AI Regulation

Governments worldwide are seeking approaches and taking measures to ensure a sustainable and reliable evolution into the era of AI. The landscape of AI regulations changes rapidly, and many different approaches exist. This makes keeping up with the developments rather challenging. To this end, some commercial organizations provide regularly updated overviews as an online service (e.g., the company White & Case). In 2024, the CIPM Forum "Metrology and Digitalization" Task Group on AI took a snapshot of the state of international regulation and prepared an analysis from the perspective of metrology (to be published soon).

The OIML DTG Subgroup for guidance on AI with this website seeks to provide some guidance and general overview on aspects in AI regulation.

Examples

In the European Union, artificial intelligence is governed by a dual framework focused on safety and accountability. The centerpiece is the EU AI Act (Regulation (EU) 2024/1689), the world’s first comprehensive regulation managing AI development and deployment. It establishes a tiered risk classification system, imposing the most stringent compliance and transparency requirements on "high-risk" AI systems to protect public safety and fundamental rights. Complementing this proactive legislation is the EU AI Liability Directive, proposed in 2022, which aims to harmonize liability rules across member states. By significantly reducing the burden of proof for victims, this proposed directive ensures that individuals who suffer damage caused by AI systems have a clear, actionable path to seek legal redress.

The United Kingdom has adopted a decentralized, context-driven strategy as outlined in its policy statement, "Establishing a pro-innovation approach to regulating AI" Rather than enacting a single, rigid AI law, the UK framework empowers existing sector-specific regulators (such as those overseeing healthcare, finance, or competition) to apply a set of adaptable, cross-sectoral principles to AI applications within their respective domains. Concurrently, the UK government has taken a proactive global leadership role in addressing the risks of advanced foundational models. This includes hosting the landmark global AI Safety Summit and establishing the state-backed AI Safety Institute (AISI), a dedicated body tasked with rigorously evaluating and testing the capabilities and potential risks of frontier AI systems before and after they are deployed.

In June 2024, the Government of Australia published a national framework for the assurance of AI in government (Source). This framework is based on a set of ethics principles for artificial intelligence, first published in 2019. The framework is also aligned with a consultation process in 2023 for the development of guidelines and regulation to ensure safe use of AI in high-risk scenarios whilst keeping AI developments in low-risk settings unimpeded.

The government of Japan published the AI Governance Guidelines in 2022 with non-binding recommendations for AI operators and developers implementing AI principles. These recommendations are based on the 2019 published guidelines for social princples and a human-centric AI, which also fed into the OECD recommendations on AI. Overall, the Japanese approach is to encourage businesses to voluntarily build and assess their own internal AI oversight structures. The governement's guidelines provide a practical, risk-based toolkit for AI developers and operators to collaboratively manage ethical concerns—such as fairness, privacy, and security—while maximizing the positive, human-centric benefits of AI technology on society.

In China, multiple regulatory bodies share responsibility for overseeing AI, but the Cyberspace Administration of China (“CAC”) is the primary and lead authority for regulating AI. National standards, such as JJF 2378-2026 : System Framework and Application Guidelines of Digital Metrology form the basis for regulation. In October 2025 a new article was added to the Cybersecurity Law of the People's Republic of China.‌ The article specifically addresses the security and development of artificial intelligence, stating that the state will support fundamental theoretical research and key technology R&D in AI, advance infrastructure construction including training data resources and computing power, improve ethical guidelines, strengthen risk monitoring, assessment, and security supervision, and promote the healthy application and development of AI. At the same time, the use of AI and other new technologies to innovate cybersecurity management and enhance the level of cybersecurity protection is also supported. The amended Cybersecurity Law officially took effect on ‌January 1, 2026‌.

In Canada the approach to AI governance is to bridge public sector accountability with a legislative push for the private sector. Within the government, federal institutions are mandated under the Directive on Automated Decision-Making to use the Algorithmic Impact Assessment (AIA) tool prior to deploying AI. The Canadian government published an open-source questionnaire to calculate the potential impact of an automated system on citizens, prescribing specific transparency, peer-review, and risk-mitigation measures based on the result. For the broader economy, Canada has proposed the Artificial Intelligence and Data Act (AIDA) under Bill C-27 to establish a nationwide legal framework that mandates rigorous safety, transparency, and data governance protocols for "high-impact" AI systems, while also leveraging voluntary codes of conduct to quickly address the rapid advancement of generative AI.