Skip to content

International AI Legal Landscape (2026) — What Australian Businesses Should Know

Purpose: Navigate international AI regulations affecting Australian organisations operating globally Audience: Legal, compliance, international business and governance teams | Time: 60-90 minutes

Last updated: 15 June 2026. This page is informational and not legal advice.

Rapidly evolving landscape

International AI regulations are changing fast. The EU's Digital Omnibus on AI reached provisional political agreement on 7 May 2026 (extending key AI Act compliance deadlines). The IMCO and LIBE committees of the European Parliament endorsed the agreement by 93 votes to 4 on 2 June 2026, clearing the way for a full Parliament plenary vote now scheduled for June 2026 — expected before the original 2 August 2026 high-risk AI deadline. South Korea's AI Basic Act took effect in January 2026 with implementing rules still emerging. Canada's AIDA died on the Order Paper and any replacement may differ substantially. Always verify current status with official sources before making compliance decisions.

As AI regulation accelerates globally, many jurisdictions already impose binding requirements or have near-term obligations that will affect Australian organisations exporting, operating, or handling data linked to those regions.

Below is a practical snapshot of the US, Canada, EU, UK, Japan, South Korea, Singapore and recent bilateral agreements, plus the global frameworks most often referenced by regulators.


Executive Snapshot

Key Jurisdictions at a Glance

  • 🇪🇺 EU — The EU AI Act is in force with staged obligations. Bans on "unacceptable risk" uses started 2 Feb 2025; general-purpose AI (GPAI) duties started 2 Aug 2025. The EU Digital Omnibus on AI reached provisional political agreement on 7 May 2026, extending key deadlines: high-risk standalone AI (Annex III) now 2 December 2027; high-risk AI embedded in products (Annex I) now 2 August 2028; watermarking and a new NCII/CSAM prohibition now 2 December 2026; sandboxes now 2 August 2027. Formal adoption (European Parliament vote) expected by 7 July 2026, before the original 2 August 2026 deadline. Plan to the provisional dates but be ready to confirm once formally adopted.

  • 🇺🇸 US — No single federal AI law. Federal direction runs through NIST AI RMF 1.0 and public-sector guidance (OMB M-24-10). States are moving: Colorado's AI Act (effective 30 June 2026) requires risk programs, impact assessments and notices for "high-risk" AI. NYC mandates bias audits for automated hiring tools.

  • 🇨🇦 Canada — The federal Artificial Intelligence and Data Act (AIDA) (within Bill C-27) died on the Order Paper in January 2025 when Parliament was prorogued. Any future legislation may differ substantially; no timeline for re-introduction.

  • 🇬🇧 UK — No single AI Act; regulator-led, "pro-innovation" model with central government coordination and the AI Security Institute (rebranded Feb 2025). Regulators are issuing sector guidance and pilots (assurance, sandboxes). The Data (Use and Access) Act (mid-2025) marks the UK's first statutory step toward AI-relevant obligations.

  • 🇯🇵 Japan — On 28 May 2025 Parliament approved the AI Promotion Act (Japan's first AI law, effective 4 June 2025), establishing the AI Strategy Headquarters. Compliance remains guideline-driven via the AI Guidelines for Business (2024) and existing laws (privacy, consumer).

  • 🇰🇷 South Korea — Passed the AI Basic Act (promulgated 21 Jan 2025; effective 22 Jan 2026). Establishes national governance, trustworthiness requirements and enables future rules; extra-territorial effects likely for some activities.

  • 🇸🇬 Singapore — Leading with Model AI Governance Framework (GenAI) and the open-source AI Verify testing toolkit. Often used as a practical implementation benchmark, interoperable with NIST AI RMF.


Why This Matters for Australian Businesses

  • 🌏 Export exposure: Selling AI products/services into the EU, UK or Korea may trigger local provider/deployer duties even if you're based in Australia
  • 📋 Procurement pressure: Multinationals will increasingly require AI risk assessments, bias testing and documentation aligned to EU/US frameworks (EU AI Act, NIST AI RMF, ISO/IEC 42001)
  • 🔄 Interoperability benefits: Adopting risk-based governance now reduces later retrofit costs and smooths compliance across markets

Jurisdiction Guides

European Union (EU)

Status & scope: The EU AI Act (Regulation (EU) 2024/1689) is live with a risk-tiered regime (prohibited, high, limited, minimal), dedicated GPAI obligations and strong enforcement (up to 7% global turnover). Key dates under the original Act (before the 7 May 2026 Omnibus provisional agreement): 2 Feb 2025 (prohibitions), 2 Aug 2025 (GPAI, governance/penalties), 2 Aug 2026 (bulk compliance for high-risk AI systems under Annex III, transparency obligations under Article 50 and national/EU-level enforcement). Under the provisional Omnibus extensions (see callout below), the Annex III and Article 50 dates are now expected to move to 2 December 2027 and 2 December 2026 respectively, pending formal adoption.

