Artificial intelligence has undergone multiple cycles of enthusiasm and disillusionment, with past decades seeing excitement over expert systems followed by the so‑called AI winter. The recent surge in transformer models has reignited global interest, marking a decisive end to that dormant period. These models, statistical in nature, are capable of generating text, images, audio, and video from contextual prompts, and their generalised capabilities have set them apart from earlier task‑specific systems. Large language models now demonstrate competence across diverse tasks without extensive retraining, but their probabilistic outputs introduce inherent variability. While optimisation techniques and multi‑model strategies are reducing hallucinations, the opacity of training datasets remains a pressing concern, particularly in relation to privacy and copyright laws that were not designed with such technologies in mind.
The risks extend beyond technical performance. As Derrick noted, “not using transformer models for some tasks may itself start to be seen as negligent” if their superior performance becomes widely recognised. This possibility could redefine professional liability in fields ranging from engineering to legal services. Cunningham highlighted the ‘black box’ problem, where the decision‑making pathways of complex models are inaccessible, making it difficult to explain outcomes. Bias in training data can lead to discriminatory results, affecting sectors such as healthcare, employment, and law enforcement. Accountability is murky when harm arises from automated systems lacking human oversight, and the vast personal datasets used in training raise significant privacy and data protection challenges.
In August 2024, the European Union implemented the AI Act, the first comprehensive AI law globally. Its objectives include promoting safe and trustworthy AI, safeguarding fundamental rights, and closing regulatory gaps left by sector‑specific rules. The Act employs a risk‑based classification, prohibiting systems deemed to pose unacceptable risks—such as those enabling social scoring or exploiting vulnerabilities—and imposing strict obligations on high‑risk systems. These include AI used as safety components in products or as standalone regulated products. High‑risk systems must undergo third‑party conformity assessments, meet stringent requirements for transparency, human oversight, accuracy, cybersecurity, and data governance, and be registered in a European Commission database.
Determining the correct risk category is a critical compliance hurdle, especially for novel technologies whose risks are not fully understood during development. Misclassification can lead to severe penalties. The governance requirements—auditing, monitoring, record‑keeping, and risk management—will increase operational costs, and organisations must also navigate overlaps with other frameworks such as the GDPR and the EU Medical Devices Regulation. Moreno emphasised the need for proactive, cross‑functional compliance strategies, involving legal, technical, and regulatory expertise to align with the AI Act and related laws.
The UK’s approach diverges sharply. Building on its March 2023 White Paper, the previous government adopted a principles‑based, ‘pro‑innovation’ framework. Five cross‑sectoral principles guide existing regulators: safety, transparency, fairness, accountability, and proportionality. Industry regulators such as the Financial Conduct Authority and the Medicines and Healthcare products Regulatory Agency have mapped their AI strategies to these principles. While the new government appears set to maintain this stance, indications suggest that formal legislation could emerge.
In the United States, regulation remains more fragmented. Federal laws address AI in specific sectors like aviation and defence, and proposed bills such as the No Fakes Act and the AI Research Innovation and Accountability Act aim to tackle issues of likeness protection, transparency, and security. State‑level initiatives and the October 2023 White House Executive Order on AI—‘The Safe, Secure and Trustworthy Development and Use of Artificial Intelligence’—add further layers. The Order mandates safety test disclosures for powerful AI systems and outlines eight principles to safeguard civil rights and consumer interests, echoing the UK’s flexible approach.
Newberry observed that the EU’s rights‑based framework contrasts with the UK and US emphasis on innovation. Yet all three recognise the increasing difficulty of AI governance as systems grow more capable. Fundamental rights, accountability, transparency, and ethical principles remain shared priorities. For businesses operating across jurisdictions, divergent regulatory landscapes pose complex compliance challenges, particularly in transparency, data governance, and risk management. Coordinated, cross‑jurisdictional strategies will be essential to meet varying legal obligations and avoid penalties.