US and EU reject delays on AI regulations despite industry pushback

Major AI regulations on both sides of the Atlantic cleared significant hurdles in July, with the US defeating a proposed moratorium on state-level AI rules while the EU rejected calls to delay enforcement of its AI Act. These developments signal a decisive shift toward responsible AI innovation with stronger guardrails, fundamentally reshaping compliance strategies for companies operating in global markets.

What you should know: The US federal mega bill became law on July 1 without a controversial 10-year moratorium that would have banned enforcement of state-level AI regulations.

• The moratorium was originally included due to AI tech companies’ frustrations with the patchwork of state regulations across different jurisdictions.
• States like California, Colorado, and New York can now continue developing their own AI safeguards without federal interference.
• The White House’s new AI Action Plan released on July 23 links federal funding to state AI laws deemed “burdensome” or “restrictive to innovation,” but doesn’t define these terms and is unlikely to affect well-funded states like California and New York.

Meanwhile in Europe: The European Commission formally rejected the “stop the clock” doctrine favored by technology lobbyists, maintaining the original enforcement timeline for the EU AI Act.

• The Commission published the Code of Practice for General-Purpose AI Models last Thursday, further cementing its commitment to the regulatory timeline.
• Some AI Act requirements are already being enforced, including AI literacy requirements and rules on prohibited AI use cases.
• Additional requirements become enforceable on August 2nd, with particular focus on rules for general-purpose AI providers like generative AI model companies.

The compliance impact: These regulatory developments create a cascading effect throughout AI value chains, affecting not just direct providers but any company using generative AI models and systems.

• The EU’s Code of Practice, crafted by 13 independent experts and reviewed by over 1,000 stakeholders, covers safety and security, copyright, and transparency requirements.
• Companies must redesign their third-party risk management practices for AI providers to ensure compliance across their technology stack.
• Multinationals operating internationally must navigate both US regulatory decentralization and EU enforcement reinforcement simultaneously.

What companies should do: Risk and compliance professionals need to adapt their strategies to handle this new regulatory landscape.

• Continue monitoring state AI laws in the US, tracking proposals, implementation dates, and compliance timeframes for regulations like New York’s RAISE Act.
• Use the EU AI Act’s risk pyramid framework as a foundation for building trustworthy AI systems, incorporating robust data privacy, security, governance, and risk management practices.
• Assess AI use-case risks systematically, as this requirement appears across multiple regulatory frameworks and serves as a cornerstone for effective compliance programs.