Artificial Intelligence 2026

Welcome to the Guide

Artificial intelligence (AI) is no longer a technology on the horizon. It is operational, consequential and – increasingly – regulated. This guide brings together expert analysis from leading practitioners across the world’s major jurisdictions, covering the legal and regulatory landscape as it stands today and how it is rapidly evolving. Its purpose is to give practitioners, in-house counsel, compliance professionals and business leaders a reliable map of an unusually dynamic territory.

The guide is structured to move from the foundational to the specific. It opens with the general legal frameworks – contract, tort, product liability, intellectual property, data protection, employment – that apply to AI systems today, regardless of whether bespoke AI legislation exists in a given jurisdiction. It then turns to AI-specific legislation and regulatory oversight, before addressing the particular legal challenges raised by generative AI, agentic AI, liability, procurement, sector-specific deployments, and governance. Each chapter reflects the questions that practitioners encounter in practice. Taken together, they offer a comprehensive picture of AI law as a discipline that is still forming, but forming fast.

From Experimentation to Operational Reality

The defining characteristic of the current period is the shift from experimentation to operational embedding. Across industries, organisations have moved beyond pilots and proofs of concept. AI is now integrated into core processes: underwriting, diagnostics, contract review, supply chain optimisation, customer interaction, hiring, and much more. This integration has been driven by improvements in model accuracy, the expansion of multimodal capabilities, the availability of domain-specific solutions, and – particularly in Europe – the regulatory clarity brought by the entry into force of the EU AI Act in August 2024.

That shift in maturity level has immediate legal consequences. When AI was experimental, legal risk was largely theoretical. Now that AI systems are making or materially influencing real decisions – about credit, employment, medical treatment, road safety, etc – the question of who bears legal responsibility for those decisions is no longer abstract; it is the central legal question of the coming decade.

Uncertain Trajectories: What Lies Ahead

Responsible legal and governance advice must be grounded not only in today’s technology but in a realistic appreciation of where it may go. A February 2026 paper by the Organisation for Economic Co-operation and Development (OECD) maps four possible trajectories for AI development through 2030, ranging from a plateau in capabilities to an acceleration towards human-level or superhuman performance across most cognitive domains. Each trajectory carries distinct legal and governance implications. In the plateau scenario, current regulatory frameworks may prove largely adequate, requiring incremental adjustment. In the acceleration scenario, fundamental questions about legal personality, liability attribution, and the adequacy of human oversight requirements would need urgent answers.

What the OECD analysis makes clear is that policy and regulation cannot be calibrated to a single forecast. AI governance frameworks must be robust across a range of possible futures. This has practical implications for how the guide should be read: the law described in these chapters reflects the present, but the practitioner’s task is to advise clients whose AI systems and deployments will operate across all plausible tomorrows.

The Rise of Agentic AI: a New Legal Frontier

No development has attracted more regulatory attention in the past year than the emergence of agentic AI – systems capable of planning, deciding and acting autonomously across multi-step workflows, often interacting with external services and other agents with limited human oversight at the point of execution. This is not generative AI in the familiar sense of producing a document or image in response to a prompt. Agentic AI initiates actions, enters into interactions, shapes outcomes and, in some deployments, executes transactions. 

The legal challenges this raises are substantial and, in many respects, novel. Existing frameworks – contract law, agency law, product liability, data protection, consumer protection – were not designed with autonomous, multi-agent systems in mind. A single agentic deployment can simultaneously engage data protection obligations, financial regulation, consumer protection law, competition law and cybersecurity requirements, as well as intellectual property rights, as illustrated vividly by the UK’s Digital Regulation Cooperation Forum (DRCF) in its March 2026 foresight paper on agentic AI. That paper (published by a consortium of UK regulators comprising the CMA, FCA, ICO and Ofcom) identifies a five-level autonomy spectrum for agents and warns that the greater the autonomy, the more acute the governance challenge.

At the same time, the DRCF is clear that agentic AI does not fall outside existing regulatory frameworks. Obligations of transparency, fairness, accountability and good consumer outcomes continue to apply. Organisational responsibility for legal compliance is not displaced by the autonomy of the system. This conclusion, broadly shared across EU and UK regulators, has a practical implication that practitioners should convey clearly to clients: deploying an AI agent does not transfer legal accountability to the agent. It concentrates accountability on the deployer.

The guide addresses agentic AI directly in its sections on agentic systems and autonomous decision-making, liability allocation, procurement and supply chain accountability, and AI governance. These are among the guide’s most forward-looking chapters and deserve particular attention.

A further, often underestimated dimension of agentic AI is its impact on intellectual property architecture. As autonomous agents take over creative choices at the code, content and workflow level, the human creative dominance required for copyright under the CJEU’s Mio/Konektra standard becomes structurally harder to establish. In some cases, the centre of gravity for intellectual property protection may therefore shift upwards – away from individual outputs and towards the system layer (eg, agentic configurations) and the data layer (training and fine-tuning corpora).

