Skip to contentNew: Does ChatGPT recommend your brand? Free 60-second AI visibility check →
AIAI Prompts
By The AI Prompts Hub Team · Digital Empire

EU AI Act vs US AI Bill of Rights (2026): Binding Law vs Policy Blueprint

The EU AI Act and the US AI Bill of Rights are the two most-cited AI-governance documents in 2026, but they are radically different objects. The EU AI Act is binding EU law (Regulation 2024/1689), in force since August 2024, with General-Purpose AI obligations active since August 2025 and high-risk obligations phasing in through 2026-2027. The US AI Bill of Rights is a non-binding policy blueprint published by the White House Office of Science and Technology Policy in October 2022. Both name principles. Only one carries fines. Side-by-side, sourced from eur-lex.europa.eu and whitehouse.gov, June 2026.

By DDH Research Team at Digital Dashboard HubUpdated

Browse all 40+ free prompt tools

When a US-headquartered company asks 'what do we have to do for AI regulation in 2026,' the answer almost always involves the **EU AI Act** — binding law under Regulation 2024/1689, full text on EUR-Lex (https://eur-lex.europa.eu/eli/reg/2024/1689/oj), in force since 1 August 2024 with obligations phasing in through 2027. The **US AI Bill of Rights** (https://www.whitehouse.gov/ostp/ai-bill-of-rights/) is the parallel-most-cited US document, but it is not law. It is a non-binding policy blueprint from the White House Office of Science and Technology Policy, published October 2022, naming five principles for the design and use of automated systems.

**Why they are the most-cited pair.** The EU AI Act is the world's first comprehensive AI regulation; it sets the de-facto compliance floor for any company doing business in the EU. The AI Bill of Rights is the most prominent US federal-level policy document on AI governance from before the late-2023 Executive Order; it remains widely cited in industry compliance frameworks even though it has no statutory force.

**What they share.** Both name accountability, transparency, fairness, and safety as core principles. Both apply to 'automated systems' or 'AI systems.' Both have substantial influence on industry self-governance frameworks (NIST AI RMF, ISO/IEC 42001, voluntary AI codes of practice).

**Where they diverge structurally.** Binding-ness, scope, enforcement, penalty. The EU AI Act binds providers placing AI on the EU market with fines up to €35M or 7% of global annual turnover for prohibited uses. The AI Bill of Rights is principles-only — adoption is voluntary, enforcement is non-existent at the federal level, and the binding rules that exist in US AI policy in 2026 are scattered across sector-specific federal agencies (FTC, EEOC, HHS/FDA, NIST/AISI), state laws (Colorado AI Act, NYC bias audit law, California regulations), and the 2023 Executive Order's reporting requirements (much of which was rescinded January 2025 — though the AISI institution survived under NIST).

This guide walks the full side-by-side. Companion guides: Anthropic RSP vs OpenAI Preparedness, UK AISI vs US AISI vs EU AI Office, EU AI Act Prohibited Uses List.

Digital Dashboard Hub

Writing good prompts for ONE AI is hard. Writing them for GPT-5, Claude, Gemini, Perplexity, Midjourney and 6 more is a full-time job. DDH's AI Prompt Builder writes once, runs everywhere — locked to your niche, voice, and brand tone.

Free 14 days, no card.

