Insights From AI Legislative Debates

💡The EU AI Office’s recent stakeholder consultation reveals just how complex regulating artificial intelligence in Europe will be. The report, based on 88 detailed questions, makes clear that the definition of an #AIsystem in the #AIAct is too vague. Bussiness stakeholders, civil society organisations and a handful of citizens all agree that terms like inference, autonomy and adaptiveness need urgent clarification. Many fear that AI Act could end up capturing ordinary software tools, from spreadsheet macros to basic statistical models, if the language isn’t tightened.. 📍Even more sensitive are the AI practices that the Act seeks to prohibit outright. The report highlights growing anxiety around manipulative, deceptive or subliminal techniques, especially those used in biometric categorisation, social scoring and predictive policing. Respondents warned that without concrete examples and clearer thresholds for significant harm, the line between prohibited manipulation and permisinle persuasion (particularly in marketing) will remain too blurry. 📍Article 5(1)(f) of the AI Act, which prohibits the use of emotion recognition in law enforcement, border control, workplace and education, triggered intense debate. While many welcomed the ban in these high-risk contexts, the consultation revealed widespread uncertainty about its scope. Stakeholders raised doubts about what exactly constitutes emotion recognition, how to differentiate it from other affective computing tools, and whether the ban applies only to real-time analysis or also to retrospective assessments. There were also concerns about borderline use cases-such as customer service bots or stress monitoring tools-that could indirectly infer emotional states. Without clearer definitions and enforcement criteria, respondents warned, the provision risks becoming either toothless or overbroad. 📍Data privacy professionals will recognise the alarm bells. From untargeted scraping of facial images to the unchecked expansion of biometric databases, stakeholders voiced deep concerns about mass surveillance and weak safeguards. The need to better align the AI Act with the #GDPR came up repeatedly, especially where facial recognition and personal data are involved. Many flagged the risk that AI systems could exploit vulnerable groups—children, the elderly, low-income communities—and called for context-sensitive guidance and stricter oversight. 🔹For #compliance officers and #privacy teams, the message is sobering. The Act’s high-level principles are in place, but its day-to-day meaning remains contested. If the EU wants the regulation to work in practice, especially for SMEs, it must now deliver clear, workable guidance. This consultation shows where the pain points are and where trust in AI Act will be lost or won.

Diving Deep into State AI Legislation: CT SB 2 vs. CA AB 2930 In the realm of fast-paced AI legislation, and tech policy generally, sometimes opinions form faster than facts. Amidst the chatter, it's crucial we delve into the concrete details of these bills and understand the fundamental approaches lawmakers are taking towards AI regulation. So I wanted to share my substantive comparative chart between two leading state AI bills: CT SB 2 and CA AB 2930. Key Insights: - Scope: Though CT SB 2 covers “high-risk AI systems” that produce consequential decisions similar to AB 2930’s “automated decision tools,” SB 2 also applies to generative AI and has specific provisions for artificial intelligence, broadly, and general-purpose AI. - Structural Approach: Both bills generally follow a similar approach for developer and deployer obligations that include impact assessments, AI governance programs, and disclosures. However, CT SB 2 does not include consumer rights and contains notable deviations in scope and substance that have material effects, such as tying governance program requirements to the NIST AI RMF. - Anti-Discrimination: Both bills adopt a similar definition of “algorithmic discrimination”, but CT SB 2 may have stronger overall anti-discrimination provisions due to its requirements to reasonably foresee an “increased risk” of unjustified differential treatment and report to the state Attorney General. - Transparency: CT SB 2 novelly requires any developer or deployer of any artificial intelligence system that is intended to interact with consumers to notify consumers of such interaction with an AI system. - Enforcement: Though neither bill creates a private right of action, CA AB 2930 creates stronger enforcement mechanisms by allowing civil actions by other state attorneys while CT SB 2 has more affirmative defenses and rebuttable presumptions of compliance.  Neither bill is flawless, but would love to hear from folks: What did I get wrong? What's missing from the comparison? What's your take?

