Global AI regulatory update - April 2026

In this edition of our global AI bulletin, we will be looking at:

• Asia – Singapore issues new AI governance guidance (including generative and agentic AI) , Vietnam’s AI Law comes into force, South Korea implements its AI Basic Act, and Hong Kong issues generative AI guidance.
• Europe – Progress was made on AI transparency and copyright proposals, new AI funding initiatives, introduction of a voluntary draft Code of Practice on AI content transparency, and AI Act whistleblower tool launched.
• Middle East – Kuwait announces a practical approach to AI governance, signalling a shift toward implementation and clearer expectations on AI risk management.
• UK – A major national AI strategy is launched, alongside guidance on AI chatbots, online safety and a report on agentic AI risks and opportunities. 
• US – The administration moves toward a national AI policy framework to limit state level fragmentation, while states continue to advance AI transparency and safety laws. California’s AI training data transparency law takes effect, NIST expands AI standards work, new workforce AI literacy guidance is introduced and federal rules address unbiased AI requirements.

Asia

Singapore: Guide published on generative AI use in the legal sector

On March 6, 2026, the Singapore Ministry of Law published a guide on generative AI (GenAI) use in the legal sector. The guide follows a public consultation conducted in September 2025.

The non‑binding guide promotes responsible, ethical and effective adoption of GenAI tools across law firms, in‑house teams, legal service providers, law students and anyone providing GenAI tools for the legal sector. It explains core concepts, outlines common legal use cases, and highlights risks such as hallucinations, bias, data exposure and confidentiality breaches.

The guide also provides a framework for implementing GenAI, including tool evaluation, governance structures, staff training and ongoing review. The aim is to support innovation while ensuring legal professionals maintain accountability, protect client information and uphold regulatory duties.

Impact: The guide signals increasing expectations for structured AI governance. Organizations should prepare for closer scrutiny from clients, regulators and courts. They should establish a clear GenAI governance framework that includes internal policies, data handling practices and incident‑response procedures.

Businesses using GenAI for legal work should review vendor terms, strengthen enterprise‑grade tools and ensure strong privacy, security and audit controls.

Vietnam: AI law came into effect

On March 1, 2026, Vietnam’s artificial intelligence law, which was passed on December 10, 2025, officially came into effect.

The law applies to Vietnamese organizations and individuals, as well as foreign entities that participate in AI-related activities in Vietnam. It regulates key participants across the AI supply chain including developers, providers, deployers and users of AI systems.

At the heart of the regime is a risk‑based classification system, under which AI systems are categorized as high‑risk, medium‑risk or low‑ This classification determines the scope and intensity of applicable compliance obligations. In particular, high‑risk AI systems are subject to obligations including transparency and labeling obligations, incident detection and reporting, mandatory conformity assessments, ongoing risk management and local presence requirements. In addition, the law prohibits the development, provision, deployment or use of AI systems for unlawful purposes or manipulative and deceptive practices that cause serious harm, etc.

Impact: Businesses developing, providing or deploying AI systems in or into Vietnam will need to review and adapt their governance and compliance arrangements to meet the requirements of the AI law.

Singapore: Agentic AI governance framework published

On January 22, 2026, the Infocomm Media Development Authority issued a framework for agentic AI to guide responsible use of advanced AI agents. The framework aims to support safe adoption while maintaining trust, safety and accountability.

The framework introduces four pillars: upfront risk assessment; clear human accountability; technical controls and processes; and end user responsibility. It highlights risks unique to agentic systems, including erroneous actions, unauthorized access, biased outcomes and unintended system level effects.

The framework is intended to provide organizations with a structured overview of the risks associated with agentic AI, along with best practices for managing its growing capabilities through practical controls and safeguards.

Impact: Businesses adopting agentic AI should:

• strengthen internal governance, especially around human oversight, permissions and risk management
• build adaptive structures that can evolve as agent capabilities change
• establish clear approval points for high-risk actions and ensure that human reviewers understand common agent failure modes
• invest in training so users understand agent behavior, limits and responsibilities

For further details, you can refer to: SINGAPORE: Understanding Singapore’s new Model Framework for Agentic AI Governance.

South Korea: AI Basic Act enacted and brought into force

On January 22, 2026, the AI Basic Act officially took effect in South Korea. The Act establishes a national framework governing the development, deployment and use of AI systems in South Korea.

