Track AI regulation.
Worldwide.

The EU AI Act (Regulation (EU) 2024/1689) is a horizontal, risk-based framework that bans unacceptable-risk AI, heavily regulates high-risk AI, and applies transparency and governance duties to lower-risk systems. It is being rolled out in stages between 2024 and 2027.

France applies the EU AI Act directly. National AI-specific rules sit in French criminal law (mandatory disclosure for AI-generated montages, criminal liability for non-consensual sexual deepfakes) and in CNIL guidance for AI that processes personal data.

Germany applies the EU AI Act directly. A national implementation bill is in preparation to designate competent authorities, give the Bundesnetzagentur an AI-sandbox role, and set procedures for cooperation, supervision and fines.

Italy regulates AI through the EU AI Act plus a national framework, Law No. 132 of 23 September 2025. The national law is human-centred, adds sector rules for healthcare, employment, intellectual professions and justice, and amends criminal law for AI-generated content offences.

Japan regulates AI through a policy-oriented statutory framework and official business guidance rather than an EU-style high-risk AI Act. The Act on Promotion of Research and Development and Utilization of AI-related Technologies (2025) sets national principles; the AI Guidelines for Business set practical governance expectations.

The Netherlands applies the EU AI Act directly. Its national framework focuses on public-sector algorithm transparency (the Government Algorithm Register), GDPR-based AI supervision by the Dutch DPA, and preparation for EU AI Act enforcement.

Peru has a national AI framework: Law No. 31814 and its 2025 implementing regulation (Supreme Decree No. 115-2025-PCM). It classifies AI uses by risk into non-permitted, high-risk and acceptable AI, with concrete duties for public and private operators.

Portugal applies the EU AI Act and adds Labour Code rules requiring employers to inform workers and worker representatives about algorithms and AI affecting access to employment, working conditions, profiling or control of professional activity.

South Korea has adopted a comprehensive national AI law — the Framework Act on the Development of Artificial Intelligence and the Creation of a Foundation for Trust — effective from 22 January 2026. It distinguishes ordinary AI from generative AI and high-impact AI, and creates duties for AI providers and business users.

Spain applies the EU AI Act through dedicated national infrastructure: AESIA, the Spanish AI supervisory agency, and an AI regulatory sandbox under Royal Decree 817/2023. Spain has published practical compliance guidance based on sandbox work.

Taiwan has adopted an Artificial Intelligence Basic Act creating a legal foundation for AI policy, government use, industrial innovation and responsible AI development. It sets principles and institutional direction rather than an EU-style high-risk compliance code with a single fine table.

Vietnam has adopted a dedicated Law on Artificial Intelligence (Law No. 134/2025/QH15), issued 10 December 2025 and effective 1 March 2026. It uses a risk-based approach with high-, medium- and lower-risk categories, transparency duties (including deepfake labelling), supervision, and corrective measures.

Argentina has no comprehensive AI Act. Its framework is built on Recommendations for Reliable AI (Disposition 2/2023), data-protection guidance, transparency initiatives for automated decision systems, and existing laws.

Australia has no comprehensive AI Act. Its framework combines a Voluntary AI Safety Standard, a mandatory public-sector AI policy, existing privacy / consumer / discrimination laws, and ongoing consultation on mandatory guardrails for high-risk AI.

Canada has no enacted comprehensive federal AI Act. AIDA (in Bill C-27) did not complete the legislative process. Canada relies on voluntary governance instruments — notably the Voluntary Code of Conduct for advanced generative AI — plus public-sector AI policy and existing laws.

China has no single horizontal AI Act. Instead it stacks binding rules on specific AI use cases — public-facing generative AI, algorithmic recommendation, deep synthesis, and AI-generated content labelling — issued mainly by the Cyberspace Administration of China.

Colombia has no horizontal AI Act. Its framework combines CONPES 4144 (National AI Policy, 2025), data protection, sector-specific regulation and targeted AI-related criminal-law treatment (Law 2502/2025).

Egypt has no single horizontal AI Act. Its framework combines the National AI Strategy, the Egyptian Charter for Responsible AI (2023), National Guidelines for Trustworthy and Responsible AI, and an AI governance framework — alongside data protection, cybersecurity and sectoral rules.

Greece applies the EU AI Act alongside Law 4961/2022 on emerging ICT, which adds national rules for public-sector AI (algorithmic impact assessments, registers), workplace AI transparency, and private-sector AI registers for medium and large companies.

Hong Kong has no horizontal AI Act. AI governance rests on data protection (PCPD), official privacy guidance, sectoral rules and voluntary AI governance frameworks — notably the PCPD's Artificial Intelligence: Model Personal Data Protection Framework.

India has no horizontal AI Act. Its framework combines AI Governance Guidelines under the IndiaAI Mission with the Information Technology Rules (notably the 2026 amendments on synthetic content), the Digital Personal Data Protection Act, intermediary obligations and sectoral regulation.

Indonesia has no comprehensive AI Act. AI governance combines official ethics guidance (Circular Letter No. 9 of 2023), electronic-system rules, personal-data protection and sectoral regulation.

Israel has no horizontal AI Act. Its policy of responsible innovation favours a sector-specific and incremental approach, with soft regulatory tools (guidance, sandboxes, regulator coordination) and existing laws. Israel has also signed the Council of Europe AI Convention.

Kenya has no comprehensive AI Act. Its framework rests on the National AI Strategy 2025–2030, the Data Protection Act and sectoral rules. The strategy sets direction; binding compliance comes mainly from existing law.

Malaysia has no horizontal AI Act. Its framework rests on the National Guidelines on AI Governance and Ethics, the new National AI Office (NAIO), data-protection law and sectoral regulation.

