Tag: digital omnibus eu ai act

  • AI Legislation Tracker: Free Tools Compared for Research Offices

    An AI legislation tracker is a curated, continuously updated resource that monitors the progress of artificial intelligence bills, statutes and regulations across jurisdictions. For research offices, three free options cover the ground a paid GRC subscription would otherwise charge for: the IAPP’s US State AI Governance Legislation Tracker for state-level bills, White & Case’s AI Watch for a global regulatory sweep, and the AI Act Explorer for line-by-line navigation of the EU AI Act. Used together, they give research administrators enough coverage to flag compliance and procurement risk without a dedicated legal-intelligence budget.

    An AI legislation tracker is a legal-intelligence tool — usually maintained by a law firm, professional association, or legislature — that indexes AI-related bills and regulations by jurisdiction, status and topic so non-specialists can monitor change without reading primary legislative text. For a research office, that means catching a new state disclosure requirement or an EU AI Act compliance deadline before it lands in an audit finding.

    Table of contents

    What is an AI legislation tracker, and why does a research office need one?

    Research offices sit at the intersection of three regulatory pressures: institutional AI-use policy, funder terms and conditions, and the AI laws of every jurisdiction in which their institution operates, procures software or receives funding. No single regulator publishes a consolidated feed of all three, which is why legal-intelligence trackers — built by law firms and associations to serve their own clients — have become the de facto public monitoring layer for everyone else.

    Three gaps make this monitoring hard for a research office specifically. First, state-level fragmentation in the US: MultiState.ai reported tracking 1,561 AI-related bills across 45 states in early 2026, and a bill’s status can change between a legislative session’s opening and a grant’s renewal date. Second, phased EU obligations: the AI Act (Regulation (EU) 2024/1689) entered into force on 1 August 2024 but applies in stages — prohibited-practice provisions since 2 February 2025, general-purpose AI model obligations since 2 August 2025, and the bulk of high-risk system obligations from 2 August 2026. Third, procurement-clause drift: institutional purchasing teams increasingly need to know whether a vendor’s AI tool falls under a “high-risk” classification before a contract is signed, not after.

    Comparing the free trackers: IAPP, White & Case AI Watch and the AI Act Explorer

    Each of the three core tools covers a different layer of the regulatory stack. None requires a paid subscription for the baseline tracker view, though firms use them as client-development tools, so update cadence and depth of legal commentary vary.

    Tool Publisher Geographic scope Best use for a research office Cost
    US State AI Governance Legislation Tracker IAPP US state legislatures Flagging new state disclosure/consumer-protection bills affecting AI-assisted research tools Free
    AI Watch: Global Regulatory Tracker White & Case US, EU, UK, China and other core markets Cross-jurisdiction horizon-scanning for institutions with international partners Free
    AI Act Explorer Future of Life Institute (artificialintelligenceact.eu) European Union Locating the exact article/annex governing a specific AI use case before procurement sign-off Free
    Artificial Intelligence Legislation Database National Conference of State Legislatures (NCSL) US state legislatures Official-source cross-check against law-firm trackers, filterable by policy topic Free
    OECD.AI Policy Navigator OECD 80+ countries and international bodies Global baseline for institutions with funders or partners outside the US/EU Free

    Two law-firm trackers rarely agree exactly on bill status, since each applies its own inclusion criteria — the IAPP chart, for example, deliberately excludes government-only AI bills to focus on rules affecting private-sector organisations. A research office should treat the NCSL database as the authoritative cross-check whenever a law-firm tracker and an internal compliance log disagree, since NCSL draws directly from legislative records rather than curated commentary.

    How to monitor AI law without a paid GRC subscription

    A practical monitoring routine needs three components: a jurisdiction list, a check cadence, and an escalation trigger. Map the institution’s actual footprint — states where staff or partner sites are located, countries with active funder relationships, and any EU-based collaborators — against the five tools above, rather than trying to watch all 45+ US states with active bills at once.

    • Set a monthly review of the IAPP tracker and NCSL database for the institution’s home state plus any state with a satellite campus or major subcontractor.
    • Set a quarterly review of White & Case AI Watch for jurisdictions tied to international grant or publishing partners.
    • Check the AI Act Explorer whenever procuring or renewing an AI-enabled research tool from an EU-based or EU-selling vendor, since Article 53 transparency obligations for general-purpose AI providers already apply.
    • Escalate to institutional counsel the moment a tracked bill moves from “introduced” to “enacted” in a jurisdiction on the footprint list — status changes, not initial filings, are the actionable signal.

    This cadence substitutes staff time for the subscription cost of a commercial GRC platform. It will not catch everything a paid legal-intelligence service would, but it closes the gap between “no monitoring” and “monitoring proportionate to institutional risk,” which is the realistic target for most research offices.

