The EU's Risk-Based Approach
The European Union built its AI framework around risk tiers, the higher the potential harm of an AI use case, the stricter the requirements. Systems used in hiring, credit scoring, or law enforcement face heavy obligations around transparency and human oversight, while low-risk applications like spam filters face almost none. The philosophy is precautionary: regulate based on potential harm before problems show up at scale.
The United States' Sector-by-Sector Approach
Rather than one comprehensive AI law, the US has generally regulated AI through existing sector rules, financial regulators overseeing AI in lending, health regulators overseeing AI in medical devices, and so on, supplemented by state-level rules that vary considerably. This produces a patchwork that can be more flexible for innovation but less predictable for companies operating across multiple states.
China's State-Directed Model
China's approach combines active state support for AI development with specific, mandatory rules around content, particularly requirements that generative AI outputs align with core values and that synthetic media be clearly labeled. Algorithm providers in certain categories must register with regulators, reflecting a model where the state maintains close, direct oversight over how AI shapes public information.
Where Most Frameworks Actually Agree
- Transparency for synthetic media. A growing global consensus that AI-generated images, audio, and video should be labeled or watermarked.
- High-risk use cases deserve extra scrutiny. Nearly every framework treats hiring, lending, healthcare, and law enforcement AI more strictly than low-stakes uses.
- Human oversight for consequential decisions. Most rules require a human to be able to review or override significant automated decisions.
What This Means for Builders
For anyone building AI products with an international audience, the practical takeaway is that compliance cannot be an afterthought bolted on at launch. Data handling, transparency disclosures, and risk classification often need to be designed in from the start, since retrofitting a product for a stricter jurisdiction later is far more expensive.
It also means the safest long-term bet is building toward the strictest reasonable standard rather than the loosest one, since regulation in this space has moved in one direction, toward more oversight, not less, in nearly every major market over the past few years.
The Open Question
None of these frameworks have fully settled how to handle the fastest-moving parts of the field, autonomous agents that take real-world actions, and models capable of assisting with genuinely dangerous tasks. Expect continued, fairly rapid amendment to these rules as the technology itself keeps moving, rather than a single stable rulebook settling in anytime soon.
Key Takeaways
- The EU regulates AI by risk tier, the US mostly through existing sector rules, and China through direct state oversight of content and providers.
- Despite different philosophies, most frameworks agree on labeling synthetic media and requiring human oversight for high-stakes decisions.
- Compliance needs to be designed into a product from the start, not retrofitted after launch.
- Regulatory trends have moved toward more oversight, not less, across nearly every major market.
- The fastest-moving areas, autonomous agents and dual-use capabilities, remain the least settled parts of the regulatory picture.