A thoughtful new contribution to Australia’s AI policy debate has just landed. The Tech Policy Design Institute (TPDi) has released its 'From AI Sovereignty to AI Agency' Discussion Paper and AI Agency Tool and it’s one of the clearer, more structured interventions we’ve seen on this topic. I participated in the consultation earlier this year, and it’s encouraging to see that feedback feeding into a even more refined evidence-based framework. What I appreciate most is the shift away from the loose language of “AI sovereignty” toward something far more workable and based in reality: AI agency. Because the reality is this: Australia is not going to own every layer of the AI supply chain and pretending otherwise distracts from the strategic choices we actually need to make. Where we can lead is in building the capability to act independently, make informed decisions, reduce critical dependencies, and use our strengths (like trusted governance, credible regulation, research depth, and international partnerships) to shape outcomes that align with Australian values. The AI Agency Tool breaks the AI ecosystem into 101 capabilities across infrastructure, data, models, innovation, skills and governance, and then maps not only our maturity, but also our agency, leverage and global scarcity across each area. It’s genuinely practical. It also forces a more honest view of where Australia sits in the global AI value chain: 1️⃣ We will always rely on foreign frontier models. 2️⃣ We hold real leverage in critical minerals, high-trust governance and world-class research. 3️⃣ Our gaps in public-sector compute, model development and skills pipelines remain real constraints. Optionality, not total self-sufficiency, should be the goal. This is the value of “AI agency”: having the skills, governance, domestic capability and diversified partnerships needed to steer outcomes in a global system we don’t control end-to-end. It’s a much more realistic and strategically useful way to think about our role. For anyone working across AI governance, regulation, policy or digital transformation, the tool provides a clearer way to answer the question that actually matters: Where should Australia build, where should we partner, and where should we lead? I’d strongly encourage people across government, industry and civil society to engage with the Discussion Paper and share their perspectives. The framework will only get stronger with diverse input and these choices will shape Australia’s trajectory for years to come. Brilliant work Johanna Weaver & Zoe Jay Hawkins and team! Link in the comments below. #AIAgency #AIStrategy #AIGovernance #AIPolicy #TechPolicy #DigitalGovernment #AustraliaTech #ResponsibleAI #AIRegulation #AIEcosystem #NationalSecurity #DigitalStrategy #FutureOfAI #AUSpol #AUSinnovation

Last week, the European Commission’s Joint Research Centre released a series of externally conducted studies on general-purpose AI models. Although these reports do not officially represent the Commission’s views, they could shape the technical foundations for how the AI Act’s GPAI provisions are interpreted and implemented in practice. I took a deep dive into these dense studies and identified several notable insights. For example, the researchers propose a methodology grounded in cognitive psychology to determine whether an AI system qualifies as general-purpose. They also suggest technical criteria for assessing when a model has been modified so substantially that it should be considered a “new” one. The studies further explore three factors that, beyond compute thresholds, could be used to classify a GPAI model as having “systemic risk”: safety benchmarks, reach, and high-impact capabilities. While the researchers recommend setting thresholds in these areas, they leave the task of drawing the line to regulators. More broadly, the studies signal a potential shift in interpreting the GPAI rules from a capacity-based perspective toward one focused on a model’s propensity to cause harm. They also outline a graduated compliance system, introducing procedural tiers for assessing and managing risk. My full analysis on MLex.

