Abstract
The regulation of artificial intelligence (AI) is a prominent issue in both the European Union (EU) and the United States of America, but with distinct approaches to the governance of this rapidly evolving field. The EU has developed a comprehensive regulatory framework, notably through its 2024 AI Act. Meanwhile, the United States has gradually developed a piecemeal and voluntary federal approach, often driven by principles of self-regulation and sector-specific non-binding guidelines. But, state-by-state, the United States has shown intense regulatory activity of a binding nature. We approach this variation by mobilizing the concepts of policy style and regulatory style. We find that the EU seeks to anticipate the evolution of AI risks and impose a comprehensive architecture of rules in ways that make adaptive regulation hard to develop. However, there are issues with the enforceability of the AI Act and its capacity to protect human rights and public values. The United States intervenes legislatively when specific risks are clearly present, or sector-by-sector. Overall, this approach is more stringent in practice, as it is more enforceable than the EU AI Act, also in relation to the public interest. The state-by-state and sector-by-sector evolution of rules provides more space for learning from experience, imitation, and diffusion, in line with the features of laboratory federalism. By contrast, the EU space for learning in adaptive ways is more limited.
Keywords
Introduction
The regulation of artificial intelligence (AI) is a prominent issue in both the European Union (EU) and the United States of America. But their approaches to the design of a regulatory governance architecture of this rapidly evolving field differ. Indeed, the EU has adopted a comprehensive regulatory framework, notably through its 2024 AI Act, which classifies AI systems based on risk levels and establishes stringent standards for high-risk applications. Meanwhile, the United States has adopted a more fragmented and voluntary approach, with regulatory interventions concentrated at the state level (as opposed to federal regulation) and often driven by principles of self-regulation and sector-specific guidelines (Dylag, 2025). The question arises, why do these two architectures differ?
Science and Technology Studies (STS) and Critical Data Studies (CDS) (Iliadis and Russo, 2016; Paul, 2024) observe and explain the development and regulation of technologies, such as AI. STS scholars argue that AI regulation should not be treated as purely technical or neutral, because technologies like AI are shaped by social values, power structures, and political decision-making. This literature points to the exclusion of stakeholders other than large tech groups, which raises issues of bias, inequality, and accountability (Liebig et al., 2024; Mao et al., 2025; Zeng et al., 2026). Instead, AI systems simply reproduce existing social hierarchies. It also highlights that regulation is always a process of negotiation and framing—what gets defined as a “problem” in AI (e.g. safety vs. fairness) influences what policies are created and whose interests they serve.
As comparative public policy scholars, we contribute to this literature in a conceptual, empirical, and evaluative fashion. More precisely, in terms of research questions, we are conceptually and empirically concerned with why two regulatory approaches have appeared in policy processes, on what dimensions do they differ, and what these differences tell us about the scope and breadth of regulatory design. Consequently, our analysis focuses on the mechanisms and processes behind regulatory decisions and governance. Our approach builds on public policy analysis as well as the study of regulation. In our assessment, we build on the concept of regulatory styles and consider the role of subnational governments as well as the enforceability of AI regulation.
Our approach is also evaluative when it comes to judging the enforceability of AI regulations in the two systems. It allows us to appraise how the EU and the United States are responding today to the challenges of regulating AI and for what purposes—for the public interest, or for innovation, or to protect national champions.
To move on to our analytical tools, we draw on the concepts of policy style and styles of regulation. Since the foundational work carried out by Richardson (1982), the concept of policy style has been deployed to compare and explain cross-country variation. This concept has been recently re-appraised, extended, and confirmed in its analytical power (Graziano and Tosun, 2022; Howlett, 2018, 2022; Tosun and Howlett, 2022; Zahariadis et al., 2023). The concept of policy style tells us about important differences in how pressure groups are handled in policy-making and policy design (whether policy-makers seek their consensus or want to impose decisions) and whether policy design tries to anticipate the future or seeks to react to changes in the socio-economic environment. While the policy styles literature covers many types of public policy, it does not consider the variables that make regulation a specific type of policy, such as the types of rules (soft or hard), the dynamics of regulatory systems over time, and the interplay of rules across levels of governance (Maggetti, 2025).
Our second analytical tool is therefore grounded in the literature on regulation as a type of policy and as a distinctive form of governance. An important contribution of this literature is the concept of “regulation built to learn”—or “adaptive regulation” (Bennear and Wiener, 2019; Wiener, 2020). This concept stands in opposition to one-time decisions that define a stable regulatory posture, such as “permit-prohibit.” Regulatory stability is an asset because it produces predictability of rules, but it is not the best option in highly dynamic sectors. As Coglianese and Crum (2025) put it, regulatory “guardrails” protect the public against the dangers of unbridled AI, and yet, fixed, immovable, protective barriers to innovations and applications are unwise. Regulation can instead rely on “leashes” that are flexible and adaptable, so that regulators can adjust them as technology and its exploitation evolve over time. Consequently, we ask whether the two systems are engaged in the design of regulatory architectures that can learn.
