Blog

The current state of AI regulations in 2026

Data & AI

Government

View more blogs

In this blog, Rachel Derbyshire, Senior Interaction Designer at Opencast, explores the global AI regulatory landscape in 2026.

As governments accelerate efforts to govern artificial intelligence, organisations are navigating an increasingly complex environment. From the EU’s risk-based framework to China’s targeted controls and the UK’s pro-innovation approach, regulatory priorities continue to diverge. This blog examines the key differences between these approaches and what they mean for businesses seeking to remain compliant and competitive.

Introduction

The global governance of artificial intelligence (AI) is reaching a pivotal point. AI regulations in 2026 are defined by a fragmented landscape for businesses deploying AI systems globally. This regulatory turbulence creates complexity for organisations seeking to navigate current requirements and prepare for the future. 

Nicklas Lundblad, Director of Public Policy at Google DeepMind, has said that we are in a landscape of many different solutions for regulating AI. Countries are adopting divergent strategies, with China focusing on how technologies are shifting power and regulating areas such as recommendation algorithms, the European Union (EU) taking a broad, horizontal approach centred on societal risks, and the United Kingdom (UK) pursuing a pro-innovation, sector-led strategy (Google DeepMind, 2024). Currently, we are still in that storm, and this blog looks to summarise and analyse this. 

It is important to clarify that this analysis does not provide an exhaustive review of global AI governance. The regulatory terrain is vast and includes numerous other jurisdictions beyond the UK, EU, and China. For example, the United States adopts a sectoral and executive-order-driven approach, while developing nations are formulating digital sovereignty laws tailored to their unique social and economic contexts. Although these approaches are not discussed in detail within this analysis, their divergent frameworks further highlight the fragmented landscape that the primary models examined in this blog reflect.

This analysis examines the UK, the EU, and China because they represent the three dominant philosophical poles of current AI regulation: the comprehensive rights-based model, the strict social-stability model, and the agile pro-innovation model. By concentrating on these specific giants, we can better understand the primary tensions shaping the global standard, even though this lens necessarily excludes other significant regional players and local implementations. 

European Union flags flying outside a modern glass building, likely an EU institution, representing governance and regulation.

The EU's Risk-Based Framework

The EU was one of the first jurisdictions to implement AI regulation with the introduction of the AI Act in 2024, which established a comprehensive, risk-based framework for governing artificial intelligence across member states.

As of 2026, the EU has reached a political agreement to amend and simplify parts of the AI Act. This received final approval on 29 June 2026.

Key amendments include:

  • The delay of high-risk AI system enforcement until 2 December 2027 for Annex III systems and 2 August 2028 for Annex I systems (Council of the European Union, 2026).

  • AI that generates non-consensual sexual or intimate content, or CSAM, is now explicitly prohibited.

  • Providers of "exempted" (not high-risk) AI must still register their systems in the EU database, but with reduced information requirements.

  • The deadline for generative AI output detection and watermarking obligations has been postponed until 2 December 2026.

  • Organisations can process sensitive personal data more broadly for bias detection and correction, but only when strictly necessary and for specific bias types.

The overall structure and purpose of the AI Act remain unchanged despite these timeline delays. Organisations are advised not to use these delays as an excuse to deprioritise compliance. Some simplification proposals were reduced by the European Parliament and Council, and the situation regarding AI literacy requirements remains unclear.

China’s Regulation of Anthropomorphic AI

According to the Law Library of Congress, China issued measures regulating “Interim Measures for the Management of Generative Artificial Intelligence Services” for generative AI services like ChatGPT for the public in mainland China in 2023. 

As of 2026, China recently issued “interim measures” regulating AI anthropomorphism, with full effect from July 15, 2026 (Global Times, 2026). 

This legislation is highly detailed, addressing context-specific risks of human-like AI systems, including liability provisions and safety requirements. This is an area that remains largely unregulated elsewhere globally.

Article 2 defines “anthropomorphic interactive services” as follows (translated using Google Translate): 

“This regulation applies to products or services that utilise AI technology to provide the public within the territory of the People's Republic of China with simulated human personality traits, thinking patterns, and communication styles, and engage in emotional interaction with humans through text, images, audio, video, etc.” 

There are specific prohibitions regarding children. Anthropomorphic AI cannot generate content for minors that encourages unsafe behaviours, induces extreme emotions, or fosters unhealthy habits. 

Most countries do not regulate this area, partly because research on the mental health risks of AI emotional manipulation is only now emerging. China’s law is notable for its comprehensive and highly detailed approach to anthropomorphic AI regulation, which stands in contrast to the broader, risk-based framework of the EU and the sector-specific, principles-driven strategy of the UK. For example, China requires AI providers to carry out regular psychological safety assessments and mandates transparency requirements on chatbot interactions, both of which are enforced with strict penalties for non-compliance.  

According to UNICEF, following the introduction of China’s regulations on AI anthropomorphic interactive services, several leading AI platforms in the country updated their child-safety policies and adjusted user interfaces to better protect children from emotional manipulation, in accordance with new regulatory demands. UNICEF welcomes China’s groundbreaking regulations to protect children from AI-related risks. 

While the EU and UK have not yet adopted similarly explicit safeguards targeting the risks of anthropomorphic AI, China’s measures could serve as a model for future policies elsewhere by showing the possible benefits of direct regulation in addressing new technological challenges. An OECD policy paper cites China’s approach as a case study in improving digital mental health outcomes, signalling early influence on international debates. (OECD Artificial Intelligence Papers, 2024). 

The UK's Pro-Innovation Principles

The United Kingdom continues pursuing what it describes as a "pro-innovation," principles-based approach to AI governance. In March 2023, the UK published its AI White Paper, now known as the pro-innovation approach to AI regulation, which remains foundational in 2026 despite ongoing evolution. 