The UK is approaching a policy decision that will shape how two of its most valuable economic sectors interact for the next decade. A new House of Lords report on AI, Copyright and the Creative Industries highlights a growing tension between two sectors that are both economically significant but reliant on what many see as mutually exclusive conditions for their survival: The UK’s creative industries generate around £124 billion in gross value added, supporting about 2.4 million jobs across music, film, publishing, design and digital media. Economically these sectors depend on enforceable intellectual property rights and predictable licensing frameworks. Meanwhile Artificial intelligence is expanding rapidly. Recent estimates suggest AI firms now attract around a third of UK venture capital, and the technology is forecast to add hundreds of billions of pounds to the UK economy over the coming years. The conflict between these two industries centres on how generative AI models are being trained; with large datasets frequently and demonstrably including copyrighted material, leading creators to argue that their work is being absorbed into training pipelines without consent or compensation. The Lords committee concludes that the current framework leaves creators unacceptably exposed. It calls for stronger transparency obligations around training data and a licensing‑led approach so AI developers use copyrighted material through structured commercial agreements. That contrasts with earlier government proposals for wide‑ranging text and data mining exceptions to support AI development, many of which were later rolled back after backlash from the creative sector. Parliament is now being asked to finally decide where the balance between these two economic systems should sit. The government will be expected to respond formally to the Lords report within the next couple of months, but what happens after that is far less certain... On past evidence, only a minority of these types of committee recommendation are fully accepted and implemented, while more structural proposals like this one typically take years to turn into policy. However, given the strong public scrutiny on this subject, the Lords’ report crystallises a policy choice the UK can no longer postpone: how to balance a large, IP‑based creative economy with rapidly scaling AI models reliant on this type of content for their training. It reframes the debate away from slogans about “pro‑innovation regulation” and towards the practical design of transparency duties, licensing mechanisms and the recognition of long established text‑and‑data‑mining rules, seeking to square the circle of supporting both investment in AI and sustainable creative labour markets. The question remains; how can the UK design these rules so that both AI developers and creative workers see a genuine upside, rather than one sector being used to subsidise the other?

The European Union is shaping one of the most ambitious digital regulatory frameworks in the world. The AI Act, Data Act, Data Governance Act and the GDPR together aim to balance innovation, transparency and fundamental rights. The recent study “Interplay between the AI Act and the EU Digital Legislative Framework”, written for the European Parliament’s ITRE Committee by Hans Graux, Krzysztof G. ,Nayana Murali, Jonathan Cave and Maarten Botterman provides one of the clearest analyses of how these frameworks overlap, complement and sometimes contradict each other. The central insight is simple yet powerful: Europe does not lack regulation. It lacks coherence. 🔍 The key overlaps AI Act and GDPR ✔️Both frameworks are risk-based, yet they approach risk differently. ✔️The AI Act encourages the use of sensitive data to detect or mitigate bias, which may conflict with Article 9 of the GDPR restricting such processing. ✔️Data subject rights like access, rectification or erasure become technically complex when applied to machine learning models. AI Act and Data Act ✔️The Data Act focuses on data access and sharing, while the AI Act prioritises data quality, representativeness and traceability. ✔️What is legally shareable under the Data Act might not always meet the technical and ethical requirements of the AI Act. ✔️Government access mechanisms under both Acts can overlap without clear coordination. ✔️Obligations around cloud switching in the Data Act could interfere with the audit trails required for AI compliance. AI Act and Data Governance Act (DGA) ✔️The DGA establishes trusted frameworks for data intermediaries and data altruism. ✔️These mechanisms can build a culture of trustworthy and transparent data sharing across Europe. ✔️When properly aligned with the AI Act, they can strengthen access to reliable and ethically sourced data for AI development. ✔️Governance structures such as the European Data Innovation Board could play a vital role in supporting the AI Office and ensuring consistent oversight. 💭 My Take The AI Act should not be seen as an isolated piece of regulation but as part of a broader legal ecosystem connecting data, algorithms, and human values. Understanding this interplay is essential for transforming compliance into trust, innovation, and competitive advantage. A must-read for anyone shaping or implementing European AI governance.