EU AI Act vs US AI Bill of Rights — June 2026

Feature
Legal status
Scope
Penalties
Implementation timeline
EU AI Act (Reg. 2024/1689)Binding EU law, directly applicable in all member statesAI systems placed on the EU market OR whose output is used in the EU — extraterritorialUp to €35M or 7% global annual turnover (prohibited uses); €15M or 3% (high-risk non-compliance); €7.5M or 1% (misinformation to authorities)In force 1 Aug 2024. Prohibited uses: 2 Feb 2025. GPAI obligations: 2 Aug 2025. High-risk: 2 Aug 2026 (most). Article 6(1) high-risk: 2 Aug 2027
US AI Bill of Rights (Oct 2022)Non-binding policy blueprint from White House OSTPAutomated systems used in the United States, with focus on civil rights, civil liberties, privacy, opportunities, access to critical resources/servicesNone at the federal level; cited as soft guidance for federal agenciesPublished October 2022. No phased implementation — agency adoption is voluntary
Five principles namedEU AI Act uses risk tiers (Prohibited / High / Limited / Minimal) + GPAI as separate axisSafe & Effective Systems, Algorithmic Discrimination Protections, Data Privacy, Notice & Explanation, Human Alternatives/Consideration/FallbackAI Bill of Rights has no penalty surface — fines come from sector-specific laws (FTC Act, ECOA, ADA, etc.)EU AI Act phases by risk tier; Bill of Rights has no phasing
Enforcement bodyEU AI Office (within DG CNECT, European Commission) for GPAI + cross-border; national market surveillance authorities for high-riskNo single enforcement body; FTC, EEOC, CFPB, HHS, DOJ enforce sector-specific laws that implement similar principlesEU AI Act has the European Artificial Intelligence Board (EAIB) for coordination across member statesAI Bill of Rights cited by AISI (within NIST) and federal agencies as guidance, not enforced as such

Source, fetched June 2026: EU AI Act full text https://eur-lex.europa.eu/eli/reg/2024/1689/oj, EU AI Act Implementation Timeline https://artificialintelligenceact.eu/implementation-timeline/, US AI Bill of Rights https://www.whitehouse.gov/ostp/ai-bill-of-rights/, US AI Safety Institute https://aisi.nist.gov/. The January 2025 US executive-order rescission affected the Biden-era AI EO's reporting requirements; the AI Safety Institute at NIST persisted; sector-specific federal law (FTC Act, ECOA, ADA) and state AI laws (Colorado AI Act, NYC bias-audit law, California regulations) continue to apply independently.

What the EU AI Act actually requires (and of whom)

The EU AI Act is Regulation 2024/1689, published in the Official Journal of the EU on 12 July 2024 and in force from 1 August 2024. As a Regulation (not a Directive) it is directly applicable in all 27 EU member states without national transposition. Full text at https://eur-lex.europa.eu/eli/reg/2024/1689/oj. It binds: providers placing AI systems on the EU market, deployers using AI systems in the EU, importers and distributors of AI systems, and providers of general-purpose AI models whose output is used in the EU — regardless of where the provider is established. Extraterritorial reach is explicit.

**Risk tiers.** The Act categorizes AI systems by risk. **Prohibited** (Article 5): unacceptable-risk practices banned outright — including social scoring by public authorities, real-time remote biometric identification in public spaces (with narrow exceptions), emotion recognition in workplaces and schools, and untargeted scraping of facial images for facial-recognition databases. Effective 2 February 2025. See EU AI Act Prohibited Uses for the full list.

**High-risk** (Article 6 + Annex III): AI systems used in critical infrastructure, educational/vocational training, employment + worker management, access to essential services (credit, insurance), law enforcement, migration/asylum/border control, administration of justice and democratic processes. High-risk systems must comply with conformity assessment, technical documentation, data governance, transparency, human oversight, accuracy/robustness/cybersecurity requirements. Most high-risk obligations apply from 2 August 2026; Annex II 'product safety' high-risk applies from 2 August 2027.

**Limited risk** (Article 50): transparency obligations — chatbots must disclose AI-generated nature, AI-generated/manipulated content must be labeled (including text published to inform on matters of public interest), synthetic audio/video (deepfakes) must be labeled. Applies from 2 August 2026.

**Minimal risk**: no additional obligations beyond existing EU law (data protection, consumer protection, product liability). Most AI applications fall here.