The Act:

• establishes South Korea’s AI framework to support innovation and trust
• empowers the Ministry of Science and Information and Communication Technology to set national AI plans and oversee safety
• creates the National AI Committee to guide major policy decisions
• supports research and development, data policy, small and medium-sized enterprises, startups and human‑capital development
• promotes ethical principles and international norms
• mandates transparency and safety duties, particularly for high‑impact AI systems that pose significant societal risks

Impact: Organizations working with AI must adhere to the Act and its regulations, with particular attention to requirements on transparency and safety.

Hong Kong: Generative AI technical and application guide published

In December 2025, the Digital Policy Office of the Government of the HKSAR published the Hong Kong Generative Artificial Intelligence Technical and Application Guideline. The Guideline is intended to provide practical guidance and recommendations for technology developers, service providers and service users.

The non‑binding guideline outlines the technical background and governance principles relevant to generative AI. The governing principles include:

• compliance with laws and regulations throughout the entire lifecycle of AI
• security and transparency of the technology
• accuracy and reliability of the generated output
• fairness and objectivity of the content
• practicability and efficiency of AI deployment

Impact: Given the different roles and responsibilities of technology developers, service providers and service users, the Guideline encourages organizations to adopt tailored governance measures. In particular, organizations should strengthen controls in the areas of personal data privacy, intellectual property, crime prevention, reliability and trustworthiness and system security.

Europe

EU: MEPs push for transparent AI copyright rules

On January 28, 2026, the European Parliament’s Legal Affairs Committee advanced proposals to strengthen transparency and copyright protection in generative AI.

MEPs propose to introduce new obligations for AI developers and enhanced rights for creators.

Key points include:

• requiring AI providers to disclose all copyrighted works used in training
• mandating detailed record keeping of data crawling activities
• ensuring fair remuneration for creators, including potential payment for past use
• rejecting broad, flat-rate training licenses

The report recommends measures to protect news media, including the ability to opt out of having their content used for AI training. AI-generated material would not qualify for copyright protection. In addition, the report calls for action against harmful or manipulated AI-generated content and supports new tools enabling rightsholders to prevent general purpose AI systems from using their work.

Impact: Even if adopted, the report is a non-legislative own initiative text and would not in itself create any binding legal obligations. However, its recommendations could encourage the Commission or Member States to propose legislative amendments or introduce new regulatory measures.

The proposals move to a full Parliament vote in March 2026.

EU: Over €307 million in investment of AI

On January 15, 2026, the European Commission (EC) launched two Horizon Europe calls worth €307.3 million to advance strategic digital technologies. The funding aims to boost Europe’s innovation capacity in AI, data services, quantum, robotics, photonics and virtual worlds. The EC also seeks to reinforce EU digital sovereignty through support for next generation applications and foundational technologies.

• €221.8 million is allocated to fund trustworthy AI, innovative data services and strategic digital autonomy
• €40 million is assigned to the Open Internet Stack Initiative
• €85.5 million is set aside for the second call supporting strategic autonomy in emerging technologies and raw materials

Impact: Businesses may apply for funding until April 15, 2026.The additional funding may create new opportunities for businesses operating in the telecoms sector. SMEs in particular may gain support for innovation and adoption of advanced technologies.

Businesses may gain new funding for:

• enhancing their service quality with AI tools
• accelerating automation processes with robotics for industrial applications
• optimizing their workflows thanks to access to next‑generation quantum computing

EU: First draft code of practice on AI content transparency

On December 17, 2025, the European Commission released the first draft Code of Practice on marking and labeling AI-generated content to support compliance with Article 50 transparency obligations under the EU AI Act.

The draft includes rules for providers of generative AI systems to mark content in machine-readable formats and requirements for deployers to label deepfakes and AI-generated text on matters of public interest.

Impact: Feedback will be collected until January 23, 2026, with a second draft expected by mid-March and finalization in June 2026. Transparency obligations will apply starting August 2, 2026.

The Code is voluntary but designed to help demonstrate compliance and enhance trust in AI content across the EU.

EU: AI Act Whistleblower Tool launched

• On November 24, 2025, the European AI Office introduced the AI Act Whistleblower Tool to strengthen AI safety and transparency.
• The tool enables individuals to report harmful practices anonymously in any EU language, supporting early detection of violations.
• Reports can include supporting documents, and whistleblowers can track progress and respond to questions while remaining anonymous.

Confidentiality is guaranteed. Legal protection under the Whistleblower Directive applies only from August 2026 for AI Act infringements. Some AI-related activities, such as product safety and privacy, may already benefit from existing protections under the Directive.

Impact: The tool may increase compliance pressure, as businesses should ensure AI systems meet regulatory standards to avoid reports. It may also lead to higher administrative costs for monitoring and responding to whistleblower submissions.

