Tag: ai legislation tracker

  • AI Legislation Tracker: Free Tools Compared for Research Offices

    An AI legislation tracker is a curated, continuously updated resource that monitors the progress of artificial intelligence bills, statutes and regulations across jurisdictions. For research offices, three free options cover the ground a paid GRC subscription would otherwise charge for: the IAPP’s US State AI Governance Legislation Tracker for state-level bills, White & Case’s AI Watch for a global regulatory sweep, and the AI Act Explorer for line-by-line navigation of the EU AI Act. Used together, they give research administrators enough coverage to flag compliance and procurement risk without a dedicated legal-intelligence budget.

    An AI legislation tracker is a legal-intelligence tool — usually maintained by a law firm, professional association, or legislature — that indexes AI-related bills and regulations by jurisdiction, status and topic so non-specialists can monitor change without reading primary legislative text. For a research office, that means catching a new state disclosure requirement or an EU AI Act compliance deadline before it lands in an audit finding.

    Table of contents

    What is an AI legislation tracker, and why does a research office need one?

    Research offices sit at the intersection of three regulatory pressures: institutional AI-use policy, funder terms and conditions, and the AI laws of every jurisdiction in which their institution operates, procures software or receives funding. No single regulator publishes a consolidated feed of all three, which is why legal-intelligence trackers — built by law firms and associations to serve their own clients — have become the de facto public monitoring layer for everyone else.

    Three gaps make this monitoring hard for a research office specifically. First, state-level fragmentation in the US: MultiState.ai reported tracking 1,561 AI-related bills across 45 states in early 2026, and a bill’s status can change between a legislative session’s opening and a grant’s renewal date. Second, phased EU obligations: the AI Act (Regulation (EU) 2024/1689) entered into force on 1 August 2024 but applies in stages — prohibited-practice provisions since 2 February 2025, general-purpose AI model obligations since 2 August 2025, and the bulk of high-risk system obligations from 2 August 2026. Third, procurement-clause drift: institutional purchasing teams increasingly need to know whether a vendor’s AI tool falls under a “high-risk” classification before a contract is signed, not after.

    Comparing the free trackers: IAPP, White & Case AI Watch and the AI Act Explorer

    Each of the three core tools covers a different layer of the regulatory stack. None requires a paid subscription for the baseline tracker view, though firms use them as client-development tools, so update cadence and depth of legal commentary vary.

    Tool Publisher Geographic scope Best use for a research office Cost
    US State AI Governance Legislation Tracker IAPP US state legislatures Flagging new state disclosure/consumer-protection bills affecting AI-assisted research tools Free
    AI Watch: Global Regulatory Tracker White & Case US, EU, UK, China and other core markets Cross-jurisdiction horizon-scanning for institutions with international partners Free
    AI Act Explorer Future of Life Institute (artificialintelligenceact.eu) European Union Locating the exact article/annex governing a specific AI use case before procurement sign-off Free
    Artificial Intelligence Legislation Database National Conference of State Legislatures (NCSL) US state legislatures Official-source cross-check against law-firm trackers, filterable by policy topic Free
    OECD.AI Policy Navigator OECD 80+ countries and international bodies Global baseline for institutions with funders or partners outside the US/EU Free

    Two law-firm trackers rarely agree exactly on bill status, since each applies its own inclusion criteria — the IAPP chart, for example, deliberately excludes government-only AI bills to focus on rules affecting private-sector organisations. A research office should treat the NCSL database as the authoritative cross-check whenever a law-firm tracker and an internal compliance log disagree, since NCSL draws directly from legislative records rather than curated commentary.

    How to monitor AI law without a paid GRC subscription

    A practical monitoring routine needs three components: a jurisdiction list, a check cadence, and an escalation trigger. Map the institution’s actual footprint — states where staff or partner sites are located, countries with active funder relationships, and any EU-based collaborators — against the five tools above, rather than trying to watch all 45+ US states with active bills at once.

    • Set a monthly review of the IAPP tracker and NCSL database for the institution’s home state plus any state with a satellite campus or major subcontractor.
    • Set a quarterly review of White & Case AI Watch for jurisdictions tied to international grant or publishing partners.
    • Check the AI Act Explorer whenever procuring or renewing an AI-enabled research tool from an EU-based or EU-selling vendor, since Article 53 transparency obligations for general-purpose AI providers already apply.
    • Escalate to institutional counsel the moment a tracked bill moves from “introduced” to “enacted” in a jurisdiction on the footprint list — status changes, not initial filings, are the actionable signal.

