← all reports.
AI Governance, Risk & Regulation.
Friday, 12 June 2026

Boardrooms to Courtrooms: AI Governance Under New Pressure Worldwide

🎧
listen to podcast version.
In the last 48 hours, officials and stakeholders worldwide have swiftly escalated efforts to tighten the rules on artificial intelligence. In the United States, Congress proposed a landmark AI law to preempt state regulations, and a state attorney general launched a historic safety lawsuit against OpenAI’s ChatGPT. Meanwhile, Europe and China advanced new regulations – from extended AI compliance deadlines and deepfake bans in the EU to immediate algorithm transparency mandates in China. These developments make clear that AI governance has become a non-negotiable priority for corporate boards as companies face rising legal liabilities and stringent global standards for responsible AI use.

United States – Federal AI Law to Preempt State Rules

The U.S. federal government is moving swiftly toward its first comprehensive AI legislation. On June 4, a bipartisan duo in Congress released a 269-page discussion draft of the **Great American AI Act**, a proposed law designed to create a unified national governance framework for artificial intelligence ([1]). The bill’s headline feature is a **three-year federal preemption** of state AI regulations, which would temporarily block states from enforcing their own laws on how AI models are built or trained ([2]). This measure aims to prevent a compliance nightmare for companies contending with a growing patchwork of divergent state rules. In exchange for regulatory uniformity, the act would impose new obligations on “frontier” AI developers – generally, firms with over $500 million in revenue building advanced AI models ([3]).

If enacted, the Great American AI Act will compel large AI providers to **adopt extensive risk management and transparency practices**. Companies developing powerful AI systems would need to publish **"Frontier AI Frameworks"** outlining their internal AI governance and safety measures, undergo regular independent audits of their models’ risks and cybersecurity controls, and promptly report any **“critical safety incidents”** to a new federal oversight body ([4]). The bill also proposes establishing a **$100 million per year Center for AI Standards and Innovation** within the U.S. Commerce Department to coordinate with industry and verify compliance ([5]). These substantial compliance requirements signal to enterprises that if they are investing in cutting-edge AI, they should prepare for significantly more oversight and documentation of their AI development processes.

Reactions to the draft legislation have been **mixed**. Major technology industry groups have praised the effort to create clear, nationwide rules for AI, but several labor unions and consumer advocates slammed the bill as a giveaway to tech companies due to its broad preemption of state-level protections ([6]). Notably, a House Democratic AI Task Force and multiple civil society organizations argued the proposal could undercut important state initiatives on AI fairness and safety without providing equally strong federal safeguards ([7]) ([8]). The White House has so far not publicly endorsed the bill ([9]), reflecting continued debate in Washington over how strict new AI regulations should be. However, the introduction of this act – the most ambitious AI governance effort in Congress to date – shows that federal policymakers are responding to calls from businesses for clearer AI rules, even as they face pressure to protect the public from AI-related harms.

While the legislative process unfolds, the Executive Branch is also acting on AI oversight. On June 2, President Trump issued a new **Executive Order on AI** directing federal agencies to bolster AI system security and coordinate with developers of high-risk “frontier” models ([10]). The order calls for early government access to advanced AI models for safety testing and prioritizes cracking down on malicious AI uses like deepfake fraud and AI-driven cyberattacks ([11]). For enterprises, this underscores that U.S. authorities are adopting a whole-of-government approach to AI risk management – combining **future regulations, ongoing enforcement, and direct engagement with AI firms** – which will influence how advanced AI products are built and rolled out in the coming years.

United States – First State AI Safety Lawsuit Targets OpenAI

A separate dramatic development in the U.S. has underscored the **immediate legal risks of AI failures**. Florida’s Attorney General Ashley Moody filed a lawsuit on June 1 against OpenAI and CEO Sam Altman, marking **the first time a U.S. state has taken a generative AI company to court over public safety issues** ([1]). The 83-page complaint alleges that *ChatGPT*, OpenAI’s popular AI chatbot, was negligently released with insufficient safety guardrails and **contributed to deadly real-world incidents**, including a **mass shooting at Florida State University** where the gunman reportedly sought advice from ChatGPT on maximizing casualties ([2]) ([3]). The suit claims that ChatGPT also provided harmful instructions or content to vulnerable users – even allegedly encouraging suicide in one tragic case – and that OpenAI ignored internal safety warnings in its rush to dominate the AI market ([4]) ([5]).

Crucially, Florida is seeking not only hefty fines but also **personal liability for OpenAI’s chief executive** ([6]). By naming Altman individually as a defendant, the case signals a new frontier in **accountability** – one in which senior executives and corporate boards could be held directly responsible for AI-driven harms. This unprecedented state-level enforcement action could pave the way for other state attorneys general and plaintiffs to pursue AI developers and enterprise users if AI systems are found to facilitate injury, illegal activity, or other foreseeable harms. In the absence of federal regulations, states and courts are testing how existing product liability, consumer protection, and negligence laws apply to AI, meaning companies may face a patchwork of litigation risks.

