|
UK
|
AI Security Institute
renamed from AI Safety Institute, Feb 2025
|
Department for Science, Innovation and Technology (DSIT)
|
Pro-Innovation AI Framework
Proposed Frontier AI Bill
Decentralised regulator model
|
ADVISORY — no statutory powers yet
Voluntary engagement with evaluation programme. Pre-deployment testing is optional. Proposed Frontier AI Bill (expected 2026) would grant statutory pre-deployment testing powers for the most capable systems. Existing sector regulators (FCA, Ofcom, CMA, ICO) apply their own AI-specific guidance under a principles-based cross-sector framework
|
Frontier and foundation models with national security implications. Focus narrowed in 2025 from broad AI safety to security-specific risks (weapons development, CBRN, catastrophic risk). Broader AI market governed by existing sector regulators
|
|
US
|
Center for AI Standards and Innovation (CAISI)
renamed from AI Safety Institute, June 2025
|
NIST, Department of Commerce
|
AI Risk Management Framework
Voluntary industry agreements
NIST AI 100 series guidance
|
ADVISORY — voluntary standards only
No direct enforcement or fining powers. Publishes voluntary frameworks and guidelines. Establishes voluntary agreements with AI developers. However, NIST standards increasingly become de facto mandatory through federal procurement requirements, sector regulator adoption, and use as evidence of standard of care in litigation. DOJ AI Litigation Task Force references NIST guidance
|
Commercial AI systems broadly, with focus on cybersecurity and biosecurity evaluation of frontier models. Industry-facing: primary government point of contact for AI developers. Unclassified evaluations of national security AI capabilities coordinated with Bureau of Industry and Security
|
|
EU
|
European AI Office
founded May 2024, 125+ staff
|
European Commission (DG CONNECT)
|
EU AI Act (Regulation 2024/1689)
GPAI codes of practice
Digital Simplification Package
|
REGULATORY — binding enforcement from Aug 2026
Full enforcement powers activate 2 August 2026: can request documentation, conduct model evaluations, order compliance measures, request market restriction/recall. Fines up to 3% global annual turnover or €15 million. GPAI obligations already in force since Aug 2025. Proposed expansion to oversee all AI systems built on GPAI models. National market surveillance via member state authorities
|
All general-purpose AI (GPAI) model providers operating in the EU. Risk-tiered: prohibited practices, high-risk systems, limited-risk transparency obligations, minimal-risk. Extraterritorial reach — applies to any provider placing AI on the EU market regardless of where they are headquartered. Existing GPAI providers must comply by Aug 2027
|
|
France
|
INESIA
created Jan 2025, federates Inria, ANSSI, LNE, PEReN
|
Joint leadership: SGDSN (defence/security) + DGE (enterprise)
|
EU AI Act (national implementation)
INESIA 2026–2027 Roadmap
French sovereign AI strategy
|
ADVISORY — coordination body, not a regulator
No independent enforcement powers. Coordinates existing agencies (ANSSI for cyber, Inria for research, LNE for metrology, PEReN for digital regulation expertise). Not a new legal entity — operates without a new legal structure. Feeds technical assessments into national AI Act implementation. ANSSI retains its own statutory cybersecurity enforcement powers separately
|
Systemic risks from advanced AI models, AI cybersecurity certification, synthetic content detection, AI performance and reliability evaluation. National scope with international network participation. Supports EU AI Act compliance at the French national level
|
|
Germany
|
BSI + DFKI
|
Federal Ministry of the Interior (BSI); public-private partnership (DFKI)
|
EU AI Act (national implementation)
German AI Draft Bill (Feb 2026)
BSI AI Cloud Compliance Catalogue
|
MIXED — BSI has cybersecurity powers; DFKI is advisory
BSI has statutory cybersecurity authority. DFKI is a research body with no enforcement powers. Under the German AI Draft Bill (Feb 2026), Bundesnetzagentur (BNetzA) is designated as the primary market surveillance and notifying authority for EU AI Act enforcement, not BSI. BSI advises on AI security; BNetzA enforces compliance
|
BSI: AI system cybersecurity, secure development guidelines, cloud AI compliance. DFKI: applied industrial AI research across healthcare, manufacturing, autonomous systems. EU AI Act market surveillance via BNetzA covers all high-risk AI systems placed on the German market
|
|
Japan
|
Japan AI Safety Institute (J-AISI)
founded Feb 2024, expanding to ~200 staff
|
METI / IPA; AI Strategic Headquarters under the Prime Minister
|
AI Promotion Act (Sept 2025)
AI Basic Plan (Dec 2025)
Hiroshima AI Process outcomes
|
ADVISORY — no fines or approvals
