Global Tech Policy Tracker — 2026-05-11

Top Story

1 sources

whitehouse.gov

whitehouse.gov

EU Clinches Provisional Deal to Roll Back AI Act Restrictions

After a failed marathon negotiating session on April 29 and another all-night push, EU Council and Parliament negotiators reached a provisional agreement in the early hours of May 7 to significantly amend the landmark EU AI Act—the world's first comprehensive AI law. The deal, part of the European Commission's broader "Digital Omnibus" simplification initiative launched in late 2025, delays implementation of rules governing high-risk AI systems and eases compliance burdens that had alarmed both European and American technology companies.

The agreement includes several significant rollbacks: a delay in the enforcement deadline for high-risk AI systems (originally set for August 2026), streamlined obligations for general-purpose AI model providers, and clarification of overlapping rules with the EU Machinery Regulation. Notably, the deal also includes a new ban on unauthorized intimate AI-generated content. According to Politico, the deal "marks the first significant delay of digital rules amid pressure from the U.S."—a framing that stings critics who viewed the original AI Act as a global standard-setter.

The regulatory context is significant. High-risk AI applications—covering areas like biometrics, critical infrastructure, education, employment, and law enforcement—faced an August 2026 compliance deadline that many enterprises had flagged as unrealistic. The IAPP's AI Governance Center had previously warned of "legal uncertainty" as the August deadline loomed without a clear reform path. The new agreement effectively gives businesses more runway, but legal experts at Hogan Lovells note the precise new timelines will only be fixed once the formal amendment text is finalized and published.

Who is affected: Any company deploying AI in the EU—from multinational tech giants to European startups—faces recalibrated compliance timelines. Providers of general-purpose AI (GPAI) models like OpenAI, Google, and Mistral see reduced near-term burdens. Civil society groups such as Article 19 have criticized the deal as a dilution of fundamental rights protections, particularly for vulnerable communities. What comes next: The provisional agreement must now be formally adopted by both the Council and Parliament before it enters into force, meaning final text and exact compliance dates are still pending.

New Legislation & Regulatory Actions

United States: White House Mulls Tighter Controls on Advanced AI

• What happened: According to Politico, the White House is actively deliberating tighter new controls on the most advanced "frontier" AI models. The deliberations represent a significant shift from the Trump administration's earlier posture, which had been shaped heavily by laissez-faire venture capitalists like David Sacks and Marc Andreessen. A separate Politico report published days later walked back the framing somewhat, with a White House official insisting the discussions reiterate a "longtime commitment" to balancing "advancing innovation and ensuring security."
• Who it affects: Frontier AI model developers including Microsoft, xAI (Elon Musk's company), and Google, which have already begun safety testing with the Commerce Department's Center for AI Standards and Innovation (CAISI) before public release.
• Status: Under active internal review; no executive order or rule has been issued. Deliberations are described as fluid and still in flux.
• Why it matters: If formalized, this would mark the first substantive federal-level AI safety oversight under the Trump administration, reversing a year of deregulatory signals and potentially reshaping how frontier AI labs operate.

United States: Commerce Department Expands AI Safety Vetting

• What happened: The Commerce Department's Center for AI Standards and Innovation (CAISI) has expanded its program to conduct pre-release safety testing of new frontier AI systems from major companies including Microsoft, xAI, and Google.
• Who it affects: Leading AI labs releasing advanced frontier models in the United States.
• Status: Active and operational as of early May 2026.
• Why it matters: This establishes a de facto government vetting mechanism for the most capable AI systems before they reach the public—a significant policy development regardless of what broader executive rulemaking follows.

United States / Colorado: Compromise Bill Poised to Rewrite Colorado AI Law

• What happened: Colorado lawmakers are poised to rewrite the state's landmark 2024 AI law (SB 205) after closed-door negotiations involving business groups, tech companies including Google, and consumer/progressive advocates. A compromise bill introduced in the state Senate would drop a requirement that companies disclose how their AI systems help make decisions on consequential matters like hiring, loans, and housing—one of the most significant provisions in the original law.
• Who it affects: AI developers and deployers operating in Colorado; companies using AI for high-stakes decisions affecting Colorado residents.
• Status: Compromise bill introduced in the Colorado Senate as of May 10; awaiting vote. The original 2024 law has also faced a legal challenge.
• Why it matters: Colorado's AI law was the first of its kind in the U.S. Its weakening—or replacement—signals the intense corporate pressure against state-level AI transparency mandates and may set a precedent for other states considering similar legislation.

Enforcement & Penalties

No major new fines or enforcement actions against specific companies were reported in the past seven days. However, the following enforcement-related developments are worth tracking:

• EU AI Act Enforcement Architecture: The May 7 provisional agreement delays some high-risk AI compliance deadlines that were set to trigger enforcement exposure. The original rules carried penalties of up to €35 million or 7% of global annual turnover for the most serious violations (prohibited AI uses), and up to €7.5 million or 1% of turnover for providing incorrect information to regulators. These penalty structures remain in place; it is the compliance deadline that has shifted.

• EU DMA Extension to Cloud/AI: EU regulators have signaled that the Digital Markets Act—previously focused on search, social, and mobile platforms—will now be extended to cover cloud services and AI, aiming to promote fairer competition. This expansion sets the stage for future enforcement actions against cloud and AI gatekeepers.

Industry Response

• Big Tech (broadly): The EU AI Act rollback was widely welcomed by industry. Politico explicitly notes that critics characterized the deal as "Europe caving in to Big Tech," suggesting companies had successfully lobbied for the delay. The involvement of Google in Colorado's closed-door compromise negotiations similarly illustrates how major tech firms are actively shaping the legislative process at both the EU and U.S. state levels.

• Wilson Sonsini (law firm advisory): The law firm published a fresh analysis this week of recent U.S. AI regulatory developments, noting that despite the Trump administration calling for Congress to preempt state AI laws, state-level AI regulation "continues to evolve at a rapid pace." The analysis—published May 7—is significant because it signals that corporate counsel are actively advising clients to track the fragmented state regulatory landscape even as federal preemption remains aspirational.

• Enterprise Compliance Community: Analysis from multiple legal and compliance advisors this week underscores that enterprises face "significant compliance gaps" heading into 2026 AI deadlines, even with the EU Act's new delay. The Gunderson Dettmer law firm noted that EU-facing companies must comply with overlapping frameworks—AI Act, GDPR, and EU Data Act—creating layered obligations for AI developers and deployers, including "solely U.S.-based" companies that have EU market exposure.

Region Scorecard

Analysis: What This Means

• For EU-facing AI developers and deployers: The provisional AI Act amendment buys time, but don't mistake delay for abandonment. The high-risk AI compliance framework remains intact; only deadlines have shifted. Start your conformity assessments and documentation now—the August 2026 window may have moved, but the regulatory exposure for prohibited AI uses (biometrics, social scoring, etc.) is unchanged. Overlapping GDPR and EU Data Act obligations mean compliance programs must be holistic.

• For frontier AI labs in the U.S.: The Commerce Department's CAISI vetting program is already operational and affecting model release timelines. Even without a formal executive order on frontier AI controls, proactive engagement with CAISI processes is advisable. The White House deliberations suggest the political winds may be shifting; labs should prepare governance documentation that could satisfy safety-testing requirements.

• For U.S. state-law watchers: Colorado's likely weakening of SB 205 does not mean the state AI legislative wave is receding—Wilson Sonsini's May 7 analysis specifically notes the opposite. Companies should continue monitoring state-level bills in California, Texas, and other key jurisdictions, where the patchwork is growing despite federal preemption pressure.

• For startups and SMEs: The EU AI Act's regulatory sandboxes—where companies can test AI under regulatory guidance before market launch—remain available and are worth using proactively. Engaging with sandboxes now can demonstrate good-faith compliance effort and reduce penalty exposure when deadlines do arrive.

What to Watch Next Week

1. EU AI Act formal adoption process: Watch for any publication of draft amendment text or formal Council/Parliament vote scheduling. The provisional deal is struck but not yet law—precise new compliance timelines will only become clear once text is finalized.

2. White House frontier AI policy: Any executive order, directive, or official statement from the White House formalizing (or shelving) new controls on advanced AI models. The administration's mixed signals this week suggest an announcement—in either direction—could come soon.

3. Colorado SB compromise vote: The Colorado Senate is expected to move on the AI law compromise bill. A vote in favor would effectively dismantle the most ambitious U.S. state-level AI transparency requirements, while a rejection could reignite a broader legislative fight. Track the Denver Post and Colorado Public Radio for updates.