What this area covers
AI regulatory developments span the rules, enforcement actions, and governance frameworks that governments and companies are building around artificial intelligence — covering everything from voluntary safety policies that labs publish themselves, to executive orders, national security designations, state laws, and international frameworks like the EU AI Act.
This is no longer a quiet policy backwater. Within roughly eighteen months, the U.S. government has banned a major AI lab from defense contracts, ordered model access suspended over security concerns, and stood up a new pre-deployment testing regime. The story is moving fast, and the stakes are high.
Why it matters
If you work with AI — building it, buying it, or deploying it — the regulatory environment now directly shapes what you can do. Labs are being told which customers they can serve, which use cases are off-limits, and in some cases whether they can release a model at all. For businesses, the compliance picture is fragmenting: California has its own law, the EU has its own timeline, and the U.S. federal government is improvising in real time.
The voluntary era: labs set their own rules
The story starts with AI labs writing their own rulebooks. Anthropic published its Responsible Scaling Policy (RSP), a framework that assigns AI Safety Levels (ASL-1 through ASL-5+) to models based on how dangerous their capabilities are — borrowed conceptually from biosafety level standards. The idea: as models get more powerful, they face stricter deployment constraints. In May 2025, Anthropic activated ASL-3 protections for Claude Opus 4 for the first time, adding "Constitutional Classifiers" to block end-to-end workflows for developing chemical, biological, radiological, or nuclear weapons.
OpenAI followed a parallel path, publishing its own Frontier Governance Framework explicitly aligned to EU and California regulatory requirements. Both companies framed these as good-faith efforts to get ahead of government mandates — and as templates they hoped governments would adopt.
The first mandatory law: California SB 53
California moved first among U.S. jurisdictions. SB 53 — the Transparency in Frontier AI Act — took effect January 1, 2026, requiring frontier AI developers to conduct formal risk assessments, protect model weights, and report incidents. Anthropic published a detailed Frontier Compliance Framework in December 2025 to meet its requirements, framing it as an extension of the RSP. The company also called on the federal government to create an analogous national framework — a sign that labs, at least publicly, prefer one clear set of rules over a patchwork of state laws.
The military standoff: when safety policies collide with government demands
The most dramatic regulatory episode in this period began quietly: the U.S. Department of War (the renamed Department of Defense) wanted Anthropic to agree to "any lawful use" of Claude and remove two specific safeguards — one covering mass domestic surveillance of Americans, one covering fully autonomous weapons.
Anthropic refused. CEO Dario Amodei published a public statement explaining that Claude was already deployed across defense and intelligence systems for intelligence analysis, operational planning, and cyber operations — but that these two uses crossed a line the company would not cross, citing both democratic values and the current reliability limitations of AI systems.
The government's response was unprecedented: it invoked a supply-chain risk designation under 10 USC 3252 — a legal tool previously used only against foreign companies — against a U.S. AI lab. A Trump Truth Social post threatened civil and criminal consequences. Secretary of War Pete Hegseth formalized the designation. Anthropic announced it would challenge the designation in court while continuing to serve the government at nominal cost during any transition.
OpenAI, meanwhile, signed a contract with the Department of War allowing use of its models "for all lawful purposes," with carve-outs for surveillance and autonomous weapons that CEO Sam Altman later described as rushed and subsequently renegotiated. OpenAI also deployed a custom ChatGPT instance on GenAI.mil and, through a GSA partnership, made ChatGPT Enterprise available to the entire U.S. federal executive branch workforce at essentially no cost for one year.
Export controls and jailbreak disputes
The government's reach extended further in June 2026, when a U.S. export control directive ordered Anthropic to immediately disable access to its Fable 5 and Mythos 5 models for all foreign nationals — effectively forcing a full customer suspension. The government cited awareness of a jailbreak method. Anthropic disputed the severity, arguing the technique was narrow, non-universal, and produced results already achievable by other publicly available models. The company complied while publicly disagreeing, and warned that a standard of perfect jailbreak resistance would halt all frontier model deployments industry-wide.
Reports also surfaced that conversations between Amazon CEO Andy Jassy and U.S. officials had contributed to the crackdown — highlighting how the relationships between major cloud providers, AI labs, and government are deeply entangled.
Pre-deployment testing: the TRAINS task force
In May 2026, NIST announced the TRAINS (Testing Risks of AI for National Security) task force — a multi-agency group designed to evaluate frontier models for cybersecurity, biosecurity, and chemical weapons risks before public deployment. Google, Microsoft, xAI, Anthropic, and OpenAI all agreed to submit models, including versions with limited guardrails. The White House simultaneously considered an executive order making pre-deployment approval mandatory — an FDA-style regime for AI.
In June 2026, President Trump signed an executive order requiring AI testing prior to frontier model releases, marking a significant reversal from the administration's earlier deregulatory stance.
The EU AI Act: delays and additions
Across the Atlantic, the EU AI Act — the world's most comprehensive AI law — hit implementation turbulence. The European Parliament and member states agreed to push the high-risk AI system compliance deadline from August 2026 to December 2027, and extended other deadlines for watermarking and sandbox environments. The changes followed sustained lobbying from European industry concerned about competitive disadvantage. One provision was strengthened rather than weakened: a new ban on AI-generated sexually explicit images of children and non-consensual nude images.
China's approach: asserting control across borders
China's regulatory posture is distinct. When Meta attempted to acquire Manus — a Singapore-based AI agent startup originally founded in China — China's National Development and Reform Commission blocked the $2.5 billion deal, asserting jurisdiction over technology built by Chinese engineers regardless of corporate domicile. The ruling effectively ended the "Singapore strategy" used by Chinese AI startups to attract Western capital, and caused founders and investors to cancel plans to relocate abroad.
Separately, Anthropic publicly identified three Chinese AI laboratories — DeepSeek, Moonshot AI, and MiniMax — as conducting coordinated large-scale "distillation attacks," generating over 16 million exchanges through approximately 24,000 fraudulent accounts to harvest Claude's capabilities. The White House acknowledged the distillation threat in an April 2026 memo, framing it as an adversarial national security concern.
The emerging picture
Several fault lines are now visible:
Safety guardrails as a liability. The Anthropic-DoW standoff established a precedent: a lab's own safety policies can become grounds for government exclusion. Labs that refuse certain uses face contract loss; labs that comply face reputational and legal risk from the uses they enable.
Fragmented compliance. California has mandatory rules. The EU has a delayed but comprehensive framework. The U.S. federal government is layering executive orders, export controls, and task forces without a unified statute. Labs are navigating all of these simultaneously.
Pre-deployment approval is on the table. The shift from "labs self-certify" to "government tests before release" is underway. How fast it moves, and how prescriptive it becomes, will define the next phase of AI development.
Geopolitical dimensions are inseparable. Export controls, distillation attacks, and China's blocking of foreign acquisitions mean that AI regulation is now as much about great-power competition as it is about consumer protection or safety.
