https://www.techtarget.com/searchenterpriseai/feature/AI-regulation-What-businesses-need-to-know
AI is quickly proving to be one of the most disruptive and powerful technologies of the 21st century. AI agents, systems and platforms now enable businesses to apply vast amounts of historical and real-time data to make precise decisions, find relationships and opportunities, spot anomalies and create dynamic content on demand. AI can bolster enterprise security, improve business efficiency, drive revenue and vastly enhance customer experiences.
But there are downsides to these exciting capabilities. AI can hallucinate and exhibit bias. It can perform unexpected actions and be easily used for a wide range of malicious purposes. AI's faults can expose a business and its brand to compliance and legislative violations. Poor AI behaviors are often costly to executives, the organization and ultimately the customers or users. Just consider the life-threatening implications of a medical AI tool making improper diagnoses, recommending incorrect procedures or failing to note critical drug interactions.
With the rapid evolution in AI capabilities, there's a growing need for regulations that govern AI. Regulations can foster ongoing AI innovation while managing and mitigating potential risks.
The regulation of artificial intelligence establishes policies and laws intended to govern the creation and use of AI systems. While many industry verticals, such as the healthcare or financial industries, sponsor and support the creation of standards or governance principles, the broad adoption and powerful capabilities of AI demand regulation by the public sector, namely government bodies.
AI regulation can involve numerous areas of business operations, including the following:
AI regulations can be created, implemented and enforced at most public sector levels, including state/province, federal/national or regional levels such as the EU, Organization for Economic Co-operation and Development (OECD) or African Union. Governing bodies are racing to understand and stay ahead of the ever-accelerating development of AI. In the U.S., federal agencies introduced 59 AI-related regulations in 2024 -- more than twice the number introduced in 2023, according to Stanford University's 2025 AI Index Report. Further, the Business Software Alliance (BSA) reported that U.S. states considered almost 700 legislative proposals covering a range of issues related to AI in 2024, compared to just 191 bills in 2023.
Ideally, the purpose of AI regulation is to foster the development of AI and its supporting technologies while establishing legal frameworks and safeguarding the rights, freedoms and safety of users. Common benefits of AI regulation can promote the following:
Despite the potential benefits of AI regulation, business leaders and government policymakers must also carefully consider the challenges facing AI regulation, including the following:
AI regulation in the U.S. is currently fragmented, with no overarching or comprehensive federal legislation to guide or limit AI development. U.S. AI regulation in 2026 encompasses a mix of executive orders (EO), existing laws, policies from individual federal agencies and state-level legislation.
President Biden, for example, signed EO 14110 for "Safe, Secure and Trustworthy Development and Use of Artificial Intelligence" in October 2023. The order was intended to address various AI issues, such as standards for critical infrastructure, AI-enhanced cybersecurity and federally funded biological synthesis projects. In effect, it seemed that federal regulation was coming. President Trump, however, repealed the Biden executive order in January 2025, suggesting the current administration's choice to deregulate AI in support of innovation over guardrails.
At the federal agency level, agency leaderships have issued guidance and position statements on AI. For example, the U.S. Department of Justice, Federal Trade Commission and other agencies issued a joint statement in 2023 asserting that current legal frameworks, such as those for consumer protection and civil rights, apply to AI systems and will be vigorously enforced.
State legislatures are taking varied measures to meet the regulatory challenges of AI, but the resulting patchwork of state-by-state laws can be difficult to navigate. Some states adopt broad and comprehensive laws, while others attempt to target specific AI issues. Examples of state-level AI regulation include the following:
From an international perspective, many countries are considering, enacting and implementing AI regulations primarily pertaining to AI safety, responsible AI and legal liabilities. Several examples of AI regulations outside the U.S. include the following:
Other nations are developing policies and considering the creation of AI legislation, including Finland, Germany, Brazil, Columbia, Israel and New Zealand.
AI regulation will pose challenges for global organizations in 2026 and beyond. Regulation is expected to drive responsible AI initiatives, platforms and processes, but the national demands and conflicting interests of AI will create enormous friction.
By 2026, half of national governments will enact and enforce the use of responsible AI through new regulations, updated policies, and data security and privacy measures. Emerging regulations will require AI developers to prioritize AI ethics, transparency, explainability and data privacy in their AI systems. AI governance will become a mandated element of all worldwide sovereign AI laws and regulations by 2027, Gartner reported.
Gartner predicted 35% of countries will be locked into region-specific AI platforms using proprietary contextual data by 2027, resulting in a serious fragmentation of the AI landscape due to political and technical issues. Organizations will need to localize their AI systems and adapt to the pressures of strong regional regulations, prevailing languages and local culture, Gartner reported.
Although AI regulation is still in its infancy, it's clear that many states, provinces, regions, nations and nation-state collectives will ultimately develop and implement AI legislation -- even those that refrain from AI-specific legislation will update current laws to include AI. This fierce fragmentation might force multinational companies to meet dozens of specific compliance and auditing requirements or risk hefty fines and legal sanctions.
As local, national and regional governments scramble to enact AI regulations into 2026 and beyond, the biggest problem for businesses will be weighing the benefits and potential opportunities of regulation against the possible costs and challenges that regulation imposes. But failure to comply is not an option. Violating AI regulations will expose businesses to scrutiny by regulators, legislators, customers and the broader public, leading to serious financial, legal and brand reputation risks.
Organizations that can demonstrate and document compliance with emerging AI regulations can use adherence as a competitive differentiator in the market. According to Gartner, 75% of AI platforms will incorporate strong AI governance and TRiSM (trust, risk and security management) capabilities by 2027.
AI regulation is here, and more regulation is forthcoming as AI continues to expand its capabilities, enter new industries and affect everyday life. Businesses can ease the challenges of tomorrow's AI regulations by embracing the following best practices today:
Business leaders can ease the integration of new AI regulations by establishing a strong governance posture now. Create clear AI policies that detail the ethical and responsible use of AI. Establish data security and privacy guidelines in relation to AI use. Understand where and how AI is used across the organization by taking inventory of AI agents, systems and platforms. Build an AI governance group that includes regulatory, data science, technology and business leaders within the organization.
The goals are to manage data, build trust and demonstrate integrity. Start with comprehensive data controls such as data minimization, end-to-end data encryption and data anonymization technologies to ensure sensitive information is safeguarded. Ensure that machine learning models and AI systems preserve human-in-the-loop operation and remain fully transparent and explainable -- the cornerstones of many key AI regulations. Establish and refine methodologies for testing and evaluating AI systems on key regulatory issues, including bias, fairness, accuracy and performance.
Global companies will need to understand and comply with many different AI regulations. Participate in AI forums such as the CNAS AI Governance Forum. Follow the development, ratification and enforcement of new and changing regulations and carefully consider how to adjust current regulatory preparations to new AI regulations.
Regulations often include audit requirements to demonstrate compliance. Keep careful documentation of AI processes, workflows and controls. Understand how that documentation maps into audits. Undertake routine test audits to validate preparedness and build confidence in prevailing audit processes. Review audit guides and recommendations, such as the AI Auditing Checklist for AI Auditing from the European Data Protection Board, as well as tools like Complyance that can help audit AI systems.
Invest in regular employee education programs on AI regulations, compliance requirements, ethical and responsible AI use, AI best practices and AI incident response protocols.
Stephen J. Bigelow, senior technology editor at TechTarget, has more than 30 years of technical writing experience in the PC and technology industry.
05 Jan 2026