AI is shaping decisions in South Africa. There is no AI law yet. Yesterday, the Minister updated Parliament on the National AI Policy. Here’s what actually matters. 𝟏. 𝐖𝐞 𝐚𝐫𝐞 𝐨𝐩𝐞𝐫𝐚𝐭𝐢𝐧𝐠 𝐢𝐧𝐬𝐢𝐝𝐞 𝐚 𝐫𝐞𝐠𝐮𝐥𝐚𝐭𝐨𝐫𝐲 𝐠𝐚𝐩. AI is already used in: • Finance • Recruitment • Healthcare • Media • Government systems Yet formal policy may only land around 2027/28. So algorithms are influencing real-world outcomes before the guardrails are fully built. Are we comfortable with that? 𝟐. 𝐃𝐚𝐭𝐚 𝐢𝐬 𝐭𝐡𝐞 𝐫𝐞𝐚𝐥 𝐩𝐨𝐰𝐞𝐫. The debate wasn’t about robots. It was about: • Who owns the data • Where it is stored • Who controls the compute • Whether infrastructure sits locally or overseas Because whoever controls the data infrastructure controls the leverage. This isn’t just digital policy. It’s economic sovereignty. 𝟑. 𝐖𝐞 𝐰𝐚𝐧𝐭 𝐀𝐈 𝐬𝐨𝐯𝐞𝐫𝐞𝐢𝐠𝐧𝐭𝐲. 𝐖𝐞 𝐫𝐞𝐥𝐲 𝐨𝐧 𝐟𝐨𝐫𝐞𝐢𝐠𝐧 𝐢𝐧𝐟𝐫𝐚𝐬𝐭𝐫𝐮𝐜𝐭𝐮𝐫𝐞. Most of South Africa’s data centres are privately owned. Government wants stronger local capacity. But we still depend heavily on global technology providers. That tension will define the next decade. Can we realistically build local strength while relying on global platforms? 𝟒. 𝐉𝐨𝐛𝐬 𝐚𝐫𝐞 𝐭𝐡𝐞 𝐞𝐦𝐨𝐭𝐢𝐨𝐧𝐚𝐥 𝐟𝐚𝐮𝐥𝐭 𝐥𝐢𝐧𝐞. Yes, AI will automate roles. Yes, it will create new ones. But here’s the uncomfortable question: Are we reskilling at the speed of disruption? If adoption outpaces reskilling, inequality widens. If reskilling keeps pace, productivity rises. Which path are we currently on? 𝟓. 𝐈𝐧𝐟𝐫𝐚𝐬𝐭𝐫𝐮𝐜𝐭𝐮𝐫𝐞 𝐝𝐞𝐜𝐢𝐝𝐞𝐬 𝐞𝐯𝐞𝐫𝐲𝐭𝐡𝐢𝐧𝐠. AI runs on compute. Compute runs on power. Power runs on infrastructure. Electricity stability. Broadband access. Affordable data. Without those, AI strategy is theory. 𝟔. 𝐑𝐞𝐠𝐮𝐥𝐚𝐭𝐢𝐨𝐧 𝐦𝐮𝐬𝐭 𝐚𝐯𝐨𝐢𝐝 𝐭𝐰𝐨 𝐞𝐱𝐭𝐫𝐞𝐦𝐞𝐬. Overregulate — and you slow innovation. Underregulate — and you expose citizens. Finding the middle path is harder than it sounds. Especially in an economy still trying to grow. 𝟕. 𝐋𝐚𝐧𝐠𝐮𝐚𝐠𝐞 𝐢𝐬 𝐥𝐞𝐯𝐞𝐫𝐚𝐠𝐞. If AI systems are trained mostly in English, millions are excluded from full participation. In an AI-driven economy, language determines access. Access determines opportunity. Opportunity determines mobility. Let’s say this plainly. AI is not just a technology conversation. It is a power conversation. Right now, algorithms influence: • Who gets shortlisted • How credit risk is assessed • Which businesses receive funding • How public services are prioritised The real risk isn’t automation. The real risk is becoming consumers in a system we don’t shape. So here’s the question: Should South Africa focus on rapid AI adoption? Or on AI ownership? Because they are not the same strategy. I’m interested in where you stand.

