A Comparative Analysis of Artificial Intelligence Regulation in the European Union, United Kingdom, United States and China

By Daniel Green

Abstract

May 2026 marks a regulatory turning point in the governance of Artificial Intelligence (AI). Companies such as OpenAI and Nvidia now dominate large segments of the global economy and have made rapid progress towards developing Artificial General Intelligence (AGI), a form of AI intended to perform intellectual tasks at a level comparable to a human across a broad range of fields. Unlike narrow AI systems, which are designed to perform specific tasks such as image recognition, language translation or strategic game-playing, AGI is envisaged as capable of applying reasoning and learning fluidly across disciplines in the way a human expert might, without being confined to a predefined domain. The challenge facing world leaders today echoes that posed by the digital revolution of the early 2000s: how to regulate a transformative and fast-evolving industry capable of both significant harm and significant benefit. The extent to which AI will develop, whether a market bubble exists, or whether the technology will exceed current expectations all remain open questions. What is clear is that different legislative choices will fundamentally shape how AI is used across different jurisdictions, and that legal systems will need to adapt accordingly. This article examines those choices in Europe, the United Kingdom, the United States and China, and considers what each model offers in political, economic and social terms.

The European Union: A Risk-Based Legislative Model

The EU’s principal legislative instrument is the EU AI Act (Regulation (EU) 2024/1689) [1](the Act), which establishes a regulatory regime built around three risk categories: unacceptable risk, high risk, and limited risk. [2] The framework offers clarity, proportionality and some room for innovation, though it also leaves gaps in how risk is defined for particular models, how category boundaries are drawn, and how enforcement applies to military use. The Act expressly excludes military and national security applications from its scope, a carve-out that has attracted sustained criticism from civil society and academic commentators as representing a structural gap in the framework’s coverage, given that military AI systems are among the most consequential in terms of potential harm. [3]

Systems in the unacceptable risk category are banned outright. These are systems that the legislature has determined pose so fundamental a threat to the values underpinning EU law that their deployment cannot be justified by any countervailing benefit. Examples include social scoring systems that evaluate individuals based on their behaviour or personal characteristics, AI used to manipulate individuals through subliminal techniques that bypass conscious decision-making, real-time biometric surveillance systems deployed indiscriminately in public spaces, and voice-activated toys directed at children that encourage dangerous behaviour. These prohibitions reflect a considered legislative judgment that certain uses of AI are categorically incompatible with fundamental rights, though commentators have noted that the harm thresholds attached to some prohibitions may limit their practical reach. [4]

The Act further provides a limited exception for law enforcement, which is distinct from and operates alongside the unacceptable risk designation. [5] This carve-out permits the deployment of real-time remote biometric identification systems in public spaces for the prevention of specific terrorist threats and the detection of certain serious criminal offences. This exception has drawn criticism from civil society groups including Amnesty International and the European Digital Rights network (EDRi), which argue that state-authorised biometric surveillance is incompatible with the rights to privacy and non-discrimination guaranteed by the EU Charter of Fundamental Rights. [6] Their concern is that exempting law enforcement from the Act’s strictest provisions creates a structural inequality, insulating from scrutiny the very actors most capable of infringing individual rights. [7] These objections carry some force but ultimately do not hold weight: the exception is narrow, confined to a defined list of serious criminal matters, and is subject to prior judicial or independent administrative authorisation. The safeguards in place distinguish lawful targeted deployment from the mass surveillance that critics fear, and the unacceptable risk designation remains the Act’s most important foundational commitment.

