AI Act vs Executive Order américain sur l'IA : deux visions de la régulation
L'AI Act européen et l'Executive Order américain sur l'IA représentent deux philosophies réglementaires fondamentalement différentes. Cette comparaison explique ce que chacun exige et ce que la divergence signifie pour les entreprises.
Two major jurisdictions have moved decisively on AI regulation — the European Union and the United States — but in fundamentally different directions. The EU AI Act (Regulation (EU) 2024/1689) is a comprehensive, binding regulation with direct legal effect across all 27 EU member states. The US approach, anchored in executive orders and voluntary frameworks, is more fragmented, more flexible, and — from a binding obligation standpoint — considerably lighter.
For companies building or deploying AI globally, this regulatory divergence creates real practical challenges. Understanding the differences is essential to building a compliance programme that works on both sides of the Atlantic.
The Foundational Philosophical Difference
The EU's approach to AI regulation begins from the premise that AI poses risks to fundamental rights, safety, and democracy that require mandatory safeguards established in law. The AI Act is explicitly "risk-based" but its starting point is restriction and obligation — companies must demonstrate that their AI systems meet requirements before placing them on the market.
The US approach, at least through early 2026, begins from the premise that AI is primarily an engine of economic competitiveness and national security that should be encouraged and guided, with government intervention calibrated to avoid impeding innovation. Obligations under US executive action are typically directed at government agencies and rely heavily on voluntary industry commitments.
This is not a difference of degree. It is a difference of kind.
The EU AI Act: Key Features
Legal form: A regulation — directly binding in all EU member states without requiring national implementing legislation.
Scope: Any provider placing an AI system on the EU market or deploying it in the EU, regardless of the provider's location.
Structure: Risk-tiered, with prohibited practices (Article 5), high-risk obligations (Articles 9–15), GPAI obligations (Articles 51–55), and transparency requirements (Article 50).
Key obligations for high-risk AI: Technical documentation, risk management system, data governance, human oversight, conformity assessment, CE marking, EU database registration, Declaration of Conformity, FRIA for deployers.
Enforcement: National market surveillance authorities plus the European AI Office (for GPAI models). Fines up to €35 million / 7% of global turnover for prohibited AI, up to €15 million / 3% for other violations.
Timeline: August 2024 (entry into force), February 2025 (prohibitions), August 2025 (GPAI obligations), August 2026 (high-risk AI full obligations).
The US Executive Order on AI (EO 14110, October 2023) and Its Evolution
President Biden signed Executive Order 14110 on "Safe, Secure, and Trustworthy Artificial Intelligence" in October 2023. It was the most comprehensive US government action on AI to that point.
The EO directed federal agencies to develop AI safety standards, required developers of the most powerful AI systems to share safety test results with the government, tasked NIST with developing AI safety standards, directed attention to AI risks in healthcare, housing, and financial services, and established interagency coordination mechanisms.
Critical limitation: An executive order is not legislation. It binds federal executive branch agencies but does not directly create enforceable obligations for private companies. The private sector obligations in EO 14110 were primarily voluntary commitments — not mandatory compliance requirements.
In early 2025, the Trump administration revoked EO 14110 and issued a replacement order emphasising AI as a driver of US competitiveness and removing many of the safety-focused provisions. The replacement order focused on removing regulatory barriers to AI development and maintaining US technological leadership, with significantly reduced emphasis on risk management or mandatory safeguards.
As of mid-2026, the US has no federal AI legislation equivalent to the EU AI Act. Sector-specific AI guidance from agencies such as the FDA (for medical AI), the EEOC (for employment AI), and the CFPB (for financial services AI) provides the closest approximation to binding requirements for private companies in specific domains.
Comparison: Key Dimensions
Binding effect
| Dimension | EU AI Act | US Federal Framework |
|---|---|---|
| Legal form | Binding regulation | Executive orders + voluntary frameworks |
| Private sector obligations | Mandatory, enforceable | Mostly voluntary |
| Enforcement mechanism | Fines, market bans, supervisory orders | Agency guidance, sector-specific rules |
| Territorial extraterritoriality | Strong — applies to all providers targeting EU users | Weak — primarily targets US entities |
Risk classification
The EU AI Act creates explicit risk tiers with mandatory obligations attached to each tier. The US approach does not create a comparable mandatory risk classification framework for private sector AI.
NIST's AI Risk Management Framework (AI RMF 1.0), published in January 2023, provides voluntary guidance for risk management — but it creates no legal obligations and applies no mandatory requirements.
