Law of Tomorrow:
AI Policy Tracker

The United States leads globally in total AI policy volume but has no single federal AI act. Governance is distributed across federal agencies, with the NIST AI Risk Management Framework as the primary voluntary backbone. The Biden Executive Order on AI (Oct 2023) directed agency-level risk assessments; the Trump administration (Jan 2025) revoked much of this and issued an AI Action Plan prioritising competitiveness and deregulation. A December 2025 executive order sought to establish a national AI policy framework and preempt conflicting state laws. Sector-specific rules in finance, healthcare, and critical infrastructure remain the main binding layer. States are filling the federal gap: Colorado’s AI Act (effective June 2026), California SB 53 (effective January 2026), and Texas TRAIGA (effective September 2025) are among the most significant.

The EU AI Act (Regulation 2024/1689) entered into force on 1 August 2024 and is the world’s first comprehensive AI law. It applies to providers and deployers of AI systems in the EU regardless of provider location, giving it significant extraterritorial scope. The regulation classifies AI systems across four risk tiers: unacceptable-risk (prohibited from August 2025), high-risk (strict conformity assessment requirements), limited-risk (transparency obligations), and minimal-risk (no specific obligations). General-purpose AI models face transparency and copyright obligations, with additional systemic-risk requirements for the most powerful models. Fines reach €35 million or 7% of global annual turnover. The GPAI Code of Practice was finalised in August 2025. The Digital Omnibus Package (November 2025) proposed simplification amendments including a delayed high-risk enforcement timeline to as late as December 2027 to allow standards to be finalised.

The UK deliberately avoided a single AI Act, instead tasking existing regulators — FCA (financial services), ICO (data/privacy), CMA (competition), MHRA (medicines) — to apply five cross-cutting AI principles within their domains: safety and security; transparency and explainability; fairness; accountability and governance; contestability and redress. The AI Safety Institute (AISI) evaluates frontier models for systemic risks. The 2025 AI Action Plan commits significant national compute investment and embeds AI across public services. The Data (Use and Access) Act 2025 updated data governance including AI training data exemptions. As of late 2025, the Government was considering converting AISI into a legal entity with binding powers, and signalled possible AI liability legislation.

Türkiye is among the world’s most prolific AI policy producers by OECD count, with 36 documented AI initiatives as of 2024, ranking it top 10 globally. The National Artificial Intelligence Strategy 2021–2025 sets targets across six axes: R&D and innovation, qualified workforce, data and infrastructure, regulatory adaptation, international cooperation, and public sector adoption. KVKK (under Law No. 6698) has published guidance on automated decision-making relevant to AI. BTK oversees digital platforms including AI-enabled services. Public Sector Generative AI Use Guidelines were issued in 2024. A draft AI Act reflecting EU AI Act principles is under parliamentary consideration. Turkey’s EU candidacy creates strong incentive for regulatory convergence.

China has enacted multiple binding AI-specific administrative regulations targeting distinct application layers. Algorithmic recommendation services (2022), deep synthesis/deepfake technology (2023), and generative AI services (2023) are all regulated with specific compliance obligations, including mandatory pre-market security assessments filed with the Cyberspace Administration of China (CAC). Measures for Labeling AI-Generated and Synthetic Content (September 2025) require clear disclosure across all digital platforms. An amended Cybersecurity Law explicitly referencing AI became enforceable on 1 January 2026, adding AI security review and data localisation requirements. A draft regulation targeting Anthropomorphic AI was published for consultation in December 2025. China’s national AI strategy targets global AI leadership by 2030. The Global AI Governance Action Plan (July 2025) sets out China’s vision for international AI norms.

Japan enacted the AI Promotion Act in May 2025, a landmark but notably light-touch regulation. Rather than imposing rigid, punitive mandates, the Act encourages companies to cooperate with government safety measures and empowers the government to publicly name companies that use AI to violate human rights (‘name and shame’ mechanism). This ‘innovation-first’ approach prioritises adoption over strict safety guarantees, contrasting with the EU model. The Act is backed by earlier voluntary frameworks: Social Principles of Human-Centric AI (2019) and AI Guidelines for Business Version 1.0 (April 2024). Japan also signed the Council of Europe AI Convention as the only Asian observer state. The Japan AI Safety Institute (JAISI) was established to conduct AI safety evaluation research. Japan leads through the G7 Hiroshima AI Process under its 2023 G7 presidency.

South Korea became the first country in Asia to enact comprehensive AI legislation with its Basic AI Act (AI Framework Act), finalized in January 2025 and entering into force on 22 January 2026. The Act establishes a risk-based regulatory framework targeting ‘high-impact AI’ systems including generative AI, with requirements for transparency, safety, and fairness. It creates a national AI control tower, a dedicated AI Safety Institute, and a government AI committee. South Korea is also investing heavily in AI infrastructure, announcing the world’s highest-capacity AI data centre and launching the AI Open Innovation Hub platform. The country’s existing Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act (PIPA), and sector rules in finance also apply to AI.