    Which AI rules actually affect grant compliance and procurement

    Not every tracked bill is relevant to a research office. The ones that matter cluster into two categories: funder-facing disclosure requirements and vendor/procurement obligations. On the funder side, publishers already require disclosure of generative-AI use in manuscript preparation under guidance from bodies such as ICMJE and COPE — a policy layer that sits alongside, not inside, the legislative trackers above, and one research offices should monitor through authorship policy channels rather than a legislation tracker.

    On the procurement side, the EU AI Act’s general-purpose AI model obligations — applicable since 2 August 2025 — require providers to maintain technical documentation and, for systemic-risk models, conduct model evaluations; institutions procuring AI research tools from in-scope vendors should expect updated contract terms reflecting this. Separately, under Article 57 of Regulation (EU) 2024/1689, each EU member state must establish at least one national AI regulatory sandbox operational by 2 August 2026 — a detail the AI Act Explorer surfaces clearly but general news coverage rarely mentions, and one that matters to institutions running EU-based pilot deployments of AI research tools.

    In the US, state consumer-protection style AI bills increasingly impose obligations on “deployers” as well as developers — meaning an institution using a third-party AI tool, not just the vendor that built it, can carry compliance obligations. This is the single most consequential fact a research office should extract from the state trackers: deployer obligations mean procurement due diligence, not just vendor selection, is now a compliance function.

    Common questions research administrators ask

    Are there any regulations on AI?

    Yes. There is no comprehensive federal AI statute in the United States, but individual US states have enacted targeted laws, the European Union’s AI Act (Regulation (EU) 2024/1689) is in force with phased obligations through 2027, and dozens of other jurisdictions maintain sector-specific or principles-based AI policy frameworks tracked by the OECD.

    Does Europe have AI regulations?

    Yes. The EU AI Act is the first comprehensive AI-specific legal framework, entering into force on 1 August 2024. Prohibited-practice rules applied from February 2025, general-purpose AI model obligations from August 2025, and most high-risk system requirements apply from August 2026 onward.

    Where are the AI regulations?

    AI rules are distributed across national statutes, EU regulation, and US state legislatures rather than one source — which is precisely why trackers such as IAPP’s state chart, White & Case’s AI Watch, and the AI Act Explorer exist: each consolidates one layer of a fragmented, multi-jurisdiction landscape into a single reference point.

    The regulatory landscape a research office must monitor will keep expanding rather than consolidating: more US states are expected to move bills from “introduced” to “enacted” through 2026 and 2027, and the EU AI Act’s remaining compliance deadlines run to August 2027. A footprint-mapped, tiered-cadence monitoring routine built on these five free trackers is a realistic, sustainable substitute for a paid GRC subscription — provided it is reviewed and re-scoped as the institution’s own AI use, partnerships and procurement expand.

  • Pro-Innovation AI Regulation: Three Years On

    A pro-innovation approach to AI regulation delivered exactly what its title promised for UK research institutions: no new AI regulator, no statutory duty, and continued reliance on existing bodies. Three years on, universities gained substantial research funding and an AI sandbox model, but the dedicated AI Act many assumed would eventually follow has still not arrived — even as the EU quietly loosens its own.

    A pro-innovation approach to AI regulation is the UK government’s March 2023 white paper setting out a non-statutory, principles-based framework in which existing sector regulators — rather than a new central AI authority — apply five cross-sectoral principles to AI use within their own remits.

    What the white paper actually promised research institutions

    Published by the Department for Science, Innovation and Technology on 29 March 2023, the white paper explicitly rejected an EU-style AI Act. Instead, it committed to five non-statutory principles — safety, security and robustness; appropriate transparency and explainability; fairness; accountability and governance; and contestability and redress — for regulators to interpret within existing remits.

    For research institutions, three commitments mattered most: a central government function to monitor cross-cutting AI risk, AI “sandboxes” allowing controlled real-world testing, and an explicit acknowledgement that foundation models developed or fine-tuned inside universities would fall under the same principles as commercial deployments. The paper also floated a fallback: if voluntary compliance proved insufficient, government reserved the option to introduce a statutory duty requiring regulators to have regard to the principles.

    What has materialised, three years on

    Judged against its own text, the framework has been substantially delivered — but the research-funding side of the ledger moved faster and further than the regulatory side.

