Legislative Beat
AI Regulatory Reference
A quick-reference guide to the major AI regulations and frameworks. For compliance guidance, consult legal counsel or your regulatory body directly.
Last updated: Q2 2026
| Regulation / Framework | Plain-Language Summary | Who It May Apply To | Status | Official Source |
|---|---|---|---|---|
| EU AI Act | Classifies AI systems by risk (unacceptable, high, limited, minimal). High-risk systems require conformity assessments, documentation, and human oversight. | Any org deploying AI in the EU or serving EU customers | In effect; phased compliance timeline through 2027 | artificial-intelligence-act.eu |
| NIST AI Risk Management Framework | Voluntary US framework providing guidance on identifying, measuring, and managing AI risk. Widely adopted as a de facto standard. | US-based organizations; increasingly referenced globally | Active (v1.0 published 2023) | nist.gov/artificial-intelligence |
| US State AI Laws | Colorado, California, Texas, Illinois, and others have enacted or proposed AI-specific laws covering hiring, consumer protection, and high-risk AI use. Patchwork — no federal preemption yet. | Organizations with employees or customers in these states | Varies by state; rapidly evolving | ncsl.org/financial-services/artificial-intelligence-legislation-database |
| SEC AI Governance Guidance | SEC has issued guidance on AI use in investment advice, disclosure obligations for AI-related risks, and conflicts of interest in predictive data analytics. | Registered investment advisers, broker-dealers, public companies | Active and evolving | sec.gov/ai |
| FINRA AI Guidance | Guidance for broker-dealers on using AI in customer communications, supervision obligations, and recordkeeping when AI is used in regulated activities. | FINRA-registered broker-dealers | Active | finra.org/rules-guidance/key-topics/artificial-intelligence |
| UK AI Regulatory Framework | Pro-innovation, principles-based approach. Assigns AI oversight to existing regulators (FCA, ICO, CMA) rather than creating a new AI regulator. Currently voluntary; AI Safety Institute leads safety research. | Organizations operating in the UK | Active; AI Opportunities Action Plan released Jan 2025 | gov.uk/government/publications/ai-regulation-a-pro-innovation-approach |
| HIPAA + AI (HHS Guidance) | Existing HIPAA obligations apply when AI systems process protected health information. HHS has issued guidance on AI in clinical decision-making. | Healthcare providers, health plans, covered entities, their vendors | Active | hhs.gov/programs/topic-sites/ai |
| ISO/IEC 42001:2023 | International standard for AI Management Systems. Certifiable — organizations can obtain third-party certification. Increasingly referenced in procurement and vendor assessments. | Any organization globally developing or deploying AI | Published; voluntary | iso.org/standard/81230.html |
This table is a starting point for awareness, not legal advice. Regulations change frequently. Consult qualified legal counsel for compliance guidance specific to your organization, industry, and jurisdiction.