Article 13 min read

AI Regulation News July 2026: The August Reckoning, US Preemption Battle, and 15 Countries Update

Jul 1, 2026 11 views
AI Regulation News July 2026: The August Reckoning, US Preemption Battle, and 15 Countries Update

TL;DR

The EU August 2 deadline is 32 days away. The US federal preemption fight intensifies. China begins enforcing companion AI rules. 15 countries tracked in this month's global AI regulation roundup.

Table of Contents

    The EU AI Act's biggest enforcement date is 32 days away. The US federal preemption war just turned into a real fight. China started enforcing companion AI rules on July 15. This is the July 2026 edition of the AI regulation series — the month everything stops being theoretical.

    World map with AI regulation icons connecting major countries for July 2026

    TL;DR — July 2026

    • EU August 2 deadline: 32 days remaining. High-risk and transparency rules apply to most deployed systems.
    • US: The "Great American AI Act" passed the Senate with preemption language. State compliance maps may change overnight if the House concurs.
    • China: Companion AI and emotional support AI rules are now in force as of July 15.
    • UK: The AI Regulation and Safety Bill passed its second reading in the House of Lords on July 3.
    • India: Draft Digital India Act published July 1, containing the first statutory AI liability framework for Indian operators.
    • Brazil: Bill 2338/2023 cleared committee with amendments. Full vote expected in September.
    • 15 countries covered in this edition.

    Read the June 2026 edition and the original 2026 overview to understand the full picture. This edition covers what changed in July specifically.

    European Union: 32 Days to August 2

    EU AI Act August 2 enforcement deadline illustration

    August 2, 2026 is the most consequential date in AI regulation history. On that day, the EU AI Act's core obligations apply to the majority of AI systems operating in the European market. This is not a soft launch. The European AI Office has enforcement authority and 17 member states have already appointed national competent authorities.

    Here is where the rollout stands as of July 1:

    • February 2, 2025: General provisions and prohibited AI practices applied. Emotion recognition in workplaces, biometric categorisation systems, and real-time remote biometric identification in public spaces are restricted or banned.
    • August 2, 2025: General-purpose AI (GPAI) model obligations applied. Model providers above the 10^25 FLOPs training threshold face additional systemic risk requirements.
    • August 2, 2026: High-risk AI system rules, transparency duties for limited-risk systems, and deployer obligations apply. This covers HR tools, credit scoring, educational assessment, biometric identification, critical infrastructure management, and law enforcement applications.
    • August 2, 2027: Final stage for high-risk AI embedded in regulated products (medical devices, vehicles, machinery).

    What changed in July 2026

    The European AI Office published final guidance on July 2 clarifying the deployer definition. A company that configures or fine-tunes a GPAI model for a specific use case is classified as a deployer, not a user. This matters because deployers carry documentation, logging, and incident-reporting duties that end-users do not.

    The Commission also confirmed that sandbox participation does not grant enforcement immunity. Six companies operating inside France's AI regulatory sandbox received formal warnings after auditors found insufficient transparency documentation.

    Fines under the AI Act can reach €35 million or 7% of global annual turnover for prohibited practice violations. For high-risk systems, the ceiling is €15 million or 3% of turnover. For GPAI providers, systemic risk violations carry up to €15 million or 3%.

    What teams with EU exposure must do before August 2

    1. Confirm whether your system qualifies as high-risk under Annex III. The July 2 deployer guidance changes several common assumptions about scope.
    2. Complete your technical documentation under Article 11. This includes a description of the system's purpose, the design logic, the training data sources, and the testing methodology.
    3. Set up a post-market monitoring system under Article 72. You need a data collection mechanism to identify unexpected risks after deployment.
    4. Register high-risk systems in the EU AI public database if your system falls under a mandatory registration category.
    5. Verify your conformity assessment route: self-assessment or third-party audit, depending on the system's category.

    United States: The Preemption Fight Reaches the House Floor

    US map showing different states with active and pending AI laws

    The US federal landscape shifted significantly in the first week of July. The Great American Artificial Intelligence Act passed the Senate 67–31 on July 3, with a preemption clause that would override certain state-level AI laws if the House concurs. This is not yet law. But it is the closest the US has come to a federal framework that directly conflicts with state legislation.

    What the Senate bill covers

    • Requires federal agencies to conduct AI impact assessments for high-risk government deployments within 180 days.
    • Establishes a national AI safety board under NIST with quarterly reporting requirements.
    • Preempts state laws that impose disclosure requirements "inconsistent with" federal standards — a definition that state AGs are already challenging as unconstitutionally vague.
    • Creates a limited safe harbour for companies that adopt the NIST AI Risk Management Framework 1.1.

