An AI legislation tracker is a curated, continuously updated resource that monitors the progress of artificial intelligence bills, statutes and regulations across jurisdictions. For research offices, three free options cover the ground a paid GRC subscription would otherwise charge for: the IAPP’s US State AI Governance Legislation Tracker for state-level bills, White & Case’s AI Watch for a global regulatory sweep, and the AI Act Explorer for line-by-line navigation of the EU AI Act. Used together, they give research administrators enough coverage to flag compliance and procurement risk without a dedicated legal-intelligence budget.
An AI legislation tracker is a legal-intelligence tool — usually maintained by a law firm, professional association, or legislature — that indexes AI-related bills and regulations by jurisdiction, status and topic so non-specialists can monitor change without reading primary legislative text. For a research office, that means catching a new state disclosure requirement or an EU AI Act compliance deadline before it lands in an audit finding.
Table of contents
- What is an AI legislation tracker, and why does a research office need one?
- Comparing the free trackers: IAPP, White & Case AI Watch and the AI Act Explorer
- How to monitor AI law without a paid GRC subscription
- Which AI rules actually affect grant compliance and procurement
- Common questions research administrators ask
What is an AI legislation tracker, and why does a research office need one?
Research offices sit at the intersection of three regulatory pressures: institutional AI-use policy, funder terms and conditions, and the AI laws of every jurisdiction in which their institution operates, procures software or receives funding. No single regulator publishes a consolidated feed of all three, which is why legal-intelligence trackers — built by law firms and associations to serve their own clients — have become the de facto public monitoring layer for everyone else.
Three gaps make this monitoring hard for a research office specifically. First, state-level fragmentation in the US: MultiState.ai reported tracking 1,561 AI-related bills across 45 states in early 2026, and a bill’s status can change between a legislative session’s opening and a grant’s renewal date. Second, phased EU obligations: the AI Act (Regulation (EU) 2024/1689) entered into force on 1 August 2024 but applies in stages — prohibited-practice provisions since 2 February 2025, general-purpose AI model obligations since 2 August 2025, and the bulk of high-risk system obligations from 2 August 2026. Third, procurement-clause drift: institutional purchasing teams increasingly need to know whether a vendor’s AI tool falls under a “high-risk” classification before a contract is signed, not after.
Comparing the free trackers: IAPP, White & Case AI Watch and the AI Act Explorer
Each of the three core tools covers a different layer of the regulatory stack. None requires a paid subscription for the baseline tracker view, though firms use them as client-development tools, so update cadence and depth of legal commentary vary.
| Tool | Publisher | Geographic scope | Best use for a research office | Cost |
|---|---|---|---|---|
| US State AI Governance Legislation Tracker | IAPP | US state legislatures | Flagging new state disclosure/consumer-protection bills affecting AI-assisted research tools | Free |
| AI Watch: Global Regulatory Tracker | White & Case | US, EU, UK, China and other core markets | Cross-jurisdiction horizon-scanning for institutions with international partners | Free |
| AI Act Explorer | Future of Life Institute (artificialintelligenceact.eu) | European Union | Locating the exact article/annex governing a specific AI use case before procurement sign-off | Free |
| Artificial Intelligence Legislation Database | National Conference of State Legislatures (NCSL) | US state legislatures | Official-source cross-check against law-firm trackers, filterable by policy topic | Free |
| OECD.AI Policy Navigator | OECD | 80+ countries and international bodies | Global baseline for institutions with funders or partners outside the US/EU | Free |
Two law-firm trackers rarely agree exactly on bill status, since each applies its own inclusion criteria — the IAPP chart, for example, deliberately excludes government-only AI bills to focus on rules affecting private-sector organisations. A research office should treat the NCSL database as the authoritative cross-check whenever a law-firm tracker and an internal compliance log disagree, since NCSL draws directly from legislative records rather than curated commentary.