Singapore has built the most complete voluntary AI governance ecosystem globally. The Model AI Governance Framework (2nd edition, 2020) provides granular guidance on human oversight, decision-making explainability, and responsible AI deployment. The AI Verify testing toolkit enables organisations to make verifiable responsible-AI claims against international standards. The Monetary Authority of Singapore (MAS) has issued enforceable expectations for AI use in financial services through its Technology Risk Management Guidelines. AI Singapore 2.0 (2024) commits S$1 billion in national compute investment. In 2025, Singapore introduced an Expanded Global AI Assurance Sandbox enabling real-world testing of AI applications. Singapore leads ASEAN’s regional AI governance agenda through Project Moonshot, the Expanded Guide on AI Governance and Ethics for Generative AI (January 2025), and the ASEAN Responsible AI Roadmap 2025–2030.

India has taken a ‘sandbox-to-regulation’ model for AI governance, encouraging innovation while tightening oversight in specific high-harm domains. The Ministry of Electronics and Information Technology (MeitY) issued AI content labelling requirements in 2024, requiring AI-generated content labels and government approval before launching AI models likely to produce unreliable content. The National Strategy for AI (2018, updated) positions India as an ‘AI garage’ for emerging economies. In late 2025, the Government unveiled India AI Governance Guidelines to steer safe, inclusive, and responsible adoption. The Digital Personal Data Protection Act (DPDPA) 2023 has been passed but is yet to fully come into effect. The comprehensive Digital India Act, which would address AI-generated content governance, remains in the drafting and consultation phase. India’s National AI Programme (IndiaAI Mission) allocates ₹10,372 crore for AI infrastructure through 2028.

Australia has no AI-specific law as of early 2026 but is actively developing a regulatory framework. The Australian Government released a Voluntary AI Safety Standard (2025) outlining 10 guardrails for responsible AI use, particularly for organisations deploying AI in high-risk settings such as health, credit, and employment. The Privacy Act (amended) now requires disclosures about Automated Decision-Making Technology (ADMT) affecting individuals. The Online Safety Codes, developed under the Online Safety Act 2021, impose mandatory safety obligations on platforms including AI-generated content obligations (new age-restricted codes from December 2025). Australia participates in the International Network of AI Safety Institutes (alongside UK, US, EU, Japan, and others). The government has signalled intent to mandate the AI Safety Standard guardrails for high-risk AI uses by mid-2026.

Canada is advancing the Artificial Intelligence and Data Act (AIDA), introduced as Part 3 of Bill C-27 in June 2022. AIDA would establish obligations for ‘high-impact’ AI systems, require harm risk mitigation, mandate transparency disclosures to individuals affected by AI decisions, and create a new AI and Data Commissioner. Bill C-27 remained under parliamentary scrutiny as of 2025. In parallel, the Directive on Automated Decision-Making (updated 2023) applies to federal government AI use on a tiered basis. Canada established the AI and Data Standardization Collaborative in 2025 to develop multistakeholder AI standards. The Pan-Canadian AI Strategy supports a globally recognised academic and research ecosystem. The Voluntary Code of Conduct on Responsible Development of Advanced Generative AI (2023) provides interim soft-law bridge.

Brazil is leading Latin America’s AI regulation with Bill No. 2338/2023, which received Senate approval in December 2024 and is undergoing further legislative process in 2025, including a dedicated committee and public hearings. The bill is heavily aligned with the EU AI Act’s risk-based approach, banning ‘excessive risk’ AI systems and establishing strict liability provisions. It proposes a dedicated regulatory authority to oversee compliance and promote innovation, and aligns with Brazil’s General Data Protection Law (LGPD). Core measures are projected to take effect in 2026 once enacted. Brazil has also committed to investing BRL 4 billion in domestic AI capabilities through its AI investment plan (EBIA), and is an active participant in G20 and UN AI governance discussions.

The UAE has steadily built a national AI framework since appointing the world’s first Minister of State for Artificial Intelligence in 2017. The UAE National AI Strategy 2031 outlines goals for integrating AI across education, transportation, health, and other sectors, targeting global AI leadership. The UAE does not yet have dedicated standalone AI legislation, but has established institutional mechanisms including the Artificial Intelligence and Advanced Technology Council (AIATC), the world’s first AI-enabled Regulatory Intelligence Office (April 2025), and the UAE AI Seal to attract ethical AI businesses. Stargate UAE, a 5GW AI data centre initiative in Abu Dhabi (phased from 2026), reflects the country’s strategic AI infrastructure ambitions. In June 2025, it was announced the UAE will adopt a National AI System as an advisory member of Cabinet and federal entities from January 2026 — a global first for AI in government decision-making.

