Cross-border AI law comparison

United States (federal) vs United Kingdom

How AI regulation in United States (federal) and United Kingdom compares — the laws in force, penalty exposure, deadlines, and what each regime asks of businesses.

By Asım Ünlü · Founder

Published Jun 1, 2026Reviewed Jun 24, 2026

Verdict

United Kingdom has the more comprehensive AI-regulation regime than United States (federal)

Based on the breadth of laws in force, penalty exposure, and enforcement status — not a substitute for legal advice.

United States (federal)

State-led (no federal Act)

Penalty: Varies by state & agency; up to $5,000/day per violation (California)

Deadline: Rolling — state deadlines through 2026–2027

⚖️ No comprehensive federal AI statute

⚖️ State AI laws (CA SB 942, CO SB 205, IL HB 3773, TX TRAIGA)

+1 more

View full United States (federal) guide →

United Kingdom

In Effect (no dedicated AI Act)

Penalty: Up to GBP £17.5M or 4% of global turnover (ICO, under UK GDPR/DPA 2018)

Deadline: Rolling implementation

⚖️ Pro-innovation AI regulation framework (2023 White Paper)

⚖️ Data (Use and Access) Act 2025

+2 more

View full United Kingdom guide →

Side-by-side comparison

Dimension

United States (federal)

United Kingdom

Status

State-led (no federal Act)

In Effect (no dedicated AI Act)

Max penalty

Varies by state & agency; up to $5,000/day per violation (California)

Up to GBP £17.5M or 4% of global turnover (ICO, under UK GDPR/DPA 2018)

Key deadline

Rolling — state deadlines through 2026–2027

Rolling implementation

# of instruments

Headline rule

No comprehensive federal AI statute

Pro-innovation AI regulation framework (2023 White Paper)

What it requires

The US has no single federal AI law. Binding obligations come from a patchwork of state statutes — California, Colorado, Illinois, Texas and others — overlaid with sectoral federal enforcement by the FTC, EEOC, CFPB and FDA. Multistate operators must comply with the strictest applicable state rule.

The UK has deliberately not enacted an EU-style AI Act. Instead, five non-statutory principles are applied by existing sector regulators — the ICO for data protection, the FCA for financial services, Ofcom for online safety. The AI Security Institute (renamed from the AI Safety Institute in February 2025) oversees frontier-model risk, and the Data (Use and Access) Act 2025 reformed the rules on automated decision-making. A comprehensive government AI Bill has been signalled for 2026 but is not yet before Parliament.

Related comparisons

US vs EU US vs CN EU vs UK UK vs CA US vs CA JP vs KR EU vs CN AU vs SG

Operating across borders?

Most companies face more than one of these regimes at once. Explore the full guides or compare US states side by side.

United States (federal) guide →Compare US states →

Editorial standards

Anchored to the primary government source (statute, bill text, or agency rule) and verified directly against it. See our methodology.

Primary sources · United States (federal) & United Kingdom

↗congress.govhttps://www.congress.gov
↗ftc.govhttps://www.ftc.gov/business-guidance/blog/2023/02/keep-your-ai-claims-check
↗aisi.gov.ukhttps://www.aisi.gov.uk/
↗ico.org.ukhttps://ico.org.uk/about-the-ico/what-we-do/legislation-we-cover/data-use-and…
↗bills.parliament.ukhttps://bills.parliament.uk/bills/3942