**General-Purpose AI (GPAI)** — separate axis from risk tiers, addressed in Chapter V (Articles 51-56). All GPAI providers must: maintain technical documentation, publish a sufficiently-detailed summary of training data (the 'training data summary template' was published by the AI Office in 2025), comply with EU copyright law (including text-and-data-mining opt-outs under Directive 2019/790), and provide downstream-integrator information. GPAI models with **systemic risk** (designated either by training compute threshold of 10^25 FLOPs or by Commission designation) face additional obligations: model evaluations including adversarial testing, systemic-risk assessment and mitigation, serious-incident reporting to the AI Office, and adequate cybersecurity. GPAI obligations applied from 2 August 2025.

What the US AI Bill of Rights actually says (and what it doesn't)

The US AI Bill of Rights — full title 'Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People' — was published October 2022 by the White House Office of Science and Technology Policy (OSTP). Full text and accompanying technical companion at https://www.whitehouse.gov/ostp/ai-bill-of-rights/. It is a **blueprint** — explicitly described in its own text as 'a set of five principles and associated practices to help guide the design, use, and deployment of automated systems.' It is not legislation. It has no enforcement mechanism. It does not create new rights.

**The five principles.** **Safe and Effective Systems** — automated systems should be safe and effective, with pre-deployment testing, risk identification, ongoing monitoring, and meaningful evaluation. **Algorithmic Discrimination Protections** — systems should not contribute to unjustified differential treatment based on race, color, ethnicity, sex, religion, age, national origin, disability, veteran status, genetic information, or other classifications protected by law. **Data Privacy** — protection from abusive data practices, built-in privacy protections by default, agency over data collection and use. **Notice and Explanation** — knowing when an automated system is being used and how it contributes to outcomes that affect you, with clear explanations of how and why. **Human Alternatives, Consideration, and Fallback** — opting out where appropriate, access to a human, fallback in cases of system failure or contestation.

**Status as guidance.** Federal agencies are encouraged but not required to align programs with the principles. The AI Bill of Rights is referenced in subsequent federal guidance — the late-2023 Executive Order, OMB memos M-24-10 and M-24-18 on federal-agency AI use, NIST's AI Risk Management Framework — but the underlying enforcement comes from pre-existing law (FTC Act for unfair/deceptive practices, ECOA for credit discrimination, ADA for accessibility, Title VII for employment discrimination, HIPAA for health-data privacy, etc.).

**What changed in 2025.** The Biden-era October 2023 Executive Order on Safe, Secure, and Trustworthy AI was substantially rescinded by Executive Order in January 2025; some specific requirements (the compute-threshold reporting requirement for large training runs at 10^26 FLOPs, the dual-use foundation-model reporting under the Defense Production Act) were withdrawn. **Importantly, the US AI Safety Institute at NIST (https://aisi.nist.gov/) was established under separate authority and persisted through the transition** — AISI continued evaluating frontier models, publishing methodology, and operating the AISI Consortium throughout 2025-2026. The AI Bill of Rights itself remains published OSTP guidance.

**State law has filled the gap.** Colorado's AI Act (SB 24-205, signed May 2024, key provisions effective 1 February 2026) is the most comprehensive US state AI law, regulating high-risk AI systems and consequential decisions. NYC's bias-audit law (Local Law 144) requires bias audits of automated employment decision tools. California has multiple AI bills addressing specific use cases (generative AI training data disclosure, AI-generated election content, healthcare AI). These create a patchwork — sometimes more granular than the AI Bill of Rights, sometimes addressing topics the Bill of Rights names but does not enforce.

Side-by-side: principles vs prohibitions vs obligations

**Discrimination / fairness.** AI Bill of Rights principle (Algorithmic Discrimination Protections) names the issue; enforcement comes from pre-existing US civil rights and consumer protection law. EU AI Act addresses the same surface through (a) prohibition of certain biometric categorization and emotion recognition uses (Article 5), (b) high-risk classification for employment, credit, and access-to-services systems with explicit bias-detection and data-governance obligations, (c) GPAI transparency on training data, (d) interaction with the GDPR for personal-data uses.

