This page is still being polished. If you have thoughts, please share them via the feedback form.
Data on this page is preliminary and may change. Please do not share or cite these figures publicly.
Laws, legal frameworks, and binding policy instruments governing AI development and use.
Also in Legal & Regulatory
While GDPR and other data protection frameworks provide strong guidelines for data privacy, emerging AI-specific security threats necessitate adaptations to existing regulatory mechanisms.
AI models are increasingly capable of data reconstruction attacks, where an adversary exploits access to model outputs to infer sensitive information from training data. This poses a challenge to data anonymisation techniques, as modern deep learning models can re-identify individuals from seemingly anonymised data sets. Additionally, shadow models (unauthorised copies of AI models trained through API-based data extraction) raise concerns about intellectual property theft, bias replication, and lack of accountability in AI decision-making. Traditional privacy laws do not explicitly address these risks, and we need new AI governance policies that integrate model-specific access controls, differential privacy enforcement, and cryptographic AI access verification protocols. The regulatory landscape must also evolve to incorporate continuous AI privacy assessments, ensuring that AI systems undergo periodic audits to validate compliance with data protection principles. Enforcing such measures would enhance AI accountability while preventing unintended data security breaches arising from model vulnerabilities. Balancing innovation with privacy is guided by ethical frameworks that ensure AI technologies are used for societal benefits without compromising individual privacy. Transparency in data usage and AI decision-making processes is essential for building trust. Clear communication about how data is used and the reasoning behind AI decisions helps in fostering public confidence in AI systems. In realworld applications, sectors such as finance, healthcare, and e-commerce are increasingly employing AI while navigating complex privacy landscapes.
Reasoning
Regulatory adaptation requiring new AI governance policies and legal frameworks to address model-specific security threats beyond existing GDPR mechanisms.
Legal and regulatory compliance
As new technologies advance, they require legal and regulatory compliance frameworks to ensure ethical use, privacy, and security.
3.1 Legal & RegulatoryLegal and regulatory compliance > Domestic regulation
Nations need to establish clear ethical guidelines and standards to govern the development and use of AI. These guidelines should address various concerns, including privacy, transparency, bias, and accountability.
3.1.1 Legislation & PolicyLegal and regulatory compliance > International regulation
Establishing global standards for AI, like the Paris Agreement for climate change, is the next step in ensuring AI is safe and ethical use. These standards should address issues such as the AI arms race, autonomous weapons, and global surveillance systems.
3.1.3 International AgreementsEnsuring compliance in AI and ML systems
Creating AI governance committees and conducting regular system audits can help ensure accuracy, mitigate bias, and guarantee ethical alignment. Organisations must also comply with data privacy laws when implementing AI/ML systems. Regular assessments should be conducted to reduce potential risks associated with AI/ML systems, and plans should be implemented to address any potential risks
2.2 Risk & AssuranceAI supply chain security and risk propagation
To manage these risks, regulatory frameworks must incorporate AI security standards that enforce stringent vetting of AI models, continuous adversarial robustness assessments, and secure model distribution policies. AI security capacity-building efforts should prioritise defensive mechanisms such as adversarial training, differential privacy, homomorphic encryption, and federated trust frameworks to prevent risk propagation across AI-driven supply chains.
3.1.1 Legislation & PolicyGDPR compliance in AI
The GDPR (2018) is a crucial piece of legislation in the European Union and the United Kingdom (ICO, 2018) that focuses on data protection and privacy.
3.1.1 Legislation & PolicyFrontier AI regulation: what form should it take?
Radanliev, Petar (2025)
Frontier AI systems, including large-scale machine learning models and autonomous decision-making technologies, are deployed across critical sectors such as finance, healthcare, and national security. These present new cyber-risks, including adversarial exploitation, data integrity threats, and legal ambiguities in accountability. The absence of a unified regulatory framework has led to inconsistencies in oversight, creating vulnerabilities that can be exploited at scale. By integrating perspectives from cybersecurity, legal studies, and computational risk assessment, this research evaluates regulatory strategies for addressing AI-specific threats, such as model inversion attacks, data poisoning, and adversarial manipulations that undermine system reliability. The methodology involves a comparative analysis of domestic and international AI policies, assessing their effectiveness in managing emerging threats. Additionally, the study explores the role of cryptographic techniques, such as homomorphic encryption and zero-knowledge proofs, in enhancing compliance, protecting sensitive data, and ensuring algorithmic accountability. Findings indicate that current regulatory efforts are fragmented and reactive, lacking the necessary provisions to address the evolving risks associated with frontier AI. The study advocates for a structured regulatory framework that integrates security-first governance models, proactive compliance mechanisms, and coordinated global oversight to mitigate AI-driven threats. The investigation considers that we do not live in a world where most countries seem to be wishing to follow European Union ideals, and in the wake of this particular trend, this research presents a regulatory blueprint that balances technological advancement with decentralised security enforcement. Copyright © 2025 Radanliev.
Other (outside lifecycle)
Outside the standard AI system lifecycle
Governance Actor
Regulator, standards body, or oversight entity shaping AI policy
Govern
Policies, processes, and accountability structures for AI risk management