High-risk systems, being those liable to affect safety or fundamental rights adversely, are governed by a two-category framework.[8] The first covers AI components embedded in products already regulated under EU product safety legislation, such as medical devices, vehicles, aviation equipment and toys. The second covers standalone AI systems across specific sectors, including law enforcement, employment, critical infrastructure and education, which must be registered in an EU database. Scholars have questioned whether leaving preliminary risk assessment to providers’ self-assessment, without more robust ex ante oversight, provides sufficient accountability for systems that may significantly affect fundamental rights. [9]

General-purpose models such as ChatGPT and Claude fall outside the high-risk category provided they meet the Act’s transparency requirements. [10] Compliance requires, among other things, disclosure of AI-generated content, design measures to prevent illegal outputs, and published summaries of copyrighted training data. This allows companies to avoid the more demanding high-risk regime while operating within EU copyright and transparency law. Commentators have questioned whether these transparency obligations are sufficient to address the systemic risks posed by foundation models deployed simultaneously across multiple high-risk contexts, and whether the regime effectively incentivises compliance by the largest providers. [11]

On balance, the EU’s approach represents a serious legislative attempt to govern AI without stifling innovation. Scholars have noted, however, that risk-based classification systems carry their own difficulties: the line between high-risk and limited-risk categories may prove difficult to police in practice, and the framework may embed existing structural inequalities into automated decision-making where those inequalities are already present in training data. [12] These are genuine weaknesses, but they do not undermine the architecture’s foundational logic. The Act combines pro-innovation incentives with regulatory oversight and establishes enforceable safeguards without imposing blanket restrictions on development.

The United States: A Market-Led Legislative Model

The United States has taken a strikingly different direction. President Donald Trump’s Administration has placed innovation and economic competitiveness at the centre of its AI policy, resisting any move towards a comprehensive statutory framework. [13] This has channelled significant private and public investment into infrastructure such as large data centres and research facilities; something Trump fiercely advocated for during his 2024 re-election campaign.

Federal AI governance has developed primarily through Executive Orders rather than legislation, producing a decentralised regulatory landscape that favours speed and commercial freedom at the cost of consistent safety standards. Both the Biden and Trump administrations, despite their opposing political orientations, relied on executive action rather than statute as the primary instrument of AI governance, reflecting the broader difficulty Congress has faced in legislating on fast-moving technological questions. The previous administration took a more interventionist approach. President Biden’s Executive Order 14110 of October 2023 was widely regarded as the most comprehensive federal action on AI governance to that point. Its objectives included improving safety and security, protecting consumer privacy, encouraging competition and innovation, and ensuring responsible government use of AI. [14] The Order directed federal agencies to develop standards for AI safety testing, required developers of powerful AI systems to share safety test results with the government, and tasked the National Institute of Standards and Technology with establishing guidelines for evaluating AI risks. It was issued at a time of lower market competition than exists today: ChatGPT had established itself as the dominant consumer product with more than 100 million weekly users, while rivals such as Claude and Gemini had smaller user bases. [15] Biden’s framework shared the EU’s emphasis on safety standards and responsible deployment.

That changed immediately on Trump’s return to office in January 2025. Within hours of his inauguration, Trump signed Executive Order 14148, rescinding a number of prior policies including Executive Order 14110. [16] The administration characterised the earlier framework as having introduced ideological bias into AI development. Trump then issued Executive Order 14179, ‘Removing Barriers to American Leadership in Artificial Intelligence’, which directed federal agencies to align state-level policies with national goals of technological leadership and economic growth. [17] Rather than introducing regulation, the Order was explicitly designed to remove it. Agencies were instructed to identify and eliminate any existing rules or guidance that might impede AI development. The approach represented a deliberate political choice to treat AI governance as a matter of market self-regulation rather than statutory intervention.

The risks of this approach are well documented in the academic literature. Calo has argued that regulatory inaction during a technology’s formative period forecloses options later available to policymakers, and that retrospective correction of AI-related harms is both more costly and less effective than early intervention. [18] The Trump Administration’s decision to dismantle existing federal AI governance before any replacement was in place leaves a meaningful gap in safety oversight that is likely to prove difficult to fill once harms begin to accumulate.

