What is the EU AI Act?

The EU AI Act is the world's first comprehensive AI regulation. It creates a risk-based framework: AI systems are categorized as unacceptable risk (banned), high risk (strict requirements), limited risk (transparency obligations), or minimal risk (no specific requirements). High-risk AI categories include AI in hiring, credit scoring, biometric identification, and critical infrastructure.

Is there a federal AI law in the United States?

As of early 2026, there is no comprehensive federal AI law in the United States. AI regulation has occurred through executive orders, agency guidance from NIST, FTC, and sector-specific regulators, and state-level legislation. California has the most active state AI legislation. Comprehensive federal AI legislation has been introduced but not yet passed.

What AI practices are banned under EU regulation?

The EU AI Act prohibits: AI using subliminal techniques to manipulate behavior, AI exploiting vulnerabilities of specific groups, social scoring by governments, real-time remote biometric identification in public spaces by law enforcement (with narrow exceptions), and AI systems that infer race, political opinions, or religious beliefs from biometric data.

How does AI regulation affect developers and startups?

For developers and startups, AI regulation means: building documentation and audit trails for AI decision-making, implementing human oversight for high-risk applications, potentially needing conformity assessments for EU-market products, following transparency requirements for AI-generated content, and staying current with fast-moving state-level rules.

AI Regulation [2026]: What Laws Exist and What's Coming

Key Takeaways

The EU AI Act is the world's first comprehensive AI law — in force since 2024, with full compliance requirements phasing in through 2026.
The US has no comprehensive federal AI law as of 2026 — regulation has happened via executive orders, agency guidance, and state legislation.
California leads US state AI regulation with multiple active laws covering AI in hiring, deepfakes, and transparency.
The EU AI Act's risk-based framework bans certain AI outright, requires strict documentation for high-risk AI, and imposes transparency requirements for AI-generated content.
Compliance burden is highest for AI used in hiring, credit, healthcare, law enforcement, and critical infrastructure.
AI governance is becoming a professional discipline — compliance, legal, and risk professionals with AI expertise are increasingly in demand.

The EU AI Act: What It Actually Says

The EU AI Act is the world's first comprehensive AI regulation, adopted in 2024 and entering into full force on a phased timeline through 2026. It establishes a risk-based framework — categorizing AI systems by risk level and imposing proportional requirements on each category. The core insight behind the framework: not all AI is equally dangerous, and regulation should match actual risk.

Risk Level	Examples	Requirements
Unacceptable Risk (Banned)	Social scoring, subliminal manipulation, real-time public biometric ID	Prohibited entirely
High Risk	AI in hiring, credit, healthcare, law enforcement, critical infrastructure	Conformity assessment, documentation, human oversight, registration
Limited Risk	Chatbots, deepfakes, AI-generated content	Disclosure requirements — users must know they're interacting with AI
Minimal Risk	Spam filters, video games, AI content recommendations	No specific requirements (voluntary code of conduct)

US AI Regulation: What Exists and What Doesn't

The US regulatory picture is fragmented. There is no comprehensive federal AI law, but AI is being regulated through multiple channels simultaneously.

Exec

Executive Orders

Biden's 2023 Executive Order on Safe, Secure, and Trustworthy AI directed agencies to develop AI safety standards, required watermarking for AI-generated content in government contexts, and established AI risk evaluation requirements for frontier models.

NIST

NIST AI Risk Management Framework

The NIST AI RMF provides voluntary guidance for AI risk management — widely adopted by government contractors and large enterprises as a compliance baseline. Not law, but treated as de facto standard for federal AI deployments.

FTC

FTC Enforcement

The FTC has used existing consumer protection authority to pursue AI-related deception, algorithmic bias in lending and housing, and AI claims that can't be substantiated. Several enforcement actions have created case law for AI liability.

State

State Legislation (California Leads)

California has the most active AI legislation in the US — including the AI Transparency Act (mandatory disclosure of AI use in employment decisions), the Digital Replica Act (deepfake protections), and SB 1047's AI safety provisions for frontier models.

"The US regulatory approach is sector-by-sector, agency-by-agency. Companies operating across industries face a patchwork — not a framework."

— State of US AI regulation in 2026

What This Means for Professionals and Builders

For AI Builders and Startups

Build audit trails and documentation for AI decision-making from the start — retrofitting is expensive
EU AI Act compliance is required if you have EU users — even US-based companies
High-risk AI applications (hiring, credit, healthcare) require the most rigorous compliance programs
Transparency about AI use is increasingly both a legal requirement and a user expectation
AI governance skills are now a hiring criterion for product and engineering teams

For AI Professionals

AI compliance officer and AI governance roles are among the fastest-growing AI-adjacent positions
Legal professionals with AI expertise are in high demand — AI-related cases are growing rapidly
Federal government employees face AI governance requirements tied to the NIST AI RMF
HR and talent professionals must understand AI disclosure requirements for employment AI use
Healthcare and financial services have the most aggressive AI regulatory requirements

The Verdict

AI regulation in 2026 is real, accelerating, and consequential. The EU AI Act is the strictest framework in force — and its reach extends to any company with EU users. The US is regulating AI through a patchwork of executive orders, agency enforcement, and state laws that is complex to navigate. For professionals in healthcare, legal, HR, finance, and government, understanding AI governance is no longer optional — it's a core professional competency.

The Precision AI Academy bootcamp covers AI governance, responsible AI deployment, and regulatory frameworks as part of a comprehensive curriculum for professionals. 5 cities. June–October 2026 (Thu–Fri). 40 seats per city.

Join the Bootcamp — $1,490

Bo Peng

AI Instructor & Founder, Precision AI Academy

Bo teaches AI governance and responsible AI deployment to professionals in government, legal, healthcare, and enterprise contexts where AI regulatory compliance is increasingly a professional requirement.

AI Policy AI Governance EU AI Act AI Compliance

AI Regulation 2026: What Laws Exist and What's Coming