Tag: ai regulations around the world

  • AI Legislation Tracker: Free Tools Compared for Research Offices

    An AI legislation tracker is a curated, continuously updated resource that monitors the progress of artificial intelligence bills, statutes and regulations across jurisdictions. For research offices, three free options cover the ground a paid GRC subscription would otherwise charge for: the IAPP’s US State AI Governance Legislation Tracker for state-level bills, White & Case’s AI Watch for a global regulatory sweep, and the AI Act Explorer for line-by-line navigation of the EU AI Act. Used together, they give research administrators enough coverage to flag compliance and procurement risk without a dedicated legal-intelligence budget.

    An AI legislation tracker is a legal-intelligence tool — usually maintained by a law firm, professional association, or legislature — that indexes AI-related bills and regulations by jurisdiction, status and topic so non-specialists can monitor change without reading primary legislative text. For a research office, that means catching a new state disclosure requirement or an EU AI Act compliance deadline before it lands in an audit finding.

    Table of contents

    What is an AI legislation tracker, and why does a research office need one?

    Research offices sit at the intersection of three regulatory pressures: institutional AI-use policy, funder terms and conditions, and the AI laws of every jurisdiction in which their institution operates, procures software or receives funding. No single regulator publishes a consolidated feed of all three, which is why legal-intelligence trackers — built by law firms and associations to serve their own clients — have become the de facto public monitoring layer for everyone else.

    Three gaps make this monitoring hard for a research office specifically. First, state-level fragmentation in the US: MultiState.ai reported tracking 1,561 AI-related bills across 45 states in early 2026, and a bill’s status can change between a legislative session’s opening and a grant’s renewal date. Second, phased EU obligations: the AI Act (Regulation (EU) 2024/1689) entered into force on 1 August 2024 but applies in stages — prohibited-practice provisions since 2 February 2025, general-purpose AI model obligations since 2 August 2025, and the bulk of high-risk system obligations from 2 August 2026. Third, procurement-clause drift: institutional purchasing teams increasingly need to know whether a vendor’s AI tool falls under a “high-risk” classification before a contract is signed, not after.

    Comparing the free trackers: IAPP, White & Case AI Watch and the AI Act Explorer

    Each of the three core tools covers a different layer of the regulatory stack. None requires a paid subscription for the baseline tracker view, though firms use them as client-development tools, so update cadence and depth of legal commentary vary.

    Tool Publisher Geographic scope Best use for a research office Cost
    US State AI Governance Legislation Tracker IAPP US state legislatures Flagging new state disclosure/consumer-protection bills affecting AI-assisted research tools Free
    AI Watch: Global Regulatory Tracker White & Case US, EU, UK, China and other core markets Cross-jurisdiction horizon-scanning for institutions with international partners Free
    AI Act Explorer Future of Life Institute (artificialintelligenceact.eu) European Union Locating the exact article/annex governing a specific AI use case before procurement sign-off Free
    Artificial Intelligence Legislation Database National Conference of State Legislatures (NCSL) US state legislatures Official-source cross-check against law-firm trackers, filterable by policy topic Free
    OECD.AI Policy Navigator OECD 80+ countries and international bodies Global baseline for institutions with funders or partners outside the US/EU Free

    Two law-firm trackers rarely agree exactly on bill status, since each applies its own inclusion criteria — the IAPP chart, for example, deliberately excludes government-only AI bills to focus on rules affecting private-sector organisations. A research office should treat the NCSL database as the authoritative cross-check whenever a law-firm tracker and an internal compliance log disagree, since NCSL draws directly from legislative records rather than curated commentary.

    How to monitor AI law without a paid GRC subscription

    A practical monitoring routine needs three components: a jurisdiction list, a check cadence, and an escalation trigger. Map the institution’s actual footprint — states where staff or partner sites are located, countries with active funder relationships, and any EU-based collaborators — against the five tools above, rather than trying to watch all 45+ US states with active bills at once.

    • Set a monthly review of the IAPP tracker and NCSL database for the institution’s home state plus any state with a satellite campus or major subcontractor.
    • Set a quarterly review of White & Case AI Watch for jurisdictions tied to international grant or publishing partners.
    • Check the AI Act Explorer whenever procuring or renewing an AI-enabled research tool from an EU-based or EU-selling vendor, since Article 53 transparency obligations for general-purpose AI providers already apply.
    • Escalate to institutional counsel the moment a tracked bill moves from “introduced” to “enacted” in a jurisdiction on the footprint list — status changes, not initial filings, are the actionable signal.

    This cadence substitutes staff time for the subscription cost of a commercial GRC platform. It will not catch everything a paid legal-intelligence service would, but it closes the gap between “no monitoring” and “monitoring proportionate to institutional risk,” which is the realistic target for most research offices.

