Global Regulatory Changes in AI

Scope & Methodology

This structured feed aggregates all identified material regulatory updates, consultations, proposed legislation, major enforcement actions, and official guidance on Artificial Intelligence released by key global regulators and other trusted sources, strictly within the timeframe of November 25, 2025 – December 22, 2025.

Each entry is mapped by geography, regulatory authority, sector, and risk domain, with precise publication dates, official source links, and actionable summaries. Where no updates were issued by a mandated regulator, this is also stated with supporting search methodology.

United States

1. NIST Cybersecurity Framework Profile for AI

Date: December 17, 2025 (public comment period open until January 30, 2026)
Regulator: National Institute of Standards and Technology (NIST)
Jurisdiction/Region: United States (Federal)
Status: Draft for Public Comment
Domain/Risk Area: AI Cybersecurity Risk Management
Key Obligation Summary:
Provides a draft framework to help organizations identify, assess, and manage cybersecurity risks unique to AI systems. Addresses both (a) securing AI platforms (integrity, adversarial attack, data poisoning risks) and (b) using AI to defend against cyber threats. The draft is open for feedback to inform the final version.
Recommended Action:
Review the draft profile for relevance to your AI operations, prepare comments for submission, and assess current controls against proposed NIST cybersecurity baselines.
Primary Sources:

2. Executive Order: Ensuring a National Policy Framework for AI

Date: December 11, 2025
Regulator: White House (Executive Order), with mandates for DOJ, FTC, FCC, Commerce Dept.
Jurisdiction/Region: United States (Federal, with impact on State law)
Status: Final (Immediate Effect); Federal agency actions due within 30–90 days
Domain/Risk Area: Legal—Federal–State Preemption; Policy Harmonization; Enforcement
Key Obligation Summary:
Directs federal agencies to harmonize AI regulations nationwide, preempting inconsistent state/local laws. Mandates:
- FTC: Within 90 days, clarify how consumer protection law applies to AI and when federal law overrides state disclosure/alteration mandates.
- FCC: Within 90 days, consider setting federal AI reporting/disclosure requirements and initiating state preemption proceedings.
- DOJ: Within 30 days, establish an AI Litigation Task Force for federal enforcement and challenges to state laws. No standalone actions from FDA, SEC, or EPA during this period.
Recommended Action:
Companies operating in multiple states or highly regulated sectors should prepare for harmonization requirements, monitor agency guidance as deadlines approach (by March 11, 2026), and conduct a legal review of state-by-state AI obligations.
Primary Sources:

European Union / EEA / United Kingdom

3. European Commission: AI Act Implementation Consultations

Date: December 1–2, 2025
Regulator: European Commission
Jurisdiction/Region: European Union
Status: Open Consultation
Domain/Risk Area: Copyright & IP for AI, Regulatory Sandboxes, High-Risk AI Implementation
Key Obligation Summary:
Solicits feedback on technical protocols for:
- Copyright reservation for training general-purpose AI models (AI Act Art. 52)
- Rules and oversight for national regulatory sandboxes under the AI Act No new binding rules; consultation outcomes will shape future compliance.
Recommended Action:
Stakeholders should participate in these consultations, as responses may directly impact implementation timelines and technical standards.
Primary Sources:
- https://www.insideprivacy.com/artificial-intelligence/european-commission-launches-consultations-on-the-eu-ai-acts-copyright-provisions-and-ai-regulatory-sandboxes/
- https://www.kslaw.com/news-and-insights/eu-uk-ai-round-up-december-2025

Asia-Pacific (APAC) & Rest of World

4. South Korea: Draft Enforcement Decree of AI Basic Act

Date: Public consultation closes December 22, 2025
Regulator: Ministry of Science and ICT (MSIT)
Jurisdiction/Region: South Korea
Status: Draft/Consultation
Domain/Risk Area: AI Industry Regulation, Transparency, Safety, Compliance Management
Key Obligation Summary:
Details enforcement obligations under the AI Basic Act—including transparency standards, operational safety, impact classification, and public/private reporting mechanisms for AI systems.
Recommended Action:
AI providers, platforms, and compliance officers with operations in Korea should review the draft, identify likely compliance impacts, and consider submitting comments before the consultation closes.
Primary Sources:
- https://www.simmons-simmons.com/en/publications/cmig1vhxv004oujfota7u217x/ai-view-november-2025

5. China: Registry of Generative AI Services

Date: Ongoing
Regulator: Cyberspace Administration of China (CAC)
Jurisdiction/Region: China
Status: Ongoing Registration / Administrative Filing
Domain/Risk Area: Registry Compliance, Platform Safety, Content Controls
Key Obligation Summary:
As of November 2025, 611 generative AI services registered (an increase from 538 in August). Mandatory administrative registration for providers of generative AI; focus is on compliance filings rather than active enforcement.
Recommended Action:
Any provider of generative AI models/services in China must ensure timely registration and monitor further regulatory changes for potential enforcement actions.
Primary Sources:
- https://www.simmons-simmons.com/en/publications/cmig1vhxv004oujfota7u217x/ai-view-november-2025

Global Regulatory Changes in AI - December Wrap Up