Tag: council of europe ai treaty

  • Council of Europe AI Treaty: A Second Track

    The Council of Europe AI treaty — formally the Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law — is the first legally binding international treaty on artificial intelligence. Opened for signature on 5 September 2024 and designated CETS No. 225, it runs alongside, not inside, the EU AI Act, and it applies across the Council of Europe’s 46 member states plus a growing list of non-European signatories, including the United States.

    The Framework Convention is a treaty under public international law, not an EU regulation: it creates binding obligations for the states that ratify it, each of which must transpose those obligations into domestic law. That structure makes it a second, parallel governance track for any research institution operating in a Council of Europe member state that sits outside the European Union — the United Kingdom, Switzerland, Norway, Ukraine, Türkiye, and more than a dozen others.

    What is the Council of Europe AI treaty?

    The Framework Convention was negotiated by the Council of Europe’s Committee on Artificial Intelligence (CAI), successor to the ad hoc committee (CAHAI) that began scoping work in 2019. It was drafted by the Council of Europe’s 46 member states with observer states Canada, Japan, Mexico, the Holy See and the United States, plus the European Union and non-member states including Australia, Argentina, Costa Rica, Israel, Peru and Uruguay.

    According to the Council of Europe, 68 representatives from civil society, academia and industry contributed to the drafting. The treaty sets out principles AI systems must respect: human dignity, equality and non-discrimination, privacy and data protection, transparency and oversight, accountability, safe innovation, and remedies for people affected by AI-driven decisions.

    • Deliberately technology-neutral, so the text does not require revision each time a new AI architecture emerges.
    • Applies to AI systems used by public authorities (including private actors acting on their behalf) and by private-sector actors.
    • Excludes national defence matters and most research and development activity, with one important exception (see below).
    • Monitored by a Conference of the Parties, which reviews implementation and facilitates stakeholder hearings.

    Who has signed and ratified it?

    The treaty opened for signature on 5 September 2024. Early signatories included the European Union, the United Kingdom and the United States, alongside several Council of Europe member states. Since then, further states — including Bosnia and Herzegovina, North Macedonia, the Republic of Moldova and San Marino — have signed or moved toward ratification, per the Council of Europe’s treaty tracking page.

    A pivotal step came on 15 May 2026, when the European Union formally ratified the Framework Convention, according to the Council of Europe’s Artificial Intelligence Portal. Ratification does not fold the treaty into EU law; the two instruments remain distinct tracks the Union has committed to enforcing in a complementary way.

    Because the Council of Europe has 46 member states — nearly double the EU’s 27 — a large bloc of countries with binding obligations under this treaty will never be covered by the EU AI Act at all: the UK, Switzerland, Norway, Iceland, Ukraine, Türkiye, Armenia, Georgia, Azerbaijan and the Western Balkan states listed above.

    How does it differ from the EU AI Act?

    The EU AI Act (Regulation (EU) 2024/1689) is directly applicable law inside the EU and EEA, built on a tiered risk-classification system with technical and conformity obligations. The Framework Convention is a different instrument: a human-rights treaty setting baseline principles for ratifying states to implement through domestic legislation, not a self-executing regulatory code.

    Dimension Council of Europe AI treaty EU AI Act
    Legal form International treaty (CETS No. 225) Directly applicable EU regulation
    Territorial reach 46 Council of Europe member states + non-European signatories (US, others) 27 EU member states + EEA
    Approach Principles-based human-rights baseline Risk-tiered technical compliance regime
    Enforcement Domestic implementing law per ratifying state; Conference of the Parties oversight National market-surveillance authorities + EU AI Office
    R&D treatment Excluded, except where testing may interfere with rights/democracy/rule of law Research exemption with narrower conditions

    Legal trackers such as White & Case’s AI Watch note the Framework Convention requires each signatory to ensure remedies are available to those affected by AI systems — an obligation that exists independently of whatever risk category the EU AI Act would assign to the same system.

    Does it apply to research and development?

