The United States is only one piece of the AI-regulation map, and for most enterprises it is not even the strictest piece. The European Union now operates under the world's first comprehensive AI statute. The United Kingdom is rolling out a pro-innovation, sector-by-sector framework anchored by its AI Security Institute. South Korea's AI Basic Act took effect in January 2026, and Japan passed its AI Promotion Act in 2025. China already enforces a stack of generative-AI and content-labeling rules. Canada's federal AIDA bill lapsed in early 2025, while Australia, Singapore, and Brazil each sit at a different point between voluntary frameworks and pending legislation. Any business serving customers across borders eventually has to track three or four jurisdictions in parallel, not just one.
This page covers the major non-US jurisdictions — the EU AI Act, the UK, Canada, China, Japan, South Korea, Australia, Singapore, and Brazil — with deep links into each region. 15 EU member states are tracked individually for country-specific enforcement quirks; each non-EU country has its own national page.
By Asım Ünlü · Last verified
Global AI law news
Updated June 23, 2026Recent coverage of international AI governance — the UN, OECD, G7, and cross-border regulation. Aggregated automatically; follow each link for the full story.
Coverage from GlobeNewswire on AI legislation and regulation relevant to jurisdictions worldwide.
Coverage from unfoundation.org on AI legislation and regulation relevant to jurisdictions worldwide.
Coverage from The American Bazaar on AI legislation and regulation relevant to jurisdictions worldwide.
Coverage from CNN on AI legislation and regulation relevant to jurisdictions worldwide.
Coverage from UNESCO on AI legislation and regulation relevant to jurisdictions worldwide.
European Union — the EU AI Act
The EU AI Act is the first horizontal AI statute anywhere in the world. It came into force in August 2024 with phased deadlines: prohibitions on unacceptable-risk AI took effect February 2025, general-purpose-AI obligations kicked in August 2025, and the headline high-risk regime activates August 2, 2026. Penalties climb to €35 million or 7% of global annual turnover — whichever is higher. Any provider, deployer, importer, or distributor putting an AI system on the EU market is in scope, regardless of where the company is headquartered. National regulators in each member state coordinate enforcement: BfDI in Germany, CNIL in France, AESIA in Spain, DPC in Ireland, and so on. We track 15 member states with country-specific enforcement notes, sector overlays, and intent pages.
Per-country pages cover the national supervisory authority, AI Act sandboxing programmes, and the GDPR overlay each member state applies. Plus checklist, fines, requirements, and deadline intent pages for every country.
United Kingdom — pro-innovation, sector-by-sector
Post-Brexit, the UK deliberately rejected a single AI Act in favour of a context-specific approach: existing regulators (the ICO for data protection, the FCA for financial services, the MHRA for medical devices, Ofcom for online safety) apply AI principles within their own remit. The AI Safety Institute, established in 2023, oversees frontier-model risk — the UK's de-facto equivalent of the EU's general-purpose-AI tier. The Data Protection and Digital Information Bill extends accountability requirements around automated decision-making. ICO fines for AI-related GDPR breaches reach £17.5 million or 4% of global turnover. There is no single deadline calendar; obligations roll in as sector regulators publish guidance.
Pro-innovation AI regulation framework (2023 White Paper), Data (Use and Access) Act 2025, UK GDPR & Data Protection Act 2018, Online Safety Act 2023. Penalty exposure: Up to GBP £17.5M or 4% of global turnover (ICO, under UK GDPR/DPA 2018).
Canada — no federal AI Act (AIDA lapsed)
Contrary to common reporting, Canada has no enacted federal AI statute. The Artificial Intelligence and Data Act (AIDA), part of Bill C-27, died when Parliament was prorogued in January 2025 and has no successor as of 2026. AI is instead governed indirectly: PIPEDA (the federal private-sector privacy law) covers personal data used in AI; the Treasury Board Directive on Automated Decision-Making requires federal agencies to run algorithmic impact assessments; and provincial laws — most notably Quebec's Law 25 — require businesses to disclose automated decisions, explain the logic, and offer a right to human review. The strongest enforceable penalty today is Quebec's: up to C$25 million or 4% of global turnover.
PIPEDA — Personal Information Protection and Electronic Documents Act, Treasury Board Directive on Automated Decision-Making, Quebec Law 25 (Loi 25), Bill C-27 / AIDA — lapsed at prorogation, Jan 2025. Penalty exposure: No federal AI-specific penalty; Quebec Law 25 up to CAD $25M or 4% of global turnover.
Asia-Pacific & Latin America
Beyond Europe and North America, the regulatory picture varies sharply. China already enforces binding generative-AI and content-labeling rules. South Korea's AI Basic Act took effect in January 2026, and Japan's AI Promotion Act became law in 2025. Australia and Singapore rely on voluntary frameworks for now, while Brazil's risk-based AI bill is pending in its Chamber of Deputies. Each has its own dedicated page with the applicable laws, penalties, and official sources.
Australia's AI Ethics Principles (2019, voluntary). Penalty: No AI-specific penalty; Privacy Act 1988 up to A$50M, 3× benefit, or 30% of adjusted turnover for serious breaches.
AI Promotion Act — Act on the Promotion of R&D and Utilization of AI-Related Technologies (2025). Penalty: No AI-specific penalty (promotion statute); APPI up to ¥100M for corporations on a PPC-order breach.
Interim Measures for the Management of Generative AI Services (effective Aug 15, 2023). Penalty: No fixed fine in the Generative AI Measures; violations enforced via Cybersecurity Law, Data Security Law and PIPL (warnings, rectification, service suspension).
Basic Act on the Development of AI and Establishment of Trust (AI Basic Act, effective Jan 22, 2026). Penalty: Administrative fines up to KRW 30 million.
Model AI Governance Framework, 2nd ed. (IMDA/PDPC, 2020). Penalty: Frameworks voluntary; PDPA up to S$1M or 10% of Singapore annual turnover (whichever is higher).
PL 2338/2023 — Marco Legal da IA (Senate-approved Dec 2024, pending in the Chamber of Deputies). Penalty: PL 2338 (if enacted) up to 2% of Brazilian revenue, capped at BRL 50M per infraction; the LGPD already applies the same cap.
Digital Personal Data Protection Act, 2023 (DPDP Act) — enacted; rules pending. Penalty: DPDP Act: data-protection penalties up to ₹250 crore (~US$30M) per instance.
UAE National Strategy for Artificial Intelligence 2031. Penalty: PDPL administrative fines set by Cabinet decision; DIFC fines up to US$100,000+ per contravention.
Personal Data Protection Law (PDPL) — Royal Decree M/19 of 2021, amended 2023. Penalty: PDPL: fines up to SAR 5M (doubling for repeat offences) and up to 2 years' imprisonment for unlawful sensitive-data disclosure.
If a jurisdiction critical to your operations isn't yet covered, our feedback page is the fastest way to flag a request.
How we track non-US AI law
Each non-US entry links back to the relevant statute or official guidance — EUR-Lex for EU AI Act articles, the European Commission's digital strategy portal for delegated acts, national data protection authority sites for enforcement, the ICO and AI Security Institute for the UK, the CAC for China, METI for Japan, and the originating parliament or regulator for each other jurisdiction. We re-verify country pages whenever an authority issues new guidance or a legislature passes implementation legislation. This page is not legal advice; it is a navigational reference for multi-jurisdictional compliance teams.
US-based?
Most US businesses still need to track state-by-state AI rules first. EU coverage is mainly for companies with European customers or operations; UK and Canada matter if you serve those markets or run distributed teams.