Skip to content

The EU AI Act and Global Regulation

16 min read

Most posts in this series have been about things you can run, measure, or compute. This one is about rules. Specifically, a set of rules that now shape what frontier labs train, what cloud providers expose, and what a tiny startup in Lisbon is allowed to ship to end users. For a while I treated regulation as somebody else's problem, and that turned out to be the wrong instinct. A lot of it affects how you build.

I'm not a lawyer, and this post is not legal advice. What I am is an engineer who sat down with the EU AI Act, the NIST AI Risk Management Framework, and a growing patchwork of state and national rules long enough to build a mental model I can carry around. That mental model is what I'm trying to hand you.

The short version is that the EU wrote the first comprehensive, horizontal AI law with real teeth. The US, at the federal level, is doing almost the opposite, and the states are filling the gap. China has been regulating specific AI capabilities aggressively since 2022, mostly through the Cyberspace Administration. Those three approaches don't agree, and if you ship a model or a product anywhere serious in 2026, you're living inside at least one of them.


The problem governance is actually trying to solve

Regulators care about two things at once, and the clash between them is what makes AI law messy.

First, they want to catch specific harms that already exist or are visible on the horizon: discriminatory hiring AI, medical misdiagnosis, CSAM generation, election-grade deepfakes, mass surveillance. These are concrete, and regulators know what "stopping them" looks like even if they don't always know how to enforce it.

Second, they want to stay ahead of systemic risks from frontier models: capabilities that jump discontinuously with scale, dual-use knowledge (bio, cyber, chemical), models that can autonomously chain tools into real-world actions. Nobody fully knows how to measure these, but governments have decided they can't wait for perfect measurement before writing rules.

The EU, the US, and China have each landed on a different way to carve up those goals. The hero loop above is a compressed picture of what that looked like from mid-2023 through when I'm writing this in April 2026.


The EU AI Act: a risk-based pyramid

The EU's core move is to sort AI uses (not models) into four tiers of risk, and hand each tier a different regulatory burden. If you've seen the standard diagram, it's a pyramid: tiny top (prohibited), moderate upper-middle (high-risk), larger layer below (limited, mostly transparency), and a huge base (minimal, essentially unregulated). The idea is that 90%+ of AI systems land in the base and face no new rules, a small sliver at the top is outlawed outright, and the middle layers carry the actual weight of the law.

EU AI Act — risk-based tiering
Unacceptable risk (prohibited)High-riskLimited risk (transparency)Minimal riskExamples· Social scoring by public authorities· Real-time biometric ID in public (with narrow exceptions)· Emotion recognition in workplaces & schools· Manipulative subliminal techniquesObligations· Banned outright (Article 5)· Enforced since Feb 2025· Fines up to EUR 35M or 7% of global turnover

The four-tier risk pyramid. Prohibited uses are banned outright. High-risk uses pull the heaviest compliance load: risk management, documentation, conformity assessment, human oversight. Limited risk is mostly transparency. The minimal-risk base is where most products live.

A few things about how the tiers actually work.

The tiering is about use, not architecture. The same LLM can be high-risk in an HR product, limited-risk in a chat app, and minimal-risk in a search autocomplete. Your model isn't high-risk; your system might be, depending on what you do with it.

Enforcement lands on whoever puts the system into service in the EU. If you're a US startup with no EU entity but you ship a resume-screening SaaS to a Berlin customer, you're a provider under the Act. The "it doesn't apply to me, I'm not in Europe" reading misses that extraterritorial reach.

The Act also introduces a separate regime for general-purpose AI models (GPAI), which runs in parallel to the use-based tiering. This is the part most practitioners in this series actually touch. We'll get to it in a minute.


Phased rollout

Reading the Act itself, one easy-to-miss detail is that almost nothing happened on day one. The regulation entered into force in August 2024, but obligations phase in over three years, in chunks.

EU AI Act phased rollout
what's enforceable when
2025202620272028Aug 2024 · Regulation enters into forceReg. 2024/1689 published inOfficial Journal.Feb 2025 · Prohibited-practice banArticle 5 bans apply. Socialscoring, manipulative AI,real-time biometric ID (narrow).Aug 2025 · GPAI obligations startProviders of general-purpose AImodels owe documentation,copyright, training-dataAug 2026 · High-risk regime appliesMost Annex III high-riskobligations enforceable: riskmgmt, conformity, humanAug 2027 · Annex I high-risk extensionAI embedded in regulatedproducts (toys, medical devices,machinery) fully in scope.

The phased schedule. Banned practices first (Feb 2025), then GPAI obligations (Aug 2025), then the full high-risk regime (Aug 2026), then embedded high-risk products (Aug 2027).

