AI agent regulation is moving across multiple jurisdictions on different timelines. The EU has proposed a delay; most other regimes have not. The European Commission's Digital Omnibus would push the high-risk obligations in Annex III from August 2026 to December 2027 if adopted. What the Omnibus does not touch: the prohibitions in Article 5, the transparency obligations in Article 50, and the GPAI obligations in Articles 53 and 55 remain on the original schedule. Outside the EU, the Colorado AI Act, the Korean AI Basic Act, Japan's AI Promotion Act, Singapore's AI Verify framework, and China's CAC measures are all advancing on their own timelines, unchanged. An organisation deploying agents across borders in 2026 is not waiting for clarity. It is accruing obligations under multiple regimes simultaneously. This publication tracks each one, in its own terms, and in relation to the others. For a full breakdown of the Omnibus, see the Omnibus Master Brief on agentliability.eu.
Filter, sort, and search AI regulation across the EU, US states, UK, Singapore, Korea, China, Council of Europe, and more. Activation dates, penalty exposure, and extraterritorial reach in one interactive table.
The fragmentation is not only geographic. It is temporal. Each jurisdiction activates on its own schedule, and the duties accrue even when enforcement is delayed. The EU Digital Omnibus may shift the high-risk activation date; what stays fixed on 2 August 2026 is unchanged. The below is not exhaustive. It is the subset that binds cross-border agent deployers first.
First comprehensive US state AI statute creating a duty of care for developers and deployers of high-risk AI systems.
Council and Parliament meet in trilogue on the Digital Omnibus, which proposes to move the Annex III high-risk activation to 2 December 2027. Article 5, Article 50, and GPAI obligations are not on the table.
European supervisor publishes first positions on underwriting agentic AI. Read globally as reference for insurer exposure.
Prohibitions under Article 5 and transparency obligations under Article 50 enter application. GPAI obligations under Articles 53 and 55 also apply from this date. These are not affected by the Omnibus. The Annex III high-risk operator provisions under Article 26 may shift to 2 Dec 2027 if the Omnibus is formally adopted.
Enhanced testing toolkit and Model AI Governance Framework revisions for generative and agentic systems.
Record keeping, human oversight, and incident reporting under Article 26 must be operational and auditable. Date conditional on Omnibus adoption; original deadline is 9 December 2026 until the Omnibus is published in the Official Journal.
Long-form analysis of the statutes, frameworks, and standards shaping how the world will hold operators of autonomous AI agents accountable.
Turkey AI regulation 2026 for operators. KVKK data protection obligations for AI agents, the National AI Strategy, BDDK banking AI rules, and alignment with the EU AI Act.
When an AI agent fails, the business that deployed it usually pays, not the foundation model provider. This guide maps the multi-party liability chain (provider, fine-tuner, deployer, user), how the EU AI Act splits provider and deployer duties, and where courts are testing it.
The canonical map of AI regulation by jurisdiction. Every covered country, its posture, and operator obligations in one navigable hub. Updated June 2026.
What operators deploying AI in France must know in 2026. The CNIL and DGCCRF roles, France's decentralised national authority model, French civil liability under Articles 1240 and 1242 of the Code civil, and the insurance implications.
Germany has designated the Bundesnetzagentur as its market surveillance authority under the EU AI Act. This guide explains what that means for operators: KI-MIG, product liability interaction, and the insurance implications of deploying AI agents in Germany.
Israel has no comprehensive AI statute in 2026 but operates a substantive AI governance landscape through privacy law, sector regulators, and the national AI programme. A guide for operators.
Italy enacted Law No. 132/2025 in September 2025, the first national AI law in the EU. This guide covers what operators deploying AI in Italy must do under Law 132/2025, the EU AI Act, and the revised Product Liability Directive.
The Netherlands operates a decentralised AI supervision model under the EU AI Act. The Autoriteit Persoonsgegevens leads market surveillance. The RDI coordinates. About eight sectoral authorities cover specific domains. This guide explains what operators deploying AI agents in the Netherlands must do now.
Nigeria's National AI Strategy 2024, NITDA, and the NDPA 2023 shape a distinct operator landscape. A guide for companies deploying AI in Nigeria and serving EU users from Nigeria in 2026.
