AI Compliance for Frontier Models

Frontier Models is addressed by 50 regulatory updates across 7 jurisdictions and 4 frameworks. This page tracks how regulators worldwide are approaching frontier models in the context of artificial intelligence.

Regulations

Jurisdictions

Frameworks

Framework Requirements for Frontier Models

EU AI Act NIST AI RMF ISO/IEC 42001GDPR

Regulations Covering Frontier Models

European Union(22)

EU AI Act2026-06-07

EU consults on future cloud and AI policies tied to AI Act implementation

The Commission’s cloud-and-AI policy consultation explicitly seeks input on AI Act implementation, so organisations should treat it as an active policy-development channel that may shape future operational obligations.

EU AI Act2026-06-07

EU AI Office advances GPAI code of practice and AI-generated content transparency work

The EU AI Office is actively operationalizing the AI Act through codes of practice and related guidance for general-purpose AI and AI-generated content, meaning providers should align now to avoid being behind the forthcoming compliance baseline.

EU AI Act2026-05-24

EU consultation on transparency obligations under the AI Act

The Commission has launched a consultation on AI Act transparency rules, signaling that providers should prepare for clearer obligations on informing users and marking synthetic content.

EU AI Act2026-05-24

EU AI Office finalizes General-Purpose AI Code of Practice

The Commission’s 2025 AI Act update makes the General-Purpose AI Code of Practice available as a voluntary compliance tool, meaning GPAI providers now have a concrete benchmark for transparency, copyright, and safety/security obligations.

EU AI Act2026-05-17

EU AI Office implementation guidance and content-labeling work advances

The EU AI Office says it is preparing implementation guidelines and a code of practice for AI-generated content labeling, so providers should expect near-term interpretive detail on transparency obligations.

International(10)

NIST AI RMF2026-05-31

NIST updated guidelines for managing misuse risk for dual-use foundation models

NIST’s second public draft on dual-use foundation-model misuse risk closed for comments on March 15, 2025, making it an important adjacent reference for foundation-model governance even though it is not the AI RMF itself.

NIST AI RMF2026-05-31

NIST AI RMF Generative AI Profile

NIST’s generative AI profile was updated on April 8, 2026, making it the current companion reference for organizations governing GenAI risk under the AI RMF.

NIST AI RMF2026-05-31

NIST AI Risk Management Framework hub and critical infrastructure profile concept note

NIST’s AI RMF hub now highlights a new April 7, 2026 concept note for a trustworthy AI profile in critical infrastructure, indicating the framework’s next expansion area for high-consequence sectors.

NIST AI RMF2026-04-26

NIST ITL AI Program

NIST’s ITL AI Program page consolidates ongoing AI work and related resources, so compliance teams should treat it as an informational watchlist rather than a standalone requirement.

NIST AI RMF2026-04-26

Generative AI profile under the AI RMF

NIST’s generative AI profile, published on July 26, 2024, gives organizations a formal AI RMF extension for GenAI deployments, so teams using generative systems should map controls and residual risks to this profile now.

US Federal(8)

NIST AI RMF2026-05-24

FTC AI enforcement hub

The FTC’s AI hub consolidates current enforcement materials and investigations, signaling that deceptive AI claims, model substantiation, and AI-related process inquiries remain active priority areas.

2026-05-17

Bill C-27 / AIDA remains proposed in Canada

Canada’s Artificial Intelligence and Data Act remains proposed legislation within Bill C-27 and has not become law, so teams should treat it as a live monitoring item rather than an immediate compliance deadline.

NIST AI RMF2026-04-16

Updated guidelines for managing misuse risk for dual-use foundation models

NIST released the second public draft of AI 800-1 on 2025-01-15, expanding guidance on dual-use foundation-model misuse risk, including evaluations, open models, cyber and bio risks, and supply-chain controls.

NIST AI RMF2026-04-16

NIST AI RMF Generative Artificial Intelligence Profile

NIST’s Generative AI Profile remains an active AI RMF companion profile and should be used now to align controls for GenAI-specific risks such as misuse, hallucination, and lifecycle governance.

NIST AI RMF2026-04-16

NIST AI RMF critical infrastructure profile concept note released

NIST’s AI RMF hub says it released a concept note on 2026-04-07 for a Trustworthy AI in Critical Infrastructure profile, signaling forthcoming guidance that critical-infrastructure operators should prepare to map against now.

United Kingdom(4)

2026-05-31

FCA, Bank of England and Treasury joint statement on frontier AI models and cyber resilience

The FCA, Bank of England, and HM Treasury said firms must be able to identify, monitor, and manage external AI-related applications, libraries, and services integrated into their networks, raising the bar for cyber and third-party resilience.

2026-05-31

FCA Mills Review on how AI will reshape retail financial services

The FCA launched a review of advanced AI’s impact on retail financial services, with feedback due 24 February 2026 and recommendations expected for the FCA Board in summer 2026.

2026-05-17

FCA, Bank of England and Treasury issue frontier AI cyber resilience statement

UK authorities issued a joint statement on frontier AI model cyber resilience, so regulated firms and FMIs should now align AI governance with existing operational resilience and cyber controls.

GDPR2026-04-13

ICO Opens Investigation into Grok

The ICO opened formal investigations into X Internet Unlimited Company and X.AI LLC over Grok’s processing of personal data and potential harmful outputs, putting UK lawfulness, fairness, transparency, and safeguards under immediate scrutiny.

Singapore(3)

2026-05-10

Singapore Model AI Governance Framework for Agentic AI

Singapore released a Model AI Governance Framework for Agentic AI on January 22, 2026, adding practical controls for bounded autonomy, human checkpoints, technical safeguards, and transparency that organizations should adopt before expanding agentic deployments.

ISO/IEC 420012026-04-15

Singapore Model AI Governance Framework for Agentic AI

Singapore’s January 22, 2026 agentic-AI framework extends the Model AI Governance Framework to autonomous systems, so organizations deploying agentic AI should update accountability and control design now.

2026-04-13

Singapore Launches Model AI Governance Framework for Agentic AI

Singapore’s new Model AI Governance Framework for Agentic AI expands practical governance guidance for autonomous systems, so organizations using agentic AI should update controls now.

California(2)

2026-05-10

CA SB1011: Energy: Utility Infrastructure AI Safety, Oversight, and Workforce Protection Act

California SB1011 was set for hearing on May 14, 2026, putting AI safety and oversight obligations for utility infrastructure uses under active legislative review and warranting immediate stakeholder monitoring.

2026-04-26

California AB 2169: Social media platforms: artificial intelligence models

California AB 2169 was read a second time and amended on April 23, 2026, signaling continued legislative attention to AI models on social media platforms and the need to track platform-specific obligations.

Australia(1)

2026-04-10

eSafety issues advisory warning on unrestricted AI chatbots and child development

On 2025-02-18, eSafety issued an advisory warning that unrestricted AI chatbots are exposing children to sex, drug-taking, self-harm, suicide, and eating-disorder content, signaling immediate Safety by Design expectations for providers of AI companion products.

Weekly digest — coming soon

Leave your email to get the first issue when it ships. Free, no account required.

We use your email only for the digest. Privacy policy