Middle East

Kuwait: Practical AI governance framework announced

On February 8, 2026, Kuwait’s Communication and Information Technology Regulatory Authority (CITRA) announced a practical approach to AI governance and digital integrity. The announcement followed a General Assembly of the Digital Cooperation Organization that shifted discussions from policy to implementation.

Member countries began work on operational measures covering AI oversight, digital trust and international coordination. CITRA noted that Kuwait is taking a more active role in shaping global digital rules and supporting responsible technological development.

Impact: Organizations working in or with Kuwait should anticipate clearer expectations around AI risk management. Businesses may wish to update their internal AI policies to reflect a more structured regulatory environment.

UK

UK: Government sets out major new AI strategy

On February 19, 2026, the UK Government launched the first AI Strategy for UK Research and Innovation (UKRI). The plan aims to strengthen the UK’s global scientific position by investing £1.6 billion in AI by 2030. It focuses on using AI to improve healthcare, public services and research across key sectors.

Investment will focus on six priority areas:

• advancing technology development
• transforming research through AI
• developing AI skills and talent
• accelerating innovation for economic growth and societal benefit
• championing responsible and trustworthy AI
• building world-class AI data and infrastructure

The strategy also commits to major investment in mathematics, computing and engineering. It highlights existing successes, such as AI tools detecting railway faults and technology supporting clinical trials.

Impact: The strategy aims to, among other things:

• grow research capabilities across software development and data science
• enable equitable access to AI tools, data and infrastructure for researchers across the UK
• identify and support AI companies with scale‑up potential through targeted investment
• invest in AI‑ready data; trusted research environments; and findable, accessible, interoperable, and reusable datasets

UK: Guide published on AI chatbots and online regulation

On December 18, 2025, the Office of Communications (Ofcom) released guidance explaining how the Online Safety Act applies to AI chatbots.

The guidance states that chatbots on user‑to‑user platforms, search services and adult‑content services must be compliant with requirements under the Online Safety Act. AI‑generated material shared by users on a user-to-user service is treated as user‑generated content and must also meet the standards under the Online Safety Act.

The guidance also explains that some chatbots or the content they produce fall outside the Online Safety Act if they do not connect users, do not search multiple sites or databases or cannot generate adult content.

Impact: The guidance helps providers understand when their tools fall within scope and what protections they must offer to reduce risks, especially for children.

Organizations offering chatbots should assess whether their tools fall within the scope of the Online Safety Act, particularly where users can share AI-generated content.

Providers in scope should, among other things, update risk assessments; strengthen child safety measures; and ensure effective warnings, reporting tools, and age assurance systems are in place.

UK: Report flags on agentic AI risks and opportunities

On January 8, 2026, the Information Commissioner’s Office (ICO) published a report on agentic AI. It clarifies that “Agentic AI” refers to artificial intelligence that allows for more activities to be automated—making decisions, interacting with its environment, solving problems in real time and mimicking some types of reasoning and planning. Agentic systems can, among other things, use contextual information more effectively, provide outputs in natural language and work with broader, less structured sources.

The ICO’s early findings show that the design of an agentic AI system affects the data protection risks associated with that system. Design choices around data sources, tools and governance controls influence compliance and individuals’ rights. Poorly designed systems increase risks, particularly when they lack a clear purpose, access unnecessary databases or operate without safeguards to control actions or data sharing. By contrast, strong system architecture supports privacy by design and responsible innovation.

Impact: The ICO is exploring future scenarios to understand how agentic AI may develop. It will work with regulators and industry as agentic AI matures. Organizations should follow emerging regulatory guidance.

US

US: Administration moves to shape national AI policy

On December 11, 2025, President Trump signed Executive Order 14365, which aims to ensure there will be a national AI policy framework. It directs federal agencies to review and challenge state AI laws considered excessive. It also calls for new federal legislation and regulation and agency actions to pre-empt stricter state rules and avoid a patchwork of state AI regimes.

The order frames AI as a national security issue. It assigns enforcement and policy tasks to the Department of Justice, Department of Commerce, FCC and FTC.

The administration has not yet taken formal legal action. However, it has lobbied states considering AI safety measures it opposes.

Impact: States are likely to contest any federal challenges in court. If the administration’s strategy succeeds, state-level AI regulation could face major limits. Companies should track the start dates and scope of current state AI laws and prepare to comply. The administration has signaled concern with laws, such as the Colorado AI Act, due to take effect on June 30, 2026.

US: California enforces AI training data transparency law

On January 1, 2026, California’s AI training data transparency law took effect. It requires generative AI (GenAI) developers to publish high‑level summaries of the data and processes used to train public‑facing systems.

