AI governance across the Atlantic: how Europe and the US are shaping responsible innovation

From public services to the workplace, and everyday life—artificial intelligence is rapidly transforming industries across the world.

As its impact grows, so does the need for governments to ensure that these systems are used responsibly. This is what is called AI governance, which aims to make AI safe, transparent, and accountable while still supporting innovation.

Across the Atlantic, the European Union and the United States have taken different approaches to this challenge. While the EU has built a comprehensive regulatory framework, the U.S. relies on a more decentralized mix of policies and standards. Together, these models are shaping the global conversation around responsible AI.

This blog explores the fundamentals of AI governance, examines the distinct approaches being taken by the US and the EU, and wraps up with practical, actionable guidance to help organizations understand what these regulations mean for them, and how to respond.

AI governance refers to the set of policies, rules, and practices designed to guide how artificial intelligence systems are developed, deployed, and used.

These frameworks are developed by governments, regulatory bodies, and international organizations, and they can vary significantly across countries and regions.

In the European Union, AI governance is shaped through the EU legislative process, with the European Commission proposing rules and the European Parliament and the Council adopting them, supported by EU and national supervisory bodies for implementation.

In the United States, AI governance is shaped through a more decentralized system involving the White House, federal agencies, standards bodies such as NIST, and, where relevant, Congress.

Users, businesses, and governments expect and require AI governance for a multitude of reasons, largely depending on the way they use AI:

• Users want to know that the AI systems shaping their lives—from loan approvals to medical diagnoses—are fair, accountable, and not exploiting their data. Governance gives them that assurance.
• Businesses need a clear playing field. Consistent rules reduce legal uncertainty, build customer trust, and allow organizations to innovate confidently without fear of crossing an invisible line.
• Governments must ensure AI serves society, not just profit. Governance frameworks allow them to harness AI’s potential in public services and security while safeguarding the rights of citizens.

Different paths to AI governance: EU and US

To address these challenges, countries have begun developing their own approaches to AI governance.

Two of the most influential models have emerged from Europe and the United States.

The European Union has developed a comprehensive AI framework rooted in risk management and the protection of individuals, with recent initiatives aimed at simplifying implementation and improving regulatory coherence.

The United States has taken a more decentralized approach, combining executive actions, technical standards, and sector-based oversight rather than a single overarching law.

The central pillar of Europe’s AI governance model is the EU AI Act. Adopted in 2024, it is widely considered the first comprehensive legal framework for AI.

At the heart of the EU AI Act is a tiered, risk-based approach—recognizing that not all AI systems pose the same level of threat and that regulation should be proportionate to the harm they could cause.

The Act draws a clear distinction between four categories:

1. Unacceptable-risk systems (banned): A limited set of AI uses are prohibited because they pose a clear threat to safety or fundamental rights (e.g., social scoring, certain biometric surveillance).
2. High-risk systems (allowed with strict rules): AI used in sensitive areas (e.g., hiring, education, critical infrastructure) is permitted but must comply with specific requirements, including risk management, data quality, documentation and traceability, human oversight, and requirements for accuracy, robustness, and cybersecurity.
3. Limited-risk systems (allowed with transparency): AI applications must meet transparency obligations, such as informing users when they are interacting with AI (e.g., chatbots or certain AI-generated content).
4. Minimal-risk systems (freely allowed): Most AI applications fall into this category and are largely unregulated.

Beyond this use-case-based framework, the Act also introduces specific rules for general-purpose AI (GPAI) models.

In fact, this regulation relies on a distinction among LLMs, AI Systems and GPAI.

Large Language Model (LLM) is the underlying technology — a model trained on vast amounts of text to understand and generate language.

An AI System is a broader product or application built around one or more models, combined with tools, data, rules, and interfaces to perform specific tasks — like a customer service chatbot or a fraud detection platform.

General Purpose AI (GPAI) refers to AI specifically designed to perform a wide range of tasks across different domains, rather than for one specific use — it can write, reason, code, analyze, and more without being limited to a single function.

These rules apply directly to the GPAI models themselves, not just to how they are used in practice.

Providers of such models must meet certain transparency requirements, including the preparation of technical documentation and summaries of training data, alongside adherence to EU copyright obligations.

The most powerful models, that is, those deemed to carry systemic risks by virtue of their scale, capabilities, or potential for widespread impact, face a more stringent regime, encompassing obligations related to risk assessment and mitigation, heightened oversight, and mandatory reporting.