    This cadence substitutes staff time for the subscription cost of a commercial GRC platform. It will not catch everything a paid legal-intelligence service would, but it closes the gap between “no monitoring” and “monitoring proportionate to institutional risk,” which is the realistic target for most research offices.

    Which AI rules actually affect grant compliance and procurement

    Not every tracked bill is relevant to a research office. The ones that matter cluster into two categories: funder-facing disclosure requirements and vendor/procurement obligations. On the funder side, publishers already require disclosure of generative-AI use in manuscript preparation under guidance from bodies such as ICMJE and COPE — a policy layer that sits alongside, not inside, the legislative trackers above, and one research offices should monitor through authorship policy channels rather than a legislation tracker.

    On the procurement side, the EU AI Act’s general-purpose AI model obligations — applicable since 2 August 2025 — require providers to maintain technical documentation and, for systemic-risk models, conduct model evaluations; institutions procuring AI research tools from in-scope vendors should expect updated contract terms reflecting this. Separately, under Article 57 of Regulation (EU) 2024/1689, each EU member state must establish at least one national AI regulatory sandbox operational by 2 August 2026 — a detail the AI Act Explorer surfaces clearly but general news coverage rarely mentions, and one that matters to institutions running EU-based pilot deployments of AI research tools.

    In the US, state consumer-protection style AI bills increasingly impose obligations on “deployers” as well as developers — meaning an institution using a third-party AI tool, not just the vendor that built it, can carry compliance obligations. This is the single most consequential fact a research office should extract from the state trackers: deployer obligations mean procurement due diligence, not just vendor selection, is now a compliance function.

    Common questions research administrators ask

    Are there any regulations on AI?

    Yes. There is no comprehensive federal AI statute in the United States, but individual US states have enacted targeted laws, the European Union’s AI Act (Regulation (EU) 2024/1689) is in force with phased obligations through 2027, and dozens of other jurisdictions maintain sector-specific or principles-based AI policy frameworks tracked by the OECD.

    Does Europe have AI regulations?

    Yes. The EU AI Act is the first comprehensive AI-specific legal framework, entering into force on 1 August 2024. Prohibited-practice rules applied from February 2025, general-purpose AI model obligations from August 2025, and most high-risk system requirements apply from August 2026 onward.

    Where are the AI regulations?

    AI rules are distributed across national statutes, EU regulation, and US state legislatures rather than one source — which is precisely why trackers such as IAPP’s state chart, White & Case’s AI Watch, and the AI Act Explorer exist: each consolidates one layer of a fragmented, multi-jurisdiction landscape into a single reference point.

    The regulatory landscape a research office must monitor will keep expanding rather than consolidating: more US states are expected to move bills from “introduced” to “enacted” through 2026 and 2027, and the EU AI Act’s remaining compliance deadlines run to August 2027. A footprint-mapped, tiered-cadence monitoring routine built on these five free trackers is a realistic, sustainable substitute for a paid GRC subscription — provided it is reviewed and re-scoped as the institution’s own AI use, partnerships and procurement expand.

  • AI Research, Innovation, and Accountability Act: What Research Offices Need to Know

    The AI Research, Innovation, and Accountability Act (AIRIA, S.3312) was a bipartisan US Senate bill that would have created federal risk tiers, transparency reporting, and certification duties for high-impact AI systems. It cleared the Senate Commerce Committee in July 2024 but died when the 118th Congress adjourned in January 2025. Its framework has not disappeared, however: near-identical risk-tier and disclosure ideas now surface in state AI statutes, in federal agency guidance, and in follow-on bills before the 119th Congress — several of which already touch how NIH and NSF handle AI in grant review.

    AIRIA is a defined legislative proposal, not a law currently in force: it is the bill that proposed classifying AI systems as “high-impact” or “critical-impact” and tasking the National Institute of Standards and Technology (NIST) with testing, evaluation, validation, and verification standards for the highest-risk category.

    What is the AI Research, Innovation, and Accountability Act?

    The AI Research, Innovation, and Accountability Act is a US Senate bill introduced on 15 November 2023 by Senators John Thune (R-SD), Amy Klobuchar (D-MN), Roger Wicker (R-MS), John Hickenlooper (D-CO), Shelley Moore Capito (R-WV), and Ben Ray Luján (D-NM). It proposed a risk-based federal framework rather than blanket rules for all AI.

