Document library: the primary materials
The annotated register of the documents AI regulation actually rests on: legislation, guidelines, supervisory reports, treaties and standards. Every reference names the issuer, the date and what to use the document for. Official sources only.
EU legislation
Digital Omnibus AI — European Parliament adoption (press release)
Plenary adopted the text 423-57-174 (16-6-2026): high-risk delay, nudifier/CSAM ban; Council adoption still required.
AI Act — Regulation (EU) 2024/1689
The authentic text; Article 113 holds the application dates. Use the consolidated version once the Digital Omnibus is incorporated.
DORA — Regulation (EU) 2022/2554
Digital operational resilience for the financial sector; applicable since 17 January 2025.
GDPR — Regulation (EU) 2016/679
The data protection framework that almost every AI application aimed at individuals intersects with.
Guidelines and instruments — Commission / AI Office
Code of Practice on marking AI-generated content
Final code (10-06-2026) under Article 50: marking by providers, deepfake labelling by deployers. Voluntary.
Draft guidelines on the classification of high-risk AI systems (Article 6)
Three documents (general principles, Annex I, Annex III) with practical examples; non-binding. Consultation extended to 23 July 2026.
Template for the public summary of GPAI training content
Mandatory format for model providers to publicly summarise their training data. Published 24 July 2025.
General-Purpose AI Code of Practice
Voluntary route to GPAI compliance; signatories get a simplified supervisory path. Published 10 July 2025.
AI literacy questions and answers (Article 4)
The Commission's reading of the open norm in Article 4, with the living repository of practices.
Guidelines on the definition of an AI system (Article 3)
The seven elements of the AI system definition, with practical examples. Adopted 6 February 2025.
Guidelines on prohibited AI practices (Article 5)
How the Commission reads the prohibitions: manipulation, social scoring, biometrics. Adopted 4 February 2025.
Supervision — EU and the Netherlands
Dutch government step on supervision and the AI Act implementation act
Designation of the Dutch supervisors; the draft implementation act was open for consultation until 1 June 2026.
AI & Algorithmic Risks Report Netherlands (RAN), sixth edition
The AP's semi-annual risk picture (March 2026): recruitment, transparency, lagging AI Act preparation.
Joint Opinion 1/2026 on the Digital Omnibus on AI
Joint EDPB-EDPS opinion (21 Jan 2026): backs streamlining but urges keeping high-risk registration and DPA oversight in regulatory sandboxes.
Supervisory Priorities 2026-2028
AI sits under Priority 2 (operational resilience/ICT), technology-neutral; a more targeted approach to generative AI, with workshops and data collections.
Design of Dutch AI supervision (AP/RDI)
Key role for the AP and RDI in AI Act market surveillance; ten designated supervisors.
EDPB Opinion 28/2024 on AI models and the GDPR
When is a model anonymous, and on what legal basis may you train? Available via the EDPB documents register.
International
AI Transparency Act (SB 942, as amended by AB 853)
Operative 2 Aug 2026: large generative-AI providers must offer a free detection tool plus latent/manifest provenance disclosure; platforms from 2027.
Establishment of the Federal Authority for AI and Data (UAE)
Single national body for data, AI and digital government; reports to the Cabinet; merges the AI Office, a TDRA sector and the Emirates Data Office.
Sound Practices for Responsible Adoption of AI — FSB consultation
Consultation report with 12 voluntary sound practices for financial institutions; not a standard. Comments due 22 July 2026.
G7 Hiroshima AI Process — Reporting Framework 2.0
Voluntary reporting framework for the G7 Code of Conduct; version 2.0 splits questions by role and addresses agentic AI.
Supervisory Toolkit for AI Use in Capital Markets (FR/02/2026)
Non-binding supervisory toolkit for securities regulators: governance, third-party risk, disclosure and recordkeeping; covers GenAI and agentic AI.
Colorado SB26-189 (Automated Decision-Making Technology)
Signed 14 May 2026; repeals the Colorado AI Act (SB24-205), replacing risk management with transparency and disclosure duties; effective 1 Jan 2027.
UK — King's Speech 2026 background briefing notes (Regulating for Growth Bill)
Announces the Regulating for Growth Bill: sandbox powers, a strengthened growth duty and 'cross-cutting AI sandboxes' rather than a frontier statute.
