{"source":"AIRiskAware","url":"https://www.airiskaware.com","description":"Machine-readable AI governance data. 292 verified articles across 15+ jurisdictions.","lastUpdated":"2026-05-21","totalArticles":292,"endpoints":{"governance":"/api/governance","governanceByJurisdiction":"/api/governance?jurisdiction={name}","llmsTxt":"/llms.txt","llmsFullTxt":"/llms-full.txt","sitemap":"/sitemap.xml","agentsPage":"/agents"},"jurisdictions":[{"jurisdiction":"European Union","region":"Europe","overview":"The EU AI Act (Regulation 2024/1689) is the first comprehensive AI-specific law globally. It applies extraterritorially to any organisation whose AI affects EU residents.","keyRegulators":["European Commission","National Market Surveillance Authorities","AI Office"],"regulations":[{"name":"EU AI Act","jurisdiction":"EU","status":"In force (phased implementation)","effectiveDate":"2024-08-01","regulator":["European Commission","National Market Surveillance Authorities"],"maxPenalty":"€35M or 7% global turnover","scope":"All AI systems affecting EU residents, extraterritorial application","keyDates":{"Prohibited practices":"2025-02-02","GPAI obligations":"2025-08-02","Transparency (Art 50)":"2026-08-02","High-risk Annex III (post-Omnibus)":"2027-12-02"},"articleUrl":"https://www.airiskaware.com/insights/eu-ai-act-deadline"},{"name":"GDPR (AI intersection)","jurisdiction":"EU","status":"In force","effectiveDate":"2018-05-25","regulator":["National DPAs","EDPB"],"maxPenalty":"€20M or 4% global turnover","scope":"Personal data processing by AI systems","articleUrl":"https://www.airiskaware.com/insights/gdpr-ai-act-intersection"}]},{"jurisdiction":"United Kingdom","region":"Europe","overview":"The UK has enacted the Data Use and Access Act 2025 (DUAA) with AI-specific provisions and relies on sector regulators rather than a single AI law.","keyRegulators":["ICO","FCA","PRA","CMA","MHRA","Ofcom"],"regulations":[{"name":"Data Use and Access Act 2025 (DUAA)","jurisdiction":"UK","status":"In force (phased)","effectiveDate":"2025-06-19","regulator":["ICO"],"scope":"Automated decision-making rights, data protection reforms","keyDates":{"Royal Assent":"2025-06-19","Section 80 (ADM rights)":"2026-02-05","ADM consultation closes":"2026-05-29"},"articleUrl":"https://www.airiskaware.com/insights/uk-ico-ai-guidance-2026"}]},{"jurisdiction":"Australia","region":"Oceania","overview":"Australia regulates AI through existing privacy, consumer, and workplace safety law. The Privacy Act ADM transparency obligation takes effect 10 December 2026. APRA CPS 230 applies operational resilience requirements to AI in financial services.","keyRegulators":["OAIC","APRA","ASIC","ACCC","SafeWork"],"regulations":[{"name":"Privacy Act 1988 (ADM reforms)","jurisdiction":"Australia","status":"Enacted, phased implementation","regulator":["OAIC"],"scope":"Automated decision-making transparency obligations","keyDates":{"ADM transparency obligation":"2026-12-10","Children privacy code":"2026-12-10"},"articleUrl":"https://www.airiskaware.com/insights/au-privacy-act-reforms-ai-2024"},{"name":"APRA CPS 230","jurisdiction":"Australia","status":"In force","effectiveDate":"2025-07-01","regulator":["APRA"],"scope":"Operational resilience for APRA-regulated entities including AI systems","articleUrl":"https://www.airiskaware.com/insights/apra-cps-230-ai-operational-resilience"},{"name":"AI Safety Standard (voluntary)","jurisdiction":"Australia","status":"Published","regulator":["Department of Industry"],"scope":"Voluntary guardrails for AI development and deployment","articleUrl":"https://www.airiskaware.com/insights/australian-ai-safety-standard"}]},{"jurisdiction":"United States","region":"Americas","overview":"The US has no comprehensive federal AI law. Regulation is sector-specific (Fed, SEC, FTC, FDA) and state-level (Colorado AI Act, NYC Local Law 144, Illinois).","keyRegulators":["Federal Reserve","SEC","FTC","FDA","CFPB","EEOC","State AGs"],"regulations":[{"name":"Federal Reserve SR 26-2","jurisdiction":"US","status":"In force","effectiveDate":"2026-04-17","regulator":["Federal Reserve","OCC","FDIC"],"scope":"AI/ML model risk management for banks >$30B total assets","articleUrl":"https://www.airiskaware.com/insights/us-ai-governance-financial-services"},{"name":"Colorado AI Act (SB 205)","jurisdiction":"US - Colorado","status":"Enacted","effectiveDate":"2026-06-30","regulator":["Colorado AG"],"scope":"High-risk AI decision-making in employment, credit, insurance, housing","articleUrl":"https://www.airiskaware.com/insights/us-state-ai-laws-2026"}]},{"jurisdiction":"Singapore","region":"Asia","overview":"Singapore