Global AI Regulations Roundup: Top Stories of July 2025

North & South America Jurisdiction

1. New York A3008 Banning Undisclosed Algorithmic Pricing Comes Into Effect

July 8, 2025
New York

Effective July 8, 2025, New York’s Assembly Bill A3008 prohibits undisclosed personalized algorithmic pricing. The law, signed by Governor Kathy Hochul in May, requires businesses to clearly disclose when a price is set using a consumer’s personal data. Items priced this way must include the notice:

"THIS PRICE WAS SET BY AN ALGORITHM USING YOUR PERSONAL DATA." 

Businesses operating in New York must ensure compliance to avoid significant penalties.

Read More.

2. US Senate Strips AI Moratorium From One Big Beautiful Bill Act

July 21, 2025
United States

On July 1, 2025, the US Senate removed the AI moratorium provisions from the One Big Beautiful Bill Act, which would have blocked state-level AI laws for the next 10 years. The proposed moratorium aimed to pause over 1,000 AI-related bills across the U.S., potentially easing compliance burdens for businesses.

With its removal, state-level AI regulations remain active, and businesses developing or using AI in the U.S. must ensure they comply with applicable state laws to avoid enforcement and penalties.

Read More.

3. California Civil Rights Council Announces Approval of New AI Protection Regulations

July 1, 2025
California

The California Civil Rights Council has announced final approval of new regulations aimed at preventing employment discrimination from the use of AI and automated decision systems. The rules will take effect on October 1, 2025, and will apply to businesses using AI in hiring or employment decisions.

Organizations must review their practices to ensure compliance with the new standards.

Read More.

Europe & Africa Jurisdiction

4. EU Issues Template for Public Disclosure of GPAI Training Data

July 24, 2025

The European Commission released an Explanatory Notice and Template to help general-purpose AI (GPAI) model providers comply with Article 53(1)(d) of the EU AI Act. Starting August 2, 2025, all GPAI providers, including open-source developers, must publish a public summary describing their training data.

The template sets a baseline for what information must be shared, reinforcing transparency and harmonized compliance across the EU.

Read More.

5. European Commission Issues Guidelines for GPAI Model Providers Under AI Act

July 18, 2025

The European Commission has published its guidelines for providers of general-purpose AI (GPAI) models, offering further clarity on their obligations under the EU AI Act. The guidelines complement the recently published GPAI Code of Practice and help define when a model qualifies as GPAI or GPAI with systemic risk. They also clarify the scope of responsibilities under Chapter V of the AI Act, which takes effect on August 2, 2025. While not legally binding, these guidelines reflect the Commission’s interpretation of the law and will inform future enforcement.

Read More.

6. The European Commission Published the Final Draft of the GPAI Code Of Practice for GPAI Model Providers

July 10, 2025

The European Commission has released the final draft of the GPAI Code of Practice, a voluntary code supporting compliance with the AI Act's GPAI obligations. The Code offers detailed guidance on three key areas: transparency, including standardized technical documentation through a Model Documentation Form covering training data, energy use, and collection methods; copyright, with steps for creating policies aligned with Article 53 obligations; and safety and security, outlining advanced practices such as risk modeling, red-teaming, and adversarial testing for GPAI systems with systemic risk.

The Code awaits formal approval via an implementing act, ahead of the August 2, 2025, compliance deadline. Voluntary adherence provides a clear path to demonstrating compliance and may ease regulatory burdens.

Read More.

7. Federal Network Agency in Germany Launches AI Service Desk for AI Act Compliance Support

July 3, 2025
Germany

The Federal Network Agency (Bundesnetzagentur) in Germany has announced the launch of its AI service desk to help organizations understand and comply with the EU AI Act. The service includes an interactive compliance compass, which helps assess whether AI systems fall under the Act’s scope, including transparency duties and high-risk classifications. It also features FAQs and practical guidance, offering a valuable support resource for businesses navigating upcoming regulatory obligations.

Read More.

8. The Portuguese Agency for Administrative Modernization Publishes Guide for AI

July 1, 2025
Portugal

The Portuguese Agency for Administrative Modernization (AMA) has published its Guide for AI aimed at public administration, accompanied by an ethical risk evaluation tool. The guide promotes responsible AI that is transparent, robust, fair, inclusive, and sustainable. It emphasizes the need for pre-implementation testing, ongoing monitoring, and mechanisms to prevent bias.