Two practical consequences of this phasing. First, the parts that affect GPAI model providers are already live as of August 2025. If you're training or distributing a foundation model accessible in the EU, you owe obligations today. Second, the full high-risk regime lands in August 2026, which is where a huge share of regulated-industry AI actually sits. A lot of EU customers have been negotiating contracts in early 2026 around "who carries the compliance weight when this goes live," and most of those contracts are still in flight.


What GPAI actually has to do

General-purpose AI means, roughly, a model that "displays significant generality" and can be used across many downstream tasks. Anything LLM-shaped is GPAI. Image and audio foundation models are GPAI. In practice, if you trained a model on broad data and shipped it as a product, you're in this category.

For every GPAI model placed on the EU market, providers owe:

  • Technical documentation about the model (Annex XI of the Act): training process, intended uses, known limitations, compute estimates, evaluations run.
  • Information for downstream developers who integrate the model, so they can satisfy their own obligations.
  • A copyright compliance policy, including respecting machine-readable opt-outs for training (the EU Copyright Directive's Article 4 text-and-data-mining rules).
  • A "sufficiently detailed summary" of training data. This one is contentious because the template was only finalized in 2025 and it's explicitly public-facing.

And then there's a second, stricter category: GPAI with systemic risk.


The 10^25 FLOPs line

This is the part that surprised me when I first read the Act. The EU drew a bright-line computational threshold. If your model's cumulative training compute exceeds 102510^{25} FLOPs, it's presumed to pose systemic risk and you take on a bigger set of obligations. The Commission can also designate a model as systemic-risk qualitatively, even below the threshold, but the FLOPs trigger is the default.

Where does 102510^{25} land against real 2024-2026 frontier models? Let's work one estimate by hand.

For transformer training, the standard rule-of-thumb is that total compute is approximately 6ND6 \cdot N \cdot D, where NN is the number of parameters and DD is the number of training tokens. The "6" comes from roughly 2 FLOPs for the forward pass per param-token, 4 for the backward pass. So for Llama 3.1 at 405B parameters trained on about 15 trillion tokens:

64.05×10111.5×10133.6×10256 \cdot 4.05 \times 10^{11} \cdot 1.5 \times 10^{13} \approx 3.6 \times 10^{25}

That's about 3.6×3.6 \times the systemic-risk threshold. GPT-4-class models from 2023 are widely estimated in the low 102510^{25} range on the same arithmetic. Chinchilla 70B from 2022, at 1.4T tokens, works out to about 5.9×10235.9 \times 10^{23}, well below the line.

training FLOPs vs. 10^25 systemic-risk threshold
10^2310^2410^2510^2610^25 FLOPs · systemic-risk lineGPT-3 (175B)2020Chinchilla (70B)2022Llama 2 70B2023GPT-42023systemicLlama 3.1 405B2024systemicGemini Ultra2023systemicClaude 3.5 Sonnet2024systemicGPT-4o2024systemicFrontier '25-'262025systemic

Published and estimated training FLOPs for frontier models. The red dashed line is the EU's 10^25 FLOPs systemic-risk threshold. Anything right of it is presumed to pose systemic risk under Article 51; anything left is standard GPAI.

Being on the right side of that line pulls in a bunch of additional obligations: adversarial model evaluations, systemic-risk assessment and mitigation, cybersecurity hardening, and serious-incident reporting to the AI Office. The GPAI Code of Practice, published in 2025 and signed by most major providers, is the industry-drafted document that operationalizes how to meet these duties.

One thing about the threshold that's easy to miss. 102510^{25} FLOPs is a cumulative training compute measure, not a parameter count. A small model trained for a very long time on a huge corpus can cross the line. A big model trained briefly can stay below it. The rule is tracking the training effort, which correlates better with capability than parameter count does post-Chinchilla.


The compliance matrix

Here's a condensed view of how obligations stack up across the categories that matter most for model builders.

EU AI Act obligations by category
● required ◐ partial ○ not required
ObligationGPAIGPAI + systemicHigh-risk
Technical documentation (Annex XI)
Copyright compliance policy
Training data summary
Content labeling / watermarking
Model evaluations (adversarial)
Systemic-risk assessment & mitigation
Serious-incident reporting
Cybersecurity protections
Risk management system (Art. 9)
Human oversight (Art. 14)
Conformity assessment + CE marking
Post-market monitoring

What each category owes. GPAI is the baseline. Systemic-risk pulls in adversarial evals and incident reporting. High-risk deployers (the people shipping the system into a regulated use) carry the full product-safety load.