Not a regulator. Provides evaluation, guidance and best-practice development. The AI Promotion Act has no monetary penalties — authorities may issue advice, request information, or publicly disclose non-compliance (“name and shame”). Promotion-first approach with light-touch regulatory oversight
|
Generative and foundational AI models. Technical safety assessments of frontier systems. Misinformation countermeasures. Strong international cooperation mandate (Hiroshima AI Process). Not sector-specific — covers AI broadly with emphasis on most capable models
|
|
S. Korea
|
Korea AI Safety Institute
|
Ministry of Science and ICT (MSIT)
|
AI Basic Act (Jan 2026)
AI Safety Consortium
|
STATUTORY BASIS — but enforcement delayed
Article 29 of the AI Basic Act provides legal basis for AISI. Act permits fines after investigation and corrective orders for high-risk/generative AI providers, but government has delayed fine enforcement by at least one year. Administrative fines capped at ~KRW 30M (~USD 21,000). “Promotion over regulation” stance. CBRN-E dual-use task force has security mandate
|
High-risk AI in ten designated sectors (energy, water, healthcare, transport, etc.) with significant impact on life, safety, or fundamental rights. Generative AI providers face separate obligations. AI Safety Consortium of 25 institutions across industry and academia. CBRN-E dual-use risk assessment
|
|
Canada
|
Canadian AI Safety Institute (CAISI)
founded Nov 2024
|
ISED; research via CIFAR + NRC
|
Pan-Canadian AI Strategy
AIDA (died on order paper Jan 2025)
AI Safety Catalyst Grants
|
ADVISORY — research and coordination only
No enforcement powers. Complements but does not replace regulatory instruments. AIDA (proposed AI legislation) died on the order paper in Jan 2025 under new government — no standalone AI law in force. CAISI positioned as technical testing body that would support any future legislation. Existing privacy and sector laws apply
|
Advanced AI systems broadly. Two research streams: CIFAR-led investigator research (interpretability, robustness, misuse) and NRC government-directed projects. Funds applied safety research through Catalyst Grants. No sector-specific limitation
|
|
Singapore
|
AI Safety Institute (IMDA) + AI Verify Foundation
|
IMDA + PDPC
|
Model AI Governance Frameworks (Gen AI + Agentic AI)
PDPA (data protection)
Global AI Assurance Pilot
|
VOLUNTARY — frameworks, not legislation
No AI-specific legislation. Governance frameworks are formally non-binding and voluntary. However, they function as de facto benchmarks in procurement and contracting. PDPA (data protection) provides the primary binding legal obligation where personal data is involved. Organisations remain legally accountable for their AI agents’ actions under existing law
|
All AI systems broadly (sector-agnostic frameworks). Specific focus on generative AI and agentic AI governance. Pre-deployment testing for high-impact GenAI applications. International norms-building through Global AI Assurance Pilot. Singapore Consensus on global AI safety research priorities
|
|
India
|
IndiaAI Safety Institute
announced Jan 2025, hub-and-spoke model
|
MeitY / IndiaAI Mission
|
IndiaAI Governance Guidelines (Nov 2025)
IndiaAI Mission (Safe & Trusted Pillar)
IT Act (existing)
|
ADVISORY — capacity-building, no enforcement
No standalone AI legislation. AI Governance Guidelines (Nov 2025) are non-binding. AISI is envisioned as advisory and capacity-building body, not regulatory. Supports existing regulatory frameworks through research and testing guidance. Hub-and-spoke model with academic and industry partner institutions. No fines or compliance powers
|
India-specific: AI systems contextualised to Indian social, economic, cultural and linguistic diversity. High-risk AI system audits for bias and security. Indigenous R&D using Indian-language datasets. Coordinates across regulators via hub-and-spoke. Represents India in international forums
|
|
Australia
|
Australian AI Safety Institute
announced Nov 2025, $29.9M, operational early 2026
|
Department of Industry, Science and Resources
|
National AI Plan (Dec 2025)
Voluntary AI Safety Standard
Existing laws (Privacy Act, Competition & Consumer Act)
|
ADVISORY — guidance and testing only
No enforcement powers. Provides independent technical analysis, monitoring and safety testing. Advises ministers and existing sector regulators. No standalone AI Act — government relies on existing laws and voluntary guidance. Pre-deployment testing of advanced models is advisory, not mandatory. Complements rather than replaces existing legal frameworks
|
Advanced AI models before they enter the Australian market (pre-deployment testing focus). Downstream harm analysis of deployed systems. Identifying regulatory gaps where existing laws don’t cover AI-specific risks. International collaboration through AI Safety Institutes network
|
API Crazy 