We argue that the EU has opted for a design that has limited room for adaptive regulation. In its aspiration, the EU wants to be anticipatory and pro-active, although correctly predicting dangers and intervening ex-ante with guardrails across the many sectors in which AI is deployed is an extremely difficult task (Smuha and Yeung, 2025). The United States, we argue, is reactive in the sense of regulating with “guardrails” only when there is a clear danger, and in a given sector, not across all AI applications. Of course, this means not addressing AI harms until they are visible. Also, leashes are not perfect. They can accommodate collusion between decision-makers and AI companies. Nevertheless, the US state-by-state approach to AI regulation is more concrete, binding, and enforcement-oriented than the EU AI Act, particularly in areas such as deepfakes, election integrity, content labeling, and individual rights. Further, by relying on state rather than federal regulation, this approach is suitable for finding out whether some solutions implemented at the state level have potential for imitation and diffusion in other states. This is the essence of experimentalism or laboratory federalism (Tarr, 2001) and, as such, this approach provides room for adaptive regulation.
For CDS scholars, our “regulatory angle” provides a springboard to go further into the issue of protecting human rights and the analysis of power, that is, winners and losers of regulation. There are those who sit at the table of regulatory design and those who are silenced in practice, even if the EU official rhetoric describes the aspiration to regulate “for the public interest” (Züger and Asghari, 2024) and “the world we want” (Paul, 2024: 1066).
The organization of the article is as follows. A concise literature review leads us to demarcate our object of study empirically, that is, the different approaches to regulating AI in the EU and the United States. Then we turn to the question of why regulatory approaches differ by mobilizing our conceptual approach grounded in the literature on public policy and regulation. We then interpret these differences and come to a conclusion about the styles of the EU and the United States.
Literature review
Existing scholarship has not yet engaged in depth with the question of why regulatory differences across the Atlantic exist in the domain of AI. However, this does not mean that the topic of AI regulation is overlooked. Quite the opposite. The literature on AI governance and regulation is expansive, with a significant portion dedicated to algorithmic harms, particularly algorithmic profiling (Haug et al., 2026; Walter, 2024). Profiling influences decision-making across various domains, including surveillance, predictive policing, justice, digital monitoring, employment screening, insurance assessments, and facial recognition—each raising serious concerns about bias (e.g. Binns et al., 2018; Büchi et al., 2023; Jago et al., 2021; Lupton, 2020; Veale and Binns, 2017; Xenidis, 2020).
Researchers in different fields have examined the regulation of algorithms extensively (e.g. Coglianese and Lehr, 2019; Gritsenko and Wood, 2022). In an examination of the literature on governance architectures for AI, Büthe et al. (2022) identify the normative standards that AI governance should meet. A growing body of literature on the EU claims that decision-makers follow a rights-based approach (Chiappetta, 2023; Gstrein et al., 2024). AI governance in the EU is seen to be “human-centred,” aiming at safeguarding European values and fundamental rights and security, with Gstrein et al. (2024: 1) arguing that the 2024 AI Act “marks a significant shift from reactive to proactive AI governance.”
STS approaches have also examined AI regulation. In harkening back to CDS (Iliadis and Russo, 2016; Sum and Jessop, 2013), these researchers have assessed how discourse normalizes power hierarchies. Data structures are embedded within and shaped by broader social, cultural, and organizational systems. For example, Paul (2024) uses a cultural political economy framework to argue that despite its comprehensive appearance, the EU's risk-based approach to AI regulation is not a neutral, technical process. Instead, the “risk-based” approach to regulation is a strategic political tool, and less about problem-solving, which serves to enable the European Commission to foster a relatively liberal European AI ecosystem that is both competitive and seen as ethically sound. However, there are doubts as to whether the AI Act truly protects citizens. Micheli et al. (2022) argue that AI governance frameworks based on ethics guidelines and soft regulation fail to protect citizens because they rely heavily on voluntary compliance and technical fixes. Regulation is not neutral, indeed. It refracts power.
The perception of the EU's regulatory architectures being anchored to values has been heavily criticized. Whilst the EU AI Act presents itself as adopting a “value-based” approach, numerous scholars argue that this characterization is problematic and reflects more of the EU's self-portrayal than a substantive regulatory reality. Indeed, a growing body of academic literature challenges the framing of the Act as truly value-driven (Almada and Petit, 2023; Guijarro Santos, 2023; Ruschemeier and Bareis, 2024; Smuha et al., 2021; Veale and Zuiderveen Borgesius, 2021).
Critical scholars go further, characterizing the EU's rhetoric around “human-centered” and “trustworthy” AI as little more than an empty signifier (Stamboliev and Christiaens, 2024). The EU's value-driven discourse has been subject to criticism, particularly regarding its references to the EU Charter of Fundamental Rights. Critics argue that these references are predominantly limited to the non-binding preamble, with minimal substantive incorporation into the legally binding provisions of the legislation. This is most evident in the weak outline of the Fundamental Rights Impact Assessment (FRIA). FRIA, as mandated in Article 27 of the EU AI Act, adopts an ex-ante approach requiring assessments before the deployment of high-risk AI systems. The FRIA is iterative, intended to be updated throughout the AI lifecycle, ensuring ongoing scrutiny as systems evolve. It aims to assess the broader spectrum of fundamental rights, including equality, dignity, and freedom of expression, offering a more comprehensive evaluative framework.