    Which AI rules actually affect grant compliance and procurement

    Not every tracked bill is relevant to a research office. The ones that matter cluster into two categories: funder-facing disclosure requirements and vendor/procurement obligations. On the funder side, publishers already require disclosure of generative-AI use in manuscript preparation under guidance from bodies such as ICMJE and COPE — a policy layer that sits alongside, not inside, the legislative trackers above, and one research offices should monitor through authorship policy channels rather than a legislation tracker.

    On the procurement side, the EU AI Act’s general-purpose AI model obligations — applicable since 2 August 2025 — require providers to maintain technical documentation and, for systemic-risk models, conduct model evaluations; institutions procuring AI research tools from in-scope vendors should expect updated contract terms reflecting this. Separately, under Article 57 of Regulation (EU) 2024/1689, each EU member state must establish at least one national AI regulatory sandbox operational by 2 August 2026 — a detail the AI Act Explorer surfaces clearly but general news coverage rarely mentions, and one that matters to institutions running EU-based pilot deployments of AI research tools.

    In the US, state consumer-protection style AI bills increasingly impose obligations on “deployers” as well as developers — meaning an institution using a third-party AI tool, not just the vendor that built it, can carry compliance obligations. This is the single most consequential fact a research office should extract from the state trackers: deployer obligations mean procurement due diligence, not just vendor selection, is now a compliance function.

    Common questions research administrators ask

    Are there any regulations on AI?

    Yes. There is no comprehensive federal AI statute in the United States, but individual US states have enacted targeted laws, the European Union’s AI Act (Regulation (EU) 2024/1689) is in force with phased obligations through 2027, and dozens of other jurisdictions maintain sector-specific or principles-based AI policy frameworks tracked by the OECD.

    Does Europe have AI regulations?

    Yes. The EU AI Act is the first comprehensive AI-specific legal framework, entering into force on 1 August 2024. Prohibited-practice rules applied from February 2025, general-purpose AI model obligations from August 2025, and most high-risk system requirements apply from August 2026 onward.

    Where are the AI regulations?

    AI rules are distributed across national statutes, EU regulation, and US state legislatures rather than one source — which is precisely why trackers such as IAPP’s state chart, White & Case’s AI Watch, and the AI Act Explorer exist: each consolidates one layer of a fragmented, multi-jurisdiction landscape into a single reference point.

    The regulatory landscape a research office must monitor will keep expanding rather than consolidating: more US states are expected to move bills from “introduced” to “enacted” through 2026 and 2027, and the EU AI Act’s remaining compliance deadlines run to August 2027. A footprint-mapped, tiered-cadence monitoring routine built on these five free trackers is a realistic, sustainable substitute for a paid GRC subscription — provided it is reviewed and re-scoped as the institution’s own AI use, partnerships and procurement expand.

  • State AI Laws Create a Patchwork for Consortia

    State AI laws are the individual statutes and regulations that US states — rather than the US Congress — have enacted to govern the development, deployment and disclosure of artificial intelligence, and by mid-2026 more than 45 states have introduced such legislation with no unifying federal framework in place. For research consortia and shared-service research offices that span multiple states, this means the same AI-assisted grant-writing tool, chatbot, or automated screening system can be lawful in one member campus’s state and restricted or unlawful in another’s.

    A state AI law is a statute enacted by an individual US state legislature — as distinct from federal legislation — that regulates how artificial intelligence systems are developed, deployed, disclosed, or audited within that state’s jurisdiction.

    What Are State AI Laws, and How Many States Have Passed Them?

    State AI laws cover a wide range of obligations: algorithmic-discrimination audits, generative-AI content disclosure, “high-risk” system impact assessments, and rules on AI use in employment and consumer decisions. According to the National Conference of State Legislatures (NCSL), in the 2025 legislative session all 50 states, Puerto Rico, the Virgin Islands, and Washington, DC introduced AI-related legislation — a volume that state legislative trackers report continued to accelerate into 2026, with well over a thousand AI-related bills introduced nationwide.

    No two states have adopted the same definitions, thresholds, or enforcement mechanisms. A tool classified as “high-risk automated decision-making” in one state’s statute may fall entirely outside another state’s scope, or be captured under a different label altogether.

    How Do California, Colorado, and Texas AI Laws Compare?

    Three states illustrate how far the approaches diverge. California took effect on 1 January 2026 with two distinct statutes: the Transparency in Frontier AI Act (SB 53), which imposes safety and transparency reporting duties on developers of large-scale frontier models, and the AI Transparency Act (SB 942), which requires disclosure when content is AI-generated. Colorado enacted the first comprehensive state AI statute, the Colorado AI Act (SB 24-205), which took effect in June 2026 and requires developers and deployers of high-risk AI systems to complete impact assessments and provide consumer disclosures; a subsequent amendment, SB 26-189, narrowed that scope to automated decision-making technology, with a revised effective date of 1 January 2027. Texas, by contrast, passed the Texas Responsible AI Governance Act (TRAIGA), which favours an industry self-governance framework over Colorado’s impact-assessment model.

