From US–EU Divergence To Global Approach In AI Governance
From US–EU Divergence To Global Approach In AI Governance
By -Nazia BegumUpdate: 2026-07-05 14:30 GMT
Click the Play button to listen to article
Artificial intelligence has become one of the most challenging fields to govern in the last decade, and the two jurisdictions that have shaped global technology policy have chosen strikingly different paths. The European Union has enacted comprehensive, binding legislation rooted in product safety and fundamental rights. The United States, by contrast, has pursued a fragmented, innovation-permissive course defined by light federal guidance and a growing patchwork of state laws. For organisations operating across the Atlantic, and for anyone who believes AI should be both ambitious and accountable, understanding this divergence is no longer optional.
At the federal level there is still no comprehensive AI statute, though that may be changing: in June 2026, US Representatives released a bipartisan discussion draft of the Great American AI Act, the first serious bid for a federal framework, covering frontier-model transparency, incident reporting, whistleblower protections, and a preemption of state laws that regulate how AI models are developed. For now, direction flows from executive action and the voluntary NIST AI Risk Management Framework, whose limitation is that it is non-binding: guidance with no obligation behind it works only for those who choose to adopt it. Executive Order 14179 (January 2025) reoriented policy from risk mitigation toward innovation, and the July 2025 America’s AI Action Plan framed regulation primarily as an impediment to American leadership. The posture sharpened in December 2025, when a further executive order created a Department of Justice task force to challenge state AI laws as unconstitutional burdens on interstate commerce and threatened to condition federal broadband funds on states refraining from “onerous” regulation, after the Senate voted 99–1 to reject a proposed 10-year moratorium on state laws.
Compared with the EU’s product-safety framing, US state laws tend to be cast as consumer-protection measures, enforced by state attorneys general. Texas’s Responsible AI Governance Act (effective 1 January 2026) prohibits narrow but serious harms and offers a safe harbour: substantial compliance with the NIST framework, or a comparable standard, is an affirmative defence. Colorado’s AI Act (2024) was the first US attempt to comprehensively govern “high-risk” AI in consequential decisions, but after sustained industry opposition and an xAI lawsuit that prompted the federal government to intervene and the state attorney general to suspend enforcement, Colorado repealed and replaced it in May 2026 with the narrower Automated Decision-Making Technology Act (effective 1 January 2027), shifting from a duty of reasonable care to targeted transparency and disclosure. A law many had viewed as the US benchmark for accountable AI was pared back before it ever took effect. California’s Transparency in Frontier AI Act (effective 1 January 2026) targets the largest model developers, requiring published safety frameworks, quarterly catastrophic-risk reporting, 15-day incident disclosure, and whistleblower protections, with penalties up to $1 million per violation.
The EU AI Act, in force since 1 August 2024, takes the opposite starting point, treating AI as a technology requiring comprehensive governance. Its four-tier, risk-based structure bans a few practices outright (social scoring, manipulative systems, workplace emotion recognition), imposes stringent obligations on high-risk systems, requires transparency for limited-risk tools such as chatbots and deepfakes, and sets a dedicated regime for general-purpose models. It is predictable and rights-anchored, and pairs regulation with investment through the October 2025 Apply AI Strategy. But the Commission has heard the criticism that complexity threatens innovation: under the Digital Omnibus (provisional agreement, May 2026), high-risk obligations under Annex III are deferred to December 2027 and Annex I to August 2028, with relief for smaller firms. This is a candid acknowledgment that the original timeline outpaced the readiness of the standards on which compliance depends, and a sensible course-correction. But repeated deferral carries its own cost: rules that never quite take effect protect no one, and prolonged uncertainty burdens responsible developers.
Beneath the divergence lies structural convergence. Both regimes tier obligations by risk, distinguish developers from deployers, and lean on transparency. The enforcement gap, though, is vast: EU fines reach €35 million or 7% of global turnover, while US state penalties run from thousands to, at most, a million dollars per violation. The deeper difference is method. The US approach preserves flexibility and rewards experimentation, and instruments like Texas’s NIST safe harbour can incentivise good governance without prescribing every step; but a patchwork of inconsistent state laws, undermined by federal litigation, produces uncertainty without reliably protecting the public. The EU’s framework better reflects the principle that AI should serve humanity, yet its flaw is execution, not ambition: where compliance becomes a document-heavy exercise disconnected from real-world risk, it taxes responsible innovators and invites the deregulatory backlash now visible in the Omnibus. For genuinely high-risk systems, conformity assessments and post-market monitoring are appropriate, but the regime is process-focused rather than outcome-focused, when what matters most is whether a system is actually safe and non-discriminatory in use. Compliance should be judged by that outcome, not by the volume of paperwork filed to evidence it.
AI is unique compared to other technologies, and that is precisely why it is so hard to govern. There are pros and cons to how it is being regulated in both the EU and the US, but in my view the deeper need is for an international framework, one in which countries reach a shared consensus on which AI use cases should be permitted and which prohibited outright. For instance, AI should be banned in delivering mental health care; in applications that violate privacy, dignity, or fundamental rights, such as nudification apps; in fully autonomous weapons; and in mass surveillance and the like. At present, even existing prohibitions, including the EU’s outright bans, often carry exceptions, though a few apply absolutely. Drawing these lines early would avert much of the harm these systems would otherwise cause. Once those prohibited uses are settled, the EU model offers a template for what remains: tier by risk, regulate what genuinely warrants it, such as high-risk systems, and leave minimal-risk systems largely unregulated, which supports innovation. Countries should then frame their national AI laws, and states their own, in consonance with this international framework. Such a framework would bring consistency in governance across the globe and make compliance easier, because this is, ultimately, a challenge for humanity as a whole, not for any one nation alone. Good AI governance is a balancing act, pairing genuine accountability with the freedom to innovate. The technology is evolving faster than human institutions can keep up, which is why I believe we should make heavy use of AI, or even have AI legislators, to help fast-track the legislative process, with human-in-the-loop for reviewing and refining what it produces. The stakes justify the experiment: a technology with such potential to elevate humanity may, if left unregulated, lead to our extinction.