    Core provisions included:

    • A two-tier risk classification for “high-impact” and “critical-impact” AI systems used in consequential decisions.
    • Mandatory transparency reports and risk assessments from developers and deployers of the highest-risk systems.
    • A NIST-led programme to develop testing, evaluation, validation, and verification (TEVV) standards.
    • A certification and enforcement structure housed at the Department of Commerce.
    • A consumer-education and industry working-group mandate to support voluntary compliance ahead of formal rules.

    Unlike the EU’s comprehensive AI Act, AIRIA targeted only the highest-risk use cases and left most research and low-risk commercial AI activity outside its scope.

    What happened to AIRIA in Congress?

    AIRIA advanced further than most AI bills of its era but still did not become law. The Senate Committee on Commerce, Science, and Transportation ordered it reported on 31 July 2024, and the Congressional Budget Office published a cost estimate on 6 December 2024. Under standard congressional procedure, any bill not enacted before a Congress ends is considered dead; AIRIA lapsed with the close of the 118th Congress on 3 January 2025 and was not carried forward automatically.

    That is not the end of the story. Several bills before the 119th Congress (2025–2026) reuse AIRIA’s building blocks — including the AI Accountability Act (H.R.1694), which directs a federal study of AI accountability measures, and the Future of Artificial Intelligence Innovation Act of 2026 (S.3952), which revives the NIST standards-and-evaluation mandate AIRIA proposed. None of these has replicated AIRIA in full, but the pattern is consistent: risk tiers, NIST-run testing standards, and disclosure duties keep reappearing in federal drafting, which is why the original bill remains a useful reference text even though it never passed.

    How does AIRIA interact with NIH and NSF grant compliance?

    AIRIA itself never reached the funding agencies, but the compliance gap it targeted — undisclosed or unaccountable AI use in high-stakes review processes — is already being filled through agency policy rather than statute. Research offices do not need AIRIA to pass to feel its logic in practice.

    • NIH issued NOT-OD-23-149, prohibiting NIH scientific peer reviewers from uploading grant application or critique content into generative AI tools, to protect peer-review confidentiality and integrity.
    • NSF issued a parallel notice on 14 December 2023 barring reviewers from entering proposal or review information into non-approved generative AI tools, with corresponding updates folded into the Proposal & Award Policies and Procedures Guide (PAPPG).
    • OMB Memorandum M-24-10, issued 28 March 2024, requires every CFO Act agency — including the parent departments of NIH and NSF — to designate a Chief AI Officer, convene an AI governance board, inventory AI use cases annually, and publish compliance plans.

    Research administrators should read AIRIA less as a future obligation and more as the missing statutory layer above rules that funders have already implemented administratively. If AIRIA-style provisions are eventually enacted, they would most plausibly formalise — not replace — the NIH and NSF confidentiality prohibitions and the OMB governance-board model that are already operating today.

    How does AIRIA compare with state AI laws and the EU AI Act?

    Research institutions rarely operate under one AI framework. Multi-state university systems, international co-investigators, and federally funded projects with EU partners are simultaneously exposed to federal inaction, an unsettled state landscape, and a phased EU regime.

    Framework Jurisdiction Status as of July 2026 Relevance to research offices
    AIRIA (S.3312) US federal (Senate) Died with the 118th Congress, 3 Jan 2025; ideas recur in newer bills Reference model for future federal risk-tier and disclosure rules
    OMB M-24-10 US federal (executive) In effect since 28 Mar 2024 Directly governs how NIH, NSF, and other agencies use AI internally
    NIH / NSF AI notices US federal agency policy In effect since Jun–Dec 2023 Bars generative AI use in peer review of grant applications
    Colorado AI Act (SB 24-205) US state Repealed by SB 26-189 (14 May 2026); never took effect Cautionary example — comprehensive state AI law can collapse before compliance deadlines
    Texas TRAIGA US state In effect 1 Jan 2026 Intent-based liability model; applies to any AI system touching Texas residents
    EU AI Act European Union Phased in Aug 2024–Aug 2026 Relevant to Horizon Europe co-investigators and EU-based research partners

    The Colorado reversal is the clearest recent signal: SB 24-205 was the first comprehensive US state AI law, but Colorado Governor Jared Polis signed its full replacement, SB 26-189, on 14 May 2026 — meaning the original statute never actually took effect. State AI law is moving fast and is not stable enough to treat any single statute as a durable compliance target.