This framework establishes five core principles: 

  1.    Safety, security, and robustness 

  2.    Transparency and explainability

  3.    Fairness 

  4.    Accountability and governance

  5.    Contestability and redress 

The translation of this principles-based philosophy means UK AI regulation relies mainly on non-binding guidelines, codes of practice, and advisory frameworks rather than strict legal requirements. These are known as soft laws. Existing binding laws do much of the regulatory heavy lifting. AI is regulated indirectly through: 

  • UK GDPR & Data Protection Act 2018, covering most AI applications using personal data 

  • Competition law including the Competition Act 1998 and Enterprise Act 2002, which address platform dominance and AI markets 

  • Consumer protection legislation 

  • Equality law covering bias and discrimination 

  • The recently enacted Data (Use and Access) Act 2025 explicitly addresses automated decision-making and data use through amendments to UK GDPR. 

Recent institutional developments include the creation of the AI Security Institute (evolved from the AI Safety Institute). 

Satellite view of Earth at night showing Europe illuminated by city lights against a dark space background.

Conclusion

The global AI regulatory landscape is characterised by divergence rather than convergence. The EU enforces stringent, risk-based compliance with established timelines, China implements detailed measures to protect against psychological harm, and the UK adopts flexible, principle-based guidance. For organisations operating internationally, this fragmented environment necessitates more than mere awareness of legal requirements; strategic agility is essential.

For example, a global technology company seeking market access in both the EU and China must comply with the EU’s obligations for high-risk AI systems, such as the requirement to detect and watermark generative AI outputs, while simultaneously adapting its products to meet China’s unique regulations on anthropomorphic AI, including regular psychological safety assessments. This illustrates that a single compliance framework cannot be one-size-fits-all; rather, governance structures must be carefully tailored to respond to the distinct requirements of each jurisdiction and sector. 

The window for proactive adaptation is closing. As the EU’s delayed deadlines approach and China’s penalties tighten, reactive compliance will be too costly. Organisations should audit their current AI systems against these three distinct frameworks now.

Do not wait for future UK AI legislation or the EU’s full enforcement. Start by mapping your data flows for bias correction under EU rules, reviewing your content safeguards for Chinese market access, and ensuring your ethical principles align with UK guidance. Engage with regulatory experts now to build a resilient, multi-jurisdictional strategy.

The future of AI innovation depends on your ability to navigate this complexity with precision and foresight. Act today to secure your tomorrow. 

References

(2026) Council of the European Union. Artificial Intelligence: Council gives final green light to simplify and streamline rules. https://www.consilium.europa.eu/en/press/press-releases/2026/06/29/artificial-intelligence-council-gives-final-green-light-to-simplify-and-streamline-rules/   

(2026). E, Andoh. AI chatbots and digital companions are reshaping emotional connection. https://www.apa.org/monitor/2026/01-02/trends-digital-ai-relationships-emotional-connection 

(April 13, 2026). Global Times. China issues interim measures to regulate AI anthropomorphic services, prohibiting virtual companion services for minors.  https://www.globaltimes.cn/page/202604/1358662.shtml 

(2024) Google DeepMind, The Balancing Act: Regulation & AI with Nicklas Lundblad  https://podcasts.apple.com/sg/podcast/the-balancing-act-regulation-ai-with-nicklas-lundblad/id1476316441?i=1000679369960  

(2024). OECD Artificial Intelligence Papers.  https://www.oecd.org/en/publications/oecd-artificial-intelligence-papers_dee339a8-en.html 

Related Content

Blog post

Abstract digital network of blue and orange circuitry lines representing data flow and system connectivity.
The Future of DevOps and the Rise of Intelligent Systems

In Part One of this series, we explored how DevOps emerged as a response to the challenges of modern software delivery and why many organisations have struggled to realise its full value. In this second article, Opencast Practice Lead Scott McCarthy examines how DevOps has matured beyond its original foundations and become a set of complementary practices focused on delivering reliable, sustainable outcomes at scale. This article explores how DevOps continues to evolve and what organisations need to do to remain effective in an age of Artificial Intelligence (AI) systems.

Product & Delivery

Headshot of a person with glasses and a short beard, wearing a dark top with red detail, standing indoors against a white door.

Read more

Blog post

Abstract blue light trails converging into a single point, representing data flow and system integration.
How DevOps Evolved and Why It Became Confusing

In this blog, Opencast Practice Lead Scott McCarthy explores how DevOps has evolved from a response to the challenges of modern software delivery into a widely adopted approach. Drawing on experience working with complex delivery teams, he reflects on how the original intent of DevOps has sometimes become less clear as organisations focus on tools and structures alongside culture and outcomes. This is Part One of a two-part series, focusing on how DevOps emerged, why it can be perceived as confusing, and where organisations commonly face challenges when putting it into practice.

Product & Delivery

|

IT Architecture

Headshot of a person with glasses and a short beard, wearing a dark top with red detail, standing indoors against a white door.

Read more

Blog post

Abstract visual of interconnected nodes and lines forming a glowing globe, representing data, technology, and digital networks on a dark blue background.
Engineering excellence in the age of Artificial Intelligence (AI)

In this blog, Linzi Shearer, Head of Capability Development at Opencast, explores how AI is reshaping software engineering and what that means for capability, quality, and accountability. From shifting skill demands to the growing importance of judgement and validation, Linzi sets out why strong engineering fundamentals matter more than ever in an AI-enabled world.

Data & AI

|

Software Development

|

IT Architecture

Professional headshot of a person with shoulder-length brown hair, facing forward against a plain light background.

Read more

View more blogs