The EU AI Act's real ambition is not safety. It is global rule-setting.

A new academic paper published on arXiv in October 2024 offers a comparative look at how the EU, China, and the US are approaching AI regulation. The paper, by Jon Chun of Kenyon College, Christian Schroeder de Witt of Oxford University, and Katherine Elkins of Kenyon College, draws a sharp contrast between three regulatory philosophies: the EU’s top-down, risk-based framework; China’s centralized-decentralized hybrid; and the US’s market-driven, federal-state patchwork.

The paper’s most useful observation is not the obvious one — that different regions have different values. It is the paper’s detailed account of the EU AI Act’s geopolitical ambition. The Act, which came into force in August 2024, is not merely a safety regulation. It is a strategic bid by the European Commission to establish itself as the world’s leading AI rulemaker.

The paper calls this the “Brussels Effect,” a term coined by law professor Anu Bradford to describe how EU regulations become de facto global standards. Companies worldwide prioritize compliance with European law out of economic necessity, not coercion. The paper notes that after the 2016 General Data Protection Regulation (GDPR), the Philippines incorporated the right to be forgotten into its Data Privacy Act of 2012. The authors speculate the EU AI Act may similarly become the default standard for AI governance in much of the Western and developing world.

The EU has built an institution to enforce this ambition. The paper describes the newly established EU AI Office, which sits under the European Commission. The office oversees AI regulation and compliance, provides a central pool of AI expertise to member states, and — critically — offers “a strategic, coherent, and effective European approach on AI at the international level.” A specialist position, the Advisor for International Affairs, represents the AI Office in “global conversations on convergence toward common approaches.” The EU AI Office is not just a regulator. It is a foreign policy instrument.

The paper’s treatment of the US approach is less flattering. The Biden Executive Order #14110, issued in October 2023, coordinates over 100 specific tasks across more than 50 federal entities. The paper describes this as a decentralized approach that largely augments existing regulatory laws and agencies. But the paper also notes that multiple US Congressional committees and influential interest groups are lobbying for a more centralized, restrictive, and punitive structure. Some proposals include centralized registration of models, proofs of AI safety, and criminal penalties. The US has not settled on a regulatory direction.

China, the paper argues, presents a third path. Its approach has the appearance of centralized regulatory control, but in practice emphasizes decentralized innovation, regional competition, and economic development at the local levels. The paper’s framing suggests that China’s system is less about top-down enforcement and more about aligning AI development with “core socialist values” while allowing local experimentation. This is a useful corrective to the common caricature of China as a monolithic AI regulator.

The paper’s most revealing detail is the internal tension within the EU AI Act itself. The Act was originally constructed within a product safety framework, then blended with a fundamental rights agenda at the behest of the European Parliament, against pressure from the European Commission. The result is a novel legislative hybrid. The paper quotes Dragos Tudorache, a member of the European Parliament from Romania and chair of the Special Committee on Artificial Intelligence in a Digital Age: “Regulation isn’t just rules, it’s an opportunity to express our values.”

The Act’s release of ChatGPT in November 2022 caught European policymakers off-guard and led to significant adjustments. The paper notes that during the three-day round of negotiations in December 2023, the Act’s scope was tightened. It was clarified that the Act does not apply to military or defense applications, nor to sole purposes of research and innovation. Most importantly, the Act’s traditional risk classification system was complemented by a parallel governance track for general-purpose AI systems (GPAI). The paper calls this distinction between GPAI and non-GPAI systems, and between GPAI systems and those of systemic risk, “similarly unique among AI regulations globally.”

The paper also notes the lobbying that shaped the Act. French President Macron openly lobbied for exemptions for open-source AI providers such as Mistral. Big Tech and German pro-open-source non-profit LAION also influenced the outcome. The Act is not a pure expression of European values. It is a negotiated compromise between competing interests.

The paper’s comparative framework is useful, but it has limits. It was written before the US election and before California Governor Newsom’s decision on SB-1047, which the paper describes as “arguably the strictest AI regulation.” The paper’s analysis of the US federal approach may be outdated by the time it is read. The paper also does not address enforcement. The EU AI Office is a new institution with untested authority. The GDPR’s enforcement record is mixed. The Brussels Effect may not replicate cleanly.

What the paper makes clear is that the EU AI Act is not a safety regulation in the conventional sense. It is a market regulation with a foreign policy dimension. The EU is betting that its market size gives it the power to set global rules. The AI Office is the bet’s institutional expression. Whether the bet pays off depends on whether the rest of the world accepts the EU’s definition of acceptable risk.

The paper’s closing observation is that these varied approaches to AI innovation and regulation “influence each other, the broader international community, and the future of AI regulation.” The EU is not just regulating itself. It is trying to regulate everyone else.