    Jurisdiction Key statute Core mechanism Effective date
    California SB 53 (Transparency in Frontier AI Act); SB 942 (AI Transparency Act) Frontier-model safety reporting; AI-generated content disclosure 1 January 2026
    Colorado Colorado AI Act (SB 24-205), amended by SB 26-189 Impact assessments for automated decision-making technology 1 January 2027 (as amended)
    Texas Texas Responsible AI Governance Act (TRAIGA) Industry self-governance framework Enacted 2025
    Federal Executive Order, “Ensuring a National Policy Framework for Artificial Intelligence” Directs agencies to identify and challenge state AI laws seen as burdensome 11 December 2025 (signed)

    Is the Federal Government Trying to Preempt State AI Laws?

    Yes — but not yet through legislation that has passed Congress. On 11 December 2025, the White House signed an executive order, “Ensuring a National Policy Framework for Artificial Intelligence,” directing federal agencies to identify state AI laws that require models to alter their truthful outputs or that otherwise obstruct a national AI policy. The order instructs agencies to evaluate funding and litigation levers against such state statutes, but an executive order cannot itself repeal state law: only Congress or the courts can do that, and no comprehensive federal AI statute analogous to the EU AI Act has been enacted.

    Until preemption legislation clears Congress — proposals exist but none has passed as of mid-2026 — state AI laws remain, in the words of one large law firm’s 2026 tracker, “the primary source of compliance obligations” for organisations operating in the United States.

    Why Is the Patchwork a Problem for Multi-Campus Research Consortia?

    Multi-state research consortia, shared-service research offices, and multi-site funded studies do not choose a single home jurisdiction the way a single-campus institution does. A consortium spanning California, Colorado, Texas, and a fourth state must reconcile at least three incompatible disclosure and assessment regimes simultaneously — and update that reconciliation as amendments such as Colorado’s SB 26-189 shift scope and effective dates mid-cycle.

    This creates specific friction points for research administration:

    • AI-assisted grant writing and proposal development may trigger content-disclosure duties in California but not in a partner state, complicating a single consortium-wide authorship and disclosure policy.
    • Automated screening or scoring tools used in participant recruitment, peer review triage, or research-integrity checks can qualify as “high-risk automated decision-making” in Colorado while sitting outside any equivalent category in Texas.
    • Shared IT and data infrastructure hosted in one state does not exempt a consortium from a partner campus’s home-state obligations when researchers in that state are end users of the system.
    • Vendor contracts for AI writing, transcription, or analysis tools need jurisdiction-by-jurisdiction compliance riders rather than a single boilerplate clause.

    Research offices increasingly need to disclose AI involvement in scholarly outputs regardless of state law, aligning with journal and funder expectations. Where AI tools contribute to drafting, structured contributor role taxonomies used in authorship disclosure — the model CASRAI originated in 2014 and which NISO now stewards as ANSI/NISO Z39.104-2022 — offer one consistent way to record human-versus-tool contribution that sits independently of any single state’s transparency statute.

    Answer-First Q&A

    How many US states have introduced AI legislation in 2026?

    By the 2025 legislative session, all 50 states, Puerto Rico, the Virgin Islands, and Washington, DC had introduced AI-related legislation, according to the National Conference of State Legislatures. State legislative trackers report the volume of AI-related bills continued to climb through early 2026, spanning dozens of states with no sign of consolidation.

    Does the federal executive order override state AI laws?

    No. The December 2025 executive order directs federal agencies to identify and challenge state AI laws it views as obstructive, but an executive order cannot repeal state statute. Only an act of Congress or a binding court ruling can preempt state AI law, and no such federal AI statute has been enacted as of mid-2026.

    What is the Colorado AI Act’s current status?

    The original Colorado AI Act (SB 24-205) required impact assessments for high-risk AI systems. It was subsequently narrowed by SB 26-189 to focus specifically on automated decision-making technology, with a revised effective date of 1 January 2027, replacing the earlier June 2026 start date.

    What should a multi-state research consortium put in its AI-use policy?

    A consortium policy should map every member campus’s home-state AI statute, flag tools that trigger disclosure or impact-assessment duties in any one jurisdiction, and apply the strictest applicable standard consortium-wide rather than negotiating exceptions state by state.

    Implications for Shared-Service Research Offices

    Shared-service research offices — the units that run grants administration, research integrity, and compliance for several campuses at once — cannot rely on a single state’s AI statute as their reference point. The practical implication is that AI-use policy for a multi-campus consortium must be built to the strictest state standard among its members, then adjusted downward only where a specific campus’s home-state law is demonstrably more permissive and the consortium is willing to operate two policy tiers. Bodies such as NCURA and EARMA increasingly field member questions on exactly this cross-jurisdictional friction, reflecting how quickly the patchwork has become an operational, not just a legal, concern.