The thing to hold on to is that model obligations and system obligations are different pipelines. A foundation model provider who doesn't know how their model will be used downstream still owes the GPAI obligations. The deployer, the one putting it into a hiring tool, carries the high-risk product obligations. Those two columns of the matrix sit on different shoulders. This split is essentially the regulatory version of the "protocol vs implementation" distinction we keep running into elsewhere in the series: the Act wants to regulate both the general-purpose substrate and the specific product that uses it, and it uses two different regimes to do it.


The US: federal step-back, states fill in

The US has been on a different trajectory. In October 2023, the Biden administration issued Executive Order 14110, which required large model developers to report safety test results, directed NIST to develop standards, and tied a bunch of federal agencies into AI oversight. It wasn't a statute, but it was a serious attempt to pull AI into a federal regulatory conversation.

In January 2025, the incoming Trump administration rescinded large portions of EO 14110 and replaced it with an executive order aimed at removing "barriers to AI innovation." Federal AI regulation, as a coherent top-down project, effectively stalled.

What filled the vacuum, predictably, was state law. California's SB 1047 got the most attention: it would have imposed safety-testing requirements on frontier models trained above a compute threshold, with a private right of action and a kill-switch obligation. After a year of lobbying on both sides, Governor Newsom vetoed it in September 2024, arguing the bill's thresholds were too coarse and that the regime needed more flexibility. A watered-down successor passed in 2025, and by early 2026 you have Colorado's AI Act on discriminatory use in consequential decisions, a Texas bill on government AI procurement, and NYC's hiring-AI audits now in their third year of enforcement.

As a practitioner in 2026, "federal US AI law" is mostly the NIST AI Risk Management Framework, which is voluntary, and a handful of sector-specific rules (FTC guidance on deceptive AI claims, HHS/FDA guidance on medical AI, SEC on disclosures). The binding rules are almost all at the state level, and they're inconsistent with each other.


China: content-first, fast-moving

China took yet another path. Rather than a horizontal Act covering all AI, the Cyberspace Administration of China (CAC) has been issuing targeted measures on specific AI products as they emerged.

The 2023 "Interim Measures for Generative AI Services" was the first major one: any public-facing generative AI product in China needs a security assessment, algorithmic filing, and content that aligns with Socialist core values. The algorithm registry, which predates the generative AI rules, requires operators to disclose training data sources, intended purposes, and evaluation results before public deployment.

The 2025 content-labeling rules are the piece that touches practitioners globally. All synthetic content in China must carry both visible labels and embedded machine-readable markers. That requirement is not subtle about what kind of watermarking it means: providers have to implement both content-metadata markers (think C2PA-style provenance) and, where technically feasible, embedded signals in the generated content itself.

The comparison I find useful: the EU regulates AI primarily as a product-safety problem, the US regulates it as a sectoral and discrimination problem, and China regulates it primarily as a content and information-security problem. You can guess those priorities from the fines and the enforcement history.


Code: what a practical transparency artifact looks like

One of the most common ways practitioners actually encounter this stuff is producing some kind of structured transparency artifact, because the law wants it and customers ask for it on procurement review. A model card, a system card, a GPAI technical-documentation blob. Here's roughly what that looks like as a data structure you'd serialize for audit purposes.

# A minimal transparency record for a fictional 2026 GPAI model.
# This is the shape you'd produce for EU AI Act Annex XI documentation
# plus a training-data summary and a content-labeling declaration.
 
from datetime import date
 
transparency_record = {
    "model_id": "stoic-34b-2026-04",
    "provider": "Example Labs",
    "release_date": date(2026, 4, 1),
    "modality": ["text", "tool-use"],
 
    # Compute — the number that decides your regulatory category.
    "training_compute_flops": 3.2e24,    # below 1e25 → GPAI, not systemic
    "training_tokens": 8.5e12,
    "parameter_count": 34e9,
 
    # Data — the "sufficiently detailed summary" per Art. 53(1)(d).
    "training_data_summary": {
        "sources": ["common crawl (filtered)", "github (licensed)",
                    "books (opted-in)", "synthetic (self-generated)"],
        "languages": ["en", "de", "fr", "es", "zh", "ja"],
        "cutoff": date(2025, 12, 31),
        "opt_out_policy": "robots.txt + TDMrep + ai.txt honored",
    },
 
    # Eval — what you ran and what scored.
    "evaluations": ["mmlu-pro", "gpqa-diamond", "swebench-verified",
                    "toxicity:realtoxicityprompts", "bias:bbq"],
    "known_limitations": ["hallucinates citations",
                          "degraded non-Latin-script code"],
 
    # Content provenance — EU limited-risk + CN content-labeling.
    "content_labeling": {
        "c2pa_signed": True,
        "watermark": "kirchenbauer-v2",
        "ui_disclosure": "AI-generated content disclosed in response metadata",
    },
}
 
# Serialize for the audit bundle
import json
print(json.dumps(transparency_record, default=str, indent=2)[:400])

None of this is exotic. It's a dict of facts about your model that a regulator, a downstream integrator, or a procurement team can audit. The interesting part is that all three jurisdictions want a version of it, and they want it machine-readable and signed.