Hong Kong has taken a principles-based, guidance-led approach to AI governance, relying primarily on existing regulatory frameworks. The Hong Kong Monetary Authority (HKMA) has been the most active regulator, issuing circulars and supervisory guidance requiring banks and financial institutions to maintain responsible AI governance, manage model risk, and ensure explainability of AI-driven credit and risk decisions. The PCPD in June 2024 published a Model Personal Data Protection Framework for AI covering procurement, implementation, and use. The 2023 Policy Address includes AI as a strategic development focus. No standalone AI law was in force as of early 2026.

The African Union adopted the Continental Artificial Intelligence Strategy in February 2024 — a landmark intergovernmental framework establishing AI governance principles for all 55 AU member states. The strategy focuses on data sovereignty, digital infrastructure, AI skills development, and active African participation in global AI governance forums. The AU Data Policy Framework (2022) establishes data governance principles applicable to AI training data. The Continental Health Data Governance Framework (2025) extends these to healthcare. Individual member states have varying regulatory maturity: South Africa’s National AI Policy Framework (2024), Rwanda’s National AI Policy (2023), Kenya’s National AI Strategy (2023), Egypt’s National Open Data Policy (Sep 2025), and Nigeria’s National AI Strategy (August 2024 draft) are among the more active developments. Cameroon launched a 7-pillar National AI Strategy in July 2025 with ambitions to become Central Africa’s AI hub by 2040.

The Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law (CETS No. 225) was formally adopted by the Committee of Ministers on 17 May 2024. It is the first international legally binding treaty specifically designed to ensure AI activities are consistent with human rights, democracy, and the rule of law. The Convention applies across the entire lifecycle of AI systems and requires signatories to adopt domestic legislation consistent with its principles. It is intentionally ‘open’: beyond the 46 CoE member states, it is available for signature by non-European states and international organisations, reflecting AI governance’s global nature. The EU AI Act is intended to work in harmony with the Convention, with the Act providing detailed market regulations and the Convention providing overarching human rights obligations. The US, UK, EU, and other key players are signatories. Japan participated in drafting as the only Asian observer state.

The OECD AI Principles, first adopted in 2019 and revised in May 2024, provide the foundational intergovernmental standards for trustworthy AI across 44 OECD member countries and are also adopted by the G20. The Principles address transparency, accountability, robustness, safety and security, and human-centred values and fairness. The OECD AI Policy Observatory (oecd.ai) is the primary global database tracking over 1,000 AI policy initiatives across 70+ countries. In 2024, the OECD introduced the G7 Hiroshima Process Reporting Framework — the first global mechanism for organisations to voluntarily report how they implement the G7 Code of Conduct for advanced AI systems. The OECD also published Due Diligence Guidance for Responsible AI (February 2026), providing operational guidance for organisations implementing AI due diligence. The Global Partnership on AI (GPAI), with 44 member countries, operates under OECD auspices.

The G7 Hiroshima AI Process was launched under Japan’s 2023 G7 presidency to promote safe, secure, and trustworthy AI, particularly for generative and advanced AI systems. The process produced the Hiroshima Process Comprehensive Policy Framework (endorsed December 2023), comprising International Guiding Principles on AI and a voluntary International Code of Conduct for Organisations Developing Advanced AI Systems. The Code of Conduct covers risk identification and mitigation throughout the AI lifecycle, incident reporting, transparency, and cooperation with governments. In 2024, under Italy’s G7 presidency, the G7 supported the OECD in developing a Reporting Framework for voluntary disclosure of Hiroshima Code of Conduct compliance. The Hiroshima AI Process Friends Group, supported by 49 countries and regions, aims to extend these principles beyond the G7. Major AI developers including Amazon, Anthropic, Google, Microsoft, and OpenAI have committed to the inaugural reporting cycle.

The United Nations adopted the Global Digital Compact (GDC) in September 2024 at the Summit of the Future, establishing a multilateral framework for digital cooperation including AI governance. The GDC aims to bridge the global AI divide through capacity building, data governance, and principles for safe and beneficial AI. It facilitated the establishment of an Independent International Scientific Panel on AI and annual Global Dialogues on AI Governance (first in Geneva, 2026). The UNESCO Recommendation on the Ethics of Artificial Intelligence (2021), adopted by all 193 UNESCO member states, provides the broadest international normative foundation for ethical AI, addressing algorithmic transparency, accountability, and the right to an effective remedy against harmful AI. The UN General Assembly also passed resolutions in 2024 affirming the importance of safe, secure, and trustworthy AI.