    This is the detail research institutions most often miss. The Framework Convention does not apply to research and development activities — except when testing of an AI system may interfere with human rights, democracy or the rule of law. The carve-out is narrower than it looks: once a prototype moves from the lab into testing that touches real people’s data or opportunities, the exception can lapse and obligations on transparency, accountability and remedy attach.

    For universities, research funders and multinational consortia, this means AI-enabled research tools — automated peer-review triage, algorithmic grant scoring, participant-recruitment models, predictive analytics on patient or student data — are not automatically outside scope simply because they originate in a research setting. Institutions in non-EU Council of Europe states cannot assume “the EU AI Act doesn’t apply to us” settles the matter; the Framework Convention raises a parallel, sometimes broader, compliance question the moment R&D testing touches real-world rights.

    Frequently asked questions

    What is the Council of Europe AI treaty?

    The Council of Europe AI treaty is the Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law, opened for signature on 5 September 2024. It is the first legally binding international treaty requiring signatory states to govern the full lifecycle of AI systems in line with human rights, democratic values and the rule of law.

    Which countries have signed the Council of Europe AI treaty?

    Early signatories included the European Union, United Kingdom and United States, joined since by further Council of Europe member states including Bosnia and Herzegovina, North Macedonia, the Republic of Moldova and San Marino. The EU formally ratified the treaty on 15 May 2026, per the Council of Europe’s official portal.

    Is the Council of Europe AI treaty the same as the EU AI Act?

    No. The EU AI Act is a directly applicable EU regulation limited to the EU/EEA. The Council of Europe treaty is a separate international human-rights instrument spanning 46 member states plus non-European signatories, enforced through each state’s own domestic implementing legislation.

    Does the treaty regulate university and funder AI tools?

    Generally research and development is excluded, but the exclusion lifts once AI testing could affect real people’s rights — for example, algorithmic grant scoring or predictive analytics on participant data. Institutions should not assume research-labelled AI tools sit permanently outside the treaty’s reach.

    Implications and outlook for research institutions

    Research institutions in a Council of Europe member state outside the EU should treat the Framework Convention as an independent compliance track, not a footnote to EU AI Act guidance. Practical steps:

    • Map which AI systems used in research administration, grant assessment or participant-facing services could trigger the treaty’s rights-impact exception once national implementing legislation is adopted.
    • Track ratification status in each jurisdiction where the institution operates, since obligations activate state-by-state, not on a single EU-wide date.
    • Build transparency and remedy mechanisms — notice of AI use, a route to challenge automated decisions — into research-facing AI tools regardless of which regime formally applies yet.

    Globally, the treaty is one entry in a widening, uneven map of AI regulations around the world: the EU’s harmonised regulatory code, the Council of Europe’s rights-based treaty spanning EU and non-EU states, a fragmented patchwork of US state AI laws in the absence of comprehensive federal legislation, and sector-specific rules elsewhere. Institutions tracking several of these regimes at once increasingly need an AI legislation tracker that separates treaty-level from regulation-level instruments, rather than one undifferentiated “AI law” category.

    The Framework Convention will not be the last binding international AI instrument. Its Conference of the Parties is designed to accumulate practice and guidance over time, as other Council of Europe human-rights treaties have. Research institutions that build AI governance around rights-based principles now — not only EU AI Act risk tiers — will be better placed as more states ratify and more domestic implementing laws take effect. CASRAI’s research administration resources track how such cross-border compliance obligations intersect with day-to-day research operations.

  • AI Regulations Around the World: A 4-Jurisdiction Comparison for Research Consortia

    AI regulations around the world diverge sharply in 2026: the EU AI Act is a binding, risk-tiered statute with extraterritorial reach; US oversight is a fragmented state-law patchwork with no federal statute; China runs a registration-and-content-control regime; and the Council of Europe treaty sets shared principles without direct enforcement. No single checklist covers every consortium partner.

    AI regulation is the set of binding statutes, administrative measures and international instruments that govern how artificial intelligence systems may be developed, deployed and used within a given jurisdiction. For a multi-country research consortium, that matters practically: the same AI-assisted analysis tool or generative writing aid can be lawful for one partner and non-compliant for another, purely because of where each institution sits.