    Consortium agreements and vendor contracts should each name which state-law regime governs AI tool use for that workflow, rather than assuming the lead institution’s state law applies uniformly to every partner.

    Outlook

    Absent a federal AI statute, the state-by-state pattern set by California, Colorado, and Texas is likely to keep expanding rather than converging in the near term. Consortia that govern to the strictest applicable state standard, and document AI contribution through structured, framework-neutral disclosure practices, will adapt faster as more states legislate and as amendments such as SB 26-189 continue to shift effective dates and scope. Treat this as a standing monitoring task, not a one-time policy update — state statutes are already being amended within their first year in force.

  • Council of Europe AI Treaty: A Second Track

    The Council of Europe AI treaty — formally the Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law — is the first legally binding international treaty on artificial intelligence. Opened for signature on 5 September 2024 and designated CETS No. 225, it runs alongside, not inside, the EU AI Act, and it applies across the Council of Europe’s 46 member states plus a growing list of non-European signatories, including the United States.

    The Framework Convention is a treaty under public international law, not an EU regulation: it creates binding obligations for the states that ratify it, each of which must transpose those obligations into domestic law. That structure makes it a second, parallel governance track for any research institution operating in a Council of Europe member state that sits outside the European Union — the United Kingdom, Switzerland, Norway, Ukraine, Türkiye, and more than a dozen others.

    What is the Council of Europe AI treaty?

    The Framework Convention was negotiated by the Council of Europe’s Committee on Artificial Intelligence (CAI), successor to the ad hoc committee (CAHAI) that began scoping work in 2019. It was drafted by the Council of Europe’s 46 member states with observer states Canada, Japan, Mexico, the Holy See and the United States, plus the European Union and non-member states including Australia, Argentina, Costa Rica, Israel, Peru and Uruguay.

    According to the Council of Europe, 68 representatives from civil society, academia and industry contributed to the drafting. The treaty sets out principles AI systems must respect: human dignity, equality and non-discrimination, privacy and data protection, transparency and oversight, accountability, safe innovation, and remedies for people affected by AI-driven decisions.

    • Deliberately technology-neutral, so the text does not require revision each time a new AI architecture emerges.
    • Applies to AI systems used by public authorities (including private actors acting on their behalf) and by private-sector actors.
    • Excludes national defence matters and most research and development activity, with one important exception (see below).
    • Monitored by a Conference of the Parties, which reviews implementation and facilitates stakeholder hearings.

    Who has signed and ratified it?

    The treaty opened for signature on 5 September 2024. Early signatories included the European Union, the United Kingdom and the United States, alongside several Council of Europe member states. Since then, further states — including Bosnia and Herzegovina, North Macedonia, the Republic of Moldova and San Marino — have signed or moved toward ratification, per the Council of Europe’s treaty tracking page.

    A pivotal step came on 15 May 2026, when the European Union formally ratified the Framework Convention, according to the Council of Europe’s Artificial Intelligence Portal. Ratification does not fold the treaty into EU law; the two instruments remain distinct tracks the Union has committed to enforcing in a complementary way.

    Because the Council of Europe has 46 member states — nearly double the EU’s 27 — a large bloc of countries with binding obligations under this treaty will never be covered by the EU AI Act at all: the UK, Switzerland, Norway, Iceland, Ukraine, Türkiye, Armenia, Georgia, Azerbaijan and the Western Balkan states listed above.

    How does it differ from the EU AI Act?

    The EU AI Act (Regulation (EU) 2024/1689) is directly applicable law inside the EU and EEA, built on a tiered risk-classification system with technical and conformity obligations. The Framework Convention is a different instrument: a human-rights treaty setting baseline principles for ratifying states to implement through domestic legislation, not a self-executing regulatory code.

    Dimension Council of Europe AI treaty EU AI Act
    Legal form International treaty (CETS No. 225) Directly applicable EU regulation
    Territorial reach 46 Council of Europe member states + non-European signatories (US, others) 27 EU member states + EEA
    Approach Principles-based human-rights baseline Risk-tiered technical compliance regime
    Enforcement Domestic implementing law per ratifying state; Conference of the Parties oversight National market-surveillance authorities + EU AI Office
    R&D treatment Excluded, except where testing may interfere with rights/democracy/rule of law Research exemption with narrower conditions

    Legal trackers such as White & Case’s AI Watch note the Framework Convention requires each signatory to ensure remedies are available to those affected by AI systems — an obligation that exists independently of whatever risk category the EU AI Act would assign to the same system.

    Does it apply to research and development?

    This is the detail research institutions most often miss. The Framework Convention does not apply to research and development activities — except when testing of an AI system may interfere with human rights, democracy or the rule of law. The carve-out is narrower than it looks: once a prototype moves from the lab into testing that touches real people’s data or opportunities, the exception can lapse and obligations on transparency, accountability and remedy attach.