While designed for the public sector, private organizations are encouraged to use it as a reference for ethical AI deployment.

Read More.

9. Germany's Federal Office for Information Security (BSI) Releases Assessment Framework for AI Training Data Quality

July 1, 2025
Germany

Germany's Federal Office for Information Security (BSI) has released QUAIDAL (Quality criteria for training data in the AI lifecycle). It is a comprehensive assessment framework that ensures training data quality is appropriate for AI systems and in line with AI Act requirements. It relies on ten central quality criteria, which are divided into four levels, i.e., abstract criteria, concrete data components, operational measures, and associated metrics and methods, with 143 total metrics and methods enabling detailed assessment.

The framework offers AI developers a practical, standards-based approach to ensure their training data is accurate, reliable, and legally compliant throughout the AI lifecycle.

Read More.

Asia Jurisdiction

10. Hong Kong PCPD Calls for Stronger AI Governance Amid Rising Risks

July 10, 2025
Hong Kong

The Privacy Commissioner for Personal Data has urged AI governance in the wake of rising privacy concerns after a survey by the Hong Kong PCPD revealed nearly 70% of enterprises have not made appropriate disclosures in their AI use. Recommended measures include a checklist on GenAI to guide internal policies.

This renewed push underscores a growing regulatory expectation for enterprises to move beyond awareness and adopt concrete safeguards. The GenAI checklist serves as both a compliance aid and a governance tool, urging organizations to define permissible uses, mitigate data leakage, ensure human oversight, and embed ethical review. As AI tools become more deeply integrated into workplace operations, failure to implement such measures may expose organizations to reputational harm and violations of the Personal Data (Privacy) Ordinance.

Read More.

11. Singapore Launches New AI, PET, and Data Protection Initiatives

July 7, 2025
Singapore

On July 7, 2025, Singapore’s Infocomm Media Development Authority (IMDA) introduced three key initiatives to support trusted AI adoption and stronger data protection. The Global AI Assurance Sandbox was expanded to cover agentic AI and prompt-injection threats, paired with a new safety testing kit for LLMs. A PETs Adoption Guide now helps businesses evaluate and deploy privacy-enhancing technologies. Lastly, the Data Protection Trustmark was updated with streamlined certification and tougher rules for cross-border and third-party data handling.

These efforts reflect Singapore’s commitment to balancing innovation with accountability in its digital economy.

Read More.

12. National AI Strategy introduced in New Zealand

July 8, 2025
New Zealand

The National AI Strategy reinforces a commitment to the OECD AI Principles, aiming to foster responsible AI adoption without introducing new regulatory burdens. It promotes inclusive economic growth, human rights, transparency, and accountability, offering practical guidance for businesses to deploy AI within existing legal frameworks. Emphasizing strong governance, the strategy highlights the role of Privacy Officers, ethical data practices, and human oversight, especially in high-stakes AI use.

By prioritizing risk management and data quality, the strategy supports innovation aligned with public trust and regulatory compliance.

Read more.

13. China Unveils Global AI Governance Action Plan

July 26, 2025
China

At the 2025 World Artificial Intelligence Conference, China introduced its Global AI Governance Action Plan, calling for international collaboration to ensure AI is developed and used in a safe, fair, and inclusive way. The plan highlights the importance of open-source innovation, quality data sharing, and global infrastructure, while supporting ethical standards, risk assessments, and UN-led oversight.

Aligned with the UN’s Pact for the Future, the initiative frames AI as a global public good that requires joint action from governments, industry, and civil society.

Read more.

WHAT'S NEXT:
Key AI Developments to Watch For

Germany Consultation on AI Model Data Protection: Germany’s data protection authority (BfDI) is seeking public input on how to protect personal data used in AI models. The consultation focuses on issues like anonymization, data extraction risks, and how people can exercise their rights. Comments are open until August 10, 2025.

EU AI Act Implementation Without Grace Periods: The European Commission confirmed the AI Act will roll out on schedule, with no grace periods. To support implementation, the Commission is preparing a voluntary code of practice for general-purpose AI, GPAI guidelines, and an AI service desk to help organizations comply.

Norway Drafts AI Act Open for Feedback: Norway has released a draft AI Act that mirrors the EU’s version, naming the Norwegian Communications Authority (Nkom) as the lead regulator. The proposal includes enforcement measures and financial penalties. Public consultation is open until September 30, 2025.