However, as Mantelero (2024) explains, the AI Act lacks detailed guidance on how to conduct a FRIA, placing a heavy burden on providers and operators to self-regulate and leading to probable weak enforcement mechanisms may result in insufficient protection of fundamental rights in practice. The relatively narrow scope of the FRIA could also limit its effectiveness in addressing the full spectrum of high-risk AI use cases. CEN and CENELEC agreed on a Memorandum of Understanding with the EU Agency for Fundamental Rights in January 2026. The agreement is designed to integrate fundamental rights protections into the standard setting.
Turning to sector-level AI regulation, many authors have focused on sectoral regulation ranging from the need for specific approaches (Nitzberg and Zysman, 2022), such as finance (Remolina and Gurrea-Martinez, 2023), weapons (Hadfield and Leveringhaus, 2023), to employment (Petropoulos et al., 2019). Another body of literature focuses on US state-level regulation (DePaula et al., 2024; Horowitz and Kahn, 2021; Liebig et al., 2024; Parinandi et al., 2024).
Others have assessed agenda-setting, discourses, and narratives about AI policy (Djeffal et al., 2022; Guenduez and Mettler, 2023; Humeres et al., 2025; Lemke et al., 2024; Schiff and Schiff, 2023). For example, Guenduez and Mettler (2023) assess policy narratives in AI governance using the OECD AI Policy Observatory data on AI. Lemke et al. examine agenda-setting on national AI policy in Germany. Mao et al. (2025) show how tech groups use discourse on “socio-technical imagineries” to frame AI governance utilizing positive concepts such as “responsible AI” and “AI for Good” to retain market power crowding out regulatory alternatives more focused on the public interest. Similarly, Liebig et al. (2024), examine how AI policy is shaped by discourse surrounding innovation and industry, while downplaying societal impact.
Coming to the comparison of AI regulatory architectures, we find much less. Scholars have examined differences in AI regulation between the United States and China (e.g. Hine, 2024; Hine and Floridi, 2024), but we know less about the differences between the EU and the United States. One exception is the comparative study by Dylag, which examines AI regulation in Canada, the EU, and the United States. A limitation of this article is the limited importance given to regulation at the subnational level (2025).
Instead, we take seriously the subnational dimension as well as the role of regulatory styles. To embark on this analysis, let us first introduce the two systems in the next section, before we try to explain the different regulatory styles.
AI regulation in the EU and the United States
AI regulation in the EU
EU AI regulation hinges on the regulatory architecture designed for the Digital Single Market (Harcourt, 2023). This centrally coordinated approach is designed to promote the European model globally and European companies with it. The approach builds on existing regulation in a “bricolage” fashion that has been observed in other EU policy fields (Müller et al., 2024). The EU AI Act “… is stitched together from 1980s product safety regulation, fundamental rights protection, surveillance and consumer protection law” (Veale and Zuiderveen Borgesius, 2021: 112).
The final text of the AI Act was agreed upon in March 2024. It will take full effect on August 2, 2026. It categorizes AI systems into four risk levels: Unacceptable, High, Limited, and Minimal or No Risk. Systems deemed “unacceptable” are prohibited based on the violation of EU fundamental rights and values. These include biometric identification systems and social scoring based on behavior or personal traits. “High-risk” systems are those deemed to impact health, safety, or fundamental rights. They face stringent standards for accuracy, traceability, transparency, and human oversight. High-risk systems must undergo conformity assessments, post-monitoring, and acquire a CE mark. EU citizens can file complaints and request information on decisions impacting their rights. “Limited risk” systems are categorized as risks of impersonation, manipulation, or deception and carry information and transparency obligations. “Limited risk” systems must inform citizens about data usage, while “Minimal risk” systems are encouraged to follow self-regulatory codes of conduct (this is the category in which most AI applications will fall). Prohibitions of identified unacceptable AI systems began in 2025.
Although EU Member States supported the creation of an AI Act, large states such as France, Germany, and Italy lobbied to reduce the strictness of the Act, particularly to allow for the development of foundational models and general-purpose systems (Euractiv, 2024). An agreement over three categories took place under a highly politicized process between the Member States and the Commission. Accordingly, the Act also categorizes AI systems into the three categories: General Purpose AI, Foundation Models (a subset of General Purpose AI), and Generative AI. The latter, Generative AI, such as ChatGPT, is mandated to prevent the generation of illegal content. AI systems can change category as technology evolves. It was determined that the EU would establish a certification regime that would assign a category. The European AI Office, established in February 2024, oversees the implementation of the Act under which the bulk of the assignment work will be done by the European Artificial Intelligence Board (EAIB), which began operation in August 2024. The EAIB consists mainly of delegates from National Regulatory Authorities. The European Commission is, however, responsible for compiling a list of high-risk and non-high-risk use cases. Rules for general-purpose AI (GPAI) modules applied from August 2025. Rules for AI systems in regulated products will come into effect in August 2027.