**Transparency / notice.** AI Bill of Rights principle (Notice and Explanation). EU AI Act mandates labeling of AI-generated content, chatbot disclosure, deepfake labeling under Article 50 from August 2026; high-risk system documentation and user-information requirements under Articles 13, 14, 86; right to explanation for individual decisions under Article 86 of the AI Act and reinforced by GDPR Article 22 on automated decision-making.

**Human oversight / fallback.** AI Bill of Rights principle (Human Alternatives, Consideration, and Fallback). EU AI Act Article 14 mandates human oversight for high-risk systems, including the ability to override and to interpret outputs.

**Privacy.** AI Bill of Rights principle (Data Privacy). The EU's binding equivalent is the GDPR (2016/679), which predates the AI Act and continues to apply to all personal-data processing including by AI systems. The AI Act adds AI-specific obligations on data governance, training data quality, and (for GPAI) training-data summaries.

**Safety / effectiveness.** AI Bill of Rights principle. EU AI Act conformity-assessment obligations for high-risk systems (Article 43), accuracy/robustness/cybersecurity requirements (Article 15), post-market monitoring (Article 72), serious-incident reporting (Article 73).

The pattern: every Bill of Rights principle has an EU AI Act analog with operational specificity, conformity-assessment procedure, and penalty surface. The Bill of Rights names the surface; the EU AI Act bolts it to enforcement.

Penalties and enforcement: where the bite is

**EU AI Act penalties (Article 99).** Up to **€35 million or 7% of worldwide annual turnover** (whichever is higher) for prohibited-use violations. Up to **€15 million or 3%** for non-compliance with most other AI Act obligations (high-risk system requirements, GPAI obligations). Up to **€7.5 million or 1%** for supplying incorrect, incomplete, or misleading information to the AI Office or national authorities. SMEs benefit from the lower-of-the-two formulation. Penalties are imposed by national market surveillance authorities (for high-risk AI systems placed on the market in each member state) and by the AI Office (for GPAI-related violations).

**EU AI Office** (within DG CNECT in the European Commission) is the central enforcement body for GPAI and for cross-border coordination. The Office produces guidance (the GPAI Code of Practice), enforces GPAI obligations, and convenes the European Artificial Intelligence Board (EAIB) — a body of member-state representatives that coordinates national enforcement and provides advice on AI Act implementation.

**US AI Bill of Rights penalties: none directly.** The document is not law and creates no penalty. Enforcement of similar protections in the US comes from sector-specific federal law. The **FTC** has used Section 5 of the FTC Act to challenge unfair/deceptive AI practices (the 2022 Rite Aid order, the 2024 Rytr settlement, the X-Mode/Outlogic geolocation settlement, etc.). The **EEOC** enforces employment-discrimination law including against AI-driven hiring tools. The **CFPB** enforces credit-discrimination law including for algorithmic underwriting. **HHS/OCR** enforces health-data privacy and Section 1557 ACA non-discrimination. **DOJ** enforces ADA and civil-rights statutes that apply to automated systems.

**US state enforcement.** Colorado's AI Act (effective 1 Feb 2026) authorizes the Colorado Attorney General to enforce its provisions; non-compliance can result in civil penalties. NYC's bias-audit law for AEDTs authorizes the city's Department of Consumer and Worker Protection to enforce; non-compliance can result in fines per violation. California's specific AI laws are enforced by the relevant state agency (AG's office, Civil Rights Department, etc.).

**Practical takeaway.** If your AI system is used by EU residents, the AI Act fines are real and substantial — engineering teams should be reading the high-risk classification list now. If your AI system is used in the US, the relevant binding rules are scattered across sector-specific federal law and a growing set of state laws — the AI Bill of Rights is best read as a compliance-framework checklist, not as a binding obligation.

Extraterritoriality: the EU AI Act applies to you even if you're in California

The EU AI Act explicitly applies to providers outside the EU if their AI systems are placed on the EU market OR if the output of the AI system is used in the EU (Article 2). The same approach the EU took with the GDPR. Practical effect: a US-headquartered SaaS company serving EU customers, or a US-headquartered AI API whose outputs reach EU users via downstream apps, is in scope.