Misconceptions

"The EU AI Act bans ChatGPT." No. General-purpose chatbots are not a prohibited use. Prohibited uses are narrow: social scoring by public authorities, real-time biometric identification in public spaces (with carve-outs for serious crimes), manipulative subliminal techniques, untargeted scraping of faces to build recognition databases, emotion recognition in schools and workplaces. A chat product is almost always "limited risk" at worst, and the main obligation is disclosure that you're talking to an AI. What the Act does do is impose GPAI obligations on the provider of the underlying model. OpenAI and Anthropic and Google owe documentation, training-data summaries, copyright policies, and (above 102510^{25} FLOPs) systemic-risk evaluations. None of that bans the product. It shapes how it's documented and who gets told what.

"If you're not in Europe, the AI Act doesn't apply to you." Also wrong. The Act has extraterritorial reach, written to mirror GDPR. If the output of your system is used in the EU, or you place the system on the EU market, you're in scope, regardless of where you're headquartered. If your AI-written resume screener is sold to a Berlin HR SaaS that resells it to customers across Europe, you are on the hook as either a provider or an upstream component, and contracts between you and your EU integrator will reflect that.

"Open-source models are exempt from everything." Partially true, mostly not. The Act does carve out open-source GPAI models from some of the provider obligations, specifically the information-for-downstream-developers and the full technical-documentation requirements. But the carve-out evaporates in two important cases: if the model is designated a systemic-risk model (102510^{25}+ FLOPs), the open-source exemption no longer applies, and if the open-source model is deployed in a high-risk use by someone, the deployer takes on the full high-risk obligations. So "we open-sourced it, we're fine" works for a smaller research release, and stops working as soon as either the scale or the deployment context pushes into regulated territory.

"Watermarking solves provenance." Not yet. The underlying technique, for text, is mostly based on Kirchenbauer et al.'s idea of biasing next-token sampling toward a pseudo-random "green list" of tokens, so that a statistical test on the output can detect the bias. That works reasonably well on long text from an unmodified model, and degrades fast under paraphrasing, translation, or cross-model rewriting. C2PA-style signed metadata is sturdier for images and video, but only because those formats have places to attach signatures. Strip the metadata and you lose the signal. Regulation treats watermarking as one mitigation in a stack, not as a solved problem.

What practitioners actually need to do

For most engineers reading this, the compliance surface looks like four things.

Know which regime applies to what you ship. If your company puts a system onto the EU market, someone needs to have thought about whether that system is high-risk and whether your upstream model providers have handed you the information you need to document it. If you are the model provider, you're in GPAI territory.

Keep the documentation real, not ceremonial. Annex XI technical documentation, training-data summaries, model cards, evaluation reports. The temptation when legal asks for these is to produce PDF theater. The more useful thing is to make the artifact fall out of your training and eval pipelines automatically, the way you'd generate a changelog. If producing one is a one-off per release, it will drift.

Build content labeling into the product path. C2PA signing of generated media, watermarking of text where you can, clear UI disclosure of AI interaction, metadata on outputs. Requirements are non-uniform globally, but the set-intersection is pretty stable: label synthetic content, disclose interaction, preserve provenance.

Plan for the cost, especially if you're small. The compliance cost falls heaviest on the smallest regulated players. A frontier lab can absorb the cost of eval suites, red teams, and Annex XI documentation as rounding error. A 20-person startup cannot. This is why the GPAI Code of Practice and model cards matter more than they might look: they're the industry's attempt to build reusable compliance artifacts so the burden doesn't fall on every small provider to reinvent from scratch.


What's next

This post covered the shape of AI regulation in 2026: the EU's risk-tiered pyramid and GPAI regime, the US federal step-back with states filling in, China's content-first model, and the compliance artifacts all three converge on demanding. It's a snapshot, and every part of it will have shifted again by the time you're reading this.

The next post covers Standards Wars: MCP, A2A, and the Fight for the Agent Layer, how a different kind of rule-making (this time between companies rather than governments) is trying to settle what the interop layer of the agent stack actually looks like.


Additional reading (and watching)