The EU approach is rich in instrumentation: the AI Act is accompanied by an AI Innovation Package as well as the Coordinated Plan on AI. Both instruments aim at strengthening innovation. For example, the AI Innovation Package is designed to provide access to supercomputers for small and midsize enterprises (EC, 2024a). The Coordinated Plan on AI was set up in 2018 and renewed in 2021. Its objective was to increase investment in AI throughout the European economy. The 2024 Communication on fostering startups and innovation in trustworthy AI builds upon the 2018 and 2021 coordinated AI action plans. It marks a policy shift to support Generative AI, which is reflected in the AI Act. The Communication proposes financing a number of initiatives under GenAI4EU aimed at supporting European startups and small and medium-sized enterprises (SMEs) in developing trustworthy AI that complies with “to EU values and regulations, including respecting privacy and data protection rules” (EC, 2024b).
This is definitely a heavy architecture 1 —a cathedral rather than a church: we see this by adding the following complementary features. The AI Act is linked to a series of regulations aiming at exporting a European approach to governing digital markets, along with the Digital Market Act, the Digital Services Act, and the General Data Protection Regulation (Harcourt, 2023). This approach to market integration through regulatory public policy is driven by the big Member States of the EU.
For example, Germany aimed at transposing its strict data protection standards to EU regulations, whereas France and Germany seek to maintain digital sovereignty against the intrusion of Big Tech companies and foreign governments (Harcourt, 2023; Mao et al., 2025). The Commission is keen to promote European standardization organizations (ESOs), which may be called upon in the Act to ensure compliance (Cantero Gamito, 2024; Cantero Gamito and Marsden, 2024). The goal of the EU is to utilize its regional regulatory power to promote European standards on the international stage.
AI regulation in the United States
The US regulatory architecture is marked primarily by the principle of voluntary commitment from the main AI market operators and regulatory activity at the state level or sectoral level. By contrast, the federal level debates issues in Congress and elsewhere in Washington, but without making regulatory decisions, at least up until now. Also, historically, the vision emerged differently than in Europe. The discourse was not even concerned with regulation as the main issue, but rather with the promotion of AI innovations and their applications (Zeng et al., 2026).
The key to national AI policy is maintaining American leadership. Whilst Biden issued an interim final rule to regulate the diffusion of AI with some elements of risk regulation (Larsen and Küspert, 2024), the second Trump administration embraced the approach to strengthen US dominance more aggressively through industry-led growth supported by federal investment in infrastructure. This approach resulted in an attempt to ban states from issuing any AI-related regulations for 10 years, a proposal that was, however, defeated in the Senate (AP News, 2025).
At the federal level, up until now, Congress has not agreed on a national regulation. Various versions of the Algorithmic Accountability Act perished in the legislative process (Mökander et al., 2022). The approach by Congress targeted large companies, with the exclusion of financial institutions. Against this background, national policy has been historically driven by the White House and subordinated departments and agencies. AI federal policy is mainly shaped through Executive Orders (EOs), which have been limited in scope, applying only to federal agencies, and do not carry the force of binding legislation. Up until 2026, they have instructed federal departments and agencies only, and not state governments, private companies, or individuals. Unlike EU policies, they have not been top-down mandates and did not impose obligations on individual states in the same way EU regulations bind all 27 Member States. EOs can be revoked or amended by future presidents, superseded by legislation passed by Congress, or ruled unconstitutional by courts. However, EU regulations override existing EU Member State legislation.
President Biden took a risk-based approach in 2023, when he signed the EO 14110 on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” This EO entailed a more encompassing regulation of AI related to topics such as safety and security to privacy, civil rights, workers, innovation, and government use of AI (Larsen and Küspert, 2024). Specifically, it called for increased privacy and provides guidance against algorithmic discrimination, particularly in the criminal justice system, and AI use in social service sectors. It stipulated good practice in the workplace, including address of “job displacement, labor standards, workplace equity, and data collection concerns” (Walter, 2024: 4) and focused on AI public procurement and public sector hiring practices. The EO required advanced AI systems developers to share their safety test results with the federal government and established strict standards. Lastly, it encouraged the establishment of global frameworks to address responsibility in AI use.
Although EO 14110 was rescinded by the Trump administration, some non-binding measures remain in place. Notably, the Blueprint for an AI Bill of Rights published by the White House Office of Science and Technology Policy in 2022 set a framework of principles to guide the responsible design and use of AI systems. While non-binding, its principles were a foundational element of President Biden's EO 14110. Although the Trump administration has issued its own memos and an AI Action Plan, which moves away from the rights-based framework of the Blueprint, for example, the requirement that individuals be notified when they are subject to a “high-impact” AI systems, the Blueprint continues to be used by various federal agencies and the original AI Bill of Rights is referenced in some state-level legislation as a guiding framework. The National Institute of Standards and Technology also developed a Risk Management Framework for AI in 2023, which provides guidelines on how organizations can manage the risks.