    For universities, research funders and multinational consortia, this means AI-enabled research tools — automated peer-review triage, algorithmic grant scoring, participant-recruitment models, predictive analytics on patient or student data — are not automatically outside scope simply because they originate in a research setting. Institutions in non-EU Council of Europe states cannot assume “the EU AI Act doesn’t apply to us” settles the matter; the Framework Convention raises a parallel, sometimes broader, compliance question the moment R&D testing touches real-world rights.

    Frequently asked questions

    What is the Council of Europe AI treaty?

    The Council of Europe AI treaty is the Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law, opened for signature on 5 September 2024. It is the first legally binding international treaty requiring signatory states to govern the full lifecycle of AI systems in line with human rights, democratic values and the rule of law.

    Which countries have signed the Council of Europe AI treaty?

    Early signatories included the European Union, United Kingdom and United States, joined since by further Council of Europe member states including Bosnia and Herzegovina, North Macedonia, the Republic of Moldova and San Marino. The EU formally ratified the treaty on 15 May 2026, per the Council of Europe’s official portal.

    Is the Council of Europe AI treaty the same as the EU AI Act?

    No. The EU AI Act is a directly applicable EU regulation limited to the EU/EEA. The Council of Europe treaty is a separate international human-rights instrument spanning 46 member states plus non-European signatories, enforced through each state’s own domestic implementing legislation.

    Does the treaty regulate university and funder AI tools?

    Generally research and development is excluded, but the exclusion lifts once AI testing could affect real people’s rights — for example, algorithmic grant scoring or predictive analytics on participant data. Institutions should not assume research-labelled AI tools sit permanently outside the treaty’s reach.

    Implications and outlook for research institutions

    Research institutions in a Council of Europe member state outside the EU should treat the Framework Convention as an independent compliance track, not a footnote to EU AI Act guidance. Practical steps:

    • Map which AI systems used in research administration, grant assessment or participant-facing services could trigger the treaty’s rights-impact exception once national implementing legislation is adopted.
    • Track ratification status in each jurisdiction where the institution operates, since obligations activate state-by-state, not on a single EU-wide date.
    • Build transparency and remedy mechanisms — notice of AI use, a route to challenge automated decisions — into research-facing AI tools regardless of which regime formally applies yet.

    Globally, the treaty is one entry in a widening, uneven map of AI regulations around the world: the EU’s harmonised regulatory code, the Council of Europe’s rights-based treaty spanning EU and non-EU states, a fragmented patchwork of US state AI laws in the absence of comprehensive federal legislation, and sector-specific rules elsewhere. Institutions tracking several of these regimes at once increasingly need an AI legislation tracker that separates treaty-level from regulation-level instruments, rather than one undifferentiated “AI law” category.

    The Framework Convention will not be the last binding international AI instrument. Its Conference of the Parties is designed to accumulate practice and guidance over time, as other Council of Europe human-rights treaties have. Research institutions that build AI governance around rights-based principles now — not only EU AI Act risk tiers — will be better placed as more states ratify and more domestic implementing laws take effect. CASRAI’s research administration resources track how such cross-border compliance obligations intersect with day-to-day research operations.

  • AI Regulations Around the World: A 4-Jurisdiction Comparison for Research Consortia

    AI regulations around the world diverge sharply in 2026: the EU AI Act is a binding, risk-tiered statute with extraterritorial reach; US oversight is a fragmented state-law patchwork with no federal statute; China runs a registration-and-content-control regime; and the Council of Europe treaty sets shared principles without direct enforcement. No single checklist covers every consortium partner.

    AI regulation is the set of binding statutes, administrative measures and international instruments that govern how artificial intelligence systems may be developed, deployed and used within a given jurisdiction. For a multi-country research consortium, that matters practically: the same AI-assisted analysis tool or generative writing aid can be lawful for one partner and non-compliant for another, purely because of where each institution sits.

    This article maps the four regimes that most often collide in international data-sharing agreements — the EU AI Act, US state AI laws, China’s AI measures, and the Council of Europe’s AI treaty — and identifies where the friction actually occurs, not just what each law says in isolation.

    Contents

    What are the main AI regulatory regimes research consortia must track?

    Four regimes dominate cross-border research collaboration in 2026: the EU’s binding AI Act, a growing set of US state statutes, China’s registration-led administrative measures, and the Council of Europe’s rights-based treaty. Each uses a different legal mechanism, a different geographic trigger, and a different enforcement model, which is precisely why a consortium cannot rely on one partner’s compliance work to cover the group.

    Regime Legal status Geographic reach Compliance approach Relevance to research consortia
    EU AI Act (Regulation (EU) 2024/1689) Binding regulation, directly applicable in all EU member states Extraterritorial: covers providers and deployers outside the EU where an AI system’s output is used within the EU Risk-tiered (unacceptable / high / limited / minimal); high-risk obligations broadly apply from 2 August 2026 A non-EU partner can still be caught if any consortium member deploys the tool’s output in the EU; grant-review and admissions-style AI can fall into Annex III high-risk categories
    US state AI laws No binding federal AI statute; state statutes such as the Colorado AI Act and California’s AI Transparency Act Applies within the enacting state; a December 2025 executive order pushes federal preemption of “burdensome” state rules, but this is contested and unsettled as of mid-2026 Sector- and harm-specific (algorithmic discrimination, transparency, deepfakes) rather than one risk taxonomy A single US institution can trigger several inconsistent duties depending on which state its staff, servers or subcontractors sit in
    China’s AI measures Binding administrative measures enforced by the Cyberspace Administration of China (CAC), now folded into the amended Cybersecurity Law from January 2026 Applies to AI services offered within China; requires algorithm registration with the CAC before deployment Registration- and content-control-led: mandatory labelling of AI-generated content, security assessments, real-name verification Chinese partner institutions typically cannot lawfully run an unregistered foreign AI tool against shared data, creating a hard blocker for joint analysis pipelines
    Council of Europe AI treaty First legally binding international AI treaty (Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law) Open to Council of Europe members and non-member signatories, including the US, UK, Canada and Japan; needs ratification by five signatories, including three Council of Europe states, to enter into force Principles-based: human rights, democracy and rule-of-law safeguards for public- and private-sector AI Offers shared language consortia can cite in data-sharing agreements, but is not self-executing and needs domestic implementing law in each signatory state

    How does the EU AI Act apply to multi-country research?

    The EU AI Act entered into force on 1 August 2024, with obligations phased in over several years. Bans on unacceptable-risk systems and AI-literacy duties applied from 2 February 2025; general-purpose AI obligations followed on 2 August 2025; and high-risk system obligations broadly apply from 2 August 2026, with penalties reaching €35 million or 7% of global annual turnover.

    What consortium leads consistently underestimate is scope. Like the GDPR before it, the Act reaches beyond EU borders: it applies to providers and deployers established outside the Union whenever the output of their AI system is used within it. A US or Asia-based partner running an AI-assisted screening tool that feeds results into an EU-led work package can be pulled into EU obligations even without an EU office. Annex III’s high-risk categories — including systems used in education, employment and essential services — also reach some AI-assisted grant-review and research-integrity screening tools.

    What do US state AI laws mean for consortium partners?

    The United States has no comprehensive federal AI statute in 2026. Instead, regulation is set state by state: Colorado’s AI Act (SB 24-205), the first comprehensive US state AI law, requires reasonable care to prevent algorithmic discrimination in high-risk systems, with implementation delayed to 30 June 2026. California has separately enacted an AI Transparency Act and a frontier-model safety statute.

    A December 2025 executive order directed federal agencies to challenge state AI laws viewed as inconsistent with a lighter-touch national standard, but as of mid-2026 that preemption push is unsettled and existing state statutes remain in force. For a consortium, a single US institution’s obligations can shift depending on which state its staff, infrastructure or subcontractors sit in — and may change again if preemption litigation succeeds.

    How does China regulate AI differently?

    China’s approach is registration-led and content-focused rather than risk-tiered. The Cyberspace Administration of China requires algorithm registration and security assessment before many AI services can be deployed. The Measures for Labelling AI-Generated and Synthetic Content took effect in September 2025, three national standards on generative AI security took effect on 1 November 2025, and AI governance obligations were folded into the amended Cybersecurity Law from January 2026.

    For research consortia, this is a structurally different problem from the EU or US: it is not primarily about disclosure or risk assessment, but whether a given AI tool may operate against Chinese-held data at all. An unregistered foreign analysis tool cannot lawfully be applied to a Chinese partner’s data set, regardless of how compliant it is elsewhere.

    What does the Council of Europe AI treaty add?

    The Council of Europe’s Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law is the first legally binding international treaty on AI. It opened for signature in September 2024, and early signatories include the European Union, the United States, the United Kingdom, Canada and Japan. It requires ratification by five signatories, including three Council of Europe member states, to enter into force.

    Unlike the EU AI Act, the treaty does not create a detailed compliance regime of its own; it sets human-rights and rule-of-law principles that signatory states must implement through domestic law. For a consortium, it functions less as a rulebook and more as shared vocabulary — a reference point agreements can cite when partners disagree on baseline AI safeguards, even where no national statute yet covers a given use case.

    Where do multi-jurisdiction consortia hit compliance friction?

    The practical friction is rarely about any one regime being stricter than another — it is about the regimes using incompatible triggers. The EU AI Act asks “where is the output used?” US state law asks “which state is the deployer in?” China asks “is this algorithm registered?” The Council of Europe treaty asks “has this state ratified and implemented it?”