**For SaaS / B2B vendors.** If you sell to EU customers (or to US customers who themselves serve EU customers), the high-risk classification of your product matters. A US HR-tech vendor's AI hiring tool used by a European subsidiary is high-risk under Annex III. A US ed-tech vendor's AI grading tool used in an EU school is high-risk under Annex III. The conformity-assessment + CE-marking obligations apply.

**For AI API providers.** OpenAI, Anthropic, Google, Microsoft, Cohere, Mistral, etc. — every major frontier API provider that operates in the EU is in scope for GPAI obligations. All of them have been engaging with the AI Office on the GPAI Code of Practice and on the training-data summary template. Compliance is now table-stakes; the question is exactly how each provider implements training-data summaries and downstream-integrator documentation.

**For downstream integrators.** If you build a product on top of a frontier API, you are typically a 'deployer' under the AI Act, not a 'provider' of the underlying model. Your obligations depend on the use case classification (high-risk vs limited-risk vs minimal-risk). For high-risk deployments, you have specific obligations: fundamental-rights impact assessment (Article 27), monitoring, logging, human oversight, transparency to affected persons (Article 86). Document your use case and the model you use; both regulators and your customers will ask.

**For open-source releases.** GPAI obligations apply to providers placing GPAI models on the EU market, including open-source releases above certain thresholds. The Act has specific provisions for free-and-open-source GPAI models (Recital 102-103, Article 53(2)) that mitigate some but not all obligations — copyright compliance and training-data summary still apply.

The US patchwork: state laws + sector regulators that fill the gap

**Colorado AI Act (SB 24-205).** Signed May 2024, key provisions effective 1 February 2026. Regulates developers and deployers of 'high-risk AI systems' — systems making consequential decisions on employment, education, financial/lending services, essential government services, healthcare, housing, insurance, or legal services. Requires reasonable care to avoid algorithmic discrimination, risk-management policies, disclosure to consumers when high-risk AI makes a consequential decision, right to correct data and appeal decisions, AG enforcement authority. Often cited as the closest US analog to the EU AI Act on high-risk systems.

**NYC Local Law 144 (Bias Audit).** Effective July 2023. Requires that automated employment decision tools (AEDTs) used to hire or promote NYC-based candidates undergo an annual bias audit by an independent auditor; audit results must be published; candidates must be notified about AEDT use. Enforced by the Department of Consumer and Worker Protection with per-violation fines.

**California AI laws.** Multiple state laws addressing specific use cases. AB 2013 (signed Sep 2024, effective 1 Jan 2026) requires generative AI developers to publicly post documentation about training data. AB 2655 and AB 2839 (Sep 2024) address AI-generated election content. SB 1120 (Sep 2024) regulates AI use in health-insurance utilization review. SB 942 (Sep 2024) requires AI-generated content disclosure tools. SB 1047 was vetoed in 2024 but heavily debated.

**Federal sector regulators using existing authority.** The FTC has pursued enforcement actions invoking Section 5 of the FTC Act against AI products: Rite Aid (2022 facial-recognition consent order), Rytr (2024 AI-generated-reviews consent order), DoNotPay (2024 consent order on robot-lawyer claims), Evolv (2024 settlement on AI weapons-screening claims). The EEOC issued 2023 guidance on AI hiring tools. HHS/OCR's 1557 final rule (May 2024) addresses AI/algorithmic patient-care decisions. The OCC, FDIC, and Fed issued joint risk-management guidance for AI use in banking.

**The combined picture.** A US-only company with no EU exposure still has a substantial AI-compliance surface from sector regulators, Colorado AI Act, NYC bias audit, California laws, and FTC Act enforcement. A company with EU exposure adds the AI Act's binding obligations on top. The AI Bill of Rights is the conceptual through-line connecting them — most of these federal-agency and state-law regimes can be mapped to one or more of the five Bill-of-Rights principles.

