News Image

Navigating Global Trends In AI Regulation

Action Steps For Companies

The accelerating capabilities of generative artificial intelligence (GenAI), including large language models (LLM), as well as systems using real-time geolocation data, facial recognition and advanced cognitive processing, have pushed AI regulation to the top of policymakers’ inboxes.

It isn’t simple. In Europe, for example, while some member countries wanted to liberalise the use of facial recognition by their police forces, the European Union (EU) Parliament wanted to impose tight restrictions as part of the AI Act, resulting in marathon negotiations before a compromise agreement could be found. In another debate on AI legislation, the Indian Ministry of Electronics and IT published a strong statement in April 2023, opting against AI regulation and stating that India “is implementing necessary policies and infrastructure measures to cultivate a robust AI sector, but does not intend to introduce legislation to regulate its growth”. Yet, in May 2023, the IT Minister announced India is planning to regulate AI platforms like ChatGPT and is “considering a regulatory framework for AI, which includes areas related to bias of algorithms and copyrights”. Similarly, while the United States (US) is not likely to pass new federal legislation on AI any time soon, the Executive Order issued by the Biden administration in October 2023 emphasised concerns for safety, security and civil rights as key considerations in the federal procurement of AI, and regulators like the Federal Trade Commission (FTC) have responded to public concerns about the impact of GenAI, by opening expansive investigations into some AI platforms.

AI is transforming a diverse range of industries from finance and manufacturing to agriculture and healthcare, by enhancing their operations and reshaping the nature of work. AI is enabling smarter fleet management and logistics, optimising energy forecasting, creating more efficient use of hospital beds by analysing patient data and predictive modelling, improving quality control in advanced manufacturing, and creating personalised consumer experiences. It is also being adopted by governments that see its ability to deliver better service to citizens at lower cost to taxpayers. With global private sectors investing in AI, the investment levels are now 18 times higher than in 2013. AI is potentially a powerful driver of economic growth and a key enabler of public services.

However, the risks and unintended consequences of GenAI are also real. A text-generation engine that can convincingly imitate a range of registers is open to misuse; voice-imitation software can mimic an individual’s speech patterns well enough to convince a bank, workplace or friend. Chatbots can cheat at tests. AI platforms can reinforce and perpetuate historical human biases (for example, based on gender, race or sexual orientation), undermine personal rights, compromise data security, produce misinformation and disinformation, destabilise the financial system and cause other forms of disruption globally. The stakes are high.

Legislators, regulators and standard setters are starting to develop frameworks to maximise AI’s benefits to society while mitigating its risks. These frameworks need to be resilient, transparent and equitable. To provide a snapshot of the evolving regulatory landscape, the EY organisation (EY) has analysed the regulatory approaches of eight jurisdictions: Canada, China, the EU, Japan, Korea, Singapore, the United Kingdom (UK) and the US. The rules and policy initiatives were sourced from the Organisation for Economic Co-operation and Development (OECD) AI policy observatory and are listed in the appendix to the full report.


Recognising that each jurisdiction has taken a different regulatory approach, in line with different cultural norms and legislative contexts, there are six areas of cohesion that unite under the broad principle of mitigating the potential harms of AI while enabling its use for the economic and social benefit of citizens. These areas of unity provide strong fundamentals on which detailed regulations can be built.

  1. Core principles. The AI regulation and guidance under consideration is consistent with the core principles for AI as defined by OECD and endorsed by the G20. These include respect for human rights, sustainability, transparency and strong risk management.
  2. Risk-based approach. These jurisdictions are taking a risk-based approach to AI regulation. What that means is that they are tailoring their AI regulations to the perceived risks around AI to core values like privacy, non-discrimination, transparency and security. This “tailoring” follows the principle that compliance obligations should be proportionate to the level of risk (low risks mean no or very few obligations; high risks mean significant and strict obligations).
  3. Sector-agnostic and sector-specific. Because of the varying use cases of AI, some jurisdictions are focusing on the need for sector-specific rules, in addition to sector-agnostic regulation.
  4. Policy alignment. Jurisdictions are undertaking AI-related rulemaking within the context of other digital policy priorities such as cybersecurity, data privacy and intellectual property protection, with the EU taking the most comprehensive approach.
  5. Private-sector collaboration. Many of these jurisdictions are using regulatory sandboxes as a tool for the private sector to collaborate with policymakers to develop rules that meet the core objective of promoting safe and ethical AI, as well as to consider the implications of higher-risk innovation associated with AI where closer oversight may be appropriate.
  6. International collaboration. Driven by a shared concern for the fundamental uncertainties regarding the risks to safety and security posed by powerful new generative and general-purpose AI systems, countries are pursuing international collaboration towards understanding and addressing these risks.


Other factors to consider in AI policy development include:

  • Ensuring regulators have access to sufficient subject matter expertise to successfully implement, monitor and enforce these policies
  • Ensuring policy clarity, if the intent of rulemaking is to regulate risks arising from the technology itself (for example, properties such as natural language processing or facial recognition) or from how the AI technology is used (for example, the application of AI in hiring processes) or both
  • Examining the extent to which risk management policies and procedures, as well as the responsibility for compliance, should apply to third-party vendors supplying AI-related products and services

In addition, policymakers should, to the extent possible, engage in multilateral processes to make AI rules among jurisdictions interoperable and comparable, in order to minimise the risks associated with regulatory arbitrage that are particularly significant when considering rules governing the use of a transnational technology like AI.


For company leaders, understanding the core principles underlying AI rules, even if those rules may not presently apply to them, can serve to instil confidence by customers and regulators in their use of AI and thereby potentially provide a competitive advantage in the marketplace. It can also help companies anticipate the governance needs and compliance requirements that may apply to their development and use of AI, making them more agile.

Based on the identified trends, there are at least three actions businesses can take now to remain a step ahead of the rapidly evolving AI regulatory landscape:

  1. Understand AI regulations that are in effect within the markets in which you operate. You can align your internal AI policies with those regulations and any associated supervisory standards.
  2. Establish robust and clear governance and risk management structures and protocols as well as, to the extent where appropriate, accountability mechanisms to enhance how you manage AI technologies.
  3. Engage in dialogue with public-sector officials and others to better understand the evolving regulatory landscape, as well as to provide information and insights that might be useful to policymakers.

For governance approaches to strike the right balance between government oversight and innovation, it’s important that companies, policymakers and other stakeholders engage in open conversations. All these parties are testing the waters and working to find new possibilities that are being enabled by AI. New rules will be needed. Fortunately, as our review shows, there is wide agreement among countries on the foundational principles to govern the use of AI. At this unique moment of possibility and peril, now is the time to cooperate on turning those principles into practice.


As GenAI begins to transform industries, global policymakers are enacting legislation aimed at optimising the opportunities while mitigating the risks of the technology.

This article was written by Nicola Morini Bianzino, EY Global Chief Technology Officer; Marie-Laure Delarue, Global Vice Chair, Assurance; Shawn Maher, EY Global Vice Chair, Public Policy; and Ansgar Koene, EY Global AI Ethics and Regulatory Leader; with contributions by Katie Kummer, Global Deputy Vice Chair, Public Policy; and Fatima Hassan-Szlamka, Associate Director, Global Public Policy. It was first published on the EY Global website. Republished with permission.

Loading spinner