UK — Regulations on a statutory ICO code on AI and automated decision-making 2026
In force 12 May 2026; requires the ICO to prepare a statutory code on AI and automated decision-making, including children's data.
New York RAISE Act (S6953B)
Finalised 27 Mar 2026, effective 1 Jan 2027; second US state with a frontier-safety law (>10^26 ops), safety protocol, 72-hour incident reporting.
National Policy Framework for Artificial Intelligence (legislative recommendations)
Non-binding federal recommendations (20 Mar 2026); section VII urges preemption of state AI laws that impose undue burdens.
AI Risk Management Operationalisation Handbook — MAS/Project MindForge
Practical four-section handbook for AI risk management in the financial sector; co-developed with industry under Project MindForge. Covers agentic AI.
Consent to conclusion of Council of Europe AI Framework Convention (CETS 225)
EP consent to the EU's conclusion of the AI Framework Convention (CETS 225); paved the way for the EU's ratification on 15 May 2026.
HUDERIA Model (COBRA) — AI risk and impact assessment
Non-binding method for the risk and impact assessment under the Framework Convention on AI; COBRA model approved by the Committee of Ministers on 25 Feb 2026.
India AI Governance Guidelines
Principle-based framework (seven sutras); no new AI statute, existing law carries most risks; new AI institutions.
OECD Due Diligence Guidance for Responsible AI
Voluntary six-step framework translating the AI Principles and MNE Guidelines into due diligence across the AI value chain.
Artificial Intelligence Basic Act
20-article AI framework law, in force 14 January 2026; sets seven principles and tasks the government (NSTC/MODA) with risk classification and data governance.
CCPA regulations on ADMT, risk assessments and cybersecurity audits
Binding California privacy rules, effective 1 Jan 2026: defines ADMT (§ 7001), opt-out/access for significant decisions (from 1 Jan 2027).
Vietnam Law on Artificial Intelligence (134/2025/QH15)
Passed 10 Dec 2025, in force 1 Mar 2026; Southeast Asia's first standalone horizontal AI law, risk-based (3 tiers, Art. 9).
Amended Cybersecurity Law of China (AI provision, Article 20)
Adopted 28 Oct 2025, in force 1 Jan 2026; Article 20 lifts AI into primary legislation (promotional, no penalty of its own). Official text via NPC Observer.
California SB 53 — Transparency in Frontier Artificial Intelligence Act
First US transparency law for frontier models (>10^26 ops), in force 1 Jan 2026: safety framework, incident reporting, up to $1M penalty.
UN resolution A/RES/79/325 — Scientific Panel and Global Dialogue on AI
Establishes the Independent International Scientific Panel (40 members) and the Global Dialogue on AI Governance; first session Geneva 6–7 July 2026.
Norway — KI-loven AI bill (consultation)
In consultation since 30 Jun 2025; incorporates the EU AI Regulation via the EEA Agreement; entry into force targeted for late summer 2026.
UK — Data (Use and Access) Act 2025 (c.18)
S.80 replaces UK GDPR Article 22 with Articles 22A–22D (solely-automated decisions allowed under safeguards); ss.92–93 ground the AI/ADM code.
Framework Convention on AI, human rights, democracy and the rule of law (CETS 225)
The first binding international AI treaty; ratified by the EU on 15 May 2026.
OECD AI Principles (revised 2024)
The common language of nearly all AI frameworks; the AI Act borrows its definition from them.
NIST AI Risk Management Framework 1.0 (+ Generative AI Profile)
The de facto standard for AI risk management in the US; govern, map, measure, manage.
Standards
NIST Control Overlays for Securing AI Systems (COSAiS)
NIST project tailoring SP 800-53 controls into overlays for AI: generative, predictive and agentic systems. First discussion draft 8 Jan 2026.
CEN-CENELEC JTC 21 — accelerating harmonised AI standards
Harmonised standards under request M/593 (presumption of conformity, Art. 40); emergency measures target Q4 2026 delivery.
Work programme for harmonised standards under the AI Act
The standards that will grant a presumption of conformity; usable once their references appear in the Official Journal.
ISO/IEC 42001:2023 — AI management systems (AIMS)
The first certifiable AI management system standard; extended by 42005:2025 (impact assessment) and 42006:2025 (audit requirements).