The law lists several disclosure requirements covering data sources, collection methods and dataset characteristics. Large model developers are clearly in scope, and many have started to comply. However, the obligations also apply to companies that release public‑facing GenAI tools.

On March 5, 2026, a federal district court declined to issue a preliminary injunction. The challenge, brought by X.AI, will proceed. The court found that the California Attorney General’s refusal to disavow enforcement gave X.AI standing.

Impact: Companies offering GenAI systems to the public should assess whether their development work brings them within scope. They should prepare the required disclosures. The statute does not specify an enforcement mechanism, though action would likely come from the California Attorney General. Some provisions remain unclear and may require interpretation as compliance develops.

US: States press forward with AI safety legislation

On December 19, 2025, New York enacted the Responsible AI Safety and Education Act. It sets basic safety and security requirements for frontier AI developers. The law follows a similar California statute and reflects the type of AI safety rules the US administration views as burdensome for innovation.

On January 1, 2026, Texas’ Responsible AI Governance Act took effect. It includes disclosure duties, use‑case limits and several safety measures for AI development and deployment. Many provisions target government use of AI. However, some prohibitions, including those involving discrimination or violations of constitutional rights, apply to companies and individuals.

Impact: Despite possible federal challenges, states are continuing to adopt AI safety laws. Texas’ statute offers an affirmative defense for entities that can show strong governance, effective testing or the ability to fix harmful outcomes. Companies should review new disclosure duties and confirm which governance measures apply to their AI systems.

US: NIST expands work on AI standards

On January 15, 2026, the National Institute of Standards and Technology (NIST) published a research report on evaluating AI standards. On February 17, 2026, NIST’s Center for AI Standards and Innovation (CAISI) announced the AI Agent Standards Initiative.

The report builds on evaluation methods used in other fields. It suggests that AI standards should be assessed through a clear map of inputs, activities, outputs, outcomes and goals. It also explains how these elements can be evaluated before, during and after standards are developed.

The new initiative aims to strengthen public trust in AI agents. It seeks industry‑driven standards that support safety, security and interoperability. CAISI has issued requests for comment and concept papers covering agent security, identity and authorization. It is also engaging with industry to identify barriers to deploying AI agents in critical sectors.

Impact: NIST and other standards bodies are moving from broad principles toward practical, use‑case‑specific expectations. Companies that benchmark their governance frameworks against these emerging standards will be better placed to show accountability, manage regulatory risk and adopt agentic AI responsibly. Participating in standards development will also help organizations influence requirements and build public trust.

US: AI Literacy Framework released for workforce

On February 13, 2026, the US Department of Labor (DOL) announced a new AI Literacy Framework to guide national workforce and education efforts.

The framework outlines five core learning areas and seven principles to help organizations build effective AI training programs and accelerate AI skills development of students, educators, job-seekers and workers. It aims to prepare workers for changing job demands created by AI technologies.

The framework was shaped through feedback from employers, educators and governmental bodies. It moves away from the Biden administration’s focus on workplace protections and emphasis on AI safety alongside workforce development and capability building efforts. It supports broader federal goals to increase AI skills across sectors.

Impact: Organizations should review the framework’s core content areas and consider aligning internal training with its guidance. Employers may benefit from assessing current staff capabilities and identifying AI-related skills gaps.

Companies involved in workforce development should monitor for additional DOL resources or webinars that may support implementation.

US: Federal guidance issued on unbiased AI requirements

On December 11, 2025, the Office of Management and Budget (OMB) issued rules to ensure federal agencies procure and use AI systems in ways that strengthen public trust.

Memorandum M-26-04 implements Executive Order 14319. It requires federal agencies to follow new standards when buying and using large language models (LLM) to ensure consistent and trustworthy AI use. It excludes regulatory actions, case specific assessments and incidental contractor use, keeping those activities outside the memorandum’s scope.

Impact: By March 11, 2026, agencies must:

• add compliance clauses to new LLM contracts
• update existing agreements where possible
• revise procurement policies
• set up processes for reporting violations

The memorandum remains in force until December 11, 2027, unless the OMB Director extends it.

Businesses selling AI systems to US federal agencies should expect tighter contractual scrutiny. They should also prepare for broader transparency duties and possible extension of similar requirements to other high-risk AI systems.

The memo marks a shift toward procurement driven AI governance, meaning providers must ensure their systems are robust, explainable and fully auditable.

Co-authored by Jon Botham, Paola Paccani and Uendi Barreti (Knowledge).