There is no longer a single "AI law" to comply with. There are hundreds — layered across jurisdictions and sectors, arriving faster every year, and changing under your feet.
To put numbers on it, we counted every AI-relevant legal instrument in the dataset that powers Responsible AI Studio's tools. The picture as of mid-2026:
- 378 AI-relevant legal instruments in total — 108 cross-jurisdictional laws across 14 jurisdictions, plus 270 sector-specific overlays across 14 industries.
- More than half of the dated instruments took effect in just four years (2021–2024) — the regulatory wave is recent and steep.
- The United States leads on volume (16 federal and state instruments), but the European Union is the only market we rate "highest" risk.
- Financial services is the most-regulated sector (39 overlay laws), ahead of healthcare (26) and marketing (22).
- Compliance is a moving target: 87 instruments are in force, but two major frameworks have lapsed, one was revoked outright, and several have been deferred.
How we counted
Every figure here comes from Responsible AI Studio's own regulatory dataset, which underpins the documents our tools generate. It tracks 108 jurisdictional laws across 14 jurisdictions (EU, UK, US, Canada, Australia, Singapore, China, Japan, India, Brazil, UAE, Switzerland, South Africa, and international bodies) and 270 sector overlays across 14 industries. Each entry is referenced to a primary source — a regulator publication, official gazette, or the instrument's own text — not secondary commentary. We count distinct instruments (an act, regulation, guideline, circular, or framework), not individual articles.
1. The regulatory wave is recent — and steep
Plot every dated instrument by the year it took effect and the trend is unmistakable. A handful of foundational laws now applied to AI date back decades, but the volume coming into force accelerated sharply from 2021 and peaked in 2023:
| Year in force | New instruments |
|---|---|
| 2019 | 6 |
| 2020 | 5 |
| 2021 | 7 |
| 2022 | 9 |
| 2023 | 20 |
| 2024 | 15 |
| 2025 | 6 |
| 2026 | 4 |
More than half of all dated instruments landed between 2021 and 2024. For most organisations, that means the rulebook you onboarded to even two years ago is already incomplete.
2. Volume is not the same as strictness
The US has the most AI-relevant instruments (16), driven by a patchwork of federal action and state laws like the Colorado AI Act. But breadth of paperwork is not the same as depth of obligation — we rate the EU as the only "highest" risk jurisdiction, because the EU AI Act imposes binding, cross-sector conformity obligations that most other regimes do not.
| Jurisdiction | Instruments | Risk rating |
|---|---|---|
| United States | 16 | High |
| European Union | 12 | Highest |
| United Kingdom | 12 | High |
| Singapore | 8 | Medium |
| Canada | 7 | Medium |
| Australia | 7 | Medium |
| China | 6 | Highest |
| Japan | 6 | Medium |
The takeaway: counting laws tells you where the paperwork is; it does not tell you where the teeth are. A single EU or Chinese instrument can carry more obligation than a dozen guidance notes elsewhere.
3. Where AI is most regulated: by sector
Cross-jurisdictional laws are only half the story. On top of them sit 270 sector-specific overlays — the rules that apply because of what your organisation does, not just where it operates. They are heavily concentrated:
| Sector | Overlay laws |
|---|---|
| Financial services | 39 |
| Healthcare & MedTech | 26 |
| Marketing & advertising | 22 |
| Government & public sector | 22 |
| Insurance | 21 |
| Transport & logistics | 21 |
Financial services carries nearly four times the sector-specific load of the least-regulated verticals. If you operate in finance, health, or insurance, your effective compliance surface is the horizontal laws plus a deep stack of sector rules — which is exactly where most gap analyses miss things.
4. Compliance is a moving target
Of the 108 jurisdictional instruments, 87 are in force today. But the rest of the distribution is the real lesson for anyone treating compliance as a one-time project:
- 2 frameworks have lapsed — Canada's AIDA and CPPA (Bill C-27) died when Parliament was prorogued in January 2025.
- 1 was revoked outright — the US rescinded Executive Order 14110 via EO 14179 in January 2025.
- Several are deferred — the EU's May 2026 Digital Omnibus deal provisionally pushed the AI Act's standalone high-risk obligations to December 2027.
A compliance posture built on a 2024 snapshot is, by 2026, partly built on instruments that no longer exist — and missing others that have since arrived.
What this means for your AI programme
Three practical implications fall out of the data:
- Scope before you draft. With 378 instruments in play, the first question is never "what does the law say" — it is "which laws apply to us." That is a function of jurisdiction and sector.
- Treat the rulebook as live. The lapse-revoke-defer churn means any policy needs a review cadence, not a filing date.
- Start from your gaps, not a template. The most-regulated sectors are precisely where generic policies leave the most exposure.
If you want to see which of these apply to you, our free AI readiness check maps your organisation against the instruments that actually govern it in about 90 seconds — and the AI Compliance Gap Analyser turns that into a prioritised action list. Both are grounded in the same dataset analysed above.
Methodology & citation: figures derived from Responsible AI Studio's regulatory dataset (108 jurisdictional laws across 14 jurisdictions; 270 sector overlays across 14 industries), each referenced to a primary source, as of 28 June 2026. Cite as: Responsible AI Studio, "The State of AI Regulation in 2026: 378 Laws Mapped," app.responsibleaistudio.com. This article is educational and not a substitute for qualified legal advice.