The United Kingdom: A Principles-Led Legislative Model

Similar to the United States, the United Kingdom has seen significant political change in recent years that has shaped its approach to AI. Under the Conservative Government led by Prime Minister Sunak, the UK positioned itself as a global AI leader, hosting the world’s first AI Safety Summit at Bletchley Park in 2023. The summit produced the Bletchley Declaration, co-signed by more than 25 countries including the United States and several EU member states. [19] Sunak’s government placed a strong emphasis on innovation, arguing that a single statutory authority would be too rigid to keep pace with technological change. This light-touch philosophy ran through the 2023 White Paper, which established five cross-sectoral principles, being safety, security and robustness; appropriate transparency and explainability; fairness; accountability and governance; and contestability and redress. Rather than creating a new AI-specific regulator, the White Paper assigned responsibility to existing sectoral regulators, including the Financial Conduct Authority, the Information Commissioner’s Office and the Medicines and Healthcare products Regulatory Agency, to apply those principles within their respective domains.

The Labour Government that took office after the July 2024 general election retained this principles-based structure, maintaining the sectoral regulator model and the five-principle framework rather than replacing them with binding legislation. Prime Minister Starmer’s AI Opportunities Action Plan broadened the government’s ambitions, placing significant emphasis on expanding AI adoption across public services and building state capacity. [20]

The Government committed to maintaining AI safety capability alongside this expansion and introduced plans for regulatory experimentation, including a proposed AI Growth Lab, a cross-sector regulatory sandbox intended to allow regulators and companies to test emerging technologies in controlled conditions. Further updates followed in January 2026. One notable example was in healthcare, where approximately one third of NHS chest X-rays, amounting to around 2.4 million scans per year, are now processed with AI assistance. The government also designated five AI Growth Zones and committed up to £500 million to the Sovereign AI Unit to support domestic AI development. [21] Reflecting a wider recognition that AI governance and AI infrastructure policy must develop in tandem, the UK has also been investing heavily in data centre capacity: in April 2026, Leeds City Council unanimously approved a major Microsoft data centre development at the former Skelton Grange power station site, signalling a commitment to building the domestic infrastructure upon which AI development depends.

The UK’s regulatory framework nonetheless remains incomplete. Rather than introducing binding legislation, the government has relied on the White Paper’s principles-based approach and existing statutes, primarily the UK GDPR 2018 and the Online Safety Act 2023, to fill the governance gap. [22] The Online Safety Act 2023 is relevant in this context not only as a general content moderation framework but also specifically for its provisions addressing deepfake and synthetic media, which impose labelling obligations and platform liability in ways that overlap with regulatory approaches taken elsewhere, including in China. That point of comparison is considered further in the section below. More broadly, this reliance on existing statutes provides flexibility but leaves developers and consumers with considerable uncertainty about their legal obligations and protections. Scholars have noted that sector-by-sector approaches of this kind are vulnerable to fragmentation: the Ada Lovelace Institute has cautioned that without a statutory foundation, the UK’s framework may lack the enforcement mechanisms needed to address systemic AI harms. [23] A further weakness is that the principles-based model offers no mechanism for addressing risks that cut across sectors, such as those posed by foundation models, which do not fit neatly into any single regulatory domain and which no existing regulator has clear authority to oversee. Wolff, Lehr and Yoo have argued that AI governance frameworks that rely heavily on self-regulation and principles without binding enforcement mechanisms are likely to face significant accountability challenges, drawing on the implementation experience of GDPR as a comparator.

China: A Centralised Model

China has moved in a different regulatory direction from the Western countries discussed above, despite the parallel race towards Artificial General Intelligence (AGI), a term used to describe AI systems capable of performing intellectual tasks across a broad range of domains at a level comparable to a human, led by companies such as OpenAI and Anthropic. Generative AI, which refers to systems that produce new content in response to user prompts, has been subject to regulation in China since 2022, when the Algorithmic Recommendation Regulation was introduced to govern the recommendation systems used by social media platforms, search engines and e-commerce services. [24]

The Chinese AI market is structurally different from those in Western countries. China’s state-operated internet filtering system, known as the Great Firewall, blocks access to platforms such as ChatGPT and Claude across mainland China. The domestic market depends almost entirely on Chinese-developed alternatives, including Baidu’s Ernie Bot, Alibaba’s Tongyi Qianwen and Zhipu AI’s ChatGLM, all of which are backed by substantial state investment. The government moved against deepfake technologies in 2023 through the Deep Synthesis Regulation. [25] Deepfakes, which refer to AI-generated media that can convincingly replicate a real person’s voice, image or video, are addressed through requirements to label synthetic content, verify user identity and impose platform liability for misuse.

