The risks posed by AI – from misinformation to discrimination in decision-making – require an urgent regulatory response. Global Insight examines the attempts made so far to provide this.

After a volatile beginning to 2026, AI stocks have been rallying but not in the way many expected. While the stock prices of companies such as Nvidia have rebounded due to renewed investor optimism, the greatest beneficiaries of the AI boom in recent years have been those businesses focused on infrastructure, cooling, power and data.

‘The stock performance data tells a more nuanced story than the AI hype cycle would suggest,’ writes Paul Hoffman, an analyst at BestBrokers. The biggest winners, he highlights, are ‘the companies solving the unglamorous physical problems that AI creates: keeping data centres cool, moving data fast enough, and supplying the memory that large language models run on.’

That the market is essentially looking past the software layer and is now pricing in infrastructure constraints demonstrates just how ubiquitous AI has become.

In his annual letter to shareholders in April, JPMorgan Chase CEO Jamie Dimon says the pace of AI adoption is unlike any technology before it. ‘Investment in AI is not a speculative bubble; rather, it will deliver significant benefits,’ says Dimon. ‘However, at this time, we cannot predict the ultimate winners and losers in AI-related industries.’

JPMorgan Chase plans to spend $19.8bn on technology in 2026, an increase of ten per cent year-on-year. ‘I do not think it is an exaggeration to say that AI will cure some cancers […] among other positive outcomes,’ says Dimon. But he also highlighted AI-related risks – from deepfakes and misinformation to cybersecurity vulnerabilities.

Geoffrey Hinton, a pioneering researcher in the fields of neural networks and deep learning, has meanwhile raised concerns about the rate at which AI is developing and the direction it’s heading in. And Dario Amodei, CEO of Anthropic – the company behind popular chatbot Claude – has warned that the world is entering a phase of AI development that will ‘test who we are as a species.’ In January, Amodei wrote that humanity is ‘about to be handed almost unimaginable power’ and that it’s ‘deeply unclear whether our social, political, and technological systems possess the maturity to wield it.’

In the workplace, AI promises to increase efficiency and make organisations more productive. But it also raises concerns, for example about routine back-office roles being replaced by technology and damage to financial markets once the AI ‘bubble’ bursts. ‘These risks are real, but they are manageable if companies, regulators and governments prepare,’ wrote Dimon. ‘The worst mistakes we can make are predictable: overreact at the first serious incident and regulate out important innovation or underreact and fail to learn from what went wrong. The right approach requires rigorous preparation in advance, an honest assessment when things go wrong – and they will – and discipline to fix what’s broken without destroying what works.’

Why we regulate

The swift adoption of AI in 2026 means issues such as model governance, safety and risk are no longer consigned merely to academic discussions, but have become central concerns. Governments and industries worldwide have therefore responded with regulatory proposals.

While jurisdictions have taken different approaches, a common objective is to seek a balance between fostering the AI sector’s growth while mitigating the risks. Robert Dickens is a lawyer at White & Case in London and has spent time on secondment to Google’s DeepMind. ‘At the moment, we’ve got all these new laws popping up in various jurisdictions, and they all have very substantial inconsistencies,’ he says. ‘But, while there is diversity in approach, there are some core principles that are starting to emerge.’

Dickens explains that the UK has established ‘vertical principles-based guidance,’ with the country’s different regulators – overseeing data, communications and competition, for example – ‘each looking at their own specific sectors to decide when and where to enforce in relation to the government’s five core principles of safety, transparency, fairness, accountability and redress.’

The EU, by contrast, has established what Dickens calls a ‘horizontal statute’ – the AI Act – that attempts ‘to regulate AI as a technology.’ The EU divides AI systems into four tiers of risk, applying different levels of regulation to each, he says. ‘But the core principles that we see there are very similar to the UK government’s five principles.’

Sönke Lund, Chair of the IBA SPPI Working Group on AI, says the case for regulation rests on three interlocking pillars – risk mitigation, accountability and preservation of the rule of law. ‘AI systems increasingly make or inform decisions that affect fundamental rights – from credit assessments and hiring to healthcare diagnostics and law enforcement – yet existing legislation is often insufficient to address the specific challenges these systems present,’ he says. ‘The EU AI Act’s foundational rationale expressly acknowledges that while most AI systems pose limited risk, certain applications create dangers that require a regulatory response to prevent “undesirable outcomes” such as opaque or discriminatory decision-making.’