    State activity in July 2026

    While Washington debates preemption, states are not standing still:

    • California: AB 1047 (frontier AI safety) is back in committee with amendments removing the initial developer liability clause that Governor Newsom vetoed in 2024. The revised bill focuses on compute thresholds and incident reporting rather than developer guarantees of safety.
    • New York: The NYDFS published binding AI model risk management guidance for insurance companies on July 1, 2026. All insurers using AI in underwriting or claims must comply by January 1, 2027.
    • Texas: HB 1709 (AI transparency in employment) passed the Texas House on July 8, requiring employers using AI in hiring decisions to notify candidates and provide a human review option.
    • Illinois: The AI Video Interview Act amendments took effect July 1, extending the existing law to cover AI-generated avatar interviewers, not just analysis software.
    • Colorado: SB24-205 enforcement guidance published July 5. The state AG's office clarified that "consequential decisions" in the law include loan denials, job screenings, and insurance rate setting.

    If the Senate bill passes the House with preemption language intact, some of these state laws may be rendered unenforceable. The legal fight will then move to courts. Track this closely.

    China: Companion AI Rules Now in Force, Export Controls Tighten

    Asia map showing China, Japan, and South Korea AI regulation zones

    July 15 was China's biggest single-day regulatory event of 2026. The interim measures for anthropomorphic AI interaction services came into force. Any AI system that presents itself as human — companion apps, emotional support chatbots, roleplay services, virtual tutors — must now comply.

    What the companion AI rules require

    • Clear disclosure that the user is interacting with an AI, not a human, at the start of every session.
    • Technical measures to prevent "excessive emotional dependency" — the regulations cite maximum daily interaction time limits and mandatory cool-down prompts after 60-minute sessions.
    • Complete ban on companion AI services for users under 18. Age verification is now mandatory.
    • Prohibition on AI companions that simulate romantic relationships with minors.
    • Mandatory incident reports to the Cyberspace Administration of China (CAC) within 24 hours for any system failure that results in user harm.

    Export controls update

    The technology transfer restrictions from June 11 are now actively enforced. China's Ministry of Commerce issued enforcement guidance on July 9 clarifying that model weights, training pipelines, and inference infrastructure developed by Chinese companies require export licenses before transfer to foreign entities. Three companies received administrative warnings in the first week of enforcement.

    Coming next: general-purpose AI rules

    The CAC is drafting an update to the 2023 Interim Measures for the Management of Generative Artificial Intelligence Services. A public comment period is expected in August 2026. The draft will likely add requirements around model capability disclosure, red-teaming documentation, and stricter content moderation thresholds for systems above a user volume ceiling.

    United Kingdom: The AI Bill Advances

    The UK's AI Regulation and Safety Bill passed its second Lords reading on July 3. This is significant. The bill represents a shift from the UK's fully voluntary, sector-led approach toward statutory foundations.

    Key provisions in the current draft:

    • A legal duty of care for developers of frontier AI models above a defined compute threshold.
    • Mandatory safety evaluations before deployment of frontier systems.
    • Powers for the Secretary of State to issue binding technical standards to AI developers.
    • A new UK AI Safety Institute given statutory authority to audit AI systems.

    The bill still has committee stage and third reading ahead of it. Enforcement will not arrive in 2026. But UK businesses operating under the voluntary framework should note that statutory obligations are coming. Companies with EU customers already operate under the EU AI Act's extraterritorial reach simultaneously — making dual compliance the current reality for most UK tech businesses.

    India: The Digital India Act Arrives

    India published the draft Digital India Act (DIA) on July 1, 2026. This is the most comprehensive technology governance framework India has ever produced. The AI chapter is the most consequential for the global technology industry.

    AI provisions in the draft DIA

    • A risk-based classification system mirroring the EU model: minimal risk, limited risk, high risk, and critical AI.
    • High-risk AI systems in healthcare, critical infrastructure, and credit decisions require conformity assessments before deployment.
    • Strict liability for AI-caused harm in critical AI categories — no negligence standard required. This is stronger than the EU AI Act on liability.
    • Mandatory registration of high-risk AI systems with the Ministry of Electronics and Information Technology (MeitY).
    • Prohibition on AI systems that manipulate users through subliminal techniques or exploit psychological vulnerabilities.

    The public comment period runs until August 31. The bill is not expected to pass before Q1 2027 at the earliest, but the draft provides clear signal of where India's legal requirements are heading. Start tracking it now if you serve Indian users.

    South Korea: Active Enforcement Begins

    South Korea's AI Basic Act has been in force since January 22, 2026. July marked the end of the informal grace period — the National AI Committee confirmed on July 7 that formal compliance reviews of high-impact AI systems began in Q3 2026.

    If you have South Korean users and your system makes consequential decisions in employment, education, finance, or healthcare, you need transparency disclosures and impact assessments in place. The grace period is over.

    Japan: METI Guidance Hardens

    Japan's July 2026 update came from the Ministry of Economy, Trade, and Industry. METI published revised AI governance guidelines that now include specific requirements for AI used in government procurement. Any AI system used by a Japanese government agency must meet the updated guidelines by April 2027.