New Zealand has no comprehensive AI Act. AI is regulated through existing law — especially the Privacy Act 2020 — plus the public-sector Algorithm Charter, consumer, employment, human-rights and sectoral law.

Nigeria has no horizontal AI Act. Its framework rests on the National AI Strategy, the Nigeria Data Protection Act (with the 2025 General Application and Implementation Directive), digital-economy policy and sectoral regulation.

The Philippines has no comprehensive AI Act. AI is regulated mainly through the Data Privacy Act and NPC guidance — notably Advisory No. 2024-04 on the Application of the Data Privacy Act to AI Systems Processing Personal Data — plus sectoral regulation.

Qatar has no comprehensive AI Act. Its framework combines the National AI Strategy under Qatar National Vision 2030, Principles and Guidelines for Ethical Use of AI, AI guidance for developers, government AI governance, data-protection and cybersecurity rules.

Rwanda has no AI Act equivalent to the EU AI Act. Its framework is built around the National AI Policy, digital-transformation strategy, data-protection law and sector-specific rules.

Saudi Arabia has no comprehensive horizontal AI Act. SDAIA's official AI Ethics Principles, an AI ethics self-assessment service, AI service provider accreditation, regulatory sandboxes and generative AI guidance for government underpin a governance-first approach.

Singapore has no comprehensive AI Act. Its governance-based approach centres on the Model AI Governance Framework, a generative AI counterpart, a framework for agentic AI, AI testing tools, the PDPA and sectoral rules — supporting responsible deployment without a broad licensing regime.

South Africa has no enacted AI Act. The draft AI Policy was withdrawn in 2026 with a credible replacement promised. Current AI compliance rests on existing law — especially POPIA — plus consumer, employment, equality, financial, healthcare and sectoral regulation.

Switzerland has no horizontal AI Act. Existing law applies — especially the Federal Act on Data Protection. Switzerland intends to ratify and implement the Council of Europe AI Convention via targeted sectoral amendments and non-binding measures.

Thailand has no horizontal AI Act. AI governance rests on the National AI Strategy 2022–2027, official AI Governance Guidelines, an ETDA generative AI guideline for organisations, and the Personal Data Protection Act.

Türkiye has no horizontal AI Act. AI is regulated through existing personal-data, consumer, employment, cybersecurity, criminal and sectoral laws, supported by KVKK guidance — notably the November 2025 Guide on Generative AI and the Protection of Personal Data.

The UAE has no horizontal AI Act. Its framework combines the National Strategy for Artificial Intelligence 2031, official AI ethics resources, Digital Dubai guidance, data-protection rules, cybersecurity and sector-specific regulation.

The UK has no horizontal AI Act. It uses a regulator-led, sector-based framework built on five cross-sector principles (safety, transparency, fairness, accountability, contestability), enforced through existing data-protection, financial, healthcare, consumer, online-safety, competition and equality regulators.

The US has no comprehensive federal AI Act. Rules are split across federal policy (NIST AI RMF), sectoral federal law, state AI statutes (Colorado, California SB 53), local AI laws (NYC AEDT), agency enforcement and voluntary standards.

Uruguay has no horizontal AI Act. Its framework rests on the National AI Strategy 2024–2030, digital-government AI policy, data protection and sectoral regulation.

ASEAN has no binding regional AI Act. The ASEAN Guide on AI Governance and Ethics (and a generative AI counterpart) provides voluntary regional guidance for organisations designing, developing and deploying AI in commercial and non-military contexts across Southeast Asia.

The African Union endorsed a Continental Artificial Intelligence Strategy in 2024. It is an Africa-wide policy framework for AI development, governance and responsible use — an important regional reference for future national AI laws across AU Member States.

The Council of Europe Framework Convention on AI and Human Rights, Democracy and the Rule of Law is the first legally binding international AI treaty. It binds signatory states (not companies directly) to ensure that AI lifecycle activities respect human rights, democracy and the rule of law.

The OECD AI Principles are the first intergovernmental standard on AI, first adopted in 2019 and updated in 2024. They promote trustworthy AI and responsible stewardship through values-based principles and policy recommendations — widely referenced by national AI frameworks.

UNESCO's Recommendation on the Ethics of AI was adopted in 2021 and is described as the first global standard on AI ethics. It applies to UNESCO Member States and focuses on human rights, dignity, fairness, transparency, human oversight, accountability, privacy, non-discrimination and social responsibility.

Brazil has no fully enacted horizontal AI law. PL 2338/2023 has advanced through the Senate but still needs Chamber approval. Current AI compliance is based on existing laws — notably the LGPD for personal data.

Chile has no enacted comprehensive AI Act. A bill to regulate AI systems (Boletín 16821-19, introduced 2024) is proceeding through Congress. The national AI policy gives strategic direction; current compliance rests on existing law.

Norway, Iceland and Liechtenstein participate in the EEA. The EU AI Act has been marked as EEA-relevant and is under EFTA scrutiny, with a draft Joint Committee Decision pending. Until incorporation, AI compliance rests on existing national laws and sectoral guidance — and on the active Norwegian Datatilsynet sandbox.

Mexico has no enacted comprehensive AI Act. The Senate has been working on initiatives to regulate and promote AI; existing personal-data, consumer, sectoral and criminal law govern current compliance.

Ukraine has no horizontal AI law. Its bottom-up approach (per the 2024 White Paper) starts with voluntary commitments, codes of conduct, sandbox preparation and sectoral guidance, with a future Ukrainian AI law analogous to the EU AI Act planned in stages between 2023 and 2026.