From a commercial law perspective, Lund – a partner with ECIJA Legal in Barcelona – says that regulation serves a market-constitutive function. It provides legal certainty, defines liability and establishes a baseline of trust that enables economic activity. ‘The risk-based approach adopted by the EU, Brazil, South Korea, and others assigns obligations according to the severity of potential harm, meaning that low-risk applications remain largely unregulated while high-risk systems face proportionate scrutiny,’ he says.

For compliance professionals, regulation creates the interpretive framework within which contractual allocations of AI risk – between providers, organisations deploying the technology and affected individuals – acquire legal meaning, says Lund. ‘Without such a framework, the resulting uncertainty may itself suppress innovation,’ with companies operating ‘in an uncharted liability landscape,’ he says.

There’s a further argument that AI governance is inseparable from the rule of law. When an AI system produces a consequential outcome – denying a loan or flagging an individual for investigation – there must be a discernible chain of accountability and a meaningful right to an explanation, as well as the ability to contest it. ‘Regulation codifies these expectations,’ says Lund, ‘ensuring that technological capability does not outstrip democratic oversight.’

The ‘Brussels Effect’

The EU’s landmark AI Act was first put forward in 2021. In late 2022, however, just as the development of the legislation was reaching its final stages, ChatGPT hit the market. A new wave of generative AI tools and general-purpose systems followed – and these didn’t fit neatly into the EU’s original risk categories. Revisions to the draft legislation were made and in the summer of 2024 the AI Act finally became law, though it won’t be fully phased in until 2027.

With the passage of the Act, Europeans were promised safe and trustworthy AI systems that would be transparent, resilient and human-centric. For example, the Act outright prohibits AI that can infer human emotions or perform real-time facial recognition in public spaces. And it requires certain high-risk systems to undergo a prior conformity assessment and even imposes obligations – such as regarding transparency – on companies or consumers who merely use AI.

‘The Act has been explicitly positioned as a mechanism for fostering “trustworthy AI” that will encourage adoption by establishing user confidence,’ says Lund. ‘It is hoped that requirements such as risk management, transparency and documentation may stimulate the growth of compliance technologies and consulting services and incentivise higher-quality AI development.’

However, given the Act’s detailed technical requirements and standards, concerns have been raised that its prescriptive nature might mean that the latest trends in AI development won’t emerge in Europe. ‘The EU promotes itself as a pioneer in regulation, but regulation is usually meant to manage developments already happening and many of these developments are not happening in Europe,’ says Markus Beham, Co-Chair of the IBA Human Rights Law Committee.

For example, South Korea’s AI Basic Act became Asia’s first comprehensive legal regime governing the technology when it was enacted in January. It reflects Seoul’s ambition to become a ‘top three global AI powerhouse’, alongside the US and China, and was designed to integrate strategy, promotion and regulation into a single law. In this respect, the South Korean legislation stands in contrast to the EU’s approach, which deliberately separates the bloc’s regulatory framework from its initiatives such as the AI Innovation Package.

Despite this difference, Korea’s legislation contains substantial similarities to the EU approach and is an example of what Marc Rotenberg, who led the IBA’s AI Task Force, calls the ‘Brussels Effect’. It’s a reference to a work published by Columbia Law School professor Anu Bradford, which highlights the EU’s status as a ‘regulatory superpower,’ stemming from its market size, stringent standards and the economic pragmatism of multinational companies that prefer a single, high-standard operation over fragmented, lower-standard or varied systems.

‘Many countries, including Peru and Vietnam, have adopted law based on the EU AI Act,’ says Rotenberg, who’s Executive Director and Founder of the Center for AI and Digital Policy in Washington, DC. ‘Common elements include [a] risk-based regulatory structure, independent supervisory authorities, mandatory impact assessment and prohibitions on certain AI use cases.’

Lund says that the strongest manifestation of the Brussels Effect is found in Latin America, where multiple jurisdictions are adopting risk-based frameworks inspired by the EU’s approach. For example, Brazil’s proposed AI legislation includes mechanisms such as regulatory sandboxes to support innovation, alongside rights-based protections, for example a requirement for human oversight. The country’s ‘attempt to combine EU-style risk classification with local priorities – especially addressing algorithmic bias in the context of Brazil’s diverse and historically unequal society – represents a thoughtful balancing of promotion and protection,’ says Lund.

