AI laws worldwide — global coverage beyond the United States
The United States is only one piece of the AI-regulation map, and for most enterprises it is not even the strictest piece. The European Union now operates under the world's first comprehensive AI statute. The United Kingdom is rolling out a pro-innovation, sector-by-sector framework anchored by its AI Safety Institute. Canada is phasing in AIDA, mandating impact assessments for high-impact AI. Australia, Japan, Singapore, South Korea, and Brazil are each in the late drafting stages of their own regimes. Any business serving customers across borders eventually has to track three or four jurisdictions in parallel, not just one.
This page summarises the three frameworks our coverage spans today — EU AI Act, UK, and Canada — with deep links into each region. 15 EU member states are tracked individually for country-specific enforcement quirks; UK and Canada each have a single national page.
By the AI Law Tracker Editorial Team · Last verified
European Union — the EU AI Act
The EU AI Act is the first horizontal AI statute anywhere in the world. It came into force in August 2024 with phased deadlines: prohibitions on unacceptable-risk AI took effect February 2025, general-purpose-AI obligations kicked in August 2025, and the headline high-risk regime activates August 2, 2026. Penalties climb to €35 million or 7% of global annual turnover — whichever is higher. Any provider, deployer, importer, or distributor putting an AI system on the EU market is in scope, regardless of where the company is headquartered. National regulators in each member state coordinate enforcement: BfDI in Germany, CNIL in France, AESIA in Spain, DPC in Ireland, and so on. We track 15 member states with country-specific enforcement notes, sector overlays, and intent pages.
Per-country pages cover the national supervisory authority, AI Act sandboxing programmes, and the GDPR overlay each member state applies. Plus checklist, fines, requirements, and deadline intent pages for every country.
United Kingdom — pro-innovation, sector-by-sector
Post-Brexit, the UK deliberately rejected a single AI Act in favour of a context-specific approach: existing regulators (the ICO for data protection, the FCA for financial services, the MHRA for medical devices, Ofcom for online safety) apply AI principles within their own remit. The AI Safety Institute, established in 2023, oversees frontier-model risk — the UK's de-facto equivalent of the EU's general-purpose-AI tier. The Data Protection and Digital Information Bill extends accountability requirements around automated decision-making. ICO fines for AI-related GDPR breaches reach £17.5 million or 4% of global turnover. There is no single deadline calendar; obligations roll in as sector regulators publish guidance.
UK AI Safety Framework, Data Protection Act 2018, Online Safety Act. Penalty exposure: Up to GBP £17.5M or 4% of global turnover (ICO).
Canada — AIDA and the federal AI Strategy
Canada's Artificial Intelligence and Data Act (AIDA), part of Bill C-27, creates the first federal AI statute in North America. It phases in through 2025–2026, focusing on "high-impact" AI systems — those used in employment, lending, biometric identification, healthcare, and public services. Companies must conduct algorithmic impact assessments, publish plain-language descriptions of automated systems, and notify users when AI is in the loop. Penalties reach C$25 million or 5% of global revenue. PIPEDA, Canada's federal privacy law, continues to apply in parallel; provincial laws (Quebec's Law 25, Ontario's proposed AIDA-style rules) add another layer. The Office of the Privacy Commissioner and Innovation, Science and Economic Development Canada (ISED) share enforcement.
AIDA — Artificial Intelligence and Data Act, PIPEDA. Penalty exposure: Up to CAD $25M or 5% of global revenue.
Other jurisdictions on the radar
Several major economies have published AI guidance or draft legislation that we are watching but do not yet have dedicated pages for. Australia's voluntary AI Ethics Framework is moving toward mandatory guardrails for high-risk settings. Singapore's Model AI Governance Framework v2 emphasises testing and transparency for generative AI. Japan's AI Governance White Paper takes a soft-law approach with sector regulators. South Korea passed the AI Basic Act in late 2025. Brazil's AI Bill of Rights is in the legislative pipeline. If a jurisdiction is critical to your operations and isn't yet covered, our feedback page is the fastest way to flag a request.
How we track non-US AI law
Each non-US entry links back to the relevant statute or official guidance — EUR-Lex for EU AI Act articles, the European Commission's digital strategy portal for delegated acts, national data protection authority sites for enforcement, ICO and AISI for the UK, and ISED Canada for AIDA. We re-verify country pages whenever an authority issues new guidance or a member state passes implementation legislation. This page is not legal advice; it is a navigational reference for multi-jurisdictional compliance teams.
US-based?
Most US businesses still need to track state-by-state AI rules first. EU coverage is mainly for companies with European customers or operations; UK and Canada matter if you serve those markets or run distributed teams.