The lay of the land
Global AI laws share a common regulatory DNA of risk-based classification, role-based responsibilities and transparency requirements; what differs is how each jurisdiction defines risk and distributes obligations across Provider, Deployer, Importer and Distributor.
AI has moved from voluntary ethics to binding legal requirements. Oversight is no longer optional.
Global AI laws share a common regulatory DNA → risk-based classification, role-based responsibilities and transparency requirements. What differs is how each jurisdiction defines risk and how obligations are distributed across providers, deployers, importers and distributors. The EU AI Act (2024) set the first global benchmark, followed by South Korea's AI Basic Act, US state laws, China's generative AI measures and frameworks in Japan and India.
Three regulatory approaches to AI law:
- 🎯 Specific areas of focus → laws targeting particular uses or sectors (automated decision-making, industry-specific rules, employment tools).
- 🌐 Overarching regulations → comprehensive horizontal laws such as the EU AI Act and South Korea's AI Basic Act.
- 📝 Amending existing laws → bolting AI duties onto current statutes; frameworks often build off existing data protection and privacy laws, which already require similar risk assessments and audits, with transparency the primary concern.
Alignment and dissonance across regimes runs on four axes:
- ⚖️ Risk-based or rights-based
- 📜 Regulatory or voluntary
- 🤖 For AI, ML or both
- 🗺️ Overarching, regional, sectoral or industry-regulated
For multiple jurisdictions → 1️⃣ build the compliance strategy on the strictest requirements across the relevant regulations (EU AI Act, local rules, sector laws), then 2️⃣ harmonise them into a unified compliance framework.