How major frontier-AI providers are complying with each

**EU AI Act GPAI compliance.** OpenAI, Anthropic, Google, Microsoft, Meta, Cohere, Mistral, and other major providers have engaged with the AI Office on the GPAI Code of Practice (the Office published a final Code of Practice in 2025; signatories voluntarily commit to compliance pathways). Each provider has updated their public documentation: model cards, training-data summaries on a per-model basis, downstream-integrator documentation, copyright-compliance statements. The training-data summary template was finalized by the AI Office in 2025 and providers have been publishing per-model summaries since.

**US sector-regulator engagement.** Major providers participate in the AI Safety Institute Consortium at NIST (https://aisi.nist.gov/aisic), which includes most frontier-model providers plus enterprise customers, academic institutions, and civil-society organizations. The AISI Consortium develops voluntary guidance, evaluation methodology, and shared safety practices.

**Voluntary commitments.** The July 2023 White House Voluntary AI Commitments (signed by Anthropic, OpenAI, Google, Microsoft, Meta, Inflection, Amazon, and later joined by Adobe, Cohere, IBM, Nvidia, Palantir, Salesforce, Scale AI, Stability AI) named eight commitments: security testing, information sharing, watermarking, public reporting, prioritizing research on AI risks, etc. Some of these became framework artifacts (RSP, Preparedness Framework, system cards). The commitments are voluntary and not legally enforceable.

**ISO/IEC 42001.** International standard for AI management systems, published December 2023. Several major providers have pursued ISO/IEC 42001 certification as evidence of governance maturity. Often cited alongside SOC 2 in enterprise procurement.

**NIST AI RMF.** The NIST AI Risk Management Framework (https://www.nist.gov/itl/ai-risk-management-framework), first published January 2023, generative-AI profile in 2024, is the most-cited US voluntary framework. Maps to the AI Bill of Rights principles and to the EU AI Act risk tiers. Used by many US enterprises as their internal compliance scaffold.

What this means for your team (compliance triage)

**If you ship product to EU customers**: the AI Act is binding. Classify your use cases against the risk tiers. For high-risk: conformity assessment, technical documentation (Annex IV), data-governance (Article 10), human oversight (Article 14), accuracy/robustness/cybersecurity (Article 15). For limited-risk (chatbots, generative AI): labeling and disclosure obligations effective August 2026. For GPAI providers: technical documentation, training-data summary, copyright compliance. Engage your legal team and your AI provider's enterprise team on documentation. Our GDPR + AI compliance guide discusses the AI Office's role.

**If you ship product only to US customers**: focus on sector-specific federal law (FTC Act, ECOA, ADA, Title VII, HIPAA), state law (Colorado AI Act if your tool makes consequential decisions, NYC Local Law 144 if you sell employment tools, California AB 2013 if you're a generative-AI developer), and the AI Bill of Rights principles as the conceptual scaffold for your internal governance.

**If you process personal data, period**: the EU GDPR continues to apply and is the binding floor for any personal-data processing involving EU residents. Right to explanation (Article 22), data-protection impact assessments (Article 35), and right to object are the most-cited GDPR provisions for AI.

**Practical artifact stack we recommend**: (1) An AI inventory listing every AI system in your product. (2) Per-system risk classification under both the EU AI Act tiers and the Colorado AI Act consequential-decisions test. (3) Per-system data-governance documentation. (4) A model-card or technical-documentation artifact for any high-risk system. (5) An incident-response process tied to the EU AI Act serious-incident reporting (Article 73). (6) A human-oversight policy for any high-risk deployment. Maintain these in version control.

Triage AI compliance for your product

  1. 1

    Inventory every AI system in your product

    Even if you don't train models, every API integration with OpenAI/Anthropic/Google/etc. is an AI system you 'deploy.' Write the inventory — model, vendor, purpose, who it affects, what data flows in. Without inventory, every other step is guessing.