EU Digital Omnibus on AI — Provisional agreement reached 7 May 2026

The EU Digital Omnibus on AI reached provisional political agreement at the third trilogue between the European Parliament and the Council on 7 May 2026. Provisional extensions agreed at trilogue (subject to formal adoption):

  • High-risk AI standalone systems (Annex III): new compliance deadline 2 December 2027 (deferred from 2 August 2026)
  • High-risk AI embedded in regulated products (Annex I): new compliance deadline 2 August 2028
  • Article 50 watermarking obligations: now apply from 2 December 2026 (extended from 2 August 2026)
  • New Article 5 prohibition: AI systems generating non-consensual intimate imagery (NCII) and child sexual abuse material (CSAM), including "nudifier" tools — compliance required by 2 December 2026
  • AI regulatory sandboxes (national-level): now 2 August 2027
  • Machinery Regulation: moved to Annex I Section B — AI in machinery-regulated products falls primarily under the Machinery Regulation rather than direct AI Act high-risk requirements
  • SME exemption extended to small mid-cap companies (SMCs)

Status: Parliamentary committees (IMCO/LIBE) endorsed the provisional agreement by 93 votes to 4 on 2 June 2026. Full Parliament plenary vote scheduled for June 2026 (exact date pending) — expected to complete before the 2 August 2026 high-risk AI deadline, with entry into force around end of July 2026. Australian businesses supplying AI into the EU should plan to the new provisional dates but confirm once formally adopted. (Updated: 15 June 2026; sources: consilium.europa.eu, agenceurope.eu, iapp.org)

What to Do

  • ✅ Map any EU-facing AI systems to risk categories; identify if you're a provider, deployer, importer or distributor
  • ✅ For GPAI/models, prepare training-data summaries, technical documentation and risk-mitigation processes (red-teaming, incident reporting)
  • ✅ Plan to the provisional Omnibus dates (2 December 2027 for Annex III; 2 August 2028 for Annex I); be ready to confirm once the European Parliament formally adopts the text (plenary vote expected June 2026, following the 93–4 committee endorsement on 2 June 2026). Until then, treat the new dates as planning assumptions rather than legal certainty.

United States (US)

Status & scope: No omnibus federal AI law. Federal levers include NIST AI RMF 1.0 (widely adopted) and OMB M-24-10 (governance for US federal agencies). Two NIST publications during 2026 extend the framework:

  • NIST IR 8596 — Cybersecurity Framework Profile for AI (preliminary draft, February 2026): voluntary framework extending NIST CSF 2.0 to AI-specific cybersecurity risks. Organised around three focus areas (Secure, Defend, Thwart) and the six CSF 2.0 core functions. Open for public comment (NIST IR 8596 publication page, accessed 19 May 2026).
  • AI RMF Critical Infrastructure Profile (concept note, 7 April 2026): new profile under development to guide critical infrastructure operators on AI risk management practices. Full profile in development (NIST AI RMF homepage, accessed 19 May 2026).

States and cities are active: Colorado SB24-205 (effective 30 June 2026, delayed from the original February 2026 date via SB 25B-004) mandates risk management programs, impact assessments, consumer notices and appeal/human review for "high-risk" AI; NYC Local Law 144 requires bias audits and notices for automated hiring tools.

What to Do

  • ✅ Align your program to NIST AI RMF (often accepted as a defence/interoperability baseline, including in Colorado's framework)
  • ✅ If serving US customers/employers, build impact assessment and bias-audit capability into your lifecycle

Canada

Status & scope: Bill C-27 (which included the federal Artificial Intelligence and Data Act, AIDA) died on the Order Paper on 6 January 2025 when Parliament was prorogued. The bill would need to be completely re-introduced in a future parliamentary session. Any future AI legislation is expected to take a different approach; status remains highly uncertain. Note: Ontario's Bill 194 (passed November 2024) regulates public sector AI use provincially.