How to monitor AI law without a paid GRC subscription
A practical monitoring routine needs three components: a jurisdiction list, a check cadence, and an escalation trigger. Map the institution’s actual footprint — states where staff or partner sites are located, countries with active funder relationships, and any EU-based collaborators — against the five tools above, rather than trying to watch all 45+ US states with active bills at once.
- Set a monthly review of the IAPP tracker and NCSL database for the institution’s home state plus any state with a satellite campus or major subcontractor.
- Set a quarterly review of White & Case AI Watch for jurisdictions tied to international grant or publishing partners.
- Check the AI Act Explorer whenever procuring or renewing an AI-enabled research tool from an EU-based or EU-selling vendor, since Article 53 transparency obligations for general-purpose AI providers already apply.
- Escalate to institutional counsel the moment a tracked bill moves from “introduced” to “enacted” in a jurisdiction on the footprint list — status changes, not initial filings, are the actionable signal.
This cadence substitutes staff time for the subscription cost of a commercial GRC platform. It will not catch everything a paid legal-intelligence service would, but it closes the gap between “no monitoring” and “monitoring proportionate to institutional risk,” which is the realistic target for most research offices.
Which AI rules actually affect grant compliance and procurement
Not every tracked bill is relevant to a research office. The ones that matter cluster into two categories: funder-facing disclosure requirements and vendor/procurement obligations. On the funder side, publishers already require disclosure of generative-AI use in manuscript preparation under guidance from bodies such as ICMJE and COPE — a policy layer that sits alongside, not inside, the legislative trackers above, and one research offices should monitor through authorship policy channels rather than a legislation tracker.
On the procurement side, the EU AI Act’s general-purpose AI model obligations — applicable since 2 August 2025 — require providers to maintain technical documentation and, for systemic-risk models, conduct model evaluations; institutions procuring AI research tools from in-scope vendors should expect updated contract terms reflecting this. Separately, under Article 57 of Regulation (EU) 2024/1689, each EU member state must establish at least one national AI regulatory sandbox operational by 2 August 2026 — a detail the AI Act Explorer surfaces clearly but general news coverage rarely mentions, and one that matters to institutions running EU-based pilot deployments of AI research tools.
In the US, state consumer-protection style AI bills increasingly impose obligations on “deployers” as well as developers — meaning an institution using a third-party AI tool, not just the vendor that built it, can carry compliance obligations. This is the single most consequential fact a research office should extract from the state trackers: deployer obligations mean procurement due diligence, not just vendor selection, is now a compliance function.
Common questions research administrators ask
Are there any regulations on AI?
Yes. There is no comprehensive federal AI statute in the United States, but individual US states have enacted targeted laws, the European Union’s AI Act (Regulation (EU) 2024/1689) is in force with phased obligations through 2027, and dozens of other jurisdictions maintain sector-specific or principles-based AI policy frameworks tracked by the OECD.
Does Europe have AI regulations?
Yes. The EU AI Act is the first comprehensive AI-specific legal framework, entering into force on 1 August 2024. Prohibited-practice rules applied from February 2025, general-purpose AI model obligations from August 2025, and most high-risk system requirements apply from August 2026 onward.
Where are the AI regulations?
AI rules are distributed across national statutes, EU regulation, and US state legislatures rather than one source — which is precisely why trackers such as IAPP’s state chart, White & Case’s AI Watch, and the AI Act Explorer exist: each consolidates one layer of a fragmented, multi-jurisdiction landscape into a single reference point.
The regulatory landscape a research office must monitor will keep expanding rather than consolidating: more US states are expected to move bills from “introduced” to “enacted” through 2026 and 2027, and the EU AI Act’s remaining compliance deadlines run to August 2027. A footprint-mapped, tiered-cadence monitoring routine built on these five free trackers is a realistic, sustainable substitute for a paid GRC subscription — provided it is reviewed and re-scoped as the institution’s own AI use, partnerships and procurement expand.