AI Compliance Map — Jun 26-Jul 3
2026/7/3 · 17:34

AI Compliance Map — Jun 26-Jul 3

Weekly compliance impact map for June 26, 5:41 p.m. through July 3, 5:00 p.m. (UTC-05:00), prioritizing near-term action dates across the FTC, GSA, CNSS, EU AI Act implementation, UK DRCF, China CAC/ODI rules, US state AI bills, Canada, and APAC.

Immediate triage queue as of July 3, 2026:
  1. July 3 — UK DRCF: Phase 1 responses close for the Digital Regulation Cooperation Forum's "Consumer Interest and AI" consultation on generative AI and agentic AI consumer risks. 1
  2. July 12 — US CNSS and Missouri: CNSS Directive 900 is due for revision under NSPM-12, and Missouri SB 1019 is still awaiting Governor Mike Kehoe's action under the official "Delivered to Governor" status. 2 3
  3. July 15 — China CAC No. 21: the anthropomorphic AI interaction service rules take effect, with no official implementation guide identified in the research package as of July 3. 4
  4. July 22-23 — EU AI Act: the transparency Code signatory window closes July 22, and the high-risk classification consultation closes July 23. 5 1
  5. July 31 and August 3 — US comments: FTC comments on the proposed AI accuracy policy statement close July 31, and GSA comments on the proposed LLM data-safeguarding clause close August 3. 6 7
This issue covers June 26, 5:41 p.m. through July 3, 5:00 p.m. in the channel timezone (fixed UTC-05:00), corresponding to the scheduled weekly window. The highest-priority compliance signal is deadline compression: EU transparency, US federal procurement and FTC comments, China AI-adjacent implementation dates, and state-level child, school, therapy, and frontier-model bills all moved within the same short window.
The source package also corrects a state-law status risk. Missouri SB 1019 should be treated as pending, not enacted: the official Missouri Senate page still showed "Delivered to Governor" as of July 3. 3

Upcoming compliance dates

DateJurisdictionObligation or eventAffected entitiesStatus
July 3, 2026UKDRCF Phase 1 "Consumer Interest and AI" consultation closes. 1Firms using generative AI or agentic AI in consumer-facing servicesCloses today
July 12, 2026US federalCNSS must revise CNSS Directive 900 within 30 days of NSPM-12. 2National security system operators, federal cloud and AI vendors supporting NSS workloadsPublic draft not identified as of July 3
July 12, 2026MissouriApproximate governor-action deadline for SB 1019 under the May 28 transmission calculation. 3AI therapy chatbot operators and advertisers with Missouri usersPending; not enacted as of July 3
July 14, 2026US federalGSA public hearing on proposed GSAR clause 552.239-7001. 7Federal contractors using LLM systems as developers, operators, integrators, or service providersHearing scheduled
July 15, 2026ChinaCAC No. 21 on anthropomorphic AI interaction services takes effect. 4Virtual companion, anthropomorphic chatbot, emotional-interaction, and related AIGC services in ChinaEffective date fixed
July 22, 2026EUInitial signatory deadline for the AI-generated content transparency Code. 5Generative AI providers and deployers seeking Article 50 compliance presumptionSign-or-explain decision point
July 23, 2026EUTargeted consultation closes on draft high-risk AI classification guidelines. 1Providers and deployers classifying Annex I or Annex III AI systemsExtended from June 23
July 31, 2026US federalFTC comments close on the proposed AI accuracy policy statement, Docket FTC-2026-0859. 6AI companies whose systems may trade off accuracy, fairness, safety, ideology, or other output objectivesComment period open
August 2, 2026EUArticle 50 transparency obligations apply; the Omnibus does not move the main chatbot and deepfake disclosure date. 8AI providers and deployers placing systems on the EU marketDate unchanged
August 3, 2026US federalWritten comments close on the GSA LLM data-safeguarding proposed clause. 7Federal LLM contractors and subcontractorsComment period open
August 20, 2026ChinaNetwork Data Security Risk Assessment Measures take effect. 9Network-data processors and AI/data operators covered by the assessment frameworkEffective date fixed
August 25, 2026IllinoisApproximate end of the 60-day governor review window for SB 315, transmitted June 26. 10Large frontier-model developers with Illinois exposureGovernor action pending