    • Data-sharing agreements drafted for one jurisdiction’s risk taxonomy often fail to address another partner’s registration or transparency duties.
    • AI-assisted research tools — plagiarism and integrity screening, generative drafting aids, automated peer-review triage — can simultaneously be “limited risk” in the EU, unregulated in one US state, and require CAC registration in China.
    • Consent and disclosure language for AI use in participant-facing materials rarely satisfies all four regimes’ transparency requirements at once.
    • Governing-law clauses in consortium agreements need to specify which partner’s AI-use obligations apply to shared infrastructure, not just which partner “owns” the data.

    UKRI, Horizon Europe consortia and cOAlition S-aligned funders increasingly expect applicants to describe how AI tools are governed across all partner sites, not only the lead institution’s — making this mapping exercise a funding-eligibility question, not only a legal one.

    Answer-first Q&A

    Are there any global AI regulations?

    No single binding global AI law exists. The Council of Europe’s Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law, opened for signature in September 2024, is the first legally binding international AI treaty, but it needs ratification by five signatories, including three Council of Europe states, before it takes effect.

    Which countries have the most AI regulations?

    The European Union has the most comprehensive statutory AI framework via the EU AI Act, while the United States has the largest volume of measures once state activity is counted. In the 2025 legislative session, all 50 states introduced AI bills and 38 enacted measures, per the National Conference of State Legislatures.

    Which countries have no AI-specific restrictions?

    Several jurisdictions, including the United Arab Emirates and Saudi Arabia, rely on voluntary principles and sector guidance rather than a dedicated AI statute, though both run active national AI strategies and are expected to formalise binding rules as adoption accelerates. Partners based there face fewer AI-specific duties, but other data laws still apply.

    What should multi-country consortia do next?

    No convergence toward a single global AI standard is likely before 2027. The EU AI Act’s high-risk obligations continue phasing in through 2026 and 2027, US preemption litigation remains unresolved, China’s registration regime keeps expanding, and Council of Europe ratifications will accumulate gradually. Consortium agreements that hard-code today’s rules will need scheduled review clauses, not one-off sign-off.

    Research administration teams should treat AI-use disclosure as a standing agenda item in consortium governance, map each partner institution against the table above at project start, and build AI-tool review into existing data-sharing and research administration workflows rather than a separate compliance track.

  • China AI Regulation for Research Collaboration

    China’s AI regulation centres on the Interim Measures for the Management of Generative Artificial Intelligence Services (effective 15 August 2023), which require AI-service providers to disclose AI use and forbid listing generative AI as a co-author. For Western universities collaborating with Chinese institutions, the rules affect authorship credit, cross-border data transfer, and how AI tools may be used in co-supervised research.

    China’s Interim Measures for the Management of Generative Artificial Intelligence Services is the country’s first binding, AI-specific regulation, jointly issued by the Cyberspace Administration of China (CAC) and six other ministries. It sits alongside the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law (PIPL) as the legal backbone for how AI-enabled research involving Chinese partners must be conducted.

    This matters for research administrators well beyond China’s borders. Joint-authorship agreements, data-sharing memoranda and co-supervision arrangements with Chinese universities now have to reconcile Chinese disclosure and labelling duties with the authorship norms already in force under COPE, ICMJE and journal policy in the EU, UK and US.

    What China’s Interim Measures for Generative AI actually require

    The Interim Measures require providers of public-facing generative AI services to register with the CAC, prevent outputs that undermine state security or social stability, and take measures against algorithmic bias. Internal research and development that is not offered as a public-facing service is treated more lightly, but outputs intended for publication or public dissemination fall squarely within scope.

    Two further instruments extend the regime. The Measures for Labeling AI-Generated and Synthesized Content, paired with the national standard GB 45438-2025, took effect in September 2025 and require visible or embedded labels on AI-generated text, images and audio distributed in China. The Ministry of Science and Technology’s guidelines on responsible research conduct, issued in December 2023, apply specifically to academic work: they prohibit using generative AI to draft funding applications and require researchers to disclose any generative AI use in their methodology.

    China has not enacted a single, comprehensive AI statute. A draft Artificial Intelligence Law has appeared on the National People’s Congress Standing Committee’s legislative agenda since 2023, but no official draft had been released as of December 2025, and the enactment timeline remains unclear.

    How China’s framework compares with the EU, UK and US

    None of the four major jurisdictions regulates AI in research collaboration through a single dedicated instrument. Each layers AI-specific rules on top of existing data-protection, cybersecurity and research-integrity frameworks, but the point at which those rules bind differs sharply.

