AI Policy and Regulation¶

Rules around AI are in active formation.

There is no single framework governing it, and major efforts take different approaches.

At least two are worth knowing as of June 2026: one from the United States, and one from the European Union.

United States : Voluntary, Security-First Approach¶

On June 2, 2026, the White House issued an executive order, Promoting Advanced Artificial Intelligence Innovation and Security.

It directs federal agencies to harden government and critical-infrastructure cybersecurity using AI, prioritizes enforcement against AI-enabled cybercrime, and sets up a voluntary framework for federal engagement with developers of "covered frontier models", including a process for developers to give the government early access to a model before public release. It deliberately favors innovation and private-sector collaboration over mandatory regulation, so much of its real effect will depend on how agencies implement it in the months that follow.

European Union: Binding, Risk-Based Law¶

The EU AI Act (Regulation 2024/1689) is the first comprehensive AI law, binding rather than voluntary. It sorts AI systems by risk (unacceptable, high, limited, minimal) and attaches real obligations to high-risk uses (which include critical infrastructure, healthcare, and employment): risk management, logging and record-keeping, transparency, and human oversight, with duties split across the providers, deployers, importers, and distributors in the chain. Those obligations are essentially accountability requirements, which is why this law surfaces when responsibility for AI is discussed. A May 2026 simplification package deferred high-risk obligations to December 2027.

Overview from the European Commission: Regulatory framework on AI.