In December 2025, Trump signed EO 143650, Ensuring a National Policy Framework for AI. It stipulates that the Special Advisor for AI and Crypto and the Assistant to the President for Science and Technology “prepare a legislative recommendation establishing a uniform Federal policy framework for AI that preempts State AI laws that conflict with the EO” (EO 143650, 2025). This was followed by the National Policy Framework for AI in March 2026, which sets out seven proposals mainly dealing with the building of data infrastructures and intellectual property, but also recommends that Congress not follow states that have put into place AI regulations (Wheeler and Baer, 2026). In January 2026, the Attorney General set up an AI Litigation Task Force to challenge state laws inconsistent with the administration's policy. However, no litigation has been initiated to date, and litigation against individual states is anticipated to meet heavy resistance in the courts.
Two further pathways to AI regulation are expected to withstand the second Trump administration. Firstly, the development of sectoral regulation. For example, the oil and gas sector created a 2021 framework for their use of data: data acquisition, monetarization, and regulatory compliance (Koroteev and Tekic, 2020). There is also emphasis on AI within equality and diversity in banking, farming, and consumer usage.
Secondly, the most significant regulatory pathway that has materialized over the years is state-level regulation. According to the National Security Commission on Artificial Intelligence, at least 45 states, Puerto Rico, the Virgin Islands, and Washington, DC, introduced AI bills, and 31 states, Puerto Rico, and the Virgin Islands have enacted some form of legislation (NSCL, 2025). For example, NYC passed a law requiring companies to disclose to applicants the use of algorithms in hiring processes. Connecticut is following the EU's model of identification of “high-risk systems” with a proposal requiring safeguards against algorithmic bias (Multistate AI, n.d.). Further laws have been made in Illinois and Maryland on the use of AI in employment decisions with similar proposals being made in New Jersey and Vermont.
Texas has enacted sweeping legislation affecting AI in 2025, including Senate Bill (SB) 20 and SB 1621, which criminalize and expand penalties for AI-generated child sexual content; SB 2373, which targets AI-enabled financial exploitation; SB 815, which restricts fully automated adverse decisions in the health and insurance sectors; and ongoing Attorney General investigations into potentially misleading mental health claims made by AI platforms. Under its 2025 Responsible Artificial Intelligence Governance Act, Texas established safeguards around the use of AI, prohibiting harmful or discriminatory applications, requiring transparency in government AI use, and, importantly, granting enforcement authority to the Attorney General. The law bans AI systems designed for unlawful discrimination or infringing on constitutional rights. It carries heavy fines of up to USD 200,000 per violation. Subsequently, the attorney-general's office is investigating Meta's AI Studio and the chatbot maker Character.ai over deceptive trade practices.
California, home to many of the world's leading AI companies, which are unlikely to leave due to structural and regulatory certainty (Alexandre, 2025), has taken a notably proactive approach. In 2018, Governor Newsom signed EO N-12-23 to guide California's approach to AI governing ethical, transparent, and responsible deployment. In 2019, Assembly Bill (AB) 730 made it illegal to distribute manipulated videos intended to discredit a political candidate or deceive voters within 60 days of an election. In the same year, AB 602 granted Californians the right to sue individuals who create deepfake videos that place them in pornographic content without their consent.
In 2024, California passed several laws to combat the misuse of AI-generated or manipulated content in elections. AB 2655 requires large online platforms to remove or label deceptive, digitally altered election-related content. It also provides mechanisms for reporting such content. Lastly, it grants candidates and legal authorities the ability to seek legal action against platforms that fail to comply. AB 2839 expands restrictions on the distribution of deceptive AI-generated content and allows civil actions to prevent the spread of misleading materials. AB 2355 mandates that electoral ads containing AI-altered content include clear disclosures and gives the Fair Political Practices Commission the authority to enforce these requirements. A further SB 942 requires developers of widely used generative AI systems to watermark content. Finally, SB 942 criminalizes sexually explicit deepfake content created from images of real people that seem genuine, with the intent to cause significant emotional distress to that individual. This law requires the watermarking of content measure, a transparency requirement which is also stipulated under the EU AI Act.
A further law, AB 2602, prohibits AI from replicating the digital likeness of actors and performers without their consent. In June 2025, the California Senate passed the SB 947 No Robo Bosses Act, which limits the use of automated decision-making Systems and AI by employers when making employment-related decisions without human involvement. It was vetoed by Governor Newsom, who felt that definitions were too broad, but it is being reintroduced as SB 947 in 2026. In January, California introduced its SB 53 Transparency in Frontier AI Act, which requires frontier developers to publish safety frameworks and report critical incidents. This was followed by AB 2013 on Data Transparency, requiring developers to disclose which datasets they used to train their AI and whether copyrighted material is involved. It was accompanied by SB 243 (SB 243) which sets safety protocols for AI interactions with minors, including mandatory break reminders every 3 hours.