More recent developments point to an increasing emphasis on implementation and simplification. In November 2025, the European Commission put forward a Digital Omnibus proposal, currently under discussion by EU institutions, designed to make the EU’s digital regulatory landscape more practical and easier to implement.

The proposal seeks to ease administrative burdens, clarify the interplay between different regulations, and ensure that businesses are not compelled to duplicate compliance efforts across overlapping frameworks.

This means measures such as streamlining reporting obligations, improving coherence across regulatory requirements, and adjusting timelines in some areas to better align with implementation readiness.

The United States does not govern artificial intelligence through a single comprehensive law. Instead, it takes a decentralized approach—the federal government establishes broad priorities, while individual agencies apply rules within their own domains.

Sectors such as healthcare, finance, and consumer protection each operate under their own oversight frameworks, with AI integrated into existing structures rather than governed by an entirely new system.

In fact, the direction of US AI policy in 2025 is best captured by the title of a key executive order signed in January: Removing Barriers to American Leadership in Artificial Intelligence.

Rather than introducing new restrictions, it asked agencies to review and adjust existing rules to support AI development while relying on existing oversight mechanisms, prioritizing progress over adding new bureaucracy.

The America’s AI Action Plan, also released in 2025, builds on this foundation with three headline goals: Accelerating Innovation, Building AI Infrastructure, and Leading International Diplomacy and Security.

The plan itself does not introduce a single overarching AI regulator. Instead, it distributes responsibilities across government, making coordination the main organizing principle rather than top-down oversight.

Federal agencies are not only expected to oversee AI but also to adopt it—automating routine processes, improving decision-making, and enhancing public service delivery, as part of a broader strategy to integrate AI into public-sector operations.

Relying on sector-specific agencies allows AI rules to be tailored to different contexts rather than applying a single approach across all uses. At the same time, differences across sectors and states can introduce complexity and some variation in how standards are applied.

A December 2025 executive order responds to this challenge by calling for a more coherent national approach, mainly by seeking to limit conflicting state-level rules and by aligning federal policy around a shared strategy for AI governance.

This order does not seek to replace the existing system, but to reduce fragmentation and improve consistency while preserving its flexibility.

Despite their structural differences, the EU and the US are converging on several core priorities that are shaping the future of AI governance globally.

1. Safety testing and evaluation

Both the EU and the US emphasize rigorous testing of AI systems before and after deployment. The EU mandates this through strict requirements for high-risk systems, while the US promotes evaluation frameworks via agencies. The common goal: AI systems must be validated, not just built.

2. Investment in AI infrastructure and research

AI governance is not just about restriction but also enablement. The US leads in infrastructure investment, while the EU is boosting AI research and innovation. Both recognize that trustworthy AI requires not only rules, but also the capacity to build and scale it.

3. Responsible deployment in public services

Governments on both sides of the Atlantic are adopting AI in public services, with a shared expectation to lead by example in using it responsibly and effectively.

Navigating AI regulation: key actions for organizations

For organizations, the takeaway is not to wait for perfect regulatory clarity. The direction of travel is already well established, and companies that act early will be better positioned to adapt.

A practical starting point includes:

• Map AI use cases: Identify where and how AI is being used across your organization—including shadow or experimental use.
• Classify potential impact and risk: Assess which systems could fall into higher-risk categories, particularly those affecting individuals’ rights, safety, or access to services.
• Document data sources and intended purpose: Maintain clear records of how data is collected, processed, and used, as well as the purpose of each AI system.
• Establish human oversight mechanisms: Ensure there is meaningful human involvement in decision-making, especially for sensitive or high-impact use cases.
• Implement testing and monitoring processes: Regularly evaluate system performance, bias, robustness, and security—both before deployment and over time.
• Ensure transparency where required: Be clear with users when they are interacting with AI and provide appropriate explanations of system behavior where necessary.
• Monitor regulatory evolution: AI governance is evolving rapidly. Stay informed about developments in both the EU and the US to anticipate changes and avoid reactive compliance.

As AI governance frameworks evolve, organizations are increasingly turning to solutions designed with these requirements in mind. Almawave’s Velvet is a family of LLMs built on privacy-by-design principles, continuously monitored against evolving European regulations and governed by an internal framework that includes oversight from an Ethical and Technical Committee, ongoing bias auditing, usage restrictions to ensure regulatory compliance, and periodic impact reviews for high-risk applications.

In practice, this includes measures such as data classification, handling of sensitive information, encryption, anonymization, and controlled access—illustrating how governance is becoming embedded directly into AI systems.