AI Governance Institute logo
AI Governance Institute

Intelligence for Compliance and GRC Teams

← News
Research2026-06-30

EU-US Regulatory Divergence on AI Creates Structural Compliance Gaps for Multinational Enterprises

What happened

The Oxford Internet Institute published Global AI Governance - Part 3: A Fragmented Future and a Trump Twist in December 2024 as part of a multi-part series on the global AI governance landscape. The analysis examines how the incoming Trump administration's posture toward AI deregulation diverges sharply from the EU's structured, risk-tiered approach under the AI Act and its associated Code of Practice for general-purpose AI models. The paper identifies agentic AI as a specific regulatory blind spot where EU and US frameworks are developing on incompatible tracks, creating compliance uncertainty for enterprises deploying autonomous AI systems across both jurisdictions. The authors position ISO and OECD standards as the most viable cross-border coherence mechanism available to organizations that cannot wait for intergovernmental alignment, and they flag third-party vendor risk and model risk management as the operational domains most immediately exposed to fragmentation-driven compliance gaps.

Why it matters

  • ·Regulatory exposure: Enterprises operating in both the EU and US cannot rely on a single compliance program to satisfy both regimes, particularly for general-purpose AI and agentic systems, where the two jurisdictions are developing materially different requirements with no harmonization mechanism currently in place.
  • ·Operational impact: The absence of agreed international rules on agentic AI means that compliance teams must build parallel governance tracks for the same deployed systems, increasing documentation burden, audit complexity, and the likelihood of contradictory obligations emerging over the next 12 to 24 months.
  • ·Organizational risk: Third-party vendor risk programs are especially exposed, because AI vendors often operate across jurisdictions under different regulatory assumptions, and a vendor compliant in the US may not satisfy EU general-purpose AI Code of Practice obligations, creating undetected risk in enterprise AI supply chains.

Governance controls affected

What to do now

  • Map each deployed AI system against both EU AI Act requirements and applicable US federal or state rules to identify jurisdiction-specific compliance gaps, with priority given to general-purpose and agentic AI deployments.
  • Update third-party AI vendor due diligence questionnaires to require vendors to disclose which regulatory regime they are designing for compliance and whether their EU AI Act Code of Practice participation status has changed.
  • Adopt ISO/IEC 42001 and OECD AI Principles as the baseline cross-border governance standard for any AI system deployed across EU and US jurisdictions, and document this adoption rationale in your AI governance program charter.
  • Establish a dedicated monitoring workflow for the EU Code of Practice for general-purpose AI, including sign-up deadlines, obligations for deployers versus providers, and how those obligations interact with US vendor contracts currently in place.
  • Brief your board or AI governance committee on the structural nature of EU-US fragmentation, framing it not as a temporary gap but as a durable compliance architecture challenge that requires ongoing resource allocation.

What to watch next

Compliance teams should monitor the finalization and implementation timeline of the EU Code of Practice for general-purpose AI, which will impose specific obligations on GPAI model providers and may indirectly affect enterprise deployers through contractual and audit requirements. The trajectory of US federal AI policy under the new administration, including any executive guidance on federal preemption of state AI laws, will determine whether a coherent domestic US baseline emerges or whether the multi-state patchwork deepens. Progress or stagnation in G7 and OECD AI governance dialogues will signal whether voluntary international standards are hardening into de facto compliance requirements for multinational enterprises.

AI Governance Weekly

Weekly intelligence on AI regulation, enforcement, and governance. Every Thursday.

Powered by Buttondown.

Related Coverage

Research2026-07-08

Eight Governance Themes from 2025 Reveal Widening Gaps Between Regulatory Ambition and Enterprise Readiness

A year-in-review analysis by AI governance practitioner Oliver Patel identifies eight major governance developments from 2025, including new US state legislation, ISO/IEC 42006 audit standards, and successive EU AI Code of Practice drafts. The review highlights that compliance teams are now operating across an increasingly fragmented regulatory landscape where frontier AI transparency requirements, international audit standards, and state-level disclosure obligations are advancing at uneven speeds. Third-party AI vendor risk programs and model risk governance functions face the most immediate pressure to adapt.

Research2026-07-10

UN Global Dialogue on AI Governance Signals Coming International Standards That Will Reshape Cross-Border Compliance Programs

The UN Global Dialogue on AI Governance convened in Geneva in July 2026 under General Assembly Resolution A/RES/79/325, bringing together member states and a newly established international panel to coordinate approaches to managing AI risks including catastrophic harm scenarios. The dialogue is producing governance recommendations intended to inform binding and non-binding international frameworks. Compliance teams with cross-border AI deployments should treat the proceedings as an early indicator of standards that will eventually flow into national regulatory regimes.

Research2026-07-04

Agentic AI Governance Gaps Laid Bare: Curated 2025-2026 Resource Guide Maps EU, Singapore, and Lab Policy Convergence

Oliver Patel, a credentialed AIGP and CIPP practitioner, has published an updated resource guide consolidating the most significant agentic AI governance outputs from 2025 to 2026. The guide covers EU AI Act and GDPR implications for autonomous agents, Singapore's Model AI Governance Framework for Agentic AI, and revised usage policies from Anthropic and OpenAI. The compilation serves as a structured reference for compliance teams navigating the rapidly expanding and fragmented agentic AI regulatory landscape.