These rules are developed in response to specific problems or concerns that have been identified, such as the illegal collection of data by companies and the potential biases in algorithmic decision-making. Different US states are implementing their own unique regulations, indicating a piecemeal approach, but, arguably, at the same time, a more flexible and adaptive approach.
The states-by-state approach to AI regulation is more concrete, binding, and enforcement-oriented than the EU AI Act. This is the case in the domains of deepfakes, election integrity, content labeling, and individual rights. While the EU AI Act relies heavily on product safety mechanisms, self-assessment, and harmonized technical standards to guide implementation, much of which is still under development, the American states have passed statutory enforceable laws directly addressing high-risk systems. For example, the watermarking requirement under the Californian SB 942 introduces a transparency obligation for generative AI developers to identify AI-generated content. This is a mandatory measure with criminal penalties in cases of sexually explicit deepfakes.
Even though EO N-12-23 applied only to state agencies and was not legislative, California complemented the guidance with actual laws passed by the legislature, giving them immediate legal effect and clear accountability mechanisms. In contrast, much of the EU AI Act's implementation depends on future standards, delayed timelines, and a risk-based logic that permits high-risk AI systems if certain procedural steps are followed without a substantive assessment of harms to fundamental rights. Indeed, while the EU AI Act is framed by the European leaders as a landmark, value-based regulatory model, US state-level laws go further in several areas by offering specific protections, private rights of action, enforceable obligations, and criminal penalties. These measures are not only more immediate and concrete but also focus directly on content, context, and individual harm, areas where the AI Act remains largely abstract and, in parts, incomplete. Indeed, EU legislation can easily be torn down quickly, as epitomized by the current simplification agenda of the EU under the 2025 Digital Omnibus proposals (Alemanno, 2025).
Policy and regulatory styles
We are now ready to present our explanation, against the background of the empirical description provided in the previous Section. As mentioned, policy style provides a useful conceptual lens for understanding cross-national variation in governance. At its core, this strand of the public policy literature examines how governments approach problem-solving, involve societal actors in decision-making, and make policy, either through open, consensus-based processes or more closed, top-down structures. Richardson's foundational typology (1982) classified Western European states according to whether their policy processes were anticipatory or reactive, and whether decision-making was consensual or impositional. For example, Germany was characterized by a “rationalist consensus” (anticipatory and consensual), the UK by a “negotiation” style (reactive and consensual), France by a “concertation” style (anticipatory and impositional), and the Netherlands by a hybrid negotiation–conflict style (reactive and consensual at that time, in transition towards consensual).
Over the years, other scholars have examined how sectoral characteristics interact with national policy styles (Bali and Hannah, 2021). These observations allow us to gain a more comprehensive understanding of how different political-economic systems—rooted in national policy styles and capitalist structures—shape both traditional industrial regulation and the governance of emerging technologies like AI and digital platforms. Policy styles also highlight how policy-making processes, regulatory approaches, and the influence of societal actors are deeply embedded in broader institutional configurations.
For our purposes, we focus on two key dimensions: anticipatory versus reactive and consensual versus decisions by imposition. The former dimension is arguably fundamental in a field like AI. The latter captures the interaction between the government and the pressure groups, with its clear categorizations.
Although there is a clear divergence in regulatory architectures, it is not straightforward to map this onto the first dimension of policy style. To better understand this distinction, it is helpful to draw on insights from regulation scholars. Here, the concept of adaptive regulation (Bennear and Wiener, 2019; Wiener, 2020) points to a style anchored to multiple decisions over time, a sequence of regulatory choices [1,…, n] made on the basis of evidence produced by monitoring and reviewing the feedback from the implementation of choice number 1. Bennear and Wiener call this “legislation built to learn.”
Adaptive regulation is about learning across time and, to go back to the metaphor by Coglianese and Crum (2025), using leashes rather than guardrails. By contrast, one-time regulation firms the regulator's preferences at a given moment in time, making it difficult to change later. Re-framed this way, Brussels looks more distant from adaptive regulation than Washington: it would be difficult to imagine constant, sequential, non-trivial changes of the AI Act and the thick surrounding regulatory-policy framework, given the immense political effort implied in adopting it in the first place.
This does not necessarily mean that the US is inherently more ethical or regulates more effectively against AI harms. Rather, our point is that the United States, particularly at the state level, has a regulatory design space that is less constrained than that of the EU. State-level regulatory activity enables a form of experimentation that may inform future national regulations, reflecting the federalist principle of states as “laboratories of democracy” where policy learning and diffusion can occur (Tarr, 2001).
Regarding the second dimension, the US clearly adopts a more consensual approach toward its major tech companies, favoring collaboration over regulatory imposition. It is important to note that by consensual approach, we refer simply to a different way of proceeding, not necessarily to an evaluation of the results. Naturally, the EU also held public consultations, where business stakeholders unsurprisingly expressed fewer concerns about AI's risks and called for less restrictive regulation (Tallberg et al., 2024). Nonetheless, a strong reaction to “imposition” emerged in 2025, when major EU-based AI firms called for the EU to stop the clock in implementation of the AI Act.