    Jurisdiction Core AI instrument Status (as of mid-2026) Authorship / disclosure rule for research
    China Interim Measures for Generative AI Services (2023) plus labelling rules (2025) In force; comprehensive AI Law still in draft Ministry of Science and Technology guidelines bar listing AI as a co-author; AI use must be disclosed
    European Union AI Act, Regulation (EU) 2024/1689 General-purpose AI obligations apply from August 2025; most other obligations from August 2026 No AI-authorship bar in the Act itself; publishers apply COPE and ICMJE norms
    United Kingdom No dedicated AI statute; pro-innovation, regulator-led approach Existing regulators (ICO and sector bodies) apply cross-cutting principles COPE- and ICMJE-aligned: AI cannot be listed as author; disclosure expected in methods sections
    United States No comprehensive federal law; state statutes (e.g. the Colorado AI Act) and the voluntary NIST AI Risk Management Framework Patchwork of state laws; federal approach still executive-order-driven NIH bars AI from being listed as an author or used by peer reviewers to evaluate applications; journals follow ICMJE/COPE

    The practical convergence is striking: China, the EU, the UK and the US all reach the same conclusion on authorship — a generative AI system cannot satisfy the accountability that authorship implies — even though none of them arrives there through identical legislation.

    What this means for joint authorship and contributor disclosure

    China’s Ministry of Science and Technology guidelines and the international consensus reflected in ICMJE recommendations and COPE position statements agree on one point: generative AI tools cannot be listed as authors or contributors, because they cannot take responsibility for the accuracy and integrity of the work. This aligns with the accountability criterion embedded in the CRediT contributor role taxonomy, which CASRAI originated in 2014 and which is now stewarded by NISO as ANSI/NISO Z39.104-2022.

    For joint publications with Chinese co-authors, this means AI-assistance disclosure statements now need to satisfy two regimes at once: China’s requirement to label AI-generated content and disclose AI use in the methodology, and the contributor-role documentation expected by journals following CRediT or ICMJE authorship criteria. A single disclosure paragraph, drafted to meet the stricter of the two standards, is usually sufficient — but it should name the specific generative AI tool, its role, and confirm that no tool is credited as an author or contributor.

    • Confirm which named human contributors meet Chinese and Western authorship criteria before drafting the manuscript.
    • Record AI-tool use (what, where, why) in a disclosure statement that satisfies both the Chinese labelling requirement and journal policy.
    • Never list a generative AI system as an author, co-author or contributor under any of the four frameworks compared above.

    Data-sharing and cross-border transfer requirements

    Research data moving out of China is governed by the Data Security Law and the Personal Information Protection Law, not by the Interim Measures themselves. Transfers of “important data” or bulk personal information generally require a CAC security assessment, a process legal trackers monitoring Chinese compliance report can take several months to clear. Projects that involve Chinese human genetic resources — common in biomedical and health-informatics collaborations — additionally require prior approval from the Ministry of Science and Technology before data can be shared internationally.

    Co-supervised doctoral projects that route data through a public-facing generative AI service add a further layer: the service falls within the Interim Measures’ registration and labelling scope, even where the underlying collaboration is privately arranged between two universities.

    Common questions on China’s AI regulation and research collaboration

    Does China have a comprehensive AI law?

    No. As of mid-2026, China has no single, comprehensive AI statute; regulation proceeds through targeted instruments — the Cybersecurity Law, the Data Security Law, the Personal Information Protection Law, and AI-specific measures such as the Interim Measures for Generative AI. A draft national Artificial Intelligence Law remains under review, with no confirmed enactment timeline.

    What is the Interim Measures for the Management of Generative AI Services?

    It is China’s first binding national regulation aimed specifically at generative AI, effective 15 August 2023. Issued jointly by the Cyberspace Administration of China and six ministries, it requires providers to register services, label AI-generated content, and prevent outputs that undermine state security or social stability.

    Can AI be listed as a co-author on Chinese-affiliated research?

    No. China’s Ministry of Science and Technology guidelines on responsible research conduct, issued in 2023, prohibit listing generative AI tools as co-authors and require disclosure of AI use in manuscripts and funding applications. This mirrors COPE and ICMJE guidance already applied by EU, UK and US publishers.

    Do foreign researchers need approval to share data with Chinese AI research partners?

    Often, yes. Under the Data Security Law and PIPL, transferring research data — especially human genetic or health data — outside China can require a Cyberspace Administration of China security assessment. Projects involving Chinese human genetic resources additionally need Ministry of Science and Technology approval before international sharing proceeds.

    Implications for research offices

    Research offices managing joint-authorship agreements, data-sharing memoranda or co-supervision arrangements with Chinese institutions need compliance processes that satisfy Chinese disclosure and security-review requirements without weakening the authorship and contributor-role standards already expected by Western journals and funders. Treating China’s rules as an additional layer on top of existing CRediT-based authorship practice, rather than a separate compliance track, keeps the paperwork proportionate.

    China’s regulatory posture is still moving: the Ministry of Science and Technology, the CAC and the State Council have all issued new instruments since mid-2025. Institutions with active China partnerships should treat authorship-disclosure and data-transfer procedures as living documents, reviewed annually against the current Chinese, EU, UK and US rules.