The centrepiece of China’s generative AI regulation is the Interim Measures for the Management of Generative AI Services, introduced in 2023. [26] Providers operating in China must ensure that generated content aligns with the values of the Chinese Communist Party and must implement safeguards against illegal or harmful outputs. China has not yet enacted a single comprehensive statute comparable to the EU AI Act, but its regulatory framework is already more prescriptive than most Western systems. The strategy also reflects deliberate industrial policy: the government has set a target of becoming a global AI leader by 2030, pursuing a dual-track model that promotes AI deployment in industry while integrating the technology into daily civilian life.[27] Creemers has argued that this combination of content control obligations and explicit industrial policy objectives is what most sharply distinguishes China’s regulatory model from those of Western jurisdictions, none of which has pursued state-directed AI development on a comparable scale. [28]

Comparative Analysis

These four models show how different political and legal systems produce different regulatory responses to the same technology. The EU has built the most comprehensive legislative framework, prioritising risk classification, fundamental rights and structured compliance obligations, at some potential cost to the pace of innovation. The UK sits between the EU and US positions. Its principles-led framework allows regulators to apply existing law flexibly and encourages experimentation through mechanisms such as regulatory sandboxes. The flexibility is there, but so is the uncertainty it creates for those seeking to understand their legal obligations. The United States has gone furthest in the market-oriented direction, with federal policy focused on sustaining technological dominance and private sector investment rather than establishing detailed safeguards. China’s approach is the most centralised, combining prescriptive content obligations with industrial strategy and giving the state direct authority over how AI is deployed across key sectors. Smuha has argued that these divergent trajectories reflect not merely technical regulatory choices but fundamentally different answers to the question of whose interests AI governance is designed to serve. [29]

One of the more instructive points of comparison concerns the treatment of deepfake technologies. China’s Deep Synthesis Regulation and the UK’s Online Safety Act 2023 address overlapping concerns: both impose labelling obligations on synthetic media, require platforms to implement safeguards against harmful content, and attach liability to providers for failures of oversight. This convergence reflects a genuine shared recognition that AI-generated media poses serious risks requiring regulatory intervention and represents a degree of convergence that practitioners and policymakers on both sides ought to take seriously. That said, the comparison should not be pushed too far. China’s provisions sit within a framework of state-directed content control whose primary purpose is political. The UK’s regime, by contrast, is built around individual rights and online safety as ends in themselves. The normative foundations are different, and this matters for how each regime is likely to develop over time. As Bradford has observed, the extraterritorial pull of rights-based regulatory frameworks tends to generate pressure for substantive convergence even where the underlying political values diverge significantly. [30] A convergence in regulatory technique does not therefore imply a convergence in regulatory purpose, and practitioners should remain attentive to that distinction.

A further point of comparison concerns the relationship between regulatory ambition and infrastructure investment. Both the UK and the United States have pursued significant data centre expansion alongside their respective AI governance frameworks, reflecting a recognition that domestic AI capacity is a prerequisite for effective regulatory leverage. The UK’s approval of the Microsoft data centre in Leeds is illustrative of a broader pattern in which AI governance and AI infrastructure policy are developing in tandem. The EU’s approach raises a different concern: the compliance burden imposed by the Act may advantage large technology companies that can absorb regulatory costs over smaller entrants, potentially consolidating market power in the hands of the firms the Act seeks to regulate. Wachter, Mittelstadt and Russell have noted that structural features of AI regulation can produce precisely these kinds of unintended distributional effects where compliance capacity is unevenly distributed across market participants.

