This Week in AI Regulations

EU AI Act High-Risk Classification Guidelines, CNIL €487M Fines, Basel ICT Risk & China Deepfake Enforcement — AI Regulation May 24, 2026

This week's episode of This Week in AI Regulations  Covers seven major regulatory developments across the EU, France, Germany, China, and global standard-setting bodies. * The European Commission released draft guidelines for classifying AI systems as high-risk under the EU AI Act — stakeholder feedback is open until June 23, 2026. The Commission also launched a review of EU copyright rules addressing AI's impact on creative industries, with contributions open until June 25, 2026.  * Separately, the EU mandated foreign investment screening across AI, defence, semiconductors, and financial services — extending to intra-EU transactions involving non-EU ownership. * In France, CNIL's 2025 annual report revealed a record €487 million in fines and confirmed progressive AI Act enforcement from 2025, with cybersecurity as the top priority for 2026. Organisations processing personal data in France must treat GDPR and AI Act compliance as a combined obligation. * In Germany, the Berlin State Government launched the TOP-Konzept plan for critical energy infrastructure — including mandatory AI-based attack detection, 24/7 security patrols, and updated crisis management protocols. * At the global level, the Basel Committee on Banking Supervision agreed to publish an ICT risk management report and is progressing a targeted review of prudential standards for cryptoasset exposures.  * IOSCO concluded its 2026 Annual Meeting approving five reports including an AI supervisory toolkit and a market liquidity report. * In China, authorities took enforcement action against the creator of an AI-generated deepfake video falsely depicting the collapse of the Zhangjiajie Glass Bridge — a landmark case under China's AI-generated content regulations. Essential listening for CCOs, CISOs, heads of AI governance, legal counsel, and risk officers in financial services, MedTech, and any organisation deploying AI in EU-regulated markets. Carver RegWatch delivers weekly regulatory intelligence across jurisdictions. Published May 24, 2026. For more information, visit the Carver Agents website [https://carveragents.ai]. Also from Carver RegWatch this week: * ASEAN RegWatch — Bank Indonesia 50bps rate hike to 5.25%, MAS revokes Bsquared payment licence, Singapore insider trading convictions * USA Regulatory Updates — SEC novel ETF regulatory review, California Hermes Bitcoin kiosk enforcement, IOSCO AI supervisory toolkit * EU Regulatory Updates — EU AI Act high-risk classification consultation deadline June 23, CNIL €487M record fines, EU Solidarity Fund climate disaster allocation * Middle East RegWatch — OFAC Adani $275M Iran sanctions settlement, OFAC Amin Exchange designation, UAE Drupal CVE-2026-8495 cybersecurity alert * India Regulatory Updates — RBI restricts Nagar Sahakari Bank, RBI cancels Yashwant Co-operative Bank licence, SEBI Investor Onboarding Regulatory Sandbox launch * Global Regulatory Briefing — Bank of England CCP resolution paper, Malta tokenisation of financial instruments consultation, ASIC sustainability reporting focus 2026-27 Find all series at Carver Agents Podcast  [https://carveragents.ai/podcasts] Articles referenced in this episode: 1. Commission seeks feedback on the draft guidelines for the classification of high-risk artificial intelligence systems [https://digital-strategy.ec.europa.eu/en/news/commission-seeks-feedback-draft-guidelines-classification-high-risk-artificial-intelligence-systems] 2. Annual report: CNIL's achievements and key actions in 2025 [https://www.cnil.fr/en/annual-report-2025] 3. Maßnahmenplan zum Schutz von neuralgischen Punkten der kritischen Infrastruktur: das TOP-Konzept für verstärkte technische, organisatorische und physische Maßnahmen im Bereich der Energieversorgung [https://www.berlin.de/rbmskzl/aktuelles/pressemitteilungen/2026/pressemitteilung.1672172.php] 4. Basel Committee agrees to publish report on information and communication technology risk management, progresses cryptoasset targeted review, considers targeted updates on liquidity risk principles [https://www.bis.org/press/p260520.htm] 5. AI-Generated Fake Video of Zhangjiajie Glass Bridge Collapse Causes Public Panic and Legal Action [https://oecd.ai/en/incidents/2026-05-16-80b5] 6. IOSCO concludes 2026 Annual Meeting [https://www.iosco.org/news/pdf/IOSCONEWS794.pdf?v=4] 7. Targeted consultation on the draft guidelines for the classification of high-risk artificial intelligence systems [https://digital-strategy.ec.europa.eu/en/consultations/targeted-consultation-draft-guidelines-classification-high-risk-artificial-intelligence-systems] 8. See all public consultations [https://www.oecd.org/en/search/events.html?facetTags=oecd-content-types:events/public-consultation] 9. Commission seeks views on the review of EU copyright rules [https://digital-strategy.ec.europa.eu/en/news/commission-seeks-views-review-eu-copyright-rules] 10. Protecting EU strategic sectors from risky foreign investments [https://www.europarl.europa.eu/news/en/press-room/20260513IPR43304/]

