Chapter 13 — Regulatory Landscape
Thirteenth post of the chapter-by-chapter walkthrough of LLM Primer VII: AI Security. The chapter that maps the plural, still-consolidating regulatory landscape onto the technical controls the earlier chapters developed.
Why this chapter exists
By 2026 the regulatory architecture around AI is neither settled nor unified. The EU AI Act, in full effect from August 2026 for most high-risk categories, is the most consequential single instrument. The US federal posture has shifted through the EO 14110 to EO 14179 transition and settled into a working framework whose exact form is still evolving. State-level laws — the Colorado AI Act, California's series of generative AI bills, the New York City AEDT law — add a US patchwork. GDPR, CCPA, PIPL, and DPDPA apply to AI systems whether or not their designers considered them. The frameworks in Singapore, Japan, Korea, India, and the UK are advancing on parallel tracks. This chapter walks what each requires in practical terms and maps the controls from Chapters 3, 10, 11, and 12 onto those requirements.
13.1 The EU AI Act is the anchor of the current landscape
Regulation (EU) 2024/1689 was signed in June 2024 and published in July 2024. Prohibitions on unacceptable practices — social scoring, real-time biometric identification in public spaces with narrow exceptions, manipulative techniques exploiting vulnerabilities — became applicable in February 2025. Obligations on general-purpose AI models, including foundation-model transparency and documentation, became applicable in August 2025. Full high-risk obligations become applicable in August 2026 for most categories and August 2027 for AI systems embedded in products under existing EU product-safety regulation. The substantive structure is risk-tiered: prohibited practices, high-risk systems with a detailed obligations set (risk-management systems, data governance, technical documentation, record-keeping, transparency to deployers and users, human oversight, accuracy and robustness, conformity assessment, post-market monitoring), limited-risk systems with transparency obligations, and minimal-risk systems largely unregulated by the Act itself. The high-risk categories in Annex III include critical infrastructure, employment decisions, essential services, law enforcement, migration, justice, and defined biometric and emotion-recognition use cases. Foundation-model obligations for models above defined compute and capability thresholds add a parallel track that has shaped how the frontier labs approach EU-market deployment. The Act's extraterritorial reach extends its practical effect to the international AI industry regardless of where the developer sits.
13.2 Data-protection law was there first and remains binding
Before the AI-specific regulations, the most important constraints on AI development came from data-protection law. They remain so. GDPR applies to processing of personal data by any entity established in the EU or targeting EU data subjects. Articles 13 and 14 require that data subjects be informed about processing, including purposes, categories, recipients, and where applicable the existence of automated decision-making and the logic involved. Article 22 gives data subjects the right not to be subject to solely automated decisions producing legal or similarly significant effects — a provision whose application to LLM outputs is contested but that shapes how AI-driven decisions are being deployed in EU markets. Article 17 gives the right to erasure, whose application to a model whose weights reflect the training data is another interpretive question the field is still working through. CCPA and CPRA in California, PIPL in China, DPDPA in India, LGPD in Brazil, PIPEDA in Canada, and dozens of parallel regimes elsewhere impose similar obligations with jurisdiction-specific variations. The Italian Garante's March 2023 action against ChatGPT (Chapter 3) was the first regulatory shot; subsequent actions across the EU and elsewhere have reinforced that training data containing personal information is a regulatory concern even when the model is provided by a foreign vendor.
13.3 Auditability, model cards, and risk classification are the operational shape
The AI-specific regulations converge on auditability. High-risk systems under the EU AI Act must maintain technical documentation from before market entry through the system's life — general description, elements and development process, monitoring and control, risk-management system, data governance, human oversight measures, in sufficient detail for a notified body to assess conformity. NIST AI 100-1 (2023) and the Generative AI Profile AI 600-1 (2024) provide the US-side risk-management vocabulary. ISO/IEC 42001, published 2023, gives the AI management system standard for organisations pursuing certification. The model card, introduced by Mitchell et al. at FAccT 2019, is the single most important documentation artefact — a structured record of intended use, training data, evaluation results, ethical considerations, and recommended-against use. Adoption is widespread across Hugging Face, OpenAI, Anthropic, and Google, in varying depth. Risk classification approaches vary. The EU AI Act uses use-case classification: an AI system used for a listed high-risk purpose is high-risk regardless of the model's capability. NIST AI 100-1 uses attribute-based risk analysis. The Bletchley/Seoul/AI Action Summit process uses model-capability thresholds via compute and evaluation. Most current frameworks mix approaches, and the organisational compliance work is largely the work of mapping specific systems onto the specific classification schemes each regulator applies.
What Chapter 13 sets up
Chapter 14 turns to the substantive content the regulations are trying to address: bias, fairness, and responsible AI. The chapter walks the sources of bias in LLMs — training-data, representational, allocation, evaluation, and deployment bias — with reference to Bender, Gebru, McMillan-Major, and Shmitchell's 2021 "Stochastic Parrots" paper and the follow-on literature. It examines the fairness benchmarks (BOLD, BBQ, StereoSet, CrowS-Pairs) and their limitations. It walks the safety-utility trade-off documented in Anthropic's RLHF work. It examines transparency and explainability (SHAP, LIME, interpretability) and the gap between what they deliver and what regulations demand. It closes with organisational AI policy as the layer where technical work becomes operational. Chapter 15 then walks the organisational infrastructure — security culture, red teams, vendor risk, continuous evaluation, long-term stewardship — that carries the discipline.
Next — Chapter 14: Bias, Fairness, and Responsible AI. Sources of bias, measuring fairness with limits, the safety-utility trade-off, and the organisational AI policy that turns technical work into operational discipline.