    Common questions research administrators ask

    What is the AI Research, Innovation, and Accountability Act?

    It is a 2023 US Senate bill (S.3312) that proposed risk-tiered federal oversight of “high-impact” and “critical-impact” AI systems, including NIST-led testing standards and mandatory transparency reporting. It advanced through Senate Commerce Committee review in 2024 but was never enacted.

    What is the AI legislation situation in 2026?

    No single comprehensive federal AI statute exists in the United States as of mid-2026. Oversight instead comes from a patchwork of agency guidance (OMB M-24-10, NIH and NSF notices), a shifting set of state statutes (Texas TRAIGA in effect, Colorado’s law repealed and replaced), and several competing federal bills still in committee.

    What are the seven principles referenced in AI regulatory frameworks?

    Frameworks such as the EU AI Act commonly cite human agency and oversight, technical robustness and safety, privacy and data governance, transparency, non-discrimination and fairness, societal and environmental wellbeing, and accountability. AIRIA did not adopt this exact list but pursued the same accountability and transparency goals through US-specific risk tiers.

    Why research offices should track this now

    Waiting for a federal AI bill to pass before building internal AI-use policy is the wrong sequencing. NIH and NSF already enforce confidentiality rules on generative AI in peer review, OMB already requires agency AI governance boards, and state rules are changing faster than any single institution can absorb reactively — Colorado’s reversal took less than two years from enactment to repeal.

    Research offices should treat AIRIA as a design template, not a deadline. Institutions that map their existing AI-use disclosure practices against AIRIA’s risk-tier and TEVV concepts now will be positioned to adapt quickly if a successor bill — whether H.R.1694, S.3952, or a future proposal — advances further than AIRIA did. The direction of travel across federal agency guidance, state law, and the EU AI Act is consistent even where the US federal statute itself has stalled: more disclosure, more documented risk assessment, and more named institutional accountability for AI used in decisions that affect people’s funding, careers, and research records.

    For related compliance context, see CASRAI’s research administration resources and the CASRAI Dictionary for definitions of adjacent governance and compliance terms.

  • State AI Laws Create a Patchwork for Consortia

    State AI laws are the individual statutes and regulations that US states — rather than the US Congress — have enacted to govern the development, deployment and disclosure of artificial intelligence, and by mid-2026 more than 45 states have introduced such legislation with no unifying federal framework in place. For research consortia and shared-service research offices that span multiple states, this means the same AI-assisted grant-writing tool, chatbot, or automated screening system can be lawful in one member campus’s state and restricted or unlawful in another’s.

    A state AI law is a statute enacted by an individual US state legislature — as distinct from federal legislation — that regulates how artificial intelligence systems are developed, deployed, disclosed, or audited within that state’s jurisdiction.

    What Are State AI Laws, and How Many States Have Passed Them?

    State AI laws cover a wide range of obligations: algorithmic-discrimination audits, generative-AI content disclosure, “high-risk” system impact assessments, and rules on AI use in employment and consumer decisions. According to the National Conference of State Legislatures (NCSL), in the 2025 legislative session all 50 states, Puerto Rico, the Virgin Islands, and Washington, DC introduced AI-related legislation — a volume that state legislative trackers report continued to accelerate into 2026, with well over a thousand AI-related bills introduced nationwide.

    No two states have adopted the same definitions, thresholds, or enforcement mechanisms. A tool classified as “high-risk automated decision-making” in one state’s statute may fall entirely outside another state’s scope, or be captured under a different label altogether.

    How Do California, Colorado, and Texas AI Laws Compare?

    Three states illustrate how far the approaches diverge. California took effect on 1 January 2026 with two distinct statutes: the Transparency in Frontier AI Act (SB 53), which imposes safety and transparency reporting duties on developers of large-scale frontier models, and the AI Transparency Act (SB 942), which requires disclosure when content is AI-generated. Colorado enacted the first comprehensive state AI statute, the Colorado AI Act (SB 24-205), which took effect in June 2026 and requires developers and deployers of high-risk AI systems to complete impact assessments and provide consumer disclosures; a subsequent amendment, SB 26-189, narrowed that scope to automated decision-making technology, with a revised effective date of 1 January 2027. Texas, by contrast, passed the Texas Responsible AI Governance Act (TRAIGA), which favours an industry self-governance framework over Colorado’s impact-assessment model.

    Jurisdiction Key statute Core mechanism Effective date
    California SB 53 (Transparency in Frontier AI Act); SB 942 (AI Transparency Act) Frontier-model safety reporting; AI-generated content disclosure 1 January 2026
    Colorado Colorado AI Act (SB 24-205), amended by SB 26-189 Impact assessments for automated decision-making technology 1 January 2027 (as amended)
    Texas Texas Responsible AI Governance Act (TRAIGA) Industry self-governance framework Enacted 2025
    Federal Executive Order, “Ensuring a National Policy Framework for Artificial Intelligence” Directs agencies to identify and challenge state AI laws seen as burdensome 11 December 2025 (signed)

    Is the Federal Government Trying to Preempt State AI Laws?

    Yes — but not yet through legislation that has passed Congress. On 11 December 2025, the White House signed an executive order, “Ensuring a National Policy Framework for Artificial Intelligence,” directing federal agencies to identify state AI laws that require models to alter their truthful outputs or that otherwise obstruct a national AI policy. The order instructs agencies to evaluate funding and litigation levers against such state statutes, but an executive order cannot itself repeal state law: only Congress or the courts can do that, and no comprehensive federal AI statute analogous to the EU AI Act has been enacted.

    Until preemption legislation clears Congress — proposals exist but none has passed as of mid-2026 — state AI laws remain, in the words of one large law firm’s 2026 tracker, “the primary source of compliance obligations” for organisations operating in the United States.

    Why Is the Patchwork a Problem for Multi-Campus Research Consortia?

    Multi-state research consortia, shared-service research offices, and multi-site funded studies do not choose a single home jurisdiction the way a single-campus institution does. A consortium spanning California, Colorado, Texas, and a fourth state must reconcile at least three incompatible disclosure and assessment regimes simultaneously — and update that reconciliation as amendments such as Colorado’s SB 26-189 shift scope and effective dates mid-cycle.

    This creates specific friction points for research administration:

    • AI-assisted grant writing and proposal development may trigger content-disclosure duties in California but not in a partner state, complicating a single consortium-wide authorship and disclosure policy.
    • Automated screening or scoring tools used in participant recruitment, peer review triage, or research-integrity checks can qualify as “high-risk automated decision-making” in Colorado while sitting outside any equivalent category in Texas.
    • Shared IT and data infrastructure hosted in one state does not exempt a consortium from a partner campus’s home-state obligations when researchers in that state are end users of the system.
    • Vendor contracts for AI writing, transcription, or analysis tools need jurisdiction-by-jurisdiction compliance riders rather than a single boilerplate clause.

    Research offices increasingly need to disclose AI involvement in scholarly outputs regardless of state law, aligning with journal and funder expectations. Where AI tools contribute to drafting, structured contributor role taxonomies used in authorship disclosure — the model CASRAI originated in 2014 and which NISO now stewards as ANSI/NISO Z39.104-2022 — offer one consistent way to record human-versus-tool contribution that sits independently of any single state’s transparency statute.

    Answer-First Q&A

    How many US states have introduced AI legislation in 2026?

    By the 2025 legislative session, all 50 states, Puerto Rico, the Virgin Islands, and Washington, DC had introduced AI-related legislation, according to the National Conference of State Legislatures. State legislative trackers report the volume of AI-related bills continued to climb through early 2026, spanning dozens of states with no sign of consolidation.

    Does the federal executive order override state AI laws?

    No. The December 2025 executive order directs federal agencies to identify and challenge state AI laws it views as obstructive, but an executive order cannot repeal state statute. Only an act of Congress or a binding court ruling can preempt state AI law, and no such federal AI statute has been enacted as of mid-2026.

    What is the Colorado AI Act’s current status?

    The original Colorado AI Act (SB 24-205) required impact assessments for high-risk AI systems. It was subsequently narrowed by SB 26-189 to focus specifically on automated decision-making technology, with a revised effective date of 1 January 2027, replacing the earlier June 2026 start date.

    What should a multi-state research consortium put in its AI-use policy?

