AI Governance Institute logo
AI Governance Institute

Intelligence for Compliance and GRC Teams

15 policies

Not sure where to start? Answer 3 questions and get a tailored compliance action plan.

What applies to me? →
EmergingPendingUSHigh risk

California Senate Bill 420: Automated Decision Systems (State AI Transparency Act)

California SB 420, introduced under the State AI Transparency Act, would require organizations to conduct impact assessments for high-risk automated decision systems before deploying them for public use. It applies to entities operating such systems within California and imposes transparency and reporting obligations. Enforcement would be carried out through civil actions initiated by the California Attorney General or the Civil Rights Department.

EmergingPendingUSHigh risk

California SB 53 Foundation Model Safety and Security Protocol

California SB 53 would require developers of foundation models that present a critical risk to create, follow, and publicly disclose a safety and security protocol. The bill mandates catastrophic risk testing and establishes ongoing monitoring obligations for critical safety incidents. It applies to developers operating or offering foundation models deemed to meet a critical risk threshold.

EmergingPendingChina

China Draft AI Law

China's proposed comprehensive national AI law, currently in legislative development, intended to establish overarching legal obligations for AI development, deployment, and governance across all sectors.

EmergingPendingUS

Colorado Senate Bill 189: Automated Decision-Making Technology Act

Colorado SB 189 repeals the Colorado AI Act (SB 205) and replaces it with the Automated Decision-Making Technology Act, effective January 1, 2027. The bill shifts the regulatory focus from high-risk AI systems to a broader category of automated decision-making technology used in consequential decisions affecting Colorado consumers. It removes several obligations from the prior law, including mandatory risk management programs, annual impact assessments, and the reasonable care standard for algorithmic discrimination.

EmergingPendingUS

Commerce Department Evaluation of State AI Laws

The US Department of Commerce is required, within 90 days of the December 11, 2025 Executive Order on National AI policy, to publish an evaluation identifying state AI laws that conflict with federal policy objectives. The evaluation focuses on state laws that compel AI systems to alter truthful outputs or mandate disclosures that may implicate First Amendment protections. Laws identified in the evaluation may be referred to the AI Litigation Task Force for potential federal preemption action.

EmergingPendingUSHigh risk

Proposed CPPA Regulations on Cybersecurity, Risk Assessments, and Automated Decision-Making Technologies

The California Privacy Protection Agency Board finalized proposed rules in May 2025 covering cybersecurity audits, privacy risk assessments, and the use of automated decision-making technologies. The rules would apply to businesses that process personal data in ways that pose significant risks to consumers or that use automated systems to make consequential decisions. If adopted, they would impose new opt-out rights for consumers and mandatory assessment obligations on covered businesses.

EmergingPendingEUHigh risk

EU Parliament Trilogue Negotiations on AI Act Compliance Deadline Extensions

This pending legislative process involves trilogue negotiations between the European Parliament, Council, and Commission aimed at extending key EU AI Act compliance deadlines. Reported targets would push the deadline for high-risk AI systems to December 2027 and the deadline for product-embedded AI to August 2028. The process responds to implementation difficulties encountered by regulated entities following the AI Act's initial phased obligations that took effect in February and August 2025.

EmergingPendingEUHigh risk

Proposal for a Regulation for the Digital Networks Act (DNA)

The Digital Networks Act is a legislative proposal introduced by the European Commission on January 21, 2026, addressing digital infrastructure and aspects of AI governance within the European Union. It is currently subject to co-legislative review and negotiation by the European Parliament and the Council of the EU. The proposal is expected to impose obligations on entities operating or deploying digital network infrastructure, including those integrating AI-driven network management systems.

EmergingPendingEUHigh risk

European Commission Digital Omnibus on AI Regulation Proposal

The European Commission's Digital Omnibus proposal, published in November 2025, seeks to amend the EU AI Act's implementation timeline in response to administrative delays and the absence of harmonized technical standards. It targets all organizations subject to the AI Act, with particular relief provisions for small and medium enterprises. If adopted, it would postpone key high-risk AI obligations, streamline documentation requirements for SMEs, and strengthen the AI Office's supervisory role over general-purpose AI models.

EmergingPendingUS

Federal Communications Commission AI Model Reporting and Disclosure Proceeding

The Federal Communications Commission is initiating a formal proceeding to evaluate whether to adopt a federal reporting and disclosure standard for AI models. The proceeding is triggered by and timed to follow the Commerce Department's evaluation of existing state-level AI laws. If adopted, a resulting federal standard could preempt conflicting state AI disclosure and reporting requirements.

EmergingPendingUS

Guaranteeing and Upholding Americans' Right to Decide Responsible AI Laws and Standards Act

The GUARDRAILS Act is bipartisan federal legislation introduced on March 20, 2026, that would repeal Executive Order 14365 and prohibit federal agencies from preempting state AI laws and regulations. It applies to federal agencies and affects any enterprise operating under state-level AI frameworks. If enacted, it would preserve the authority of individual states to enact and enforce their own AI governance requirements.

EmergingPendingUS

H.R.8094 - AI Foundation Model Transparency Act of 2026

Introduced on March 26, 2026, by a bipartisan group of U.S. lawmakers, H.R.8094 would require developers of large AI foundation models to publicly disclose information about training data, model design, known limitations, risks, and evaluation methods. The bill targets developers of large-scale AI models and imposes transparency obligations without directly regulating how those models may be used or deployed. Its stated objective is to enable public scrutiny of foundation model characteristics without placing operational restrictions on AI development.

EmergingPendingUSHigh risk

Responsible AI Safety and Education Act (RAISE Act) for Large Developers

The New York RAISE Act is a pending state-level statute that would impose safety, transparency, and accountability obligations on developers of large frontier AI models. It applies to organizations that develop covered AI models above defined computational thresholds and operate in or direct their services to New York. Covered developers would be required to maintain written safety protocols, conduct third-party independent audits, and implement safeguards designed to prevent critical harms.

EmergingPendingUS

Protecting Consumers From Deceptive AI Act

The Protecting Consumers From Deceptive AI Act is a U.S. federal bill introduced on April 23, 2026 that would direct the National Institute of Standards and Technology (NIST) to develop technical standards for watermarking, digital fingerprinting, and provenance metadata applied to AI-generated audio and visual content. It would also require NIST to support labeling standards for AI-modified content distributed on online platforms and to develop frameworks for identifying AI-generated text. The bill targets platforms, AI developers, and content distributors that produce or host synthetic media.

EmergingPendingUK

UK AI Regulation Framework

The UK AI Regulation Framework is a principles-based, sector-led approach to AI governance that delegates primary regulatory responsibility to existing sector regulators rather than establishing a unified AI-specific regulator. It is currently transitioning toward a more structured legislative footing following the Labour government's AI Opportunities Action Plan published in January 2025.