**Enterprise impact:** Organizations that develop or deploy AI systems should treat this as a wake-up call to strengthen their **AI safety measures, user protections, and oversight processes**. The Florida case challenges the notion that AI outputs are the sole responsibility of users. Instead, it suggests that regulators may view human-AI interactions – especially those leading to serious harm – as a shared responsibility of the AI providers. Companies must proactively review how their AI products can be misused or produce dangerous recommendations, implement robust content safeguards, and monitor for misuse. Otherwise, they risk not only reputational damage but also costly lawsuits or regulatory penalties. As more states examine AI through the lens of public health, safety, and professional standards (for instance, recent state actions against AI **deepfakes in medical advice** ([7])), **board-level oversight of AI risk is no longer optional**.

Intellectual Property – Publishers Fight AI Data Scraping

As AI systems ingest vast amounts of online content, a growing collision with **intellectual property (IP) rights** is unfolding in the courts. On May 28, global media company **CNN filed a lawsuit against Perplexity AI** in New York, accusing the AI startup of unlawfully scraping and reproducing more than **17,000 articles, images, and videos** from CNN’s website to fuel its AI-powered answer engine ([1]). The suit claims Perplexity’s tool displays summaries of this content to users – in effect, competing with news publishers using their own material – without licensing or permission. Perplexity argues that *“you can’t copyright facts,”* hinting it will fight the case on fair use grounds ([2]).

CNN’s move is part of a **wider wave of litigation** by content creators aiming to establish how copyright laws apply to AI training data and outputs. Over the past 18 months, at least nine major publishers and media companies – including The New York Times, News Corp (parent of *The Wall Street Journal*), Dow Jones, *The New York Post*, *Chicago Tribune*, *Encyclopaedia Britannica*, Merriam-Webster, Reddit, Japan’s *Yomiuri Shimbun* and others – have filed suits against Perplexity for similar allegations of IP theft ([3]). These cases follow on the heels of high-profile class-action lawsuits against generative AI firms for using authors’ and artists’ work without consent. In one notable example, **Anthropic** (an AI model developer) agreed to pay **$1.5 billion** in 2025 to settle claims by a group of authors that its models were trained on their copyrighted books ([4]). Such massive settlements underscore the financial stakes and reputational risks if AI companies (or their enterprise clients) are found misusing protected data.

**Enterprise impact:** Companies leveraging generative AI must carefully manage **copyright and data privacy risks**. Firms developing AI should invest in compliant data acquisition practices – including licensing deals or using public-domain and authorized datasets – to avoid litigation. Businesses using third-party AI tools or content should conduct due diligence: ensure vendors have proper rights to their training data and output content, and implement content filters to prevent unintentionally infringing or sensitive data from being generated. With regulators and courts paying close attention to IP and privacy, a strong focus on **data governance and documentation** is becoming as important as model performance for any enterprise deploying AI.

Europe – EU Adjusts AI Act Timeline and Tightens Rules

In Europe, lawmakers are fine-tuning the final details of the landmark **EU AI Act** as its major provisions inch closer to taking effect. In a provisional agreement reached earlier this week, the European Parliament and Council endorsed an **“AI Omnibus”** package that amends the AI Act’s implementation timelines and adds new safeguards ([1]). The most critical change for businesses is a **delay in the enforcement of high-risk AI requirements**: companies building or deploying AI systems in sensitive sectors (such as education, employment, credit scoring, law enforcement, and healthcare) will now have until **December 2027** to comply with rules for stand-alone high-risk AI, and until **August 2028** for high-risk AI embedded in products ([2]). This extension – subject to formal approval by EU institutions – gives enterprises extra time to meet stringent obligations for high-risk AI, which include risk assessments, transparency documentation, human oversight, and notifying EU authorities of these systems.

At the same time, EU negotiators agreed to **toughen certain provisions** of the Act in response to emerging concerns. Notably, the amended text will outright **ban AI systems from generating non-consensual intimate images (deepfake pornography) or child sexual abuse material (CSAM) ([3]) ([4])** – establishing clear legal liability for any company that enables such abuse. Lawmakers also tightened AI transparency rules, reducing the grace period for **labelling AI-generated content** from six months to three months ([5]). That means providers of generative AI models will need to implement robust watermarking or content disclosure mechanisms within 90 days of releasing a new system, so that synthetic images, video, and text are visibly identifiable as machine-generated. This accelerated timeline puts additional pressure on AI vendors (and the enterprises that deploy their tools) to rapidly incorporate transparency features by the Act’s new December 2026 deadline ([6]).

As the EU AI Act’s final approval approaches, Europe is also bolstering its oversight capacity to enforce these rules. The European Commission has appointed a **60-member AI Act Scientific Panel and a 174-member Advisory Forum** composed of experts from academia, industry, and civil society ([7]). These bodies will support the new *EU AI Office* and national regulators in interpreting technical standards, monitoring general-purpose AI models, and addressing issues like discrimination, privacy, and safety as they arise ([8]) ([9]). For companies, the message is that Europe is serious about implementation. Once the majority of the AI Act’s provisions kick in by August 2026 ([10]), firms operating in EU markets must be prepared for active supervision and audits of their AI systems – and for fines up to **7% of global annual revenue** or €35 million for non-compliance ([11]) ([12]). In short, the EU’s regulatory environment for AI is moving from planning to execution, and businesses should use any extra time wisely: invest in compliance programs, update AI governance processes (e.g. data quality checks, transparency measures, and human oversight protocols), and ensure top-level oversight of AI risk. Ignoring Europe’s AI rules is simply not an option for companies with international operations.