    This article maps the four regimes that most often collide in international data-sharing agreements — the EU AI Act, US state AI laws, China’s AI measures, and the Council of Europe’s AI treaty — and identifies where the friction actually occurs, not just what each law says in isolation.

    Contents

    What are the main AI regulatory regimes research consortia must track?

    Four regimes dominate cross-border research collaboration in 2026: the EU’s binding AI Act, a growing set of US state statutes, China’s registration-led administrative measures, and the Council of Europe’s rights-based treaty. Each uses a different legal mechanism, a different geographic trigger, and a different enforcement model, which is precisely why a consortium cannot rely on one partner’s compliance work to cover the group.

    Regime Legal status Geographic reach Compliance approach Relevance to research consortia
    EU AI Act (Regulation (EU) 2024/1689) Binding regulation, directly applicable in all EU member states Extraterritorial: covers providers and deployers outside the EU where an AI system’s output is used within the EU Risk-tiered (unacceptable / high / limited / minimal); high-risk obligations broadly apply from 2 August 2026 A non-EU partner can still be caught if any consortium member deploys the tool’s output in the EU; grant-review and admissions-style AI can fall into Annex III high-risk categories
    US state AI laws No binding federal AI statute; state statutes such as the Colorado AI Act and California’s AI Transparency Act Applies within the enacting state; a December 2025 executive order pushes federal preemption of “burdensome” state rules, but this is contested and unsettled as of mid-2026 Sector- and harm-specific (algorithmic discrimination, transparency, deepfakes) rather than one risk taxonomy A single US institution can trigger several inconsistent duties depending on which state its staff, servers or subcontractors sit in
    China’s AI measures Binding administrative measures enforced by the Cyberspace Administration of China (CAC), now folded into the amended Cybersecurity Law from January 2026 Applies to AI services offered within China; requires algorithm registration with the CAC before deployment Registration- and content-control-led: mandatory labelling of AI-generated content, security assessments, real-name verification Chinese partner institutions typically cannot lawfully run an unregistered foreign AI tool against shared data, creating a hard blocker for joint analysis pipelines
    Council of Europe AI treaty First legally binding international AI treaty (Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law) Open to Council of Europe members and non-member signatories, including the US, UK, Canada and Japan; needs ratification by five signatories, including three Council of Europe states, to enter into force Principles-based: human rights, democracy and rule-of-law safeguards for public- and private-sector AI Offers shared language consortia can cite in data-sharing agreements, but is not self-executing and needs domestic implementing law in each signatory state

    How does the EU AI Act apply to multi-country research?

    The EU AI Act entered into force on 1 August 2024, with obligations phased in over several years. Bans on unacceptable-risk systems and AI-literacy duties applied from 2 February 2025; general-purpose AI obligations followed on 2 August 2025; and high-risk system obligations broadly apply from 2 August 2026, with penalties reaching €35 million or 7% of global annual turnover.

    What consortium leads consistently underestimate is scope. Like the GDPR before it, the Act reaches beyond EU borders: it applies to providers and deployers established outside the Union whenever the output of their AI system is used within it. A US or Asia-based partner running an AI-assisted screening tool that feeds results into an EU-led work package can be pulled into EU obligations even without an EU office. Annex III’s high-risk categories — including systems used in education, employment and essential services — also reach some AI-assisted grant-review and research-integrity screening tools.

    What do US state AI laws mean for consortium partners?

    The United States has no comprehensive federal AI statute in 2026. Instead, regulation is set state by state: Colorado’s AI Act (SB 24-205), the first comprehensive US state AI law, requires reasonable care to prevent algorithmic discrimination in high-risk systems, with implementation delayed to 30 June 2026. California has separately enacted an AI Transparency Act and a frontier-model safety statute.

    A December 2025 executive order directed federal agencies to challenge state AI laws viewed as inconsistent with a lighter-touch national standard, but as of mid-2026 that preemption push is unsettled and existing state statutes remain in force. For a consortium, a single US institution’s obligations can shift depending on which state its staff, infrastructure or subcontractors sit in — and may change again if preemption litigation succeeds.