This Week in AI Regulations - May 17, 2026

This episode covers critical updates in regulatory approaches to Artificial Intelligence, risk management, retail investor issues, security vulnerabilities, and digital engagement practices globally. In China, revised regulations from the Huangpu District enhance administrative normative document management by mandating AI and big data for risk and legality reviews, emphasizing party leadership and clear classification. The UK’s Financial Conduct Authority, Bank of England, and Treasury issued a joint statement urging firms to strengthen governance and cyber resilience against frontier AI threats, highlighting the need for board-level understanding and strategic risk management. Additionally, Italy resolved security vulnerabilities in Spring AI products, advising users to update to secure versions to prevent data manipulation and information leaks. For more information, visit the Carver Agents website [https://carveragents.ai]. Articles mentioned: 1. 黄浦区人民政府办公室关于印发修订后的《黄浦区行政规范性文件管理规定》的通知 [https://www.shanghai.gov.cn/nw12344/20260514/e9047ecaa3bc4479b0e323b82f8aece3.html] 2. OSC’s Investor Advisory Panel releases 2025 Annual Report [https://www.osc.ca/en/news-events/news/oscs-investor-advisory-panel-releases-2025-annual-report] 3. Web report 2026-1 Financial Stability Report [https://www.norges-bank.no/en/news-events/publications/Financial-Stability-report/2026-1-fsr/web-report-2026-1-financial-stability-report/] 4. AL04/260511/CSIRT-ITA - 11/05/26 - Risolte vulnerabilità in prodotti Spring [https://www.acn.gov.it/portale/web/guest/-/risolte-vulnerabilita-in-prodotti-spring-1] 5. OAI / SBG / SB OAI JV [https://competition-cases.ec.europa.eu/cases/M.12391?from=latest-updates&caseInstrument=M&dateHighlight=2026-05-11] 6. Order Directing Briefing on the Review [https://www.ftc.gov/system/files/ftc_gov/pdf/615459.2026.05.15_order_directing_briefing_on_the_review.pdf] 7. Jason Scott, DVM, In the Matter of (timeline item) - May 15, 2026 [https://www.ftc.gov/legal-library/browse/cases-proceedings/jason-scott-dvm-matter-timeline-item-2026-05-15] 8. FCA, Bank of England and Treasury joint statement on frontier AI models and cyber resilience [https://www.fca.org.uk/news/statements/fca-boe-treasury-joint-statement-frontier-ai-models-cyber-resilience] 9. 上海市人民政府办公厅关于印发《上海市深化“一网通办”改革 打造“高效办成一件事”最佳体验地行动方案》的通知 [https://www.shanghai.gov.cn/nw12344/20260515/b393a352da314b92b42730755baf2d25.html] 10. [Bigger Water Capacity, Smarter Flood Forecasting] [https://mcee.go.kr/eng/web/board/read.do?pagerOffset=0&maxPageItems=10&maxIndexPages=10&searchKey=&searchValue=&menuId=461&orgCd=&boardId=1863550&boardMasterId=522&boardCategoryId=&decorator=]

This Week in AI Regulations - May 10, 2026

This episode explores critical regulatory developments impacting Data Management, Competition Policy, Complexity, Advisory Committees, and Joint Ventures within the AI sector. A major update involves the joint venture agreement between OpenAI, SoftBank Group, and SoftBank OpenAI Joint Venture, which may be classified as a full-function joint venture under EU merger regulations. This triggers mandatory notifications and compliance with Council Regulation 139/2004, emphasizing transparency and adherence to merger control deadlines. In Kazakhstan, the President chaired the second Artificial Intelligence Development Council meeting, focusing on national AI integration, unified digital platforms, data standards, and cybersecurity enhancements. Furthermore, the US Office of the Comptroller of the Currency's semiannual report highlights cybersecurity risks linked to advanced AI tools, while Federal Reserve guidance narrows model risk management scope excluding generative AI, promoting supervisory flexibility. For more information, visit the Carver Agents website [https://carveragents.ai]. Articles mentioned: 1. OAI / SBG / SB OAI JV [https://competition-cases.ec.europa.eu/cases/M.12391?from=latest-updates&caseInstrument=M&dateHighlight=2026-05-05] 2. Мемлекет басшысы Жасанды интеллектіні дамыту жөніндегі кеңестің екінші отырысын өткізді [https://www.akorda.kz/kz/memleket-basshysy-zhasandy-intellektini-damytu-zhonindegi-kenestin-ekinshi-otyrysyn-otkizdi-444758] 3. OCC’s Semiannual Risk Perspective Highlights Key Risks in Federal Banking System [https://www.occ.gov/news-issuances/news-releases/2026/nr-occ-2026-35.html] 4. “Capital, Competition, and Complexity – regulatory perspectives on the regulatory debate” – Remarks by Deputy Governor Mary-Elizabeth McMunn [https://www.centralbank.ie/news/article/speech-deputy-governor-mary-elizabeth-mcmunn-bpfi-7-may-2026] 5. Michelle W Bowman: Artificial intelligence in the financial system [https://www.bis.org/review/r260504b.htm] 6. Remarks at the Special Competitive Studies Project AI+ Expo [https://www.sec.gov/newsroom/speeches-statements/atkins-remarks-scsp-ai-expo-050826] 7. Regulators and audit leaders discuss audit quality and confidence in Canada’s financial reporting [https://www.osc.ca/en/news-events/news/regulators-and-audit-leaders-discuss-audit-quality-and-confidence-canadas-financial-reporting] 8. Table ronde des responsables de la réglementation et de l'audit sur la qualité de l'audit et la confiance à l'égard de l'information financière au Canada [https://lautorite.qc.ca/grand-public/salle-de-presse/actualites/fiche-dactualite/table-ronde-des-responsables-de-la-reglementation-et-de-laudit-sur-la-qualite-de-l-audit-et-la-confiance-a-legard-de-l-information-financiere-au-canada] 9. Regulators and audit leaders discuss audit quality and confidence in Canada’s financial reporting [https://www.osfi-bsif.gc.ca/en/news/regulators-audit-leaders-discuss-audit-quality-confidence-canadas-financial-reporting] 10. Digital Health [https://www.fda.gov/advisory-committees/committees-and-meeting-materials/digital-health-advisory-committee]

This Week in AI Regulations - May 04, 2026

This episode delves into the latest regulatory updates impacting Social Dialogue initiatives, advancements in California's DMV digital driver's license, and strategic developments within Beautiful China and the Guangdong-Hong Kong-Macao Greater Bay Area. These sectors illustrate evolving governance and innovation synergy across digital and regional frameworks. One major update covers the European Commission’s draft measures under the Digital Markets Act, which aim to ensure interoperability between Google’s Android OS and third-party AI services. Key provisions include enabling integration of competing AI services with Android apps and activation through custom wake words. The Commission is currently seeking public feedback to enhance competition and innovation. Additionally, the EU’s AI "digital omnibus" proposal updates regulations by delaying certain high-risk AI rules, introducing flexibility for companies, and proposing a ban on AI-generated “nudification” content, balancing innovation with risk management. Luxembourg’s advocacy for a harmonized European approach to online minor protection and support for AI startups further reflects coordinated regional efforts. For more information, visit the Carver Agents website [https://carveragents.ai]. Articles mentioned: 1. Commission seeks feedback on measures to ensure interoperability with Google's Android under the Digital Markets Act [https://digital-markets-act.ec.europa.eu/commission-seeks-feedback-measures-ensure-interoperability-googles-android-under-digital-markets-act-2026-04-27_en] 2. Commission seeks feedback on measures to ensure interoperability with Google's Android under the Digital Markets Act [https://digital-strategy.ec.europa.eu/en/news/commission-seeks-feedback-measures-ensure-interoperability-googles-android-under-digital-markets] 3. California expands mobile driver’s license to Samsung Wallet - April 28, 2026 [https://www.gov.ca.gov/2026/04/28/california-expands-mobile-drivers-license-to-samsung-wallet-continuing-dmvs-digital-transformation/] 4. AI: press conference debrief on the negotiations to update EU rules [https://www.europarl.europa.eu/news/en/press-room/20260427IPR42003/ai-press-conference-debrief-on-the-negotiations-to-update-eu-rules] 5. Elisabeth Margue au Conseil informel "Télécommunications" de l'Union européenne [https://gouvernement.lu/fr/actualites/toutes_actualites/communiques/2026/04-avril/30-margue-chypre.html] 6. Questions and Answers on FDA's Adverse Event Reporting System (FAERS) [https://www.fda.gov/fda-adverse-event-reporting-system-faers] 7. 聚焦融合创新 发挥制度优势 加快建设粤港澳大湾区美丽中国先行区 [https://gdee.gd.gov.cn/hbxw/content/post_4889597.html] 8. "Tant que le dialogue se poursuit, rien n'est arrêté" [https://gouvernement.lu/fr/actualites/toutes_actualites/interviews/2026/04-avril/27-spautz-quotidien.html] 9. La Banque de France et l’ACPR mettent en garde le public contre un risque de fraude avec usurpation de leur identité et de celle de leurs dirigeants [https://acpr.banque-france.fr/en/node/1686160] 10. A reform-minded regulator [https://www.fca.org.uk/news/speeches/reform-minded-regulator]