  2. 2

    Classify each AI use case under EU AI Act + Colorado AI Act

    EU AI Act: Prohibited / High-risk (Annex III) / Limited-risk / Minimal. Colorado AI Act: 'high-risk' = makes consequential decisions on employment, education, finance, essential services, healthcare, housing, insurance, legal. The classification drives the rest of compliance.

  3. 3

    Read the EU AI Act high-risk obligations end-to-end if any apply

    Article 9 (risk management), Article 10 (data governance), Article 11-12 (technical documentation and record-keeping), Article 13 (transparency to users), Article 14 (human oversight), Article 15 (accuracy/robustness/cybersecurity), Article 43 (conformity assessment). Full text at eur-lex.europa.eu/eli/reg/2024/1689/oj.

  4. 4

    Pull your AI provider's training-data summary and model card

    Required for GPAI providers placing models in the EU market. OpenAI / Anthropic / Google / Microsoft / Cohere / Mistral all publish per-model artifacts. You may need them for your own technical documentation if you build on top.

    → Open the Build LLM Red-Team Suite 2026
  5. 5

    Map your governance to NIST AI RMF for the US side

    NIST AI RMF (Govern, Map, Measure, Manage) is the most-referenced US scaffolding. Maps cleanly to AI Bill of Rights principles. Adopt it as your internal framework and you'll satisfy most US enterprise procurement diligence questionnaires.

Digital Dashboard Hub

The prompt patterns above work 10x better when they live in a library you actually own — tunable to your niche, exportable to GPT-5, Claude, Gemini, Perplexity, Midjourney, Llama. Stop pasting across 6 tools.

Try DDH's AI Prompt Builder — free 14 days, no card.

Related prompt tools

Anthropic RSP vs OpenAI Preparedness FrameworkUK AISI vs US AISI vs EU AI OfficeEU AI Act Prohibited Uses ListAnthropic RSP ASL Levels ExplainedAI Safety 2026 Complete GuideWho Funds AI Safety in 2026

Use the data programmatically

Every page on this site is also exposed as a free, CORS-open JSON endpoint. No auth, no rate limit (fair-use, please cache). License is CC-BY-4.0 — link back to attribution.canonicalUrl in the response.

Endpoint: https://aipromptshub.co/api/vs/eu-ai-act-vs-us-ai-bill-of-rights
curl
curl -s 'https://aipromptshub.co/api/vs/eu-ai-act-vs-us-ai-bill-of-rights' | jq .
Python
import requests

r = requests.get("https://aipromptshub.co/api/vs/eu-ai-act-vs-us-ai-bill-of-rights", timeout=10)
r.raise_for_status()
data = r.json()
print(data["title"])
for source in data.get("sources", []):
    print("source:", source)
JavaScript / Node
// Node 20+ / modern browser
const res = await fetch("https://aipromptshub.co/api/vs/eu-ai-act-vs-us-ai-bill-of-rights");
if (!res.ok) throw new Error("HTTP " + res.status);
const eu_ai_act_vs_us_ai_bill_of_rights = await res.json();
console.log(eu_ai_act_vs_us_ai_bill_of_rights.title);
for (const source of eu_ai_act_vs_us_ai_bill_of_rights.sources ?? []) {
  console.log("source:", source);
}

Spec: /api/openapi.yaml · Docs: /api/docs

Frequently Asked Questions

Is the EU AI Act binding?

Yes. The EU AI Act is Regulation 2024/1689, in force since 1 August 2024, directly applicable in all 27 EU member states without national transposition. Full text at https://eur-lex.europa.eu/eli/reg/2024/1689/oj. Prohibited-use obligations effective 2 February 2025; GPAI obligations effective 2 August 2025; most high-risk obligations effective 2 August 2026; product-safety-integrated high-risk effective 2 August 2027. Penalties up to €35M or 7% global annual turnover for prohibited uses.

Is the US AI Bill of Rights binding?