US federal and states

FTC frames AI accuracy steering as a deception risk

The Federal Trade Commission published a proposed policy statement on July 1 titled "Concerning the Suppression of Accuracy in Artificial Intelligence Systems," Docket FTC-2026-0859. 6 The statement says an AI company may violate Section 5 of the FTC Act if it steers model outputs away from the user's expected goal without clear disclosure, including when the steering is done to comply with state laws such as the Colorado AI Act. 6
The compliance impact is a direct federal-state tension. AI providers that tune output behavior for bias, safety, or legal-compliance objectives should review whether product claims, model cards, UI disclosures, customer contracts, and release notes clearly explain the system's design goals and tradeoffs.

CISA's EO 14409 deadline passed without a confirmed AI-specific BOD

Executive Order 14409 required CISA to issue binding operational directives within 30 days, by July 2, covering faster federal network defense, AI-enhanced defensive tools, and acquisition of AI cybersecurity tools and services. 11 CISA issued BOD 26-04 on June 10, but that directive focuses on risk-based vulnerability management for operational technology and internet-of-things assets and does not expressly implement the AI-enhanced tool or acquisition elements of EO 14409. 12
The compliance impact is procurement uncertainty. Federal AI cybersecurity vendors should track whether CISA treats BOD 26-04 as partial satisfaction of EO 14409 or issues a separate AI-specific directive.

NSPM-12 gives national security system governance a July 12 checkpoint

President Trump signed NSPM-12 on June 12, reestablishing the Committee on National Security Systems and designating the NSA Director as the national manager for national security systems. 2 Section 6(a) requires CNSS to revise CNSS Directive 900 within 30 days, which places the revision deadline on July 12. 2
The compliance impact falls on classified and national security workloads. AI vendors supporting NSS environments should expect governance, emergency-directive, cloud-baseline, and NIST-standard alignment questions to appear in federal security reviews.

GSA's LLM clause moves toward contractor flow-down duties

GSA published a proposed GSAR clause, 552.239-7001, on June 17 for "Basic Safeguarding of the Data Within Large Language Model Artificial Intelligence Systems." 7 The proposal creates role-specific flow-down requirements for LLM developers, system operators, system integrators, and service providers, with a July 14 hearing and August 3 written-comment deadline. 7
The compliance impact is immediate for federal contracting teams. Contractors should map which LLM role they occupy in each contract chain and prepare comments on documentation, change notice, reporting, and data-safeguarding obligations.

State movement concentrates in schools, minors, therapy, and frontier safety

California Governor Gavin Newsom approved AB 2148 on June 30 and filed it with the Secretary of State as Chapter 45 of the 2026 California Statutes. 13 The bill defines public school employees and public-school contractors as natural persons, which bars AI systems from serving as teachers or contractors in California K-12 public schools. 13
New Jersey A4015, the New Jersey Kids Code Act, passed both houses on June 30 and imposes age-appropriate design requirements on covered online services used by minors. 14 Providers of AI-powered youth services should treat it as a child-privacy and safety design bill rather than a model-development bill.
Missouri SB 1019 remains pending. The official Missouri Senate bill page showed "Delivered to Governor" as of July 3, after May 28 transmission to Governor Mike Kehoe, and the bill's AI therapy chatbot advertising ban should not be described as enacted unless the official status changes. 3
Illinois SB 315, the Artificial Intelligence Safety Measures Act, was sent to Governor JB Pritzker on June 26, and no governor action was recorded as of July 3. 10 If enacted, the bill would require large frontier developers to maintain safety frameworks, report critical safety incidents, and undergo annual independent third-party audits from January 1, 2027. 10
Pennsylvania HB 2006, the AI Companion Safety Act, was re-reported from Rules on July 1, received second consideration with amendments, and was recommitted to Appropriations before final floor passage. 15 Companion-AI teams should keep Pennsylvania in the watch queue, but the bill did not clear final passage before the July 4 recess.

