigate the transition largely on their own.
Our Data — From our analysis across the series: 54,000+ US jobs explicitly cut due to AI in 2025, 46% of leaders cite skill gaps as obstacle number one, and meaningful reskilling requires 6-24 months. Current policy addresses none of these at scale.
The Industrial Policy Revival
AI competition has revived industrial policy approaches that seemed discredited for decades. The US CHIPS Act committed $52 billion. The EU Chips Act allocated $47 billion. China’s Big Fund rounds exceed $100 billion — investments we examine in depth in Chip Wars: Semiconductors as Strategic Weapon. Japan pledged $25 billion. South Korea’s K-Semiconductor initiative targets $450 billion. These represent state intervention in technology development at scales not seen since the Cold War.
This represents a genuine philosophical shift. The assumption that markets efficiently allocate resources to technological development has given way to the conviction that AI is too important for national security and economic competitiveness to leave to market outcomes alone. Whether this produces better outcomes than market-driven allocation — or simply transfers capital allocation decisions from venture capitalists to bureaucrats — remains to be seen.
What Governance Cannot Do
The hardest truth about AI governance is what it cannot achieve. Regulation can constrain deployment within jurisdictions. It cannot prevent capability development globally. It can establish compliance requirements for legitimate actors. It cannot prevent malicious use by those who ignore rules. It can slow adoption in regulated sectors. It cannot slow the underlying advance of the technology.
This means governance is necessarily about managing consequences rather than controlling development. The most effective policy frameworks will be those that build resilience — transition support for displaced workers, safety infrastructure for high-risk applications, competition policy that prevents excessive concentration — rather than those attempting to control the pace of AI advancement itself.
For businesses, the implication is clear: regulatory compliance is becoming inescapable regardless of jurisdiction. Companies building compliance capability now will hold advantages as requirements tighten. For individuals, the implication is sobering: policy provides limited protection in the near term. Building skills that complement AI rather than compete with it offers more reliable security than waiting for government intervention.
The race between innovation and governance isn’t close. Innovation is winning. The question is whether governance can close the gap enough to matter before the consequences of the deficit become irreversible. Our AI futures scenarios for 2027-2030 explore how these policy trajectories shape the next four years.
Sources
- EU AI Act implementation documents and timelines
- White House executive orders on AI
- IAPP China AI regulatory tracking
- OECD AI Policy Observatory
- Brookings Institution AI governance research
- Government policy documents and legislative tracking databases