What unites all four models is that AI governance is being built around competing priorities: innovation, economic competitiveness, civil liberties and state control. There is as yet no consensus on how those priorities should be ranked. Dafoe has suggested that sustained geopolitical competition over AI development may over time generate pressure towards shared governance norms, as the costs of uncoordinated regulation become increasingly apparent to all parties. [31] The diversity of approaches examined in this article ultimately reflects a deeper and unresolved disagreement about the role of the state, the market and the individual in governing emerging technology, a disagreement that no regulatory framework has yet resolved.

Conclusion

The four regulatory models examined in this article reflect fundamentally different answers to a common question: who bears the cost of getting AI governance wrong? The EU’s answer is that developers and deployers should bear it, through binding obligations and enforceable risk classifications. The US answer, under the current administration, is that the market should bear it. The UK has deferred the question, and China has resolved it by placing safeguarding responsibility squarely with the state.

Of these approaches, the EU AI Act is the most legally coherent and provides the strongest protection for individuals. Its risk-based architecture offers genuine legal certainty for developers and meaningful accountability for deployers. As Veale and Borgesius have argued, what distinguishes effective AI governance from mere aspiration is the presence of enforceable obligations backed by credible penalties, and on that measure, the Act outperforms its alternatives. [32] The US model’s weaknesses become clearer when considered against Calo’s argument that early regulatory intervention in emerging technologies is more effective and less costly than attempting correction once harms are established. [33] The UK’s framework, while thoughtfully designed, will not command genuine authority until backed by statute: its current reliance on principles and existing sectoral law may prove inadequate as AI capabilities increase. China’s model is internally consistent but is premised on state authority and political conformity, which places it outside any framework that Western democratic systems could or should emulate.

Whether any of these frameworks is sufficient to govern a technology that is still developing rapidly remains an open question. If AI continues to advance towards AGI, all existing regimes will face pressure to adapt. Dafoe’s suggestion that geopolitical competition may over time produce regulatory convergence, with each jurisdiction borrowing from the others, seems plausible, though the pace and form of that convergence are impossible to predict. [34] For the moment, the EU AI Act stands as the most serious attempt to answer the governance challenge that AI poses. It is not a perfect answer, but it is a legal one. That distinction matters because legal frameworks carry with them mechanisms of enforcement, accountability and judicial review; that principles and executive orders, however well-intentioned, do not. It is the institutional infrastructure, rather than the Act’s specific provisions, that gives it lasting significance. Whether that infrastructure will prove adequate as AI capabilities continue to accelerate at a rapid pace is uncertain; what seems clear is that the pace of regulatory change will need to match the pace of technological change if governance is to remain meaningful.

References:

1. Regulation (EU) 2024/1689 of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) [2024] OJ L1689.

2. European Parliament, ‘EU AI Act: First Regulation on Artificial Intelligence’ (European Parliament, 2023)<https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence> accessed 5 March 2026.

3. Regulation (EU) 2024/1689 (n 1) art 2(3); Recital 24. The Regulation expressly provides that it does not apply to AI systems used exclusively for military, defence or national security purposes, a structural gap that has drawn sustained criticism from civil society and academic commentators who argue that it leaves some of the most consequential deployments of AI outside any harmonised regulatory framework.

4. Veale and Borgesius (n 19) 97–100, noting that the prohibited practices in the Act represent the legislature’s clearest value judgments about the limits of acceptable AI deployment, but cautioning that the harm requirements attached to some prohibitions risk limiting their practical scope.

5. Regulation (EU) 2024/1689 (n 1) arts 5(1)(d)–(e). Authorisation is subject to judicial or independent administrative approval and is restricted to the prevention of specific terrorist threats and the detection or prosecution of serious offences listed in Annex II of the Act.