The Geopolitics of AI Regulation: Divergence and Its Consequences

AI law cannot be understood in isolation from its geopolitical context, and the past 18 months have produced the most significant regulatory divergence yet seen. The USA and EU – the world’s two largest AI markets – are now operating from fundamentally different regulatory philosophies, with consequences that flow directly into compliance strategy for any organisation operating transatlantically.

The US position was crystallised by President Trump’s January 2025 Executive Order, which revoked the Biden-era AI framework and reoriented federal policy towards innovation acceleration and global AI dominance. The subsequent America’s AI Action Plan advances three pillars – innovation, infrastructure and international diplomacy – framing regulatory intervention as a potential impediment to American technological leadership. Consequently, no comprehensive federal AI legislation exists, and the NIST AI Risk Management Framework remains voluntary. Instead, regulatory activity is fiercely concentrated at the state level. With state laws such as the Colorado AI Act taking effect in early 2026, alongside varying approaches in Texas and California, the US landscape has cemented into a highly fragmented patchwork with inconsistent thresholds, obligations and enforcement mechanisms. The underlying philosophy remains rooted in consumer protection: AI is treated primarily as a market phenomenon requiring targeted intervention to correct specific failures, standing in stark contrast to the EU’s comprehensive ex ante governance.

The EU’s approach proceeds from a different premise entirely. The AI Act combines product safety regulation – with pre-market conformity assessment, CE marking, and post-market monitoring – with fundamental rights protection grounded in the Charter of Fundamental Rights. It applies horizontally across all sectors and, through its extraterritorial scope, reaches organisations worldwide that place AI systems on the EU market. The Brussels effect is already visible: South Korea enacted risk-based AI legislation in early 2026, and other jurisdictions are studying the EU model closely. At the same time, Europe is not immune to competitive pressure. The Digital Omnibus proposal of November 2025 introduces targeted simplifications and timeline adjustments to the AI Act, reflecting the EU’s tension between regulatory ambition and economic competitiveness.

For organisations operating across both jurisdictions, this divergence is not merely philosophical – it creates structural compliance challenges. The same AI system may be classified differently under each framework. Pre-market conformity assessment is mandatory in the EU; US state laws impose no pre-deployment approval. Technical standards ecosystems are distinct: EU conformity is structured around CEN-CENELEC harmonised standards, while US frameworks reference NIST or, in some cases, no specific standards at all. Organisations cannot assume that compliance under one framework translates to compliance under the other.

The broader global picture adds further complexity. China has built the most extensive national AI regulatory architecture outside the EU, with a layered set of application-specific rules covering algorithmic recommendations, deepfakes and generative AI, alongside a state-driven industrial strategy that treats AI dominance as a national priority. The UK maintains a sector-led, principles-based approach, with individual regulators developing increasingly granular guidance. Regulatory divergence is the structural condition that practitioners must plan for, not a transitional state that will resolve itself through convergence.

Cross-Cutting Legal Themes

Several legal themes run through the guide and deserve brief introduction here.

Liability and accountability

Liability and accountability remain the most contested area of AI law. Existing product liability frameworks were designed for physical products with identifiable defects, not probabilistic systems that produce variable outputs. The EU’s revised Product Liability Directive attempts to close some of these gaps, but questions about causation, burden of proof, and the allocation of liability across AI supply chains remain genuinely open. The guide addresses both general liability theories and the emerging regulatory approaches to AI-specific liability frameworks.

Intellectual property

Intellectual property – particularly the question of whether training AI on copyrighted material constitutes infringement, and who owns AI-generated outputs – continues to be litigated globally. Courts in multiple jurisdictions are now issuing substantive decisions, and the outcomes will shape the economics of AI development.

Data protection

Data protection intersects with AI at every stage of the life cycle, from training data governance and purpose limitation to automated decision-making rights under General Data Protection Regulation (GDPR) Article 22 and its equivalents, and to the challenges of cross-border data flows for AI systems that operate across jurisdictions. Data protection authorities have been among the most active AI regulators to date, and enforcement is intensifying.

AI governance

AI governance is addressed in the guide’s final section, and deliberately so. Governance is the lens through which compliance becomes operational. Building an AI inventory, classifying systems by risk, implementing life cycle oversight, structuring human review, and designing incident response processes are the practical tasks that translate legal obligation into day-to-day management. As AI systems become embedded in more decisions, governance infrastructure becomes a prerequisite for defensible compliance, not merely a best-practice aspiration.

How to Use This Guide

The guide is organised by jurisdiction. Jurisdiction-specific chapters contributed by local practitioners provide the granular analysis necessary for compliance work in particular markets.

Readers approaching AI law for the first time will find the guide’s early sections on general legal background and AI-specific legislation a useful foundation. Those already working in the field will find the most value in the chapters on agentic AI, liability, procurement and governance, where the law is least settled and practitioner guidance is most needed.

AI law is a discipline defined by its rate of change. This guide reflects the state of the law and regulatory landscape as of 2026. It is, inevitably, a snapshot of a moving subject. The editorial team commends it to practitioners as a starting point for analysis, a framework for structuring advice, and a resource to return to as the field develops.