EU, US, China adopt incompatible AI governance rules
Serge Bulaev
The European Union, United States, and China have introduced different and sometimes conflicting rules for artificial intelligence, especially about who can sell advanced AI models and under what conditions. These rules include export controls, government lists of trusted providers, and strict licensing requirements, which may make it hard for companies to operate in many places at once. Companies now focus on building AI products that follow local laws from the beginning, but they may face high costs and complex rules if they work in several regions. Some reports suggest that lower costs of Chinese open-source models may lead more countries to adopt Chinese standards. It appears that countries are learning from each other's rules, but they may not agree on one method, so businesses might need to keep dealing with different legal requirements for a long time.

The global AI governance landscape is fracturing as the EU, US, and China adopt incompatible rules, shifting the focus from technical performance to a complex battle over legal standards. This struggle over export controls, procurement lists, and licensing will determine who can sell frontier AI models and under what conditions, creating a challenging environment for global companies.
Levers shaping the emerging rulebook
Policy makers are using a short set of tools to shape which providers reach enterprise buyers:
- Export controls on advanced chips and model weights
- Government procurement lists that define "trusted" suppliers
- Binding technical standards negotiated in international bodies
- Domestic registration or licensing systems for foundation models
While US export restrictions on high-end GPUs constrain Chinese firms, Western labs face constraints from supply shortages or high costs. Chinese firms are countering with domestic silicon and open-weight models. Simultaneously, the EU has established a powerful precedent with its EU AI Act, a comprehensive, risk-based framework with global reach for any entity serving the EU market.
The EU, US, and China are developing conflicting AI regulations based on different priorities: the EU focuses on fundamental rights, the US on innovation with state-level rules, and China on state control and licensing. This divergence creates significant compliance challenges for companies operating across these major markets.
Governance Battle Over AI and Market Power: the stakeholder map
Key stakeholders are pursuing divergent strategies. Western, API-gated leaders like OpenAI and Anthropic prioritize safety monitoring. In contrast, Qwen (Alibaba) and Moonshot AI are Chinese companies known for open-weight models, though claims about market share remain unverified. Cloud providers like Microsoft Azure and AWS are caught in the middle, beginning to offer compliance documentation for various models to meet EU requirements.
Competing national regimes add further complexity. A Cybersecurity Law amendment effective 1 January 2026 brought AI into Chinese national law, requiring ethical guidelines and risk assessments. Colorado's 'Confronting Artificial Intelligence in Consumer Services Act' (SB 24-205) became effective February 1, 2026, requiring deployers to exercise 'reasonable care' to avoid algorithmic discrimination and conduct annual impact assessments. China requires generative AI services provided to the public in China to undergo security assessments and algorithm filing, with foreign providers serving Chinese users required to comply with these rules.
Diverging frameworks and enterprise costs
For enterprises, the strategic focus has shifted to 'compliance-by-design.' EU AI Act fines can reach up to €35 million or 7% of global annual turnover for the most severe infringements, necessitating extensive pre-launch legal reviews. Meanwhile, operating in the US involves navigating a complex patchwork of state-level laws regarding AI, data privacy, and employment.
The Global South is emerging as a battleground for default standards. While open-source models can be cheaper due to lower API costs, this price gap encourages procurement officers to pick the option that meets local rules at the lowest cost, potentially normalising alternative technical assumptions in fast-growing markets.
Timelines accentuate the pressure. High-risk obligations under the EU AI Act became applicable on August 2, 2025; legacy general-purpose AI models must comply with transparency requirements by August 2, 2026. South Korea's 'AI Basic Act' was passed in 2023/2024, and Vietnam continues developing digital regulations.
Instead of converging on a single template, regulators appear to be selectively borrowing from each other's playbooks. This trend suggests that for the foreseeable future, enterprises must prepare to navigate a landscape of overlapping risk assessments, fragmented documentation standards, and distinct licensing hurdles.
The global AI governance landscape has fragmented into three incompatible regimes - the EU's rights-based comprehensive framework, the US sector-specific approach, and China's centralized registration system - creating unprecedented compliance complexity for enterprises and cloud providers while Chinese labs leverage open-source strategies to compete for market share in the Global South.
Structured FAQ
How are the EU, US, and China AI governance frameworks fundamentally incompatible?
The three dominant regulatory paradigms operate on entirely different philosophical foundations that create direct conflicts for multinational AI deployment.
| Jurisdiction | Core Philosophy | Key Mechanism | Primary Conflict |
|---|---|---|---|
| EU | Protection of fundamental rights; regulation as constraint | Horizontal binding law with extraterritorial reach (EU AI Act) | Requires comprehensive risk assessment and documentation regardless of origin |
| US | Innovation and competition; regulation as enabler | Fragmented state-level activism vs. federal deregulation | Creates multiple conflicting compliance layers; no unified national standard |
| China | National security and content control; regulation as state tool | Prescriptive registration and licensing for foundation models | Mandates government approval and content filtering that conflicts with Western free expression norms |
The direct incompatibility emerges in three areas:
- Risk classification: The EU defines "high-risk" AI by use case (employment, credit, healthcare), while China defines risk by content category and social stability impact
- Data governance: EU mandates strict data provenance and GDPR alignment; China's Cybersecurity Law requires data localization and state access
- Model licensing: China requires security assessments and algorithm filing for generative AI services serving Chinese users, while the EU prohibits such prior authorization as a barrier to market access
This creates a regulatory trilemma where compliance with one regime may automatically violate another. Organizations must navigate overlapping and sometimes contradictory compliance expectations.