What to Do

No federal AI-specific law is imminent. Continue monitoring for potential re-introduction under a new government. Organisations can still reference AIDA's former companion guidance for voluntary best practices (risk-based duties for "high-impact" systems, impact assessments, incident reporting), but recognise any future legislation may differ substantially.

United Kingdom (UK)

Status & scope: No single AI Act; the UK follows a contextual, regulator-led approach under the Government Response (Feb 2024) to its AI White Paper. Central functions coordinate regulators; the AI Security Institute (rebranded from "AI Safety Institute" in February 2025) evaluates advanced systems and supports guidance/testing. The Data (Use and Access) Act (mid-2025) introduced provisions affecting AI training datasets and algorithmic accountability.

What to Do

  • ✅ Track sector regulators (ICO, CMA, FCA, MHRA etc.)
  • ✅ Expect assurance, transparency, and evaluation asks for frontier/GPAI uses
  • ✅ Monitor the Data (Use and Access) Act for AI training data and algorithmic accountability requirements

Japan

Status & scope: Japan emphasises soft-law via the AI Guidelines for Business (2024, METI/MIC), updated subsequently. On 28 May 2025 Parliament approved the AI Promotion Act (Japan's first AI law), with most provisions taking effect 4 June 2025. The Act establishes the AI Strategy Headquarters under the Prime Minister's Office and focuses on R&D promotion and voluntary guidelines rather than hard restrictions.

What to Do

  • ✅ Apply the Guidelines lifecycle controls (risk identification, governance, transparency)
  • ✅ Ensure compliance with APPI and sector rules

Republic of Korea (South Korea)

Status & scope: AI Basic Act (officially "Basic Act on the Development of AI and the Establishment of a Foundation for Trustworthiness") passed 26 Dec 2024, promulgated 21 Jan 2025, effective 22 Jan 2026. Creates national governance (AI committee, safety institute), a trustworthiness baseline and foundation for detailed rules; extra-territorial reach is anticipated in some areas. Fines up to KRW 30 million (~$20,870) and potential imprisonment for violations.

What to Do

  • ✅ If offering AI into Korea, prepare for registration/notice, risk management, and safety/trust controls as implementing measures roll out

Singapore

Status & scope: Model AI Governance Framework (GenAI) and the AI Verify testing toolkit provide practical, testable governance guidance; mapped to NIST AI RMF for interoperability. Frequently used by multinationals for assurance.

What to Do

  • ✅ Use AI Verify (or equivalent) for bias, robustness, transparency testing
  • ✅ Publish assurance artefacts for enterprise buyers

Bilateral: Australia–Canada AI Safety Cooperation

Status & scope: In early 2026, Australia and Canada signed an AI Safety Cooperation Agreement to strengthen bilateral cooperation on AI safety through the International Network of AI Safety Institutes. The agreement covers joint research, information sharing and coordinated approaches to evaluating advanced AI systems (industry.gov.au, accessed 15 April 2026).

What to Do

  • ✅ Monitor outcomes from the International Network of AI Safety Institutes — shared evaluation frameworks and safety benchmarks may influence future Australian regulatory expectations

Bilateral: Australia–UK AI Safety MoU (Signed Late May 2026)

Status & scope: Australia and the UK signed a Memorandum of Understanding in late May 2026 deepening cooperation on the responsible development, deployment, governance and use of safe and trustworthy AI. The MoU was signed during a visit to Australia by the UK Minister for AI and Online Safety. Under the MoU, the Australian AI Safety Institute (currently being established) and the UK AI Security Institute will collaborate on:

  • Sharing information and expertise on emerging AI capabilities and risks
  • Best practices for testing AI systems
  • Conducting joint research, including novel approaches to measure, test and manage risks
  • Supporting the International Network for Advanced AI Measurement, Evaluation and Science

Australia has now signed bilateral AI safety cooperation instruments with Canada (early 2026) and the UK (late May 2026), in addition to an industry MoU with Anthropic. This network of agreements is shaping the AISI's international partnerships even as its formal operational launch remains pending.

Note: Confirm the exact date of signing at industry.gov.au before citing a specific date.