The White House just released its National Policy Framework for AI, a set of legislative recommendations to Congress that signals where federal AI regulation is heading. The biggest theme is preempting the patchwork quilt of state-level AI regulations that has been forming across the country. The framework explicitly calls for Congress to preempt state AI laws that impose undue burdens, replacing fifty discordant standards with a single national one. The argument is that AI development is inherently interstate with national security implications, and fragmented state regulation threatens U.S. competitiveness. Seven pillars in total, here's what stands out: Federal preemption with guardrails - States would retain police powers for general laws (child protection, fraud, consumer protection) and authority over their own AI procurement and use. But states would not be permitted to regulate AI development itself, or penalize developers for a third party's unlawful conduct with their models. No new federal AI regulator - The framework explicitly says Congress should not create any new rulemaking body for AI. Instead, it pushes sector-specific oversight through existing regulators and industry-led standards. Innovation over restriction - The tone is unmistakable, AI dominance is framed as a national imperative. Open federal datasets for training, streamlined permitting for AI infrastructure, resources for SMBs to deploy AI tools. Child safety as the leading priority - It's pillar one, age assurance requirements, parental controls, limits on data collection for minors, and protections against deepfake exploitation. States explicitly retain enforcement authority here. IP handled carefully - The administration believes AI training on copyrighted material doesn't violate copyright but acknowledges the debate, and punts to the courts. Congress is told not to interfere with judicial resolution of fair use questions. Free speech protections - Congress should prevent government from coercing AI providers to alter content based on partisan agendas, with redress mechanisms for censorship. Workforce development - Non-regulatory approach, expand AI training in existing education and apprenticeship programs, study workforce realignment, and bolster land-grant institutions. The implications are significant. For organizations navigating AI compliance today, the signal is that federal standards will eventually supersede the growing patchwork of state laws. For AI developers, the framework is explicitly pro-innovation, no new regulators, no new licensing requirements for development itself. The open question is whether preemption without strong federal requirements creates a floor or just removes the ceiling. The framework is clear on what it doesn't want, fragmented state regulation. It's less specific on the affirmative obligations that would replace it. All interesting stuff.. now to see what actually becomes legislation.

I'm halfway through my Arcadia Impact AI Governance Taskforce Fellowship, I’ve been tracing how U.S. states are filling the federal vacuum on AI—and the growing battle between regulation and innovation. Four early movers are defining the landscape: • Utah: light-touch transparency + AI “learning lab” for experimentation • Colorado: rights-based liability for “high-risk” systems (NIST/ISO aligned) • Texas: sandbox + intent-based liability framed as “responsible innovation” • California: tried to go big with SB 1047 (“frontier model safety”), but industry pushback reframed the debate—innovation over existential risk and the narrower SB 53 advanced—preserving transparency, harm testing, and whistleblower protections Across states, familiar messages repeat: • “Innovation vs. stagnation” beats “safety vs. risk.” • Delay and “technical infeasibility” arguments blunt tougher mandates. • Incremental, build-on-existing-law approaches endure; sweeping reforms don’t. It’s a fascinating proxy war shaping the future of AI governance—and 2026 will be a wild year as these laws come into force. What messaging do you think resonates most with lawmakers? Where have you seen the balance between innovation and oversight actually hold? #AIGovernance #AIRegulation #ArcadiaImpact #Policy #TechLaw

Extraordinary detailed analysis from the master of the AI Act herself, Dr. Laura Caroli, showing with surgical precision just how fundamentally different the EU AI Act and the state AI bills in the US are, focusing on the prominent recent example of the Virginia bill. This on CSIS blog is a must read for anyone following in AI legislation at state level here in the US.💯 “Whatever the fate of the state bills on algorithmic discrimination currently on the table (…), it needs to be made clear that for the most part these are only proposing very light obligations compared to the EU AI Act. Stating the opposite and sounding the alarm for companies is simply factually incorrect. Rather, it should be made clear that the United States, including at state level, currently prefers to actively pursue AI development and adoption, setting out very light responsibilities for companies and minimal protections for citizens. That is a legitimate choice, but it is the opposite of what Europe strove to do with its AI regulation.” Must read: https://lnkd.in/gzDYcur6 #AIAct #AILegislation #AIGovernance