Which country has the most comprehensive AI law?

The European Union's AI Act (Regulation 2024/1689) is the most comprehensive, covering all AI system types through a risk-based classification with detailed conformity assessment procedures and penalties up to EUR 35 million or 7% of global turnover.

Does the United States have a federal AI law?

No. The US relies on Executive Order 14110, sector-specific regulations (such as FDA guidance for AI in medical devices), and state-level laws like Colorado SB 24-205. There is no single comprehensive federal AI statute.

How does China regulate AI differently from the EU?

China regulates by application type (algorithms, deepfakes, generative AI) rather than risk level, requires algorithm registration with the CAC, and incorporates content-control obligations including adherence to socialist core values.

What is Canada's AIDA and when does it take effect?

The Artificial Intelligence and Data Act (AIDA) is Part 3 of Bill C-27. It targets high-impact AI systems in trade and commerce, with penalties up to CAD 25 million or 5% of revenue. Its enactment timeline depends on parliamentary progress.

Should organizations comply with the EU AI Act even if they are not based in the EU?

Yes, if they place AI systems on the EU market or their AI system outputs are used in the EU. The AI Act has extraterritorial reach similar to GDPR, applying to providers and deployers regardless of establishment location (Article 2).

Quick answer

As of 2026, over 30 countries have enacted or proposed AI-specific legislation, with the EU AI Act serving as the most comprehensive framework. Most laws converge on risk-based classification, transparency obligations, and sector-specific requirements, though enforcement timelines and penalty structures vary significantly.

Updated June 2026 · MmowW AI Compliance

Emerging AI Legislation Worldwide: A Country-by-Country Overview

The Global AI Legislative Landscape in 2026

AI regulation has moved from policy papers to enforceable law across major economies. The EU AI Act (Regulation 2024/1689) entered full application in August 2026, establishing the global benchmark. Meanwhile, China operationalizes its tripartite framework, the US pursues sector-specific regulation, and dozens of countries have introduced national AI strategies with legislative components.

European Union: The AI Act Framework

The EU AI Act classifies AI systems into four risk tiers: unacceptable (prohibited), high-risk (subject to conformity assessment), limited risk (transparency obligations), and minimal risk (voluntary codes). High-risk systems listed in Annex III include those used in critical infrastructure, education, employment, law enforcement, and migration management. Providers of high-risk AI must implement quality management systems (Article 17), maintain technical documentation (Article 11), and register in the EU database (Article 71). Penalties reach up to EUR 35 million or 7% of global annual turnover for prohibited practices under Article 99.

China: Layered Algorithmic Governance

China regulates AI through three overlapping instruments: the Algorithmic Recommendation Regulation (effective March 2022), the Deep Synthesis Provisions (effective January 2023), and the Generative AI Measures (effective August 2023). Each targets a specific AI application type rather than risk level. The Cyberspace Administration of China (CAC) maintains an algorithm registry where providers must file descriptions of their systems. China's approach emphasizes content control and socialist core values alongside user rights, distinguishing it from Western frameworks.

United States: Sector-Specific and State-Level Action

The US lacks a comprehensive federal AI law. Executive Order 14110 (October 2023) directed federal agencies to develop AI safety standards but carries no direct private-sector mandate. Substantive regulation occurs at the sector and state level. Colorado's SB 24-205 (effective 2026) requires deployers of high-risk AI in consequential decisions to conduct impact assessments and provide consumer disclosures. The NIST AI Risk Management Framework (AI RMF 1.0) provides voluntary guidance adopted by reference in multiple state proposals.

Jurisdiction Comparison Table

Jurisdiction	Primary Instrument	Approach	Scope	Max Penalty
EU	AI Act (Reg. 2024/1689)	Risk-based, horizontal	Providers + deployers in EU market	EUR 35M / 7% turnover
China	Generative AI Measures + Algorithm Reg.	Application-specific	Services offered within PRC	Varies by instrument
US (Federal)	EO 14110 + sector rules	Sector-specific, voluntary standards	Federal agencies + regulated sectors	Sector-dependent
UK	AI Regulation White Paper (pro-innovation)	Principles-based, regulator-led	Existing regulators apply AI principles	Regulator-specific
Canada	AIDA (Bill C-27, Part 3)	Risk-based, federal	High-impact AI systems in trade/commerce	CAD 25M / 5% revenue
Brazil	AI Bill (PL 2338/2023)	Risk-based, rights-focused	AI systems affecting persons in Brazil	Up to 2% revenue, BRL 50M cap
South Korea	AI Basic Act (2025)	Risk-based + promotion	High-impact AI + public sector AI	Administrative sanctions

Key Convergences Across Jurisdictions

Despite different legislative traditions, several requirements appear in nearly every framework: (1) transparency obligations requiring disclosure that an AI system is in use; (2) risk assessment or impact assessment requirements for high-stakes applications; (3) human oversight provisions for automated decisions affecting individuals; (4) record-keeping and traceability requirements; and (5) sector-specific carve-outs for law enforcement and national security. The OECD AI Principles (2019, updated 2024) serve as a common reference point adopted by over 45 countries.

Practical Compliance Strategy for Global Deployers

Organizations operating across jurisdictions should adopt a highest-common-denominator approach. Map each AI system to the EU AI Act risk classification as a baseline. Layer jurisdiction-specific requirements on top: China's algorithm filing for systems serving PRC users, Colorado's impact assessments for US consumer-facing decisions, and Canada's AIDA obligations once enacted. Maintain a single technical documentation package per system that satisfies Article 11 of the EU AI Act, as this generally exceeds other jurisdictions' documentation requirements.

Enforcement Timeline and Outlook

The EU AI Act's phased enforcement means prohibited practices were banned from February 2025, GPAI obligations applied from August 2025, and high-risk system requirements apply from August 2026. Market surveillance authorities in each member state are operational. China's CAC has already conducted enforcement actions under the algorithm regulations, including ordering corrective measures for recommendation systems. In the US, the FTC has signaled AI enforcement priorities under existing Section 5 unfair-practices authority, filing complaints against companies making deceptive AI claims.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.