Definition
The laws governing how organizations build, sell, and use AI, with stricter duties for riskier uses.
At a glance
- Risk-based: the EU AI Act sorts AI into four tiers, banned to unregulated[1].
- Reaches across borders: fines up to 35M euros or 7% of global turnover[3].
- You have duties even if you only use AI, not build it.
- The US has no federal law, just a patchwork of state rules[4].
How the tiers work
The EU ranks AI by potential harm. Unacceptable uses (social scoring, manipulation) are banned. High-risk (hiring, lending, medical) is allowed but tightly regulated: human oversight, documentation, registration[2]. Limited-risk just needs disclosure (“you’re talking to a bot”). The rest is minimal-risk and free.
What businesses must do
Map where AI touches real decisions about people. Deploy a high-risk vendor system, and you must keep a human in the loop and disclose its use[2]. EU deadlines stagger: bans hit Feb 2025, most high-risk duties Aug 2026[3].
US picture
States moved first (Colorado), but a December 2025 federal order now seeks to override conflicting state rules, so watch both levels[5].
Bottom line
The more a tool can hurt someone, the more rules apply, up to a ban, with the EU leading across borders and the US a moving patchwork.
References
- High-level summary of the AI Act. Future of Life Institute (EU Artificial Intelligence Act) artificialintelligenceact.eu
- AI Act | Shaping Europe's digital future. European Commission digital-strategy.ec.europa.eu
- U.S. Companies Face EU AI Act's Possible August 2026 Compliance Deadline. Holland & Knight www.hklaw.com
- State AI Laws - Where Are They Now? Cooley LLP www.cooley.com
- New State AI Laws are Effective on January 1, 2026, But a New Executive Order Signals Disruption. King & Spalding www.kslaw.com
Comments
Questions, corrections, and links welcome. Be specific and civil.