    A consortium policy should map every member campus’s home-state AI statute, flag tools that trigger disclosure or impact-assessment duties in any one jurisdiction, and apply the strictest applicable standard consortium-wide rather than negotiating exceptions state by state.

    Implications for Shared-Service Research Offices

    Shared-service research offices — the units that run grants administration, research integrity, and compliance for several campuses at once — cannot rely on a single state’s AI statute as their reference point. The practical implication is that AI-use policy for a multi-campus consortium must be built to the strictest state standard among its members, then adjusted downward only where a specific campus’s home-state law is demonstrably more permissive and the consortium is willing to operate two policy tiers. Bodies such as NCURA and EARMA increasingly field member questions on exactly this cross-jurisdictional friction, reflecting how quickly the patchwork has become an operational, not just a legal, concern.

    Consortium agreements and vendor contracts should each name which state-law regime governs AI tool use for that workflow, rather than assuming the lead institution’s state law applies uniformly to every partner.

    Outlook

    Absent a federal AI statute, the state-by-state pattern set by California, Colorado, and Texas is likely to keep expanding rather than converging in the near term. Consortia that govern to the strictest applicable state standard, and document AI contribution through structured, framework-neutral disclosure practices, will adapt faster as more states legislate and as amendments such as SB 26-189 continue to shift effective dates and scope. Treat this as a standing monitoring task, not a one-time policy update — state statutes are already being amended within their first year in force.

  • Council of Europe AI Treaty: A Second Track

    The Council of Europe AI treaty — formally the Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law — is the first legally binding international treaty on artificial intelligence. Opened for signature on 5 September 2024 and designated CETS No. 225, it runs alongside, not inside, the EU AI Act, and it applies across the Council of Europe’s 46 member states plus a growing list of non-European signatories, including the United States.

    The Framework Convention is a treaty under public international law, not an EU regulation: it creates binding obligations for the states that ratify it, each of which must transpose those obligations into domestic law. That structure makes it a second, parallel governance track for any research institution operating in a Council of Europe member state that sits outside the European Union — the United Kingdom, Switzerland, Norway, Ukraine, Türkiye, and more than a dozen others.

    What is the Council of Europe AI treaty?

    The Framework Convention was negotiated by the Council of Europe’s Committee on Artificial Intelligence (CAI), successor to the ad hoc committee (CAHAI) that began scoping work in 2019. It was drafted by the Council of Europe’s 46 member states with observer states Canada, Japan, Mexico, the Holy See and the United States, plus the European Union and non-member states including Australia, Argentina, Costa Rica, Israel, Peru and Uruguay.

    According to the Council of Europe, 68 representatives from civil society, academia and industry contributed to the drafting. The treaty sets out principles AI systems must respect: human dignity, equality and non-discrimination, privacy and data protection, transparency and oversight, accountability, safe innovation, and remedies for people affected by AI-driven decisions.

    • Deliberately technology-neutral, so the text does not require revision each time a new AI architecture emerges.
    • Applies to AI systems used by public authorities (including private actors acting on their behalf) and by private-sector actors.
    • Excludes national defence matters and most research and development activity, with one important exception (see below).
    • Monitored by a Conference of the Parties, which reviews implementation and facilitates stakeholder hearings.

    Who has signed and ratified it?

    The treaty opened for signature on 5 September 2024. Early signatories included the European Union, the United Kingdom and the United States, alongside several Council of Europe member states. Since then, further states — including Bosnia and Herzegovina, North Macedonia, the Republic of Moldova and San Marino — have signed or moved toward ratification, per the Council of Europe’s treaty tracking page.

    A pivotal step came on 15 May 2026, when the European Union formally ratified the Framework Convention, according to the Council of Europe’s Artificial Intelligence Portal. Ratification does not fold the treaty into EU law; the two instruments remain distinct tracks the Union has committed to enforcing in a complementary way.

    Because the Council of Europe has 46 member states — nearly double the EU’s 27 — a large bloc of countries with binding obligations under this treaty will never be covered by the EU AI Act at all: the UK, Switzerland, Norway, Iceland, Ukraine, Türkiye, Armenia, Georgia, Azerbaijan and the Western Balkan states listed above.

    How does it differ from the EU AI Act?

    The EU AI Act (Regulation (EU) 2024/1689) is directly applicable law inside the EU and EEA, built on a tiered risk-classification system with technical and conformity obligations. The Framework Convention is a different instrument: a human-rights treaty setting baseline principles for ratifying states to implement through domestic legislation, not a self-executing regulatory code.