    2023 white paper commitment Status by mid-2026 Detail
    Five non-statutory principles applied by existing regulators Delivered ICO, CMA, FCA and Ofcom apply the principles via the Digital Regulation Cooperation Forum; no new central AI regulator was created
    Central risk-monitoring function Delivered, narrowed The AI Safety Institute launched in November 2023 was renamed the AI Security Institute in February 2025, with bias and fairness work explicitly dropped from its remit
    AI sandboxes for controlled testing Delivered via new vehicle Cross-economy AI sandboxing powers now sit in the Regulating for Growth Bill, announced in the May 2026 King’s Speech, rather than in standalone AI legislation
    Statutory duty on regulators (fallback option) Not introduced No statutory duty to regard the principles has been legislated; the non-statutory model remains in force
    Research funding to build AI capability Delivered and exceeded UKRI committed £80 million to nine AI research hubs (February 2024) and £117 million to 12 AI Centres for Doctoral Training training around 900 PhD students, plus up to £60 million for two further labs at Oxford and UCL
    Dedicated AI Act Not delivered As of July 2026, no AI Bill has been laid before Parliament by government

    The research-funding commitments arguably over-delivered relative to the white paper’s own modest framing, which discussed capability-building only in general terms. The regulatory commitments, by contrast, tracked the white paper almost exactly: light-touch, sector-led, and still without primary legislation.

    Does the UK have an AI Act yet?

    No. The House of Commons Library’s research briefing, last updated 10 June 2026, states plainly that “the UK does not have any AI-specific regulation or legislation covering AI as a technology” — AI is instead regulated only through the lens of whatever sector or use case it appears in.

    The clearest signal of intent came in the May 2026 King’s Speech, where government introduced the Regulating for Growth Bill rather than a standalone AI Act. The Bill creates cross-economy sandboxing powers — explicitly covering AI-enabled products and services — and strengthens regulators’ existing “growth duty.” This is the 2023 white paper’s sandbox-and-existing-regulators architecture, carried into the one piece of legislation government did choose to bring forward, rather than superseded by it.

    The contrast with the EU sharpened rather than narrowed in 2026. Under the Digital Omnibus on AI, agreed by the Council and Parliament on 7 May 2026 and formally endorsed on 16 and 29 June 2026, the EU deferred applicability of high-risk obligations for standalone Annex III AI systems from 2 August 2026 to 2 December 2027 — a sixteen-month delay — and for product-embedded Annex I systems to 2 August 2028. The bloc that legislated first is now easing its own timetable in the same direction the UK chose from the start: slower, more sector-specific, less prescriptive. For research institutions running UK-EU collaborative projects, this means the compliance gap between the two regimes has narrowed in practice even as it remains wide in principle — EU partners still face a statutory Act; UK partners still do not.

    Answer-first Q&A

    Is there any regulation on AI in the UK?

    Yes, but not AI-specific regulation. AI use is governed by existing sectoral law — UK GDPR and the Data Protection Act for data processing, equality law for discrimination, and regulator guidance from the ICO, CMA, FCA and Ofcom applying the white paper’s five principles within their own remits.

    What are the guidelines for AI in the UK?

    The core guidelines are the white paper’s five cross-sectoral principles: safety, transparency, fairness, accountability and contestability. Regulators translate these into sector guidance; the ICO’s AI guidance and UKRI’s generative-AI guidance for grant applications and peer review are two research-relevant examples.

    Does the UK have any laws on AI?

    The UK has no AI-specific statute. AI-related legal obligations instead arise from existing frameworks — data protection, product safety, equality and sector regulation — applied to AI as a use case, a position the Commons Library confirmed again in its June 2026 briefing.

    What is the AI legislation in 2026?

    The main 2026 development is the Regulating for Growth Bill, announced in the King’s Speech, which creates cross-economy AI sandboxing powers and strengthens regulators’ growth duty. It is not a dedicated AI Act and does not replace the 2023 white paper’s non-statutory model.

    What this means for research administrators

    For institutions managing research integrity, ethics review and international collaboration, the practical position has not changed since 2023: there is still no single AI compliance regime to point to. Research offices assessing AI use in grant applications, peer review or data processing must continue mapping obligations across data protection, funder policy and sector guidance individually, rather than against one statute.

    • UKRI’s generative-AI guidance for grant applications and peer review remains the most directly applicable research-specific rule set.
    • The AI Security Institute’s narrowed remit means bias and fairness concerns in research AI tools sit with the ICO and funders, not a national safety body.
    • Cross-border projects with EU partners should track the Digital Omnibus’s revised 2027–2028 timetable separately from any UK sandbox rollout under the Regulating for Growth Bill.
    • No statutory duty exists yet requiring UK regulators to apply the five principles consistently, so guidance can still vary by sector and by regulator.

    The verdict, three years on

    The 2023 white paper’s central bet — that voluntary, principles-based, regulator-led governance would prove durable rather than a stopgap before statute — has held. Government has repeatedly reaffirmed rather than abandoned that bet, most recently by routing AI sandboxing through the Regulating for Growth Bill instead of standalone legislation. Research institutions received the funding side of the promise in full and then some; they received the regulatory side almost exactly as written, for better or worse. Whether that remains defensible depends on what the EU’s now-softening Act ends up looking like once its delayed obligations finally bite in December 2027 — at which point the UK’s three-year wait for clarity may look either prescient or merely prolonged.

    Research administrators tracking these obligations alongside authorship, funder mandates and evolving research-integrity standards can find related context in CASRAI’s research administration resources.