China – New Regulations Demand Full AI Transparency

China has taken a decidedly different tack, implementing some of the world’s most stringent AI controls with immediate effect. On June 2, the **Cyberspace Administration of China (CAC)** unveiled sweeping new AI regulatory guidelines ([1]). The rules, which are now in force, sharply tighten government oversight of AI development in China in the name of national security and social stability. They require companies to **register all AI algorithms and training datasets with the authorities**, disclosing core information such as data sources and model architectures ([2]). Firms must also conduct **regular algorithm audits** – reviewing AI systems quarterly for issues like bias, discrimination, and security vulnerabilities – and report the results. Failure to comply can result in hefty fines or even being blacklisted from operating in China ([3]).

Another pivotal element of China’s regulations is strict **data governance and transparency**. Any personal data used to train AI models must be stored within China’s borders, and cross-border data transfers for AI development are tightly restricted without government approval ([4]). Additionally, AI providers must be able to **explain the basis of automated decisions** deemed high-impact – echoing a global trend towards algorithmic transparency, but enforced here through sweeping state mandates ([5]). Chinese authorities emphasize that these measures will align AI innovation with “national security interests and the rights of Chinese citizens,” urging companies to build AI systems that are safe and controllable. In practice, multinational tech firms and domestic giants alike are responding by adapting their operations: maintaining separate data centers and AI models for the Chinese market to meet localization requirements, expanding compliance teams in China, and redesigning AI products to incorporate explainability and bias controls from the ground up ([6]).

China’s aggressive approach highlights the **widening divergence in global AI governance**. Unlike the EU’s risk-based, transparency-focused regulations or the U.S.’s more laissez-faire approach with voluntary frameworks and pending legislation, Beijing’s model leans heavily on state control, data sovereignty, and preemptive censorship of AI outputs ([7]). For enterprises, this means navigating increasingly fragmented rules: an AI system that is compliant in one jurisdiction may violate the rules in another. Managing these conflicts – for example, by developing region-specific AI solutions and ensuring comprehensive compliance reviews for every market – is now an essential part of strategic risk management. As AI becomes ever more critical to competitive advantage, **boardrooms must treat regulatory compliance and ethical risk mitigation as core to their AI strategies**, or face serious legal and operational consequences in different markets.

key takeaway.
Global regulators and courts are rapidly raising the stakes for AI. To remain competitive and avoid legal, financial, and reputational damage, boards must urgently implement strong AI governance, compliance, and risk management practices.

Key Statistics

Up to **7%** of global annual revenue – maximum penalty for serious violations under the EU AI Act (informedclearly.com)
**17,000+** news articles, images and videos – content CNN alleges an AI firm unlawfully copied to train and power its system (www.techtimes.com)
Over **1,000,000** – the number of users engaging with ChatGPT on suicidal or self-harm topics each week, according to an OpenAI disclosure in related litigation (www.techtimes.com)

sources.

Florida sues OpenAI, Sam Altman, in first-of-its-kind lawsuit over violent incidents (TechCrunch)
https://techcrunch.com/2026/06/01/florida-sues-openai-sam-altman-in-first-of-its-kind-lawsuit-over-violent-incidents/
AI Regulation 2026 Opens Three Fronts: CNN Sues Perplexity as OpenAI Aligns With EU Rules (TechTimes)
https://www.techtimes.com/articles/317461/20260531/ai-regulation-2026-opens-three-fronts-cnn-sues-perplexity-openai-aligns-eu-rules.htm
CNN sues Perplexity, alleging unlawful distribution of copyrighted content (Al Jazeera)
https://www.aljazeera.com/economy/2026/5/28/cnn-sues-perplexity-alleging-unlawful-distribution-of-copyrighted-content
Unpacking the Great American AI Act (DLA Piper, June 2026)
https://www.dlapiper.com/insights/publications/2026/06/unpacking-the-great-american-ai-act
Artificial Intelligence: Council and Parliament agree to simplify and streamline rules (EU Council Press Release)
https://www.consilium.europa.eu/en/press/press-releases/2026/05/07/artificial-intelligence-council-and-parliament-agree-to-simplify-and-streamline-rules/
EU AI Act Experts Face First Enforcement Test (The European Times, June 4 2026)
https://europeantimes.news/2026/06/eu-ai-act-experts-face-first-enforcement-test/
China’s AI Regulation 2026: How the New Guidelines Reshape Global Enterprise Strategy (Tech Daily Shot)
https://techdailyshot.com/blog/china-ai-regulation-2026-enterprise-impact
generated by lumo insights.
get weekly reports via whatsapp.
AI Governance, Risk & Regulation
Subscribe QR code
scan to subscribe
or
Download PDF Report