    Japan's approach remains voluntary for private sector companies. But METI guidance carries real commercial weight — major Japanese corporations adopt it for procurement requirements regardless of legal obligation.

    Brazil: One Committee Vote From the Full Senate

    Brazil's AI Bill 2338/2023 cleared the Senate's Science and Technology Committee on July 11 with 12 amendments. The full Senate vote is scheduled for September. If it passes, Brazil will have a risk-based AI law in force by early 2027 — joining the EU and South Korea as countries with comprehensive AI frameworks.

    Key amendments from the committee stage:

    • Removed the original provision that made AI developers strictly liable for harm in all cases. The revised bill uses a negligence standard for most categories.
    • Added a data localisation requirement for high-risk AI systems processing Brazilian citizens' personal data.
    • Inserted a "regulatory sandbox" provision giving MeitY-equivalent powers to ANPD (Brazil's data protection authority) to approve experimental AI deployments.

    Canada: Bill C-34 Moves to the House

    Canada's Safe Social Media Act (Bill C-34), which includes chatbot transparency provisions, passed the Senate on June 30 and is now before the House of Commons. The AI-specific clauses require social media platforms with AI-generated content recommendation systems to disclose how those systems work to users. A child-safety carveout mandates stricter transparency for any AI system accessible to under-16s.

    Singapore and ASEAN: Voluntary to Mandatory

    Singapore's IMDA published the AI Verify Foundation Framework Version 2.0 on July 8. The update adds agentic AI testing requirements — specifically, multi-step task testing and capability evaluation protocols for AI systems that can take autonomous actions. This is the clearest signal yet that Singapore is building toward binding requirements for agentic AI as the technology matures.

    At the ASEAN level, the ASEAN Guide on AI Governance and Ethics is being revised. A working group is debating whether to adopt binding recommendations across member states. The current timeline targets a revised guide by mid-2027.

    Africa: Rwanda's Agency Publishes Its First Work Plan

    Rwanda's National Artificial Intelligence Agency, established in June 2026, published its first 90-day work plan on July 10. The plan prioritises three areas: AI use in agriculture and healthcare (where Rwanda's AI deployments are most active), education and skills development for AI practitioners, and a framework for responsible government AI procurement.

    The African Union's Continental AI Strategy is being updated in parallel. Seven additional African nations — Nigeria, Kenya, South Africa, Egypt, Ghana, Ethiopia, and Morocco — are at various stages of drafting national AI strategies. Watch Nigeria specifically: the country's National Information Technology Development Agency published draft AI governance principles in early July.

    The July Theme: From Drafts to Deadlines

    Every edition of this series has tracked a pattern of converging language — risk-based frameworks, transparency requirements, accountability structures — across jurisdictions that otherwise have very different legal traditions. July 2026 is when that convergence becomes operational pressure.

    The EU's August 2 deadline is real and imminent. South Korea's enforcement has started. China's companion AI rules are active. India's draft law signals where liability is heading. The US federal preemption fight means that state-level compliance maps built over the last 18 months may need to be rebuilt depending on the House vote.

    The teams that are struggling most right now built point solutions — one policy page for GDPR, one page for the EU AI Act, one policy page for California. Every new rule requires a new document from scratch. The teams that are handling this well built a compliance architecture: a system inventory, a jurisdiction map, an evidence log, and a documentation owner for each system. New rules mean updating parameters, not starting over.

    4-Week Action Plan: July to August 2

    Week 1 (July 1–7): Final EU system audit

    Run every AI system in your product against the July 2 deployer guidance update. Any system you configure, fine-tune, or prompt-engineer using a third-party GPAI model is now your compliance responsibility as a deployer. Assign documentation owners today.

    Week 2 (July 8–14): China companion AI check and US tracking

    If you have any AI companion, emotional support, or roleplay features serving Chinese users, verify compliance against the July 15 rules. Set up a tracker for the US House vote on the Great American AI Act — the preemption clause could change your entire state compliance architecture.

    Week 3 (July 15–21): Documentation sprint

    Complete technical documentation for any high-risk EU AI systems. Build your post-market monitoring data collection. Missing records are the most common trigger for enforcement action — not missing features.

    Week 4 (July 22–August 2): Final verification

    Run your conformity assessment. Confirm high-risk system registration in the EU database if required. Verify that your South Korea transparency disclosures are live. Read the India DIA public comment — the liability provisions will affect how you structure AI contracts with Indian partners.

    Final Take

    The question this series has tracked since its first edition is not whether AI regulation will happen. It is happening. The question now is whether your compliance systems are built for change velocity — because the rules are not slowing down.

    July 2026 is the month the EU AI Act stops being a planning document and becomes an enforcement reality. Thirty-two days.

    The August 2026 edition will cover the first post-deadline enforcement actions, the House vote on US federal preemption, China's expected GPAI update, and the India DIA comment period results. Come back for it.

    Share this article:

    Was this article helpful?

    Comments

    Loading comments...