6. Amnesty International, ‘Surveillance and Human Rights’ (Amnesty International, 2019) <https://www.amnesty.org/en/latest/research/2019/05/surveillance-and-human-rights/> accessed 5 March 2026; European Digital Rights (EDRi), ‘The EU AI Act: A Critical Analysis’ (EDRi, 2024) <https://edri.org> accessed 5 March 2026; see also Athina Sachoulidou, ‘Harnessing AI for Law Enforcement: Solutions and Boundaries from the Forthcoming AI Act’ (2024) 15 New Journal of European Criminal Law 117, 120–122, arguing that the breadth of law enforcement exceptions in the Act risks reproducing a structural imbalance between state power and individual rights protection.

7. Athina Sachoulidou, ‘Harnessing AI for Law Enforcement: Solutions and Boundaries from the Forthcoming AI Act’ (2024) 15 New Journal of European Criminal Law 117, 120–122, arguing that the breadth of law enforcement exceptions in the Act risks reproducing a structural imbalance between state power and individual rights protection.

8. Regulation (EU) 2024/1689 (n 1) art 6; Annex III. The first group (art 6(1)) covers AI components of products already subject to EU product safety legislation; the second (art 6(2)) covers the standalone AI systems listed in Annex III, including those used in biometric identification, education, employment and critical infrastructure.

9. Veale and Borgesius (n 19) 100–104; Martin Ebers and others, ‘The European Commission’s Proposal for an Artificial Intelligence Act: A Critical Assessment by Members of the Robotics and AI Law Society (RAILS)’ (2021) 4 J 589, 596–598, arguing that the two-category high-risk framework risks being over-inclusive in some sectors and under-inclusive in others, and that leaving preliminary risk assessment to providers’ self-assessment lacks the enforcement structures needed for credible oversight.

10. Ibid Title IV (arts 50–52). Article 50 imposes disclosure obligations on providers of general-purpose AI systems, including the requirement to publish sufficiently detailed summaries of training data.

11. Veale and Borgesius (n 19) 104–106, noting that transparency obligations placed on general-purpose AI providers, while useful as a baseline, may prove insufficient to address the systemic risks posed by foundation models deployed across multiple high-risk contexts simultaneously.

12. Sandra Wachter, Brent Mittelstadt and Chris Russell, ‘Why Fairness Cannot Be Automated: Bridging the Gap Between EU Non-Discrimination Law and AI’ (2021) 41 Computer Law & Security Review 105567; Lilian Edwards and Michael Veale, ‘Slave to the Algorithm? Why a “Right to an Explanation” is Probably Not the Remedy You Are Looking For’ (2017) 16 Duke Law & Technology Review 18, 53.

13. Anu Bradford, The Brussels Effect: How the European Union Rules the World (OUP 2020) 213; White House Office of Science and Technology Policy, ‘Blueprint for an AI Bill of Rights’ (October 2022) <https://www.whitehouse.gov/ostp/ai-bill-of-rights/> accessed 5 March 2026.

14. Executive Order 14110, ‘Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence’ (30 October 2023) 88 Fed Reg 75191.

15. Kyle Wiggers, ‘OpenAI’s ChatGPT Now Has 100 Million Weekly Active Users’ (TechCrunch, 6 November 2023) <https://techcrunch.com/2023/11/06/openai-chatgpt-100-million-weekly-active-users/> accessed 5 March 2026.

16. Executive Order 14148, ‘Initial Rescissions of Harmful Executive Orders and Actions’ (20 January 2025).

17. Executive Order 14179, ‘Removing Barriers to American Leadership in Artificial Intelligence’ (2025) <https://www.whitehouse.gov/presidential-actions/2025/01/removing-barriers-to-american-leadership-in-artificial-intelligence/> accessed 5 March 2026.

18. Ryan Calo, ‘Artificial Intelligence Policy: A Primer and Roadmap’ (2017) 51 UC Davis Law Review 399, 415, 427–430, arguing that market-led AI governance creates asymmetric information problems between developers and regulators, and that regulatory inaction during a technology’s formative period forecloses options later available to policymakers, making retrospective correction both more costly and less effective.