Spain was the first EU Member State to establish a dedicated AI supervisory agency (AESIA). This guide explains what AI operators and deployers in Spain must do now, who supervises them, and what the liability exposure looks like in 2026.
The United States has no federal AI Act. Operator liability flows from the FTC Act, state statutes led by Colorado SB 24-205, sector regulators, and common law. This guide sets out what a business deploying AI agents in the US must know.
A live status tracker of AI regulation worldwide for operators: EU AI Act deadlines and the Digital Omnibus delay, Colorado SB 205 repeal-and-replace, Texas TRAIGA, California SB 53, the Council of Europe Convention, ISO/IEC 42001, NIST AI RMF, and the AIUC-1 insurance standard. Verified 13 June 2026.
Saudi Arabia AI regulation 2026 for operators. SDAIA AI Ethics Principles 2.0, the four-tier risk model, PDPL, generative AI and deepfakes guidelines, and how Saudi obligations compare to the EU AI Act.
South Africa AI regulation 2026 for operators. POPIA enforcement, the national AI policy framework, SARB AI guidance, and how South African obligations compare to the EU AI Act.
Govern, map, measure, and manage. The four functions are a distillation of what it means to act reasonably when deploying AI that affects people and institutions.NIST Artificial Intelligence Risk Management Framework 1.0 · National Institute of Standards and Technology
Three structural features organise our coverage. First, AI agent liability is accruing before any single regime is mature. Operators deploying systems today face duties that will only be litigated later. The task is not to choose a legal standard. It is to reach the highest one that applies.
Second, the texts converge more than they diverge. Governance, risk management, transparency to affected parties, human oversight, logging, and incident response appear in almost every serious draft. A deployer that builds to the EU AI Act will be largely compliant with the Colorado AI Act, the Singapore Model Governance Framework, and the expectations of UK sectoral regulators. Frameworks differ at the edges, not the centre.
Third, the insurance market is following the regulation, not leading it. Specialty AI coverage exists. It is fragmented, expensive, and underwritten against the same operator duties the statutes describe. The rational posture is to harden the deployment and insure the residual.
The table below is a reduced view of ten jurisdictions and the instrument that carries the primary obligation for AI agent deployers. The column "standard" indicates whether the regime imposes a rule (statutory duty), a framework (voluntary but influential), or a sectoral approach (existing law applied by existing regulators).
| Jurisdiction | Primary Instrument | Standard | Activation |
|---|---|---|---|
| European Union | Regulation (EU) 2024/1689 · AI Act | Horizontal rule | 2 Aug 2026 (transparency + GPAI) · 2 Dec 2027 (high-risk, if Omnibus passes)* |
| United States · Colorado | SB 24-205 · Colorado AI Act | Statute | 1 February 2026 |
| United States · Federal | NIST AI RMF 1.0 · EO on AI | Framework | Continuous |
| United Kingdom | White Paper 2023 · Regulator guidance | Sectoral | Rolling |
| Singapore | Model AI Governance Framework · AI Verify | Framework | Continuous |
| Japan | AI Promotion Act 2024 · METI guidelines | Framework | 2025 rolling |
| Korea | AI Basic Act 2024 | Statute | January 2026 |
| Canada | AIDA (Bill C-27, reframed 2025) | Statute pending | Expected 2026-2027 |
| Brazil | PL 2338/2023 · Marco Legal da IA | Statute pending | Under deliberation |
| China | Interim Measures for Generative AI · CAC rules | Regulation | In force |
Read the full country-by-country review on the jurisdictions page. Each entry links to the primary instrument and the most recent guidance.
* The European Commission's Digital Omnibus proposes to move the Annex III high-risk obligations from 2 August 2026 to 2 December 2027. The Council and Parliament have converged on the new dates; trilogue is scheduled for 28 April 2026. Until formally adopted and published in the Official Journal, the original dates remain legally binding. Article 5 prohibitions, Article 50 transparency obligations, and GPAI obligations under Articles 53 and 55 are not affected. Full Omnibus analysis.
Agent Liability sits inside a network of five sister publications covering the regulatory, certification, and insurance dimensions of autonomous AI agent deployment. This is the global desk. Agent Liability EU carries the European regulatory analysis.
A published framework from Future Proof Intelligence for assessing autonomous AI agent deployments. Seven dimensions. Independent. Continuously maintained.
Read the framework