AI Regulations Around the World: A 4-Jurisdiction Comparison for Research Consortia

AI regulations around the world diverge sharply in 2026: the EU AI Act is a binding, risk-tiered statute with extraterritorial reach; US oversight is a fragmented state-law patchwork with no federal statute; China runs a registration-and-content-control regime; and the Council of Europe treaty sets shared principles without direct enforcement. No single checklist covers every consortium partner.

AI regulation is the set of binding statutes, administrative measures and international instruments that govern how artificial intelligence systems may be developed, deployed and used within a given jurisdiction. For a multi-country research consortium, that matters practically: the same AI-assisted analysis tool or generative writing aid can be lawful for one partner and non-compliant for another, purely because of where each institution sits.

This article maps the four regimes that most often collide in international data-sharing agreements — the EU AI Act, US state AI laws, China’s AI measures, and the Council of Europe’s AI treaty — and identifies where the friction actually occurs, not just what each law says in isolation.

Contents

What are the main AI regulatory regimes research consortia must track?

Four regimes dominate cross-border research collaboration in 2026: the EU’s binding AI Act, a growing set of US state statutes, China’s registration-led administrative measures, and the Council of Europe’s rights-based treaty. Each uses a different legal mechanism, a different geographic trigger, and a different enforcement model, which is precisely why a consortium cannot rely on one partner’s compliance work to cover the group.

Regime Legal status Geographic reach Compliance approach Relevance to research consortia
EU AI Act (Regulation (EU) 2024/1689) Binding regulation, directly applicable in all EU member states Extraterritorial: covers providers and deployers outside the EU where an AI system’s output is used within the EU Risk-tiered (unacceptable / high / limited / minimal); high-risk obligations broadly apply from 2 August 2026 A non-EU partner can still be caught if any consortium member deploys the tool’s output in the EU; grant-review and admissions-style AI can fall into Annex III high-risk categories
US state AI laws No binding federal AI statute; state statutes such as the Colorado AI Act and California’s AI Transparency Act Applies within the enacting state; a December 2025 executive order pushes federal preemption of “burdensome” state rules, but this is contested and unsettled as of mid-2026 Sector- and harm-specific (algorithmic discrimination, transparency, deepfakes) rather than one risk taxonomy A single US institution can trigger several inconsistent duties depending on which state its staff, servers or subcontractors sit in
China’s AI measures Binding administrative measures enforced by the Cyberspace Administration of China (CAC), now folded into the amended Cybersecurity Law from January 2026 Applies to AI services offered within China; requires algorithm registration with the CAC before deployment Registration- and content-control-led: mandatory labelling of AI-generated content, security assessments, real-name verification Chinese partner institutions typically cannot lawfully run an unregistered foreign AI tool against shared data, creating a hard blocker for joint analysis pipelines
Council of Europe AI treaty First legally binding international AI treaty (Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law) Open to Council of Europe members and non-member signatories, including the US, UK, Canada and Japan; needs ratification by five signatories, including three Council of Europe states, to enter into force Principles-based: human rights, democracy and rule-of-law safeguards for public- and private-sector AI Offers shared language consortia can cite in data-sharing agreements, but is not self-executing and needs domestic implementing law in each signatory state

How does the EU AI Act apply to multi-country research?

The EU AI Act entered into force on 1 August 2024, with obligations phased in over several years. Bans on unacceptable-risk systems and AI-literacy duties applied from 2 February 2025; general-purpose AI obligations followed on 2 August 2025; and high-risk system obligations broadly apply from 2 August 2026, with penalties reaching €35 million or 7% of global annual turnover.

What consortium leads consistently underestimate is scope. Like the GDPR before it, the Act reaches beyond EU borders: it applies to providers and deployers established outside the Union whenever the output of their AI system is used within it. A US or Asia-based partner running an AI-assisted screening tool that feeds results into an EU-led work package can be pulled into EU obligations even without an EU office. Annex III’s high-risk categories — including systems used in education, employment and essential services — also reach some AI-assisted grant-review and research-integrity screening tools.

What do US state AI laws mean for consortium partners?

The United States has no comprehensive federal AI statute in 2026. Instead, regulation is set state by state: Colorado’s AI Act (SB 24-205), the first comprehensive US state AI law, requires reasonable care to prevent algorithmic discrimination in high-risk systems, with implementation delayed to 30 June 2026. California has separately enacted an AI Transparency Act and a frontier-model safety statute.