EU, UK, and Ireland

EU Omnibus is approved, but Article 50 still drives August work

The Council of the European Union gave final approval to the Digital Omnibus on AI on June 29, completing the legislative procedure after Parliament approval on June 16. 16 The final package defers standalone Annex III high-risk AI obligations to December 2, 2027, and embedded Annex I high-risk AI obligations to August 2, 2028. 8
Article 50 transparency obligations remain set for August 2, 2026, including chatbot disclosure and deepfake labeling requirements. 8 The research package did not identify Official Journal L-series publication as of July 3, so EU teams should avoid treating the Omnibus as operationally complete until publication occurs. 17
The compliance impact is a two-track EU plan. Providers and deployers should keep Article 50 disclosure implementation on the August 2 track while using the high-risk delay for classification, quality-management, post-market monitoring, and technical-documentation work.

EU Code and classification guidance create two July decisions

The European Commission has issued the final Code of Practice on Transparency of AI-Generated Content, and the initial signatory deadline is July 22 at 18:00 CEST. 5 Signing gives providers and deployers a presumption of conformity for Article 50 obligations, while non-signatories will need a separate compliance theory and evidence package. 5
The Commission also extended the targeted consultation on draft Article 6 high-risk classification guidelines to July 23. 1 The compliance impact is classification governance: product counsel should use the consultation text to test Annex I and Annex III edge cases before final guidance arrives.

Ireland moves its AI Act implementation bill through committee stage

Ireland's Regulation of Artificial Intelligence Bill 2026 completed second reading on June 24 and moved to Committee of the Whole House. 18 The bill establishes the AI Office of Ireland as the national AI Act body and is intended to give the EU AI Act full effect in Ireland without adding to or changing regulated-entity obligations under the AI Act. 18
The timing matters because Ireland needs supervisory and enforcement infrastructure in place by the August 2 Article 50 enforcement date. 18 Companies with Irish headquarters, Irish EU representation, or major Irish regulatory interfaces should map which AI Act questions will go to the AI Office and which will remain with sectoral authorities.

UK DRCF closes one consultation and shows its own AI governance model

DRCF's Phase 1 "Consumer Interest and AI" consultation closes July 3, and its Phase 2 "Consumer Tools" consultation closes September 2. 1 The consultation sits inside the UK's regulator-led AI model, where ICO, CMA, Ofcom, and FCA use existing powers rather than a single standalone AI statute. 1
DRCF also published a June 24 internal generative-AI governance report covering how ICO, FCA, CMA, and Ofcom use GenAI in their own regulatory work. 19 The report says CMA uses agentic AI tools to support eight investigations, while Ofcom has an independent AI ethics committee for internal AI use. 19
The compliance impact is supervisory benchmarking. UK-regulated firms should expect questions about human review, hallucination management, bias mitigation, prompt controls, and evidence that AI governance is operating rather than merely documented.

China, APAC, and Canada

China Decree 837 is now live without public implementing detail

State Council Decree No. 837, China's outbound investment regulation, took effect on July 1 and is the first State Council administrative regulation dedicated to outbound investment. 20 The regulation integrates NDRC, MOFCOM, and SAFE oversight and brings natural-person investors into the outbound-investment control framework. 20
Article 13 restricts indirect export of prohibited or restricted technologies, services, and data through routes such as overseas talent transfers, cross-border technical guidance, and overseas training arrangements. 21 The research package did not identify MOFCOM, SAFE, or NDRC implementing rules as of July 3, and it did not confirm public reports of bank blocks within the first 48 hours after effectiveness. 20
The compliance impact is cross-border deal hygiene. AI companies with China-origin technology, China resident individuals, offshore SPVs, model/data transfers, or outbound R&D investments should refresh ODI filings, technology-export analysis, and bank-transfer documentation.

CAC No. 21 turns virtual companions into a multi-filing compliance problem

CAC No. 21, the interim measures for anthropomorphic AI interaction services, takes effect July 15 and was jointly issued by CAC, NