Mapping Regulatory Actors

AI regulation involves a complex web of actors operating at different speeds and scales. The EU operates through comprehensive frameworks like the AI Act, with multi-year implementation timelines and harmonized enforcement across member states. The US operates through a patchwork of executive orders, agency guidance, and state-level legislation that creates an unpredictable compliance landscape. China regulates through specific-use mandates targeting generative AI, recommendation algorithms, and deepfakes. International standards bodies like ISO and IEEE develop technical standards that become de facto regulatory requirements through procurement mandates.

1. Identify Jurisdictions That Affect You Map your organization's regulatory exposure: where are your customers located? Where are your data centers? Where are your model providers headquartered? Each jurisdiction creates compliance obligations. A US-based company serving EU customers must comply with the AI Act. A company using a Chinese-developed model may face restrictions in certain markets.
2. Track Regulatory Bodies For each relevant jurisdiction, identify the specific regulatory bodies and their current activity. EU: European Commission, national AI authorities. US: NIST, FTC, state attorneys general, sector regulators (SEC, HIPAA enforcement). Track their publication schedules, comment period deadlines, and enforcement calendars.
3. Monitor Standards Development Technical standards often become compliance requirements before legislation does. ISO/IEC 42001 (AI management systems), NIST AI RMF, and IEEE standards for algorithmic transparency are becoming procurement requirements at major enterprises. Track which standards are being referenced in RFPs and government contracts.