The Brussels Effect can also be found in the structural choices taken by South Korea and in the ongoing work of the G7 governments to establish a coordinated global framework to promote the responsible and safe development and use of AI systems. The cornerstone of these efforts is the Hiroshima AI Process, established in 2023 (see The International Guiding Principles for Organizations Developing Advanced AI Systems).

Divergent approaches

Beham, who’s Chair of Public Law, International Law and European Law at the European University Viadrina in Frankfurt, says that one consequence of the Brussels Effect is that it encourages some jurisdictions to adopt different approaches rather than follow the EU model. ‘The Brussels Effect shows how EU standards can influence global practices. For example, companies like Apple adopt EU standards globally for efficiency. But in today’s geopolitical climate, this may not hold,’ he says. ‘For example, the US may push back against EU regulation, especially regarding tech companies.’

Lund says the Brussels Effect is weakest precisely where it matters most: in the US and in China. Together, the two countries are the world’s dominant AI developers, but neither is adopting EU-style comprehensive regulation. ‘If the jurisdictions producing the most consequential AI systems are not governed by EU-compatible rules, the practical reach of the Brussels Effect is constrained regardless of how many smaller jurisdictions adopt the template,’ he says.

The current regulatory environment in the US is marked by a tension between efforts at the state level to ensure AI safety and a desire by the federal government to reduce regulatory burdens and boost development in the sector. Dickens describes how this has resulted in the publication of the federal National Policy Framework for Artificial Intelligence, which seeks to pre-empt restrictive state-level rules. The Framework ‘doesn’t really have principles so much as aims, such as the promotion of economic investment,’ he says.

Another country to pursue a light-touch approach to regulation is India, which prefers minimal direct intervention in order to accelerate growth, while requiring high-risk or generative AI tools to receive government authorisation before their public release. The IndiaAI Mission, a five-year initiative, is expected to define sector-specific standards and establish a voluntary AI Safety Institute. However, until these materialise, the country’s approach prioritises speed of innovation over comprehensive governance.

China, meanwhile, has chartered its own course. It has adopted a proactive, state-driven model, issuing sector-specific regulations over the past few years focused on particular aspects of AI, such as algorithmic recommendation. Each of these regulations contains detailed compliance requirements.

He Wei is a partner with Wanhuida in Beijing. He describes how China aligns with the general global trend towards transparency, accountability and risk control. However, ‘rather than waiting for comprehensive, overarching regulation, we tend to implement specific regulations for particular scenarios, such as […] generative AI,’ he says.

‘What we focus on is practical application,’ says Wei. ‘Instead of abstract principles, AI governance in China is more about concrete compliance expectations attached to particular use cases. Regulators care about what AI generates and how it is labelled. China has mandatory requirements to label AI-generated content and its outputs. There are concerns about misleading or disruptive outcomes, and while the framework is in place, more detailed implementing rules are still to come.’

While China removed a comprehensive AI law from its 2025 legislative agenda, it continues to regulate through targeted instruments for example, integrating support for innovation with other, specific objectives. ‘China’s approach reflects a different set of priorities altogether,’ says Lund, ‘whereby AI governance is tightly coupled with state control, data sovereignty and content integrity, subordinating individual-rights considerations to ideological and cybersecurity objectives.’

Finally, in the Middle East, the United Arab Emirates (UAE) and Saudi Arabia lead with licensing-based, ethics-anchored AI regulation that’s closely tied to their agendas for national economic diversification. ‘These jurisdictions blend promotion with governance, though the depth of rights-based protections and independent enforcement mechanisms remains a question for the international legal community,’ says Lund.

The simplification debate

Perhaps inspired by criticisms that the EU AI Act is overly prescriptive, German Chancellor Friedrich Merz called for an easing of the bloc’s regulations at the Hannover Messe trade fair in April. Specifically, he spoke about the regulation of industrial – as opposed to consumer – AI.

At the same event, Siemens CEO Roland Busch reportedly warned that his company would prioritise investments in the US and China if the EU didn’t ease its regulations in the sector. He noted that industrial AI was already subject to sector-specific regulations in place in the EU and criticised the way in which industrial/machine data is treated in the same way as personal data.

Lund says the distinction between industrial/machine data and personal data is real and consequential, and that Busch’s frustration reflects a broader concern among such companies that horizontal AI regulation – which covers all sectors – inadequately accounts for existing ‘vertical’ regulatory regimes, that is, those that are specific to certain industries.