    How does China regulate AI differently?

    China’s approach is registration-led and content-focused rather than risk-tiered. The Cyberspace Administration of China requires algorithm registration and security assessment before many AI services can be deployed. The Measures for Labelling AI-Generated and Synthetic Content took effect in September 2025, three national standards on generative AI security took effect on 1 November 2025, and AI governance obligations were folded into the amended Cybersecurity Law from January 2026.

    For research consortia, this is a structurally different problem from the EU or US: it is not primarily about disclosure or risk assessment, but whether a given AI tool may operate against Chinese-held data at all. An unregistered foreign analysis tool cannot lawfully be applied to a Chinese partner’s data set, regardless of how compliant it is elsewhere.

    What does the Council of Europe AI treaty add?

    The Council of Europe’s Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law is the first legally binding international treaty on AI. It opened for signature in September 2024, and early signatories include the European Union, the United States, the United Kingdom, Canada and Japan. It requires ratification by five signatories, including three Council of Europe member states, to enter into force.

    Unlike the EU AI Act, the treaty does not create a detailed compliance regime of its own; it sets human-rights and rule-of-law principles that signatory states must implement through domestic law. For a consortium, it functions less as a rulebook and more as shared vocabulary — a reference point agreements can cite when partners disagree on baseline AI safeguards, even where no national statute yet covers a given use case.

    Where do multi-jurisdiction consortia hit compliance friction?

    The practical friction is rarely about any one regime being stricter than another — it is about the regimes using incompatible triggers. The EU AI Act asks “where is the output used?” US state law asks “which state is the deployer in?” China asks “is this algorithm registered?” The Council of Europe treaty asks “has this state ratified and implemented it?”

    • Data-sharing agreements drafted for one jurisdiction’s risk taxonomy often fail to address another partner’s registration or transparency duties.
    • AI-assisted research tools — plagiarism and integrity screening, generative drafting aids, automated peer-review triage — can simultaneously be “limited risk” in the EU, unregulated in one US state, and require CAC registration in China.
    • Consent and disclosure language for AI use in participant-facing materials rarely satisfies all four regimes’ transparency requirements at once.
    • Governing-law clauses in consortium agreements need to specify which partner’s AI-use obligations apply to shared infrastructure, not just which partner “owns” the data.

    UKRI, Horizon Europe consortia and cOAlition S-aligned funders increasingly expect applicants to describe how AI tools are governed across all partner sites, not only the lead institution’s — making this mapping exercise a funding-eligibility question, not only a legal one.

    Answer-first Q&A

    Are there any global AI regulations?

    No single binding global AI law exists. The Council of Europe’s Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law, opened for signature in September 2024, is the first legally binding international AI treaty, but it needs ratification by five signatories, including three Council of Europe states, before it takes effect.

    Which countries have the most AI regulations?

    The European Union has the most comprehensive statutory AI framework via the EU AI Act, while the United States has the largest volume of measures once state activity is counted. In the 2025 legislative session, all 50 states introduced AI bills and 38 enacted measures, per the National Conference of State Legislatures.

    Which countries have no AI-specific restrictions?

    Several jurisdictions, including the United Arab Emirates and Saudi Arabia, rely on voluntary principles and sector guidance rather than a dedicated AI statute, though both run active national AI strategies and are expected to formalise binding rules as adoption accelerates. Partners based there face fewer AI-specific duties, but other data laws still apply.

    What should multi-country consortia do next?

    No convergence toward a single global AI standard is likely before 2027. The EU AI Act’s high-risk obligations continue phasing in through 2026 and 2027, US preemption litigation remains unresolved, China’s registration regime keeps expanding, and Council of Europe ratifications will accumulate gradually. Consortium agreements that hard-code today’s rules will need scheduled review clauses, not one-off sign-off.

    Research administration teams should treat AI-use disclosure as a standing agenda item in consortium governance, map each partner institution against the table above at project start, and build AI-tool review into existing data-sharing and research administration workflows rather than a separate compliance track.