No. The US AI Bill of Rights, published October 2022 by the White House Office of Science and Technology Policy (https://www.whitehouse.gov/ostp/ai-bill-of-rights/), is a non-binding policy blueprint. It has no enforcement mechanism and creates no new legal rights. It is referenced as guidance by federal agencies and influences voluntary frameworks (NIST AI RMF). Binding US rules on AI come from pre-existing federal law (FTC Act, ECOA, ADA, Title VII, HIPAA), the 2025-surviving AI Safety Institute work at NIST, and state laws (Colorado AI Act, NYC Local Law 144, California AB 2013 and others).

What does the EU AI Act prohibit?

Article 5 prohibits: subliminal manipulation that distorts behavior and causes harm; exploitation of vulnerabilities of specific groups; social scoring by public authorities; predictive policing based solely on profiling; untargeted scraping of facial images to build facial-recognition databases; emotion recognition in workplaces and educational institutions (with narrow exceptions); biometric categorization to infer sensitive attributes; real-time remote biometric identification in publicly accessible spaces for law enforcement (with narrow exceptions). Effective 2 February 2025. See EU AI Act Prohibited Uses List.

Does the EU AI Act apply to US-headquartered companies?

Yes, if AI systems they place on the EU market are used by EU residents OR if the output of their AI system is used in the EU (Article 2). Same extraterritorial reach as the GDPR. A US SaaS company serving EU customers, or a US AI API whose outputs reach EU users via downstream apps, is in scope. Penalties apply regardless of where the provider is headquartered.

What replaced the Biden AI Executive Order after the January 2025 rescission?

The October 2023 Biden Executive Order on Safe, Secure, and Trustworthy AI was substantially rescinded by Executive Order in January 2025. Specific provisions including the 10^26 FLOPs reporting requirement for large training runs under the Defense Production Act were withdrawn. Importantly, the US AI Safety Institute at NIST (https://aisi.nist.gov/), which was established under separate authority, persisted through the transition and continued operating, evaluating frontier models, and running the AISI Consortium throughout 2025-2026.

What is the Colorado AI Act?

Colorado SB 24-205 (signed May 2024, key provisions effective 1 February 2026) is the most comprehensive US state AI law. It regulates developers and deployers of 'high-risk AI systems' — systems making consequential decisions in employment, education, lending, essential government services, healthcare, housing, insurance, or legal services. Requires reasonable care to avoid algorithmic discrimination, risk-management policies, consumer disclosure when high-risk AI makes a consequential decision, right to correct data, and right to appeal. Enforced by the Colorado Attorney General.

What are GPAI obligations under the EU AI Act?

Chapter V (Articles 51-56) of the EU AI Act addresses General-Purpose AI models. All GPAI providers must: maintain technical documentation, publish a sufficiently-detailed summary of training data (the template was finalized by the AI Office in 2025), comply with EU copyright law (including text-and-data-mining opt-outs under Directive 2019/790), and provide downstream-integrator information. GPAI models with systemic risk (training compute above 10^25 FLOPs or designated by the Commission) face additional obligations: model evaluations with adversarial testing, systemic-risk assessment + mitigation, serious-incident reporting, and adequate cybersecurity. Applied from 2 August 2025.

How do the EU AI Act and US AI Bill of Rights compare on penalties?

EU AI Act: up to €35M or 7% global annual turnover (prohibited uses); up to €15M or 3% (most other obligations); up to €7.5M or 1% (misleading information to authorities). Enforced by national market surveillance authorities and the EU AI Office. US AI Bill of Rights: no penalties — it is non-binding. US enforcement comes from sector-specific law (FTC Act, ECOA, ADA, Title VII, HIPAA), Colorado AI Act civil penalties (AG enforcement), NYC Local Law 144 per-violation fines, and other state laws.

Compliance scaffolding is the topline. Prompt design is where it ships.

Once your AI inventory and risk tier is set, the prompts you ship inside each system are what regulators (and your users) actually experience. Our AI Prompt Generator writes prompts tuned to each model's safety + transparency surface — disclosure-ready, refusal-handling-aware, citation-grade. 14-day free trial, no card.

Browse all prompt tools →