This is a good point to explain the difficult relationship between the AI Act and public values. One thing is to argue, as we do, that the US overall regulatory framework is more consensual towards firms than the EU framework. Another argument, which we do not find convincing, is that the EU is more impositional because it sticks to public values instead of making deals with companies. The EU may have many reasons to be impositional, including the fact that the AI Act regulates innovations by companies that are not EU-based. But public values have little room to play in this story. To understand why, we need to turn to implementation.
Standardization does not sit comfortably with the stated approach to protect fundamental rights. The AI Act empowers the European Commission to issue a standardization request or “mandate” to ESOs, such as CEN, CENELEC, and ETSI, to develop harmonized European standards. These standards are intended to provide a presumption of conformity with the legal obligations of the AI Act for high-risk AI systems. A mandate constitutes a contractual arrangement whereby the Commission requests ESOs to produce technical standards that support the implementation of EU legislation. In the context of the AI Act, this request tasks CEN-CENELEC JTC 21 (and relevant ETSI committees) with developing standards that address key regulatory requirements, including those related to safety, ethical behavior, and fundamental rights.
This reliance on standardization as a mechanism for ensuring fundamental rights compliance raises significant concerns. While the mandate covers areas such as risk management, data governance, transparency, human oversight, and cybersecurity, the translation of fundamental rights protections into technical standards risks diluting their normative and legal substance (Kilian et al., 2025). This approach does not conform to the EU's fundamental rights commitments, as it shifts responsibility from democratic oversight to technical bodies and relies on compliance mechanisms better suited to product safety than to the context-dependent nature of human rights (Presno Linera and Meuwese, 2025). High-risk AI systems defined under Article 6 of the AI Act must comply with these standards by August 2026 (Annex III systems) or August 2027 (Annex I systems) extended to December 2027 for Annex III systems and August 2028 for Annex I under the Digital Omnibus proposals. Currently, CEN-CENELEC JTC 21 is working on approximately 35 standardization initiatives in response to the Commission's request (Kilian et al., 2025: 5).
The AI Act is also built upon the EU's existing product safety law framework. Under this model, AI systems that comply with harmonized European standards, once published in the Official Journal of the EU, benefit from a presumption of conformity with the Act's legal requirements. This creates a “safe harbor” for providers, facilitating compliance and aligning with the EU's New Legislative Framework for product safety. For high-risk AI systems, the Act introduces a requirement for independent third-party conformity assessments by Notified Bodies, reducing sole reliance on self-declaration. Once designated, these Notified Bodies will be listed publicly on the Commission's New Approach Notified and Designated Organisations information system. When a Notified Body participates in the conformity assessment, its unique identification number must appear alongside the CE marking, indicating third-party involvement in the process.
While these mechanisms aim to strengthen oversight and accountability, particularly through independent assessments and enforceable penalties for non-compliance, they remain fundamentally rooted in a product safety logic (Presno Linera and Meuwese, 2025). This reliance is misaligned with the protection and promotion of fundamental rights. Product safety frameworks are designed to manage technical risks to health and safety, but they are ill-equipped to address the normative dimension of human rights. Translating fundamental rights concerns into technical compliance checklists risks reducing them to procedural formalities, thereby undermining the Commission's stated commitment to a value-based, rights-respecting AI governance model.
Another critical issue concerns representation (Cantero Gamito, 2024; Cantero Gamito and Marsden, 2024; Kilian et al., 2025). Participation in technical standardization processes is disproportionately dominated by large enterprises, limiting meaningful involvement from small and medium-sized enterprises and civil society actors. This imbalance in stakeholders’ representation reflects broader structural biases and raises concerns about the democratic legitimacy of the standard-setting process.
To wrap up then, the impositional style of the EU is not dictated by or geared towards public values. Neither is “imposition” without consequences. Unsurprisingly then, there has already been significant resistance from industry regarding the implementation of the AI Act, particularly due to delays in achieving consensus during the standard-setting process. One major consequence has been the postponement of the GPAI Code of Practice, which was eventually released in August 2025. This Code, developed by the European AI Office in collaboration with experts and stakeholders, is intended to guide compliance for GPAI developers in the absence of binding obligations. Similarly, the publication of harmonized technical standards, central to operationalizing the AI Act, has been delayed until 2026.
The reliance on product safety mechanisms, the limited integration of fundamental rights protections, skewed stakeholder representation in standard setting, and procedural delays all point to a regulatory framework that falls short in both ambition and execution. Certainly, they raise serious doubts about the AI Act's ability to fulfill the European Commission's stated goals of promoting trustworthy, human-centric, and rights-respecting AI. Furthermore, the legal and institutional fragility, such as the copyright dispute over access to standards, underscores the vulnerability of the AI Act. While the Commission positions the Act as a global model for value-based AI governance, the combined shortcomings suggest a misalignment between rhetorical commitments and the practical realities of enforcement, inclusivity, and fundamental rights protection.