takes a voluntary, industry-led approach through PDPC guidelines and MAS sector requirements. The Model AI Governance Framework and FEAT Principles guide implementation.","keyRegulators":["PDPC","MAS","IMDA","AI Verify Foundation"],"regulations":[{"name":"PDPA (AI provisions)","jurisdiction":"Singapore","status":"In force","regulator":["PDPC"],"maxPenalty":"S$1M or 10% annual turnover","scope":"Personal data protection in AI systems","articleUrl":"https://www.airiskaware.com/insights/singapore-pdpa-ai-governance"},{"name":"MAS AI Risk Management Guidelines","jurisdiction":"Singapore","status":"Consultation (finalisation expected mid-2026)","regulator":["MAS"],"scope":"AI governance for all MAS-regulated financial institutions","articleUrl":"https://www.airiskaware.com/insights/singapore-mas-ai-compliance-financial-services"}]},{"jurisdiction":"Japan","region":"Asia","overview":"Japan enacted the AI Promotion Act in May 2025 — a fundamental law that establishes principles without prescriptive fines. METI/MIC Guidelines and APPI provide the operational framework.","keyRegulators":["PPC","METI","MIC","Digital Agency"],"regulations":[{"name":"AI Promotion Act","jurisdiction":"Japan","status":"In force","effectiveDate":"2025-06-04","regulator":["AI Strategic Headquarters"],"scope":"Fundamental AI law — principles-based, no penalties","articleUrl":"https://www.airiskaware.com/insights/japan-ai-governance-industry-guide"},{"name":"APPI (Act on Protection of Personal Information)","jurisdiction":"Japan","status":"In force","regulator":["PPC"],"scope":"Personal data protection including AI processing, extraterritorial","articleUrl":"https://www.airiskaware.com/insights/japan-ai-compliance-foreign-companies"}]},{"jurisdiction":"South Korea","region":"Asia","overview":"South Korea enacted the AI Basic Act (Act No. 20676) in January 2025, effective January 2026. It classifies high-impact AI and mandates transparency and impact assessments.","keyRegulators":["PIPC","FSC","KFTC","MFDS","MSIT"],"regulations":[{"name":"AI Basic Act (Act No. 20676)","jurisdiction":"South Korea","status":"In force","effectiveDate":"2026-01-22","regulator":["MSIT","AI Committee"],"scope":"High-impact AI classification, transparency, impact assessments","articleUrl":"https://www.airiskaware.com/insights/south-korea-ai-basic-act-compliance-guide"}]},{"jurisdiction":"India","region":"Asia","overview":"India regulates AI primarily through the Digital Personal Data Protection Act 2023 (DPDP) and sector regulators (RBI, SEBI, IRDAI). No comprehensive AI-specific law yet.","keyRegulators":["MeitY","Data Protection Board","RBI","SEBI","IRDAI"],"regulations":[{"name":"Digital Personal Data Protection Act 2023","jurisdiction":"India","status":"In force (phased)","regulator":["Data Protection Board"],"maxPenalty":"₹250 crores (~US$30M)","scope":"Personal data processing including AI systems","articleUrl":"https://www.airiskaware.com/insights/india-dpdp-act-ai-compliance"}]},{"jurisdiction":"China","region":"Asia","overview":"China has the most active AI regulatory regime globally. Three foundational laws (PIPL, CSL, DSL) plus AI-specific rules on algorithm recommendations, deep synthesis, and generative AI. Active enforcement.","keyRegulators":["CAC","MIIT","SAMR","MOST"],"regulations":[{"name":"PIPL + AI-specific measures","jurisdiction":"China","status":"In force, actively enforced","regulator":["CAC"],"maxPenalty":"RMB 50M or 5% annual revenue","scope":"All AI systems including algorithm recommendations, deep synthesis, generative AI. ~350 LLMs filed with CAC.","articleUrl":"https://www.airiskaware.com/insights/china-ai-governance-pipl-cac-2026"}]}],"frameworks":[{"name":"ISO/IEC 42001:2023","type":"International Standard","publisher":"ISO/IEC","scope":"AI management system — certifiable standard for responsible AI development and use","status":"Published December 2023","articleUrl":"https://www.airiskaware.com/insights/iso-42001-implementation-guide"},{"name":"NIST AI Risk Management Framework","type":"Framework","publisher":"NIST (US)","scope":"Voluntary AI risk management — GOVERN, MAP, MEASURE, MANAGE functions","status":"Published January 2023","articleUrl":"https://www.airiskaware.com/insights/aira-vs-iso-42001-nist-comparison"},{"name":"AIRA Framework","type":"Framework","publisher":"AIRiskAware","scope":"AI risk assessment and governance implementation framework","status":"Current","articleUrl":"https://www.airiskaware.com/aira-framework"}],"availableJurisdictions":["European Union","United Kingdom","Australia","United States","Singapore","Japan","South Korea","India","China"]}