Learn AI Safety, Ethics & Society Who Governs AI? Regulation, Accountability, and the Policy Race

Who Governs AI? Regulation, Accountability, and the Policy Race

Intermediate 🕐 14 min Lesson 7 of 8
What you'll learn
  • Understand why governments around the world are stepping in to regulate AI development
  • Learn the key features of the EU AI Act and why its reach extends beyond Europe
  • Recognize how US regulators are applying existing laws to AI-driven decisions
  • Understand how legal liability works when AI causes harm to individuals
  • Know your rights as an everyday AI user under current and emerging regulations

Why AI Needs Rules

Powerful tools need oversight. Cars require licenses, seatbelts, and traffic laws — not because driving is inherently dangerous, but because the consequences of getting it wrong affect everyone, not just the driver. AI is no different.

AI systems are already making decisions that affect whether you get a loan, whether your job application advances, whether a medical scan flags a concern. When technology shapes life outcomes at this scale, governments have a responsibility to set the rules of the road — and they are increasingly doing exactly that.

The EU AI Act: The World's First Major AI Law

The EU AI Act entered into force in August 2024 and became fully applicable in August 2026. It's the world's most comprehensive AI regulation, and because the EU is one of the world's largest markets, it affects companies everywhere — not just in Europe.

The Act takes a risk-based approach, placing different requirements on AI systems depending on how much harm they could cause:

  • Unacceptable risk — banned outright. This includes AI that manipulates behavior in harmful ways, real-time public facial recognition systems, and social scoring systems used for surveillance.
  • High risk — strictly regulated. AI used in hiring decisions, credit scoring, healthcare, education, and law enforcement must meet requirements for transparency, human oversight, and regular auditing.
  • Limited risk — disclosure required. Chatbots and AI-generated content must be clearly labeled so people know they're interacting with AI.
  • Minimal risk — no restrictions. Most everyday AI tools — writing assistants, recommendation engines, spam filters — fall here.

Companies that violate the Act face fines of up to €35 million or 7% of global annual turnover — whichever is higher. These are not symbolic penalties.

What's Happening in the US and Beyond

The United States has taken a different approach. Rather than one sweeping law, the US has applied existing agencies to AI contexts. The FTC, the EEOC, and state civil rights departments have all made clear: if an AI makes a discriminatory hiring or lending decision, that's still illegal under civil rights law, regardless of whether a human or an algorithm made the call.

The Algorithmic Accountability Act has been introduced in Congress to require impact assessments for AI used in consequential decisions — housing, employment, and education. At the same time, the National Institute of Standards and Technology has formalized pre-deployment safety testing agreements with major AI labs including Anthropic, OpenAI, Google DeepMind, and Microsoft.

Globally, other countries are building their own frameworks. China has regulations covering recommendation algorithms and generative AI content. The UK is taking a principles-based approach coordinated across existing regulators. AI governance is a genuinely global effort now, not a single jurisdiction's concern.

When AI Causes Harm — Who's Responsible?

This is one of the most actively debated questions in AI law, and the emerging consensus is becoming clearer: responsibility primarily falls on the deployer — the company or individual who chooses to use an AI tool in a specific context — more than on the company that originally built the model.

If a business uses AI to screen job applicants and that system discriminates, the business is liable. If a healthcare provider uses an AI diagnostic tool incorrectly, the provider bears responsibility. The builder of the underlying model may also share responsibility depending on how the harm occurred and what safeguards were provided.

The practical takeaway for anyone using AI professionally: "the AI did it" is not a legal defense. The human who deployed the tool and made the decision remains accountable.

What This Means for You

As an everyday user of AI tools, regulation creates real protections you can rely on:

  • AI used in high-stakes decisions about you — credit, employment, housing — must be explainable and auditable under EU law
  • Chatbots must identify themselves as AI. You have the right to know you're not talking to a human.
  • Discriminatory AI decisions in employment, housing, and credit are already illegal in the US under existing civil rights law
  • Deepfakes and AI-generated content must be labeled in many jurisdictions, protecting you from synthetic misinformation
Regulation isn't about slowing AI down. It's about making sure the benefits are shared, the harms are minimized, and someone is accountable when things go wrong.
Key takeaways
  • The EU AI Act is the world's most comprehensive AI law — fully in effect August 2026 with significant fines for violations
  • The Act uses a risk-based approach: the higher the stakes of the AI decision, the stricter the rules
  • In the US, existing civil rights and consumer protection laws already apply to AI-driven decisions in employment, housing, and credit
  • When AI causes harm, responsibility typically falls on the company or person who deployed the tool — not just the company that built it
  • Regulation creates real user protections: the right to know you're talking to AI, explainability requirements, and anti-discrimination rules