Table 1 summarizes our findings. Firstly, as noted, in our cases, the very notion of what is really “anticipatory” is hard to pin down. To reduce ambiguity, we must distinguish between the expectations of the regulators and whether a certain regulatory (and policy) architecture is objectively capable of anticipating the future. In terms of ambition, the EU-as-regulator has for sure sought to predict and anticipate risks with guardrails applicable to all sectors. As far as the accuracy of anticipation goes, the AI Act, in terms of evidence-base, is anchored to an impact assessment completed in Spring 2021. Today, the evidence-base for AI policy is diverse and richer. What might the AI Act really have “anticipated” with its 2021 impact assessment is an open question. So much so that on 19 December 2025, as mentioned, the European Commission is tabling changes to digital legislation “to bring immediate relief to business, public administrations, and citizens alike” (EC, 2025).
Policy and regulatory styles.
AI: artificial intelligence; EU: European Union.
Source: Authors, 2026.
On the other side of the Atlantic, policy finds its design space by supporting innovation and regulation in terms of reaction to well-identified risks, mostly at the sectoral and state levels. Importantly, the state-level approach is more concrete and easier to enforce than the European one. Because it is binding, at the state level, we can speak of the presence of an impositional style.
Secondly, in the EU, the style is closer to imposition. The heavy EU framework, which includes the AI Act and the accompanying policies and programs, was created in Brussels to be implemented by the 27 Member States, with some space for adaptation, of course. But the US is completely different—with no federal attempt to create a comprehensive framework and, instead, the states taking initiatives.
Brussels is impositional also in relation to the attitude towards firms. There are some exceptions for European champions, but in general, the style is to impose rules on tech companies and fight concentration of economic power. For the US, instead, the emergence and consolidation of large American tech firms is a policy objective at the national level (Larsen and Küspert, 2024). However, it is at the state level that we see policies that protect citizens and workers.
Thirdly, the EU regulatory space for adaptation is constrained. As we observed, the US has more space for adaptive regulation, at least potentially. In the EU, change happens via strong pushback even before most of the AI Act rules are implemented, in conflictual rather than learning mode, as shown by the trajectory of Omnibus VII (Harcourt, 2026). The ability of the US states to pass their own regulations adds breathing space for adaptation, with state-level regulation operating like a probe, an experiment from which other states may learn later. States can also correct the choices made at the federal level, as shown by the successful opposition of the states against a federal ban on AI regulation (AP News, 2025). The same can be said of sector-level regulation, it allows for emulation and experimentation. Sector-by-sector regulation is supported by the belief that, for example, AI in health is different from the domain of electronic commerce. The EU has opted for strong integration of sectors under the single umbrella of the AI Act, while in the United States, we find regulatory activity in a wide range of different policy sectors, for example, in data acquisition, equality and diversity, banking, farming and employment and health decision-making.
Conclusions
We set out to explain the differences in the regulatory architectures for AI in the EU and the US. Our explanation points to policy styles and regulatory styles. The EU regulatory architecture is grounded in the ambition to anticipate the evolution of AI risks and protect the values identified by the EU institutions. It is a guardrails-oriented architecture. Because of this clearly prescriptive orientation, the EU seeks to impose rules. Implementing a comprehensive structure of guardrails is a difficult task in AI regulation—we showed how companies and courts are already attempting to edit and change the final outcomes of the AI Act. As shown by their positions during the negotiation of the AI Act, Member States have different beliefs, and these beliefs will direct attempts to maneuver the implementation of the regulatory architecture for AI. Public values are deployed in narratives and discourses, but, we have argued, are not a fundamental component of this architecture. The US intervention is not federal. Rather, it manifests at the state level and in specific sectors. The regulatory leashes are pulled in response to contingencies. When they are pulled, however, these leashes are more binding and more enforceable than the EU guardrails. The state-by-state approach creates opportunities for laboratory federalism and an adaptive regulatory style.
Our findings contribute to the literature on regulation, the debate on risk regulation across the Atlantic, and the concept of styles. They debunk some narrative myths about the EU protecting public values and the US engaged in promoting unbridled competition. The analysis of styles we presented is grounded in empirical analysis. However, as it is clear from these conclusions, it allows us to make evaluative statements. This is relevant for critical scholars, who have the concepts and instruments to delve deeper into normative arguments. A key question concerns the latitude for protecting public values and human rights with the piecemeal solution of the state-by-state approach. Another is whether EU courts and legal activism can bring human rights to the center of the European regulatory architecture of AI, within and beyond the AI Act.
Future research will have to first explain the causes of these variations across the Atlantic, whether they originate in the institutional structure of federalism or from economic policy paradigms concerning innovation and regulation, and second, to track down the implementation of the regulations.
Footnotes
Funding
The authors disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: The author acknowledges funding by the Schweizerischer Nationalfonds zur Förderung der wissenschaftlichen Forschung (Grant Number: 10003244).
Declaration of conflicting interests
The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
