The same question, three incompatible answers
Every government in the world faces the same question —how to manage the risks and benefits of artificial intelligence— and they have reached radically different answers. It is not a difference of degree: they are three regulatory philosophies that clash with each other, and a company deploying AI across several continents must comply with all three at once. Diálogo Ciudadano tracks each one with its own tracker; this piece places them side by side.
The difference is not academic. A hiring algorithm perfectly legal in a US state may require a conformity assessment in Brussels and fall into an enforcement vacuum in Latin America. Anyone wanting to understand the real regulatory risk of AI in 2026 cannot look at a single model: they have to look at all three and how they diverge.
Model 1 — The European Union: one law to rule them all
The European model is the most ambitious and the most mature. The AI Act (Regulation EU 2024/1689) is the world’s first comprehensive and binding AI law, applicable to all twenty-seven member states with a risk-based approach: it classifies systems into four levels —unacceptable, high, limited and minimal— and imposes proportional obligations. Its fines are the highest in the landscape: up to €35 million or 7% of global turnover. And its reach is extraterritorial: a company from any country serving European users is subject to it.
The consequence of this maturity is the so-called Brussels effect: as already happened with the GDPR, the European model is becoming the default global template. Whoever complies with the AI Act also complies, along the way, with much of what the other jurisdictions require. South Korea, the world’s second country with a comprehensive AI law in force since January 2026, copied the European risk categories.
Model 2 — The United States: fifty legislators and a regulatory civil war
The United States does exactly the opposite. It has no comprehensive federal AI law; in its absence, each state legislates on its own, creating a patchwork that companies must map jurisdiction by jurisdiction. California regulates frontier-AI transparency; Texas, responsible use; Illinois, employment discrimination; Colorado passed the most comprehensive state law, focused on high-risk systems.
But the US model lives in 2026 with a tension no other has: a war between levels of government. In December 2025, a federal executive order proposed preempting “excessive” state laws —citing Colorado’s by name—, and in April 2026 a federal court froze that same law weeks before it took effect. The result for companies is the worst possible combination: obligations that exist on paper but whose real applicability depends on litigation and on a political tug-of-war.
Model 3 — Latin America: the copy that does not yet bite
Latin America has chosen a third path, almost by gravity: importing the European model. The region’s major bills —Brazil’s PL 2338 at the front— adopt the AI Act’s risk-based approach, with system classification and prohibition of certain practices. There are more than 150 initiatives identified in the region. The convergence with Brussels is deliberate and reveals how far the Brussels effect reaches: even where there is no obligation to follow the EU, it is followed.
But here appears the region’s characteristic gap: between the bill announced and the law that truly binds lies an abyss. Brazil passed its framework in the Senate in December 2024, but the bill still lacks final approval, with uncertain momentum. Most Latin American “AI regulations” are still strategies, principles or bills in progress, not rules with enforcement.
The three models, in one table
| Dimension | European Union | United States | Latin America |
|---|---|---|---|
| Legal form | Single comprehensive binding law | Patchwork of state laws | Bills (most unpassed) |
| Approach | Risk-based (4 levels) | Varies by state | Copy of the EU risk approach |
| Maximum sanction | €35M or 7% global turnover | Varies (e.g. Colorado, $20,000/violation) | To be defined in most |
| Enforcement maturity | High (sanctionable prohibitions) | Medium and disputed (preemption + litigation) | Low (few laws in force) |
| Reach | Extraterritorial | State-level | National |
| 2026 trend | Consolidation (with simplification debate) | Federal-state tension | Slow convergence toward the EU |
What this means for those deploying AI
The practical lesson compliance analysts draw is blunt: it makes no sense to chase minimum compliance in each jurisdiction separately. The pragmatic path is to build a single AI-governance framework aligned to the highest bar —in practice, the European one— and adapt it downward where necessary. Whoever complies with the AI Act has much of the path done in the other regions.
But that strategy has a blind spot that only becomes visible looking at all three models at once: instability. The US model may change shape depending on how the courts resolve federal preemption; the Latin American one, on whether the pending bills pass; even the European one is debating a simplification (the Digital Omnibus) that could delay its high-risk obligations. Regulating the same machine in three incompatible ways is not a final state, but a precarious balance to watch rule by rule. That is what the trackers this piece links are for. And for the full picture —how digital regulatory risk compares country by country, beyond these three models— there is the digital regulatory risk index by country.
Methodology note
The comparison rests on Diálogo Ciudadano’s three AI-regulation trackers (the AI Act sanctioning regime, the US state patchwork, the Latin American bills) and on comparative analyses from specialised firms and observatories (Brookings, Dataversity, OneTrust). Each claim about a jurisdiction is attributed to its source. The “enforcement maturity” classification is a comparative reading, not a quality judgement of each model. Diálogo Ciudadano does not provide legal advice; this piece is informational infrastructure.