What to Do

  • ✅ Monitor outcomes from Australia's bilateral AI safety agreements. Joint evaluation frameworks and safety benchmarks from these partnerships may influence future Australian regulatory expectations and guidance

Australia–Anthropic MoU (1 April 2026)

On 1 April 2026, the Australian Government and Anthropic signed an MoU described as the first formal arrangement executed under the National AI Plan. The agreement is a statement of intent (not legally binding) covering AI safety, research collaboration and workforce development. Key elements include Anthropic extending its AI for Science program to Australia, with an investment of AUD $3 million in Claude API credits to four institutions (ANU, Murdoch Children's Research Institute, Garvan Institute of Medical Research and Curtin University), and Anthropic planning to open a Sydney office in 2026. The MoU was formalised during a meeting between Anthropic CEO Dario Amodei and Prime Minister Albanese. (industry.gov.au, accessed 31 May 2026; anthropic.com, accessed 31 May 2026)


Side-by-Side Summary

Jurisdiction Legal posture (Jun 2026) Primary instruments Key dates Headline obligations (examples)
EU Binding, phased EU AI Act; EU Digital Omnibus (provisional agreement 7 May 2026) Feb 2025 (bans); Aug 2025 (GPAI); Dec 2027 (Annex III high-risk) and Aug 2028 (Annex I embedded) per provisional Omnibus extensions; watermarking and NCII prohibition Dec 2026 Risk-tiered duties, GPAI transparency/docs, post-market monitoring, penalties up to 7% turnover
US Patchwork + federal guidance NIST AI RMF; OMB M-24-10; Colorado AI Act; NYC AEDT law CO: 30 June 2026; NYC AEDT: in force Risk programs, impact assessments, notices, bias audits (hiring), consumer appeal/human review
Canada Dead (died Jan 2025) AIDA (Bill C-27) – terminated No timeline; re-introduction uncertain Bill C-27 died on Order Paper; any future legislation may differ substantially from original AIDA proposal
UK Regulator-led framework Gov't Response (Feb 2024); AI Security Institute; Data (Use and Access) Act Data Act mid-2025; AI legislation expected 2025–26 Sector regulators issue guidance; evaluation & assurance focus (frontier/GPAI); data/algorithmic accountability
Japan Soft-law + promotion act AI Guidelines for Business; AI Promotion Act Act effective 4 June 2025; AI Strategy HQ operational Sept 2025 Lifecycle governance guidance; R&D promotion; voluntary compliance (no direct penalties)
Korea Binding (framework) AI Basic Act Effective 22 Jan 2026 National governance; trust/safety foundations; fines up to KRW 30M; further rules expected
Singapore Voluntary but influential Model AI Governance (GenAI); AI Verify Framework updated 2024–25; OECD/GPAI alignment 2025 Testing toolkit + governance guidance; NIST RMF cross-walk; red-teaming benchmarks
AU–CA Bilateral cooperation AI Safety Cooperation Agreement Signed early 2026 Joint research and evaluation via International Network of AI Safety Institutes
AU–UK Bilateral cooperation Australia–UK AI Safety MoU Signed late May 2026 Joint research and evaluation on AI safety; cooperation between AISI and UK AI Security Institute

Global Reference Frameworks (useful everywhere)

  • 🌐 NIST AI Risk Management Framework 1.0 — broad, practical and widely referenced (US and beyond)
  • 📋 ISO/IEC 42001:2023 — AI management system standard (AIMS) for organisations building/using AI
  • 🤝 OECD AI Principles — internationally endorsed principles aligned with human-centred, trustworthy AI

Related SafeAI-Aus Tools

This page should be read together with our governance tools:


Key References

European Union

United States

Canada

United Kingdom

Japan

South Korea

Singapore

Australia–Canada Bilateral

Global Standards


Disclaimer & Licence

Disclaimer: This guide provides general information about international AI regulations and is not legal advice. SafeAI-Aus has exercised care in preparation but does not guarantee accuracy, reliability, or completeness. International AI laws change rapidly. Organisations should adapt to their specific context and seek advice from legal professionals with expertise in relevant jurisdictions before making decisions based on this information.

Licence: Licensed under Creative Commons Attribution 4.0 (CC BY 4.0). You are free to copy, adapt and redistribute with attribution: "Source: SafeAI-Aus (safeaiaus.org)"