Busch’s threat to redirect €1bn in industrial AI investment to the US and China ‘illustrates a real risk of regulatory arbitrage, particularly when major trading partners offer lighter regimes,’ says Lund. ‘The critical variable is calibration: regulation that is overly prescriptive, internally contradictory or that creates duplicative compliance burdens can genuinely impede innovation, while regulation that is proportionate, predictable and interoperable with international norms can channel innovation in socially beneficial directions.’

Lund says the European Commission’s proposal to ‘simplify’ regulation through its Digital Omnibus on AI, unveiled in late 2025, shows that it’s responding to industry pressure. The proposal is part of a broader Commission initiative to review legislation across numerous sectors, with the aim of improving European competitiveness by saving costs for business and boosting innovation.

However, Amnesty International claims that such ‘simplification’ measures significantly weaken protections by delaying the introduction of rules for high-risk AI by 16 months as well as by easing safety standards, for example. ‘The proposals presented […] amount to an unprecedented rollback of rights online at the EU level that protect us from corporate and state surveillance, discrimination at the hands of AI systems, and much more,’ the organisation says.

Others argue that reducing the safeguards and rules guiding the design of AI systems doesn’t necessarily lead to more innovation and, by lacking an overall vision for regulation and introducing delays, the Digital Omnibus on AI has created a degree of legal uncertainty.

Calls for coherence

An IBA AI Taskforce report published in the autumn of 2024 stated that, rather than ‘holding back’ companies, moderate or comprehensive regulation can actually promote growth and innovation in the sector. ‘The framing of regulation as inherently antagonistic to innovation is an oversimplification,’ says Lund. ‘The IBA AI Task Force report’s conclusion rests on a well-established economic logic: clear rules reduce uncertainty, create trusted marketplaces and enable cross-border commerce by providing common standards.’

In the IBA report, contributors voiced their support for ‘coherent regulation’ of AI because of the concern that conflicting or divergent rules will result in substantial complexity for clients and for the profession. For example, in response to the way in which AI standards often fail to represent the interests and contexts of the Global South (see Endangering languages), discussions in multilateral forums and regional initiatives are coalescing around concrete regulatory interventions to combat issues such as language erosion.

Such measures might include, for example, requiring AI tools to use locally sourced, representative datasets. Companies might also be forced to be transparent about the origins of their data and the conditions through which it was collected.

Although effective enforcement is ultimately the decisive test for any framework, there have been attempts to develop international regulatory coherence around AI. One such example is the Council of Europe’s Framework Convention on AI, which has been signed by more than 40 countries – including the EU, UK and US – and is supported by the IBA AI Task Force. Ratification is expected later in 2026. Rotenberg says the Framework Convention provides a model for coherent regulation as it ‘sets out common AI governance standards that should be adopted by countries around the world.’

Highlighting its status as the first legally binding international AI treaty, Lund says the Convention establishes a shared baseline ‘grounded in human rights, democracy and the rule of law. Its significance lies in creating a common reference point for coherence among jurisdictions with otherwise divergent regulatory philosophies.’

But Lund says the Convention is best understood as a necessary but insufficient framework for international regulatory coherence. ‘It provides a shared vocabulary and set of commitments that can reduce the most extreme forms of regulatory divergence, but it cannot – and does not – eliminate the deeper tensions between risk-centric and innovation-centric approaches, or between human-rights-based and state-control-based governance models,’ he explains.

Elsewhere, the UN General Assembly has established its own platform through which governments and stakeholders can convene to discuss international cooperation on AI governance, and share best practices and lessons learned. Highlighting that AI is reshaping economies, societies and daily life, the UN says that no country can address both the opportunities and risks alone. ‘The AI Dialogue exists to ensure that governance reflects the priorities of all nations, not just the most technologically advanced and that the benefits of AI are shared by all,’ says the UN.

The first session of the Global Dialogue on AI Governance will be held between 6-7 July in Geneva. It’ll tackle themes such as how to respect, protect and promote human rights in the context of AI, and how to ensure the technology is used in a safe, secure and trustworthy manner. A second session will follow in New York in spring 2027.

As new AI systems are deployed around the world, the need for some degree of regulatory conformity couldn’t be clearer. Amnesty International has documented numerous examples of how the deployment of AI systems has resulted in discrimination against some of the most vulnerable in society, for example where such tools are used to monitor the movement of refugees. ‘True innovation means finding ways to ensure that the benefits of new technologies are shared by society at large,’ says Amnesty, ‘and not serve only the interest of Big Tech oligarchs.’

Stephen Mulrenan is a freelance writer and can be contacted at smulrenan@lextelpartners.com