What specific compliance costs and delays are enterprises facing in 2026?
Enterprise adoption has shifted from "post-hoc compliance" to "compliance-by-design," fundamentally altering development timelines and costs.
Industry-observed cost drivers:
- Pre-launch legal design reviews are now standard for EU-facing releases, adding significant time to product development cycles
- Technical documentation has moved "left" into product development - enterprises cannot wait until completion to document compliance
- Supply chain tightening: Downstream obligations require upstream information discipline, forcing enterprises to audit model provenance and safety protocols throughout their vendor stack
Penalty exposure creates risk-averse adoption:
- EU violations carry penalties up to €35 million or 7% of global annual turnover for the most severe infringements
- This has slowed deployment of high-risk AI systems in healthcare, employment, and credit - precisely the sectors with highest enterprise demand
The US "compliance maze":
A single product launch in the US may require navigation of:
- Colorado's AI Act (SB 24-205) effective February 1, 2026: "reasonable care" requirements for algorithmic discrimination prevention
- Federal procurement rules that remain unsettled and politically volatile
This creates a patchwork that significantly raises barriers to market entry.
How has China's open-source strategy captured global market share despite Western technical leadership?
Chinese labs have executed a standards-setting strategy through open-weight licensing that is reshaping global procurement, particularly in price-sensitive markets.
The strategic shift:
Chinese companies like Qwen and Moonshot AI have focused on open-weight models that can offer significant cost advantages over proprietary alternatives, though specific market share claims remain unverified.
The mechanism - "default becomes standard":
Beijing's Standards 2035 blueprint explicitly aims for Chinese products to become global defaults. The strategy works through:
1. Cost efficiency: Training on domestic silicon and data enables competitive pricing
2. Licensing openness: Permissive open-weight terms encourage integration
3. Sovereign silicon validation: Huawei Ascend and other domestic chips reduce NVIDIA dependency
Procurement considerations:
There is an emerging geographic consideration where procurement decisions increasingly factor in regulatory compatibility and cost structures, with different regions showing preferences for different AI infrastructure approaches.
Cloud providers are adapting by offering compliance documentation for various models to meet different regulatory requirements.
What role do export controls play in this governance fragmentation?
US semiconductor export restrictions have created unintended strategic consequences, accelerating alternative development paths.
The response pattern:
Rather than simply slowing development, advanced chip export controls have driven:
- Domestic silicon innovation: Chinese labs increasingly train models on Huawei Ascend and other non-NVIDIA hardware
- Open-source acceleration: With closed-source paths constrained, there has been increased prioritization of open-weight distribution
- Alternative infrastructure: Countries facing potential supply constraints increasingly consider alternative AI infrastructure options
Emerging procurement policy conflict:
Export controls are increasingly intertwined with procurement rules:
- US federal and allied procurement is moving toward "trusted supplier" approaches that consider origin and security factors
- China's regulatory regime creates barriers for non-compliant foreign models in Chinese markets
- The EU's AI Act creates procurement considerations through conformity assessment requirements
This creates three different trusted computing approaches - a fragmentation that raises costs for any enterprise operating across jurisdictions.
What are the plausible scenarios for how this standards battle resolves?
Based on the current trajectory, three scenarios emerge with different implications for enterprise strategy and market structure:
| Scenario | Probability Drivers | Enterprise Implication |
|---|---|---|
| Fragmented regional blocs (baseline) | Current trajectory: US-China decoupling continues; EU maintains extraterritorial reach | Compliance multiplication: Enterprises maintain separate model stacks and governance frameworks; significantly higher costs than unified market |
| De-risked enterprise lanes | Regulatory clarity emerges with "safe harbor" certifications for compliant providers | Oligopolistic concentration: Only largest providers can afford multi-jurisdiction certification; mid-tier competitors face barriers |
| Open-market commoditization | Technical convergence and enforcement challenges erode regulatory boundaries | Price competition: Models become more commoditized; governance becomes contractual rather than regulatory |
Critical uncertainties:
- Enforcement capacity: Regulation will be judged by how it is enforced and applied, not by how it is drafted - creating implementation risk
- Political volatility: The US approach remains particularly unstable, with federal and state-level approaches sometimes conflicting
- Technical trajectory: If capability gaps change significantly, regulatory fragmentation dynamics may shift accordingly
Recommended monitoring indicators:
- Open-source model adoption trends (standard-setting patterns)
- State-level enforcement actions (US fragmentation)
- EU AI Act implementation patterns (extraterritorial effectiveness)
- Domestic silicon development progress (sovereign capability building)
Analysis suggests enterprises should prepare for persistent fragmentation rather than convergence, with compliance-by-design as the minimum viable approach.