This Week in AI Regulations - April 26, 2026

This episode covers important regulatory updates spanning multiple sectors including the Chinese Five-Year Plan, California's CCPA developments, EU data protection advancements, the U.S. Water Reuse Action Plan, and initiatives in Hubei. Major updates include the European Data Protection Supervisor’s expanded roles under the EU AI Act, mandating cooperation from EU institutions with strong cybersecurity and privacy safeguards. Spain’s clarification on AI voice transcription services now requires organizations to act as data controllers under GDPR, enforcing transparency and rights protections. Additionally, the California Privacy Protection Agency faces detailed public comments recommending alignment with existing privacy laws and refining behavioral advertising definitions under the CCPA. For more information, visit the Carver Agents website [https://carveragents.ai]. Articles mentioned: 1. Transcripción de voz con IA (II): responsabilidad, derechos y transparencia [https://www.aepd.es/prensa-y-comunicacion/blog/transcripcion-de-voz-con-ia-ii-responsabilidad-derechos-y-transparencia] 2. Written Comments Part 4 [https://cppa.ca.gov/regulations/pdf/part4_all_comments_combined_redacted_oral_not_included.pdf] 3. Read more here [https://www.edps.europa.eu/press-publications/publications/newsletters/newsletter-119_en] 4. Litigation Release - AI Investment Education Foundation Ltd. [https://www.sec.gov/enforcement-litigation/litigation-releases/lr-26536] 5. Mise à jour de la loi organique des services de renseignement et de sécurité [https://news.belgium.be/fr/mise-jour-de-la-loi-organique-des-services-de-renseignement-et-de-securite] 6. Prioridades de supervisão — 2026 [https://www.bportugal.pt/page/prioridades-de-supervisao-2026] 7. What They Are Saying: Water Sector, Industry and Federal Partners Applaud EPA’s Newly Launched Water Reuse Action Plan 2.0 [https://www.epa.gov/newsreleases/what-they-are-saying-water-sector-industry-and-federal-partners-applaud-epas-newly] 8. 湖北省国民经济和社会发展第十五个五年规划纲要 [http://www.hubei.gov.cn/zwgk/hbyw/hbywqb/202604/t20260423_5920799.shtml] 9. Von Cloud bis KI: Strategie und Governance im Spannungsfeld von Souveränität und Innovation | Konferenz "Finanzdienstleister der nächsten Generation", Frankfurt School of Finance and Management [https://www.bundesbank.de/de/presse/reden/von-cloud-bis-ki-strategie-und-governance-im-spannungsfeld-von-souveraenitaet-und-innovation-994124] 10. 上海市人民政府办公厅关于印发《国家数字经济创新发展试验区（上海）实施方案》的通知 [https://www.shanghai.gov.cn/nw12344/20260421/9edf5d5c1b2244298c315304349d0963.html]