19. Department for Science, Innovation and Technology, ‘The Bletchley Declaration by Countries Attending the AI Safety Summit’ (Gov.uk, 1 November 2023) <https://www.gov.uk/government/publications/ai-safety-summit-2023-the-bletchley-declaration> accessed 5 March 2026.

20. Department for Science, Innovation and Technology, ‘AI Opportunities Action Plan: One Year On’ (Gov.uk, January 2026) <https://www.gov.uk/government/publications/ai-opportunities-action-plan-one-year-on> accessed 5 March 2026.

21. Ibid.

22. Department for Science, Innovation and Technology, A Pro-Innovation Approach to AI Regulation (White Paper, CP 815, 2023).

23. Ada Lovelace Institute, Regulating AI in the UK: Bridging the Gap Between Principles and Practice (Ada Lovelace Institute, 2023); Michael Veale and Frederik Zuiderveen Borgesius, ‘Demystifying the Draft EU Artificial Intelligence Act’ (2021) 22 Computer Law Review International 97, 104; Josephine Wolff, William Lehr and Christopher Yoo, ‘Lessons from GDPR for AI Policymaking’ (2024) 27 Virginia Journal of Law and Technology 1, arguing that the extent to which AI governance frameworks rely on self-regulation and principles without binding enforcement mechanisms is likely to pose significant challenges to accountability, based on the implementation experience of GDPR.

24. Cyberspace Administration of China, ‘Regulations on the Administration of Internet Information Service Algorithm Recommendations’ (4 January 2022) <https://www.cac.gov.cn/2022-01/04/c_1642894606364259.htm> accessed 5 March 2026.

25. Cyberspace Administration of China, ‘Regulations on the Administration of Deep Synthesis Internet Information Services’ (11 December 2022) <https://www.cac.gov.cn> accessed 5 March 2026.

26. Cyberspace Administration of China, ‘Interim Measures for the Management of Generative AI Services’ (13 July 2023) <https://www.cac.gov.cn/2023-07/13/c_1690898327029107.htm> accessed 5 March 2026.

27. State Council of the People’s Republic of China, ‘New Generation Artificial Intelligence Development Plan’ (8 July 2017) <https://www.gov.cn/zhengce/content/2017-07/20/content_5211996.htm> accessed 5 March 2026.

28. Rogier Creemers, ‘The Regulation of Generative AI in China’ (SSRN Working Paper, 20 May 2024) <https://ssrn.com/abstract=5228697> accessed 14 May 2026, observing that China’s regulatory response to generative AI builds on years of accumulated industrial policy, content control rules and development-oriented interventions, a combination that distinguishes it from the approaches taken in Western jurisdictions.

29. Nathalie A Smuha, ‘From a Race to AI to a Race to AI Regulation: Regulatory Competition for Artificial Intelligence’ (2021) 13 Law, Innovation and Technology 57, 60–62, arguing that divergent national approaches to AI regulation reflect fundamentally different answers to the question of whose interests AI governance is designed to serve, and assessing the extent to which regulatory competition or convergence is a realistic prospect.

30. Anu Bradford, The Brussels Effect: How the European Union Rules the World (OUP 2020), arguing that the EU’s rights-driven regulatory model generates normative pressure for substantive convergence beyond mere market compliance, and that de facto convergence can occur even where the underlying political values of the jurisdictions concerned diverge significantly.

31. Allan Dafoe, ‘AI Governance: A Research Agenda’ (Future of Humanity Institute, University of Oxford, 2018) 10–12. Dafoe identifies the emergence of shared governance norms as a likely long-term outcome of geopolitical AI competition, driven by mutual recognition of the risks of uncoordinated development.

32. Veale and Borgesius (n 19) 97. The authors argue that the enforceability of AI governance frameworks depends on the robustness of conformity assessment, market surveillance and penalty provisions, not merely on the breadth of their definitional coverage.

33. Calo (n 14) 427–430.

34. Dafoe (n 26) 10–12.