A new presidential administration in the U.S. rescinded its predecessor's executive order on AI safety this week, while the European Union will begin enforcing its own new regulations beginning next month, potentially putting multinational companies in a regulatory bind.

Amid a flurry of fresh executive orders from the Trump administration as it took over this week came the rescinding of others made by the Biden administration, including Executive Order 14110 of Oct. 30, 2023, on Safe, Secure and Trustworthy Development and Use of Artificial Intelligence. The order had called for federal data privacy legislation, among other requirements for trustworthy AI systems and safety standards, tasking NIST to create a risk management framework for generative AI and update its Secure Software Development Framework (SSDF) to encompass generative AI and foundation models.

At the same time, the first two chapters of the European Union's Artificial Intelligence Act will enter enforcement Feb. 2, with several more entering enforcement Aug. 2, and further restrictions on what the legislation calls high-risk AI systems will go into effect in August 2027. The initial restrictions include a list of prohibited AI practices, such as certain uses of biometric and facial recognition data. By the August deadline, providers and deployers that don't comply with the prohibition on AI practices could be subject to administrative fines of up to 35 million euros ($36.7 million) or up to 7% of their total worldwide annual turnover for the preceding financial year.

For now, action on AI safety in the U.S. might fall to state and local governments, along with efforts by private sector groups such as the Cloud Security Alliance's AI Safety Initiative and the Coalition for Secure AI.

"Global organizations face a riddle wrapped in a mystery inside an enigma," said Katell Thielemann, an analyst at Gartner, in an email to Informa TechTarget this week. "This leaves them with few good options besides looking for the common denominators that cross most requirements, while at the same time finding ways to experiment and innovate to remain competitive. ... But this is the new reality for the foreseeable future, as harmonization is unlikely anytime soon."

EU AI Act: Too much, too soon? Some industry analysts said they were concerned that a regulation such as the EU AI Act looks to deploy controls against a technology that is still so nascent and rapidly evolving, it's difficult to know what will even be relevant in a matter of a few months. "Let's say a year or two ago you'd developed a regulation limiting the size of a large language model -- by now, that would be completely, spectacularly wrong, because the technology is evolving that fast," said Steven Dickens, principal analyst at HyperFrame Research. "It's so nascent, nobody knows where it's going to go, which is scary for regulators, and quite rightly so -- it's really scary for the world -- but a bit of a 'wait and see' might not be a bad thing." Another analyst said he was particularly concerned about sections of the EU law that apply to AI systems designated high-risk, most of them set for enforcement by 2027. These sections require risk management, data governance and technical documentation practices that might be hard to follow, especially when developers use third-party AI services, according to Rob Strechay, an analyst at TheCube Research. "Devs and their companies that plug in an API from an AI platform-as-a-service [tool] could get in trouble with the law" under these provisions, he said. Other sections of the EU AI Act pertaining to high-risk systems call for notifications to the European Commission about noncompliant systems, including "the information necessary for the identification of the non-compliant AI system, the origin of the AI system and the supply chain." However, there aren't yet standards or industry consensus on some key aspects of AI supply chain security, such as model and data provenance and signing, according to a paper published by Google engineers in April 2024. There are economic and cybersecurity downsides to the EU's approach to regulation as well, said Chris Hughes, chief security adviser at software supply chain security company Endor Labs and CEO at Aquia, a cloud and cybersecurity digital services firm. "The EU's approach already has some companies avoiding the EU market, or not releasing specific products and features to the EU market," Hughes said. "Which may impact not just consumers, but economic prosperity and national security in some cases, especially as we see the tie between commercial technology and national security increasingly intertwined."