Global Tech Policy Tracker — 2026-05-22

Top Story

Trump Postpones AI Executive Order Signing, Citing Personal Objections

With roughly 18 hours' notice, the White House abruptly called off a scheduled Thursday signing ceremony for a sweeping AI executive order, after President Trump declared he "didn't like certain aspects" of the draft. Leading AI executives had already been briefed on the policy and invited to attend the signing — making the last-minute reversal all the more disruptive to an industry that had been preparing for new compliance requirements.

The pullback caps weeks of turbulent White House deliberations on frontier AI. Earlier in May, POLITICO reported that the administration was mulling "tighter controls on advanced AI" — a significant shift from its prior laissez-faire stance championed by venture capitalists like David Sacks and Marc Andreessen. A subsequent White House statement distanced itself from tighter oversight, reaffirming a "longtime commitment" to balancing "advancing innovation and ensuring security." Former Secretary Homeland Security Mayorkas, appearing separately, endorsed "voluntary" standards for frontier models and referenced Biden-era security frameworks as a potential blueprint, noting that the White House had been meeting with tech companies in recent weeks and was considering a requirement that the federal government vet frontier AI models before release.

The postponed order is believed to have addressed the security risks posed by the most capable AI systems — including models like Anthropic's Claude Mythos, described as having "unprecedented hacking capabilities." The aborted signing leaves the U.S. without a clear federal AI security framework at a moment when state-level regulation is expanding rapidly and the EU is finalizing its own amendments.

What comes next is unclear. The White House has not indicated a new signing date or whether the text will be substantially revised. For AI developers and enterprises, the episode underscores the volatility of U.S. federal AI policy in 2026 and the importance of monitoring both executive and legislative channels simultaneously.

New Legislation & Regulatory Actions

EU: AI Act Simplification Package Finalised — Nudifier Apps Banned, High-Risk Deadlines Extended

• What happened: The EU officially finalized its simplified AI Act amendments. The package bans so-called "nudifier" apps — AI tools that generate non-consensual intimate imagery — as an explicitly prohibited AI practice. High-risk AI system obligations have been delayed to ease compliance for businesses, and overlapping rules with the EU Machinery Regulation have been clarified.
• Who it affects: All companies deploying or developing AI systems in the EU, especially those operating in high-risk domains (HR, credit, healthcare) and consumer-facing AI product companies. The nudifier ban directly targets apps generating non-consensual images.
• Status: Political agreement reached; formal legislative process ongoing. High-risk deadlines (Annex III obligations) now set for August 2, 2026.
• Why it matters: Critics warn the simplifications represent Europe "caving in to Big Tech," while supporters argue it reduces red tape without compromising core protections. The explicit nudifier ban is one of the few new restrictions added in this round, signaling political will to protect personal dignity even as broader requirements loosen.

1 sources

euronews.com

euronews.com

EU: Digital Markets Act Pivoting to Cloud and AI Services

• What happened: EU regulators announced plans to turn the focus of the landmark Digital Markets Act (DMA) — originally aimed at curbing Big Tech platforms — toward cloud services and AI, following positive results in other digital areas.
• Who it affects: Major cloud providers and AI platform companies operating in the EU, including U.S.-based hyperscalers with significant European market presence.
• Status: Regulatory priority shift announced; formal gatekeeper designation processes for AI and cloud services expected to follow.
• Why it matters: Extending DMA scrutiny to AI could mean behavioral obligations (interoperability, data portability, anti-self-preferencing) applied to AI model marketplaces and cloud AI infrastructure — adding a competition-law layer on top of the AI Act's safety framework.

UK: House of Lords Debates Cross-Sector AI Legislation

• What happened: The UK's House of Lords Library published a briefing document ahead of a Lords debate on whether to introduce cross-sector AI legislation. The UK currently has no AI-specific law or dedicated AI regulator, relying instead on sector-specific guidance. The government had previously floated an AI bill but switched to a "more targeted approach."
• Who it affects: UK-based AI developers, companies deploying AI in regulated sectors (healthcare, finance, employment), and international firms operating in the UK market.
• Status: Under parliamentary review; no legislation proposed yet. Lords debate ongoing.
• Why it matters: The UK's regulatory gap is increasingly conspicuous as the EU finalizes its AI Act and U.S. states pass their own laws. A cross-sector framework — if enacted — would fundamentally reshape compliance requirements for AI businesses in the UK and could influence post-Brexit UK-EU regulatory divergence.

1 sources

lordslibrary.parliament.uk

lordslibrary.parliament.uk

US States: Georgia, California, New York Advance AI Bills; Colorado Rewrites Law

• What happened: According to Troutman Privacy's May 18 legislative tracker, Georgia Governor Brian Kemp signed an AI chatbot safety bill into law. California and New York advanced numerous AI-related bills in their respective legislatures. Colorado — which had pioneered the first major U.S. consequential-AI law — repealed and replaced that act with a significantly pared-down version signed by Governor Polis.
• Who it affects: Companies operating in or serving consumers in these states, particularly those using AI in customer-facing contexts (chatbots) and in high-stakes decisions (employment, housing, credit).
• Status: Georgia chatbot law enacted. Colorado rewrite enacted. California and New York bills advancing through committees.
• Why it matters: The U.S. remains a patchwork of state AI laws with no federal framework — a situation Yale researchers and others have called ungovernable. Georgia's chatbot bill and Colorado's retreat from its pioneering law illustrate how wildly different state-level approaches remain.

Enforcement & Penalties

• EU AI Act (upcoming) → All EU market participants: No formal AI Act fines have yet been levied as of May 2026, because core enforcement deadlines — notably the August 2, 2026 deadline for high-risk Annex III systems — have not yet passed. However, the fine structure is now locked in: prohibited AI violations (including the newly banned nudifier apps) face penalties of up to €35 million or 7% of global annual turnover, whichever is higher. High-risk non-compliance faces up to €15 million or 3% of turnover. For EU institutions, the European Data Protection Supervisor can impose fines up to €1.5 million. The August 2026 deadline means the first wave of enforcement actions could arrive within weeks of this publication.

• U.S. Federal Government → Frontier AI labs: The White House has been in active discussions with frontier AI companies about a potential requirement for federal vetting of advanced AI models before release. Though no formal enforcement mechanism has been established — and this week's aborted executive order leaves the framework undefined — the conversations signal a potential new regulatory chokepoint for labs like Anthropic, OpenAI, and Google DeepMind developing the most powerful models.

Industry Response

• Leading AI Executives (unnamed): Top AI company executives were briefed on the draft White House AI executive order and invited to a Thursday signing ceremony — only to have the event cancelled at the last minute when Trump declared he "didn't like certain aspects." The episode signals deep tension between the administration's desire for a coherent AI security policy and industry lobbying for minimal federal oversight. No public statements from the briefed executives have been reported yet.

• EU Tech & Big Tech Lobby Groups: Critics of the EU AI Act simplification — including civil society groups — argue the amendments show "Europe caving in to Big Tech." Supporters counter that the streamlined rules cut unnecessary red tape without gutting core safety provisions. The fact that the nudifier ban was added during simplification suggests some rights advocates successfully pushed back, even as broader compliance burdens were reduced.

• Former DHS Secretary Mayorkas (voluntary standards advocate): In a public appearance this week, Mayorkas endorsed "voluntary" policies for addressing threats from advanced AI models, citing the Biden-era framework for frontier model security as a blueprint. His remarks contrast with the harder mandatory approach that was reportedly included in the now-postponed executive order — illustrating the ongoing fault line within U.S. policy circles between voluntary and mandatory AI governance.

Region Scorecard

Analysis: What This Means

• For frontier AI labs: The postponed White House executive order leaves a dangerous compliance vacuum. Labs should continue preparing for potential federal model-vetting requirements while simultaneously tracking state-level laws in California, New York, and others. The August 2026 EU high-risk deadline is now more imminent than any U.S. federal rule — prioritize EU compliance documentation accordingly.

• For companies deploying AI in the EU: The finalized AI Act simplification package is broadly positive for compliance burdens, but the nudifier ban and the confirmed August 2, 2026 enforcement date for Annex III high-risk systems mean there is no grace period. Companies operating consumer-facing AI products — especially in intimate imaging, recruitment, or credit — should complete conformity assessments now.

• For companies operating in UK markets: The absence of a UK AI law is increasingly a governance risk, not a compliance benefit. The Lords debate signals a cross-sector bill could emerge within 12–18 months. Businesses should monitor this closely and avoid building compliance programs that assume the UK regulatory gap will persist.

• For startups and developers using AI chatbots: Georgia's new chatbot safety law and the EU's explicit chatbot-related provisions signal that disclosure requirements for AI-generated conversations are becoming a baseline expectation globally. Audit your chatbot disclosures now — especially for consumer-facing applications — to ensure they meet the most stringent applicable standard.

What to Watch Next Week

1. White House AI Executive Order Rescheduling: Administration officials are expected to clarify whether and when a revised version of the postponed AI order will be signed. Watch for changes to the model-vetting provisions that reportedly prompted Trump's last-minute objection.

2. EU AI Act formal vote: The political agreement on simplification must proceed through formal legislative steps. Monitor the European Parliament and Council for scheduled votes and any last-minute amendments — particularly to the nudifier ban and the definition of high-risk systems.

3. August 2, 2026 EU Deadline Preparation: With just over 10 weeks until Annex III high-risk AI obligations become enforceable, watch for guidance documents from national AI authorities (particularly France's CNIL, Germany's BNetzA, and the Spanish AEPD) on how conformity assessments will be conducted in practice.