Europe

The study says the EU’s regulatory framework falls and does not have the ability to fulfil the European Commission's stated goals of promoting trustworthy, human-centric, and rights-respecting AI

“Guardrails” built by the EU to govern AI fall short in both ambition and execution and have become too heavy to absorb rapid changes in technology, a new study warns.

The rules took years of negotiations and political effort, and are difficult to change but not to remove, making them a “rigidity trap in action”.

Recent changes have amounted to “partial retreat” before the EU AI act has been fully implemented, experts have said. The European Union’s 2024 AI Act, supposed to come into force this year, has already been replaced with the 2026 AI Simplification Act.

The study says the EU’s regulatory framework falls and does not have the ability to fulfil the European Commission’s stated goals of promoting trustworthy, human-centric, and rights-respecting AI.

In contrast in the USA – more by accident than design- there are “regulatory leashes” which can be pulled in response to need and these are more binding and more enforceable than the EU guardrails. Rules are more concrete and easier to enforce.

The study, by Alison Harcourt, from the University of Exeter, Claudio M Radaelli, from the European University Institute and Philipp Trein, from the University of Lausanne, says the EU’s efforts to anticipate AI risks and impose comprehensive rules made adaptive regulation hard to develop. This has made the AI Act hard to enforce and limited its capacity to protect human rights and public values.

The United States intervenes legislatively when specific risks are clearly present, or sector-by-sector. The study says this approach is more enforceable than the EU AI Act, and the state-by-state and sector-by-sector evolution of rules provides more space for learning from experience.

Professor Harcourt said: “The EU regulatory architecture is grounded in the ambition to anticipate the evolution of AI risks and protect the values identified by the EU institutions. It is a guardrails-oriented architecture. Because of this clearly prescriptive orientation, the EU seeks to impose rules. Implementing a comprehensive structure of guardrails is a difficult task in AI regulation. Companies and courts are already attempting to edit and change the final outcomes of the AI Act.”

Professor Radaelli said: “The EU has opted for a design that has limited room for adaptive regulation. The United States is reactive in the sense of regulating with “guardrails” only when there is a clear danger, and in a given sector, not across all AI applications.

“This approach is more concrete, binding, and enforcement-oriented than the EU AI Act, particularly in areas such as deepfakes, election integrity, content labelling, and individual rights. By relying on state rather than federal regulation, this approach is suitable for finding out whether some solutions implemented at the state level have potential for imitation and diffusion in other states. This approach provides room for adaptive regulation.”

The study outlines how the EU built its framework trying to get ahead of AI harms before they were fully understood. The US, particularly at the state level, has been reactive.

Dr Trein said: “The EU talked about building trustworthy, human-centric AI governance. What it built, in practice, was an architecture so heavy and politically costly that adjusting it in response to evidence has already proven harder than repealing parts of it. The US, by accident as much as by design, created more space for the kind of regulatory learning that a fast-moving technology actually requires.”