High-stakes AI domains
Both frameworks express concern about AI in high-stakes domains (healthcare, criminal justice, finance, employment). The mechanisms differ fundamentally:
- The EU AI Act lists specific use cases in Annex III as high-risk and attaches detailed mandatory obligations to each
- The US relies on sector regulators issuing guidance or updating existing frameworks (FDA, EEOC, CFPB) — creating a patchwork without unified compliance standards
Frontier models
The EU's GPAI chapter (Articles 51–55) creates binding obligations for the developers of the largest AI models, with additional requirements for models posing systemic risk.
US EO 14110 required companies developing "dual-use foundation models" above certain compute thresholds to share safety test results with the government — but this was via the Defence Production Act, which has limited enforcement reach for private companies, and the provision was substantially weakened in subsequent executive action.
What This Means for Global AI Companies
Operating in the EU requires full AI Act compliance
If you have EU users, sell to EU customers, or deploy AI through EU-based operators, the EU AI Act applies to you regardless of where your company is incorporated. The EU's extraterritorial reach on digital regulation (established by GDPR and reinforced by the AI Act) means that US-headquartered AI companies are not exempt.
The US offers more flexibility — for now
In the US, absent federal legislation, the compliance burden for most AI companies is lower and more flexible. This is a real competitive consideration for companies deciding where to initially deploy products. However, US state-level AI legislation is accelerating — California, Colorado, Texas, and Illinois have all introduced or enacted AI-specific legislation, creating an emerging patchwork that may converge toward more uniform requirements.
Building for the EU AI Act effectively builds global capability
The EU AI Act's documentation and risk management requirements — risk management systems, technical documentation, human oversight design, training data governance — represent sound AI system development practices regardless of jurisdiction. Companies that build compliant processes to meet the EU AI Act tend to find that their practices also satisfy voluntary US frameworks, sector-specific US requirements, and emerging requirements in Canada, the UK, Brazil, and Singapore.
Building once to the higher standard is often more efficient than building for the lowest common denominator and retrofitting later.
Due diligence for transatlantic M&A
When US companies acquire EU AI companies, or EU companies acquire US AI assets, AI Act compliance status is becoming a standard due diligence item. A US company that has never needed to think about technical documentation or conformity assessments may acquire a company whose AI systems have EU AI Act obligations that the acquirer must inherit and manage.
The Trajectory of Convergence
Despite current divergence, there are signs of longer-term convergence pressure:
- US state-level legislation is adopting EU-style risk classification concepts
- US sector regulators are adopting concepts from the AI Act in their own guidance
- International standards bodies (ISO/IEC) are developing AI standards that draw from both frameworks
- US companies operating globally are voluntarily adopting EU AI Act-compatible practices as a baseline
Full convergence is unlikely in the near term. But the EU AI Act's approach — binding, risk-tiered, with specific documentation requirements — is increasingly treated as the global baseline, with other jurisdictions calibrating their own approaches relative to it.
How DilAIg Helps Global AI Companies
DilAIg's documentation output satisfies EU AI Act requirements. The structured approach to technical documentation, risk assessment, and FRIA preparation also aligns well with NIST AI RMF recommendations, the OECD AI Principles, and sector-specific US agency guidance. Companies using DilAIg to meet EU requirements find that their documentation also supports voluntary US compliance frameworks without additional effort.
Start your free audit at dilaig.com and prepare for the world's most demanding AI regulation.
FAQ: EU AI Act vs. US AI Regulation
Q: Does the EU AI Act apply to US companies? Yes. Any provider that places an AI system on the EU market — including via API, SaaS, or digital distribution — is subject to the EU AI Act, regardless of where the company is incorporated or headquartered.
Q: Will the US eventually pass federal AI legislation comparable to the EU AI Act? As of mid-2026, federal AI legislation has not passed Congress, and the current administration has emphasised deregulation. State-level legislation is advancing faster than federal. A comprehensive federal law comparable to the EU AI Act is possible in the longer term but faces significant political headwinds in the current environment.
Q: Which framework is more onerous for AI companies? The EU AI Act is significantly more onerous in terms of mandatory documentation, conformity assessment, and ongoing obligations for high-risk AI. US requirements, in the absence of sector-specific rules, are primarily voluntary. However, this comparison will shift as US state laws and sector rules accumulate.
Key Takeaways
- The EU AI Act is binding regulation with extraterritorial reach. The US framework is primarily executive orders and voluntary guidance.
- The EU approach mandates specific documentation, risk management, and conformity assessment for high-risk AI. The US relies on sector regulators and industry self-governance.
- US companies with EU users must comply with the EU AI Act — no exemption for non-EU incorporation.
- Building to EU AI Act standards effectively prepares companies for most other jurisdictions' requirements and voluntary frameworks.
- The EU AI Act is increasingly treated as the global baseline, with other jurisdictions calibrating relative to it.