As generative AI becomes embedded in daily life—from content creation to decision support—regulatory and governance frameworks have become essential to ensure its safe, fair, and transparent use. Without oversight, AI systems risk amplifying harm, escaping accountability, and undermining public trust. This chapter explores global efforts to regulate generative AI and set standards for responsible deployment.

Government Regulation

Governments around the world are recognizing that the transformative power of generative AI comes with significant risks—ranging from misinformation and deepfakes to labor displacement and legal ambiguity. As a result, several regulatory approaches have emerged.

European Union – EU AI Act

The EU AI Act is the first comprehensive legislative framework for AI in the world. It classifies AI systems by risk level, ranging from minimal to unacceptable, and places generative models like GPT and Stable Diffusion in the “high-risk” category.

Key obligations include:

• Transparency requirements: developers must clearly disclose that content was generated by AI (for example, through watermarks or metadata).
• Documentation and risk management: developers must provide technical documentation outlining training data, potential risks, and mitigation strategies.
• Limitations on use: certain applications, such as real-time biometric surveillance, are banned outright or strictly regulated.

GDPR Connection: Data Protection and Privacy

The General Data Protection Regulation (GDPR) is a cornerstone of EU digital policy and closely aligns with the AI Act. While the AI Act governs how AI systems are designed and deployed, GDPR regulates the handling of personal data used in their training and operation. Together, they form a dual compliance framework for AI developers.

Key overlaps and principles include:

• Lawfulness, fairness, and transparency: Any processing of personal data for AI training must have a clear legal basis and be communicated transparently to users.
• Data minimization and purpose limitation: Only data strictly necessary for the AI's function can be used; repurposing personal data for unrelated model training is restricted.
• Rights of data subjects: Individuals retain rights to access, rectify, or delete personal data used in AI systems, and to object to automated decision-making (the "right to explanation").
• Accountability and security: Developers must implement appropriate safeguards such as anonymization, pseudonymization, and data protection impact assessments (DPIAs) to mitigate privacy risks.

Together, the EU AI Act and GDPR establish the European Union's two-pillar approach: ensuring AI innovation while preserving human rights, privacy, and trust.

United States – Sector-Specific and State-Level Initiatives

The U.S. has yet to adopt a unified federal AI law. However, various state-level laws and federal executive actions have emerged:

• California’s AB 730 prohibits the use of deepfakes in political advertising during election periods;
• Executive Order on AI (2023) calls for federal agencies to develop safety standards, support watermarking, and fund research into AI risk mitigation.

China – Mandatory Disclosure and Content Review

China has adopted strict rules requiring:

• Real-name authentication for users interacting with AI-generated content;
• Watermarking of synthetic media and human moderation of content involving politically sensitive subjects;
• Algorithm registration: developers must register and disclose intent and capabilities for any model deployed publicly.

Other Countries

• Canada: proposed the Artificial Intelligence and Data Act (AIDA) to regulate high-impact AI systems;
• UK: the government supports a “pro-innovation” regulatory approach with voluntary guidelines but no strict legislation yet;
• Brazil and India: debating frameworks that blend consumer protection with incentives for innovation.

Voluntary Frameworks and Industry Initiatives

While regulation lags behind technological advances, industry players and international organizations have stepped in to establish ethical norms and best practices.

International Standards and Ethics Guidelines

• OECD AI Principles: adopted by over 40 countries, these principles promote AI that is inclusive, transparent, and accountable;
• UNESCO’s AI Ethics Framework: encourages human rights-based governance, including environmental sustainability and cultural diversity;
• IEEE’s Ethically Aligned Design: offers a technical guide for developing AI that respects privacy, fairness, and autonomy.

Industry-Led Consortia

Companies are increasingly recognizing the need for self-regulation to maintain public trust and avoid more restrictive government intervention.

• Partnership on AI: founded by OpenAI, Google, Microsoft, and others, it supports research on fairness, interpretability, and social impact;

• Frontier Model Forum: a collaboration between OpenAI, Anthropic, Google DeepMind, and Cohere to promote:

  • Responsible model scaling;
  • External safety audits;
  • Best practices for high-stakes deployments;
  • Sharing of technical and safety documentation.

• MLCommons and BigScience: open-source research communities working on transparency benchmarks and open model evaluations.

Future Outlook: What’s Coming Next?

The governance of generative AI is still in its early stages, and several key trends are shaping its future:

• Model transparency: policies are likely to require developers to disclose how AI-generated content is created, and whether users are interacting with an AI system;
• Synthetic content labeling: watermarking and invisible signatures may become mandatory for AI-generated images, videos, and text;
• Audits and risk evaluations: independent audits of generative models will be critical, particularly for frontier models with emergent capabilities;
• Global coordination: as models become more powerful, there's growing recognition that global agreements—similar to climate or nuclear accords—may be necessary;
• Model registries: Countries may require developers to register large-scale AI models along with safety evaluations and intended use cases.