    Dimension Council of Europe AI treaty EU AI Act
    Legal form International treaty (CETS No. 225) Directly applicable EU regulation
    Territorial reach 46 Council of Europe member states + non-European signatories (US, others) 27 EU member states + EEA
    Approach Principles-based human-rights baseline Risk-tiered technical compliance regime
    Enforcement Domestic implementing law per ratifying state; Conference of the Parties oversight National market-surveillance authorities + EU AI Office
    R&D treatment Excluded, except where testing may interfere with rights/democracy/rule of law Research exemption with narrower conditions

    Legal trackers such as White & Case’s AI Watch note the Framework Convention requires each signatory to ensure remedies are available to those affected by AI systems — an obligation that exists independently of whatever risk category the EU AI Act would assign to the same system.

    Does it apply to research and development?

    This is the detail research institutions most often miss. The Framework Convention does not apply to research and development activities — except when testing of an AI system may interfere with human rights, democracy or the rule of law. The carve-out is narrower than it looks: once a prototype moves from the lab into testing that touches real people’s data or opportunities, the exception can lapse and obligations on transparency, accountability and remedy attach.

    For universities, research funders and multinational consortia, this means AI-enabled research tools — automated peer-review triage, algorithmic grant scoring, participant-recruitment models, predictive analytics on patient or student data — are not automatically outside scope simply because they originate in a research setting. Institutions in non-EU Council of Europe states cannot assume “the EU AI Act doesn’t apply to us” settles the matter; the Framework Convention raises a parallel, sometimes broader, compliance question the moment R&D testing touches real-world rights.

    Frequently asked questions

    What is the Council of Europe AI treaty?

    The Council of Europe AI treaty is the Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law, opened for signature on 5 September 2024. It is the first legally binding international treaty requiring signatory states to govern the full lifecycle of AI systems in line with human rights, democratic values and the rule of law.

    Which countries have signed the Council of Europe AI treaty?

    Early signatories included the European Union, United Kingdom and United States, joined since by further Council of Europe member states including Bosnia and Herzegovina, North Macedonia, the Republic of Moldova and San Marino. The EU formally ratified the treaty on 15 May 2026, per the Council of Europe’s official portal.

    Is the Council of Europe AI treaty the same as the EU AI Act?

    No. The EU AI Act is a directly applicable EU regulation limited to the EU/EEA. The Council of Europe treaty is a separate international human-rights instrument spanning 46 member states plus non-European signatories, enforced through each state’s own domestic implementing legislation.

    Does the treaty regulate university and funder AI tools?

    Generally research and development is excluded, but the exclusion lifts once AI testing could affect real people’s rights — for example, algorithmic grant scoring or predictive analytics on participant data. Institutions should not assume research-labelled AI tools sit permanently outside the treaty’s reach.

    Implications and outlook for research institutions

    Research institutions in a Council of Europe member state outside the EU should treat the Framework Convention as an independent compliance track, not a footnote to EU AI Act guidance. Practical steps:

    • Map which AI systems used in research administration, grant assessment or participant-facing services could trigger the treaty’s rights-impact exception once national implementing legislation is adopted.
    • Track ratification status in each jurisdiction where the institution operates, since obligations activate state-by-state, not on a single EU-wide date.
    • Build transparency and remedy mechanisms — notice of AI use, a route to challenge automated decisions — into research-facing AI tools regardless of which regime formally applies yet.

    Globally, the treaty is one entry in a widening, uneven map of AI regulations around the world: the EU’s harmonised regulatory code, the Council of Europe’s rights-based treaty spanning EU and non-EU states, a fragmented patchwork of US state AI laws in the absence of comprehensive federal legislation, and sector-specific rules elsewhere. Institutions tracking several of these regimes at once increasingly need an AI legislation tracker that separates treaty-level from regulation-level instruments, rather than one undifferentiated “AI law” category.

    The Framework Convention will not be the last binding international AI instrument. Its Conference of the Parties is designed to accumulate practice and guidance over time, as other Council of Europe human-rights treaties have. Research institutions that build AI governance around rights-based principles now — not only EU AI Act risk tiers — will be better placed as more states ratify and more domestic implementing laws take effect. CASRAI’s research administration resources track how such cross-border compliance obligations intersect with day-to-day research operations.