Global Artificial Intelligence governance has shifted from rapid expansion to visible retrenchment. Colorado is moving to narrow its landmark state law, the EU is delaying key parts of the AI Act, Canada’s federal legislation has collapsed, the UK has declined to adopt a comprehensive statutory regime, and the Biden-era federal Artificial Intelligence framework in the United States has been revoked. Regulation is not disappearing, but the early model of broad, comprehensive governance is being reshaped by implementation difficulties, geopolitical competition, and business opposition to compliance costs.
Colorado offers the clearest example of rollback. SB 24-205, passed in May 2024, created a risk-based framework for high-risk Artificial Intelligence systems. A later special session produced a five-month delay, pushing the effective date from February 1 to June 30, 2026. In March 2026, a working group released a draft repeal-and-replace proposal centered on automated decision-making technology in consequential decisions. The replacement would remove the original law’s duty of reasonable care, mandatory impact assessments, formal risk management programs, annual reviews, and attorney general reporting requirements. In their place, it would use a lighter notice-and-rights model focused on disclosure, access, correction, recordkeeping, and meaningful human review, while relying on existing civil rights and consumer protection law for discrimination claims. At the same time, the new definition of covered ADMT is broader in one respect because it can reach screening, scoring, ranking, and routing tools if they materially influence outcomes. Colorado’s draft replacement has not yet been enacted, and the June 30 effective date still looms. The session ends in May.
The EU is delaying, not abandoning, its framework. High-risk Artificial Intelligence system requirements were set to apply beginning August 2, 2026. The Digital Omnibus would tie that timeline to standards and compliance tools that are still unfinished, with backstop dates of December 2, 2027 for standalone high-risk systems and August 2, 2028 for Artificial Intelligence embedded in regulated products. That creates a potential 24-month delay for the provisions with the greatest operational impact. The package also narrows documentation duties, expands simplifications beyond SMEs, limits some database registration obligations, and shifts Artificial Intelligence literacy responsibilities toward the Commission and member states. The result is a clear reduction in the compliance burden even though the AI Act remains in force.
The wider pattern extends beyond Colorado and the EU. Canada’s Bill C-27 died when parliament was prorogued in January 2025, leaving no binding federal Artificial Intelligence law. In the UK, officials confirmed in March 2026 that there is no comprehensive bill, reflecting a lighter-touch strategy aimed at competing on adoption. In the EU, the AI Liability Directive was withdrawn in February 2025, removing a parallel civil liability mechanism. In the U.S., Executive Order 14110 was revoked on President Trump’s first day in office, while later executive actions promoted a more innovation-first approach and challenged some state-level governance efforts. The Senate voted 99-1 in July 2025 to remove a proposed 10-year moratorium on new state Artificial Intelligence laws, showing that broad federal preemption still lacks support.
Even with these reversals, governance pressures remain strong through sector-specific rules, enforcement, contracts, procurement, and litigation. Existing laws such as HIPAA, ECOA, the Fair Housing Act, and Title VII still apply to Artificial Intelligence decision-making in their domains, and federal agencies continue to treat Artificial Intelligence conduct as an enforcement priority. The most durable compliance anchor in this environment is standards-based governance. The NIST AI Risk Management Framework, released in January 2023, was voluntary at first, but within 18 months it appeared in executive orders, state legislation, and federal contractor requirements. ISO 42001 offers a certifiable management-system model that can support multinational operations across different jurisdictions. In a volatile legal landscape, standards-based programs are presented as a more stable investment than building only for rules that may be delayed, amended, or repealed.