A December 2025 executive order directed federal agencies to challenge state AI laws viewed as inconsistent with a lighter-touch national standard, but as of mid-2026 that preemption push is unsettled and existing state statutes remain in force. For a consortium, a single US institution’s obligations can shift depending on which state its staff, infrastructure or subcontractors sit in — and may change again if preemption litigation succeeds.

How does China regulate AI differently?

China’s approach is registration-led and content-focused rather than risk-tiered. The Cyberspace Administration of China requires algorithm registration and security assessment before many AI services can be deployed. The Measures for Labelling AI-Generated and Synthetic Content took effect in September 2025, three national standards on generative AI security took effect on 1 November 2025, and AI governance obligations were folded into the amended Cybersecurity Law from January 2026.

For research consortia, this is a structurally different problem from the EU or US: it is not primarily about disclosure or risk assessment, but whether a given AI tool may operate against Chinese-held data at all. An unregistered foreign analysis tool cannot lawfully be applied to a Chinese partner’s data set, regardless of how compliant it is elsewhere.

What does the Council of Europe AI treaty add?

The Council of Europe’s Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law is the first legally binding international treaty on AI. It opened for signature in September 2024, and early signatories include the European Union, the United States, the United Kingdom, Canada and Japan. It requires ratification by five signatories, including three Council of Europe member states, to enter into force.

Unlike the EU AI Act, the treaty does not create a detailed compliance regime of its own; it sets human-rights and rule-of-law principles that signatory states must implement through domestic law. For a consortium, it functions less as a rulebook and more as shared vocabulary — a reference point agreements can cite when partners disagree on baseline AI safeguards, even where no national statute yet covers a given use case.

Where do multi-jurisdiction consortia hit compliance friction?

The practical friction is rarely about any one regime being stricter than another — it is about the regimes using incompatible triggers. The EU AI Act asks “where is the output used?” US state law asks “which state is the deployer in?” China asks “is this algorithm registered?” The Council of Europe treaty asks “has this state ratified and implemented it?”

  • Data-sharing agreements drafted for one jurisdiction’s risk taxonomy often fail to address another partner’s registration or transparency duties.
  • AI-assisted research tools — plagiarism and integrity screening, generative drafting aids, automated peer-review triage — can simultaneously be “limited risk” in the EU, unregulated in one US state, and require CAC registration in China.
  • Consent and disclosure language for AI use in participant-facing materials rarely satisfies all four regimes’ transparency requirements at once.
  • Governing-law clauses in consortium agreements need to specify which partner’s AI-use obligations apply to shared infrastructure, not just which partner “owns” the data.

UKRI, Horizon Europe consortia and cOAlition S-aligned funders increasingly expect applicants to describe how AI tools are governed across all partner sites, not only the lead institution’s — making this mapping exercise a funding-eligibility question, not only a legal one.

Answer-first Q&A

Are there any global AI regulations?

No single binding global AI law exists. The Council of Europe’s Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law, opened for signature in September 2024, is the first legally binding international AI treaty, but it needs ratification by five signatories, including three Council of Europe states, before it takes effect.

Which countries have the most AI regulations?

The European Union has the most comprehensive statutory AI framework via the EU AI Act, while the United States has the largest volume of measures once state activity is counted. In the 2025 legislative session, all 50 states introduced AI bills and 38 enacted measures, per the National Conference of State Legislatures.

Which countries have no AI-specific restrictions?

Several jurisdictions, including the United Arab Emirates and Saudi Arabia, rely on voluntary principles and sector guidance rather than a dedicated AI statute, though both run active national AI strategies and are expected to formalise binding rules as adoption accelerates. Partners based there face fewer AI-specific duties, but other data laws still apply.

What should multi-country consortia do next?

No convergence toward a single global AI standard is likely before 2027. The EU AI Act’s high-risk obligations continue phasing in through 2026 and 2027, US preemption litigation remains unresolved, China’s registration regime keeps expanding, and Council of Europe ratifications will accumulate gradually. Consortium agreements that hard-code today’s rules will need scheduled review clauses, not one-off sign-off.

Research administration teams should treat AI-use disclosure as a standing agenda item in consortium governance, map each partner institution against the table above at project start, and build AI-tool review into existing data-sharing and research administration workflows rather than a separate compliance track.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *