ArenaGovernance & policy

Mapped players3As of2026-05-22

EU AI Act

Binding regulation with risk-tier enforcement rolling out through 2025-26. Prohibited practices enforcement began February 2025. High-risk system requirements are the current implementation pressure.

About

The EU AI Act is binding regulation enacted by the European Union that classifies AI systems by risk tier and sets compliance requirements. Prohibited practices enforcement began February 2025; high-risk system requirements are rolling out through 2026.

Strategy

The main practical challenge for most teams right now is classification — determining which risk tier their system falls into. The Act's definitions are broad and legal teams are still developing standard interpretations. Implementation guidance from the EU AI Office has been slower than expected, leaving compliance teams to make judgment calls in the meantime.

Nov 15EU AI Office published first implementation guidance for high-risk systems.
Aug 20EU AI Act prohibited practices enforcement began across member states.

NIST

Publishes the AI Risk Management Framework (AI RMF 1.0). Primary voluntary governance reference for US-based teams deploying in regulated domains.

About

NIST is the US National Institute of Standards and Technology, a federal agency. It published the AI Risk Management Framework (AI RMF 1.0), the primary voluntary governance reference for US enterprise AI deployment.

Strategy

The US standards body that published the AI Risk Management Framework. The AI RMF is the primary voluntary governance reference for US enterprise AI. Many procurement and legal teams use NIST RMF language as the baseline for AI control requirements, even without a regulatory mandate to do so.

Jan 14NIST workshop announced for Cyber AI Profile and SP 800-53 Control Overlays for Securing AI Systems.
Nov 20NIST AI RMF 2025-2026 updates reflect shift to operational, sector-specific guidance.
Aug 15Sector regulators increasingly cite NIST AI RMF in enforcement guidance.
May 10NIST published Generative AI Profile for AI RMF.

UK AI Safety Institute

Runs pre-deployment evaluations on frontier models. Published Inspect (open-source eval framework). Influence on international safety norms above its regulatory authority.

About

The UK AI Safety Institute is a UK government body that runs pre-deployment evaluations on frontier AI models. It published Inspect, an open-source evaluation framework used by labs and regulators internationally.

Strategy

Punches above its regulatory weight because it published practical evaluation tooling (Inspect) that other labs and regulators have adopted directly. Currently at risk from UK fiscal pressure, which could reduce its evaluation capacity. Several allied governments reference its protocols, so a capability reduction would have wider signal impact than its formal authority suggests.

Apr 27AISI published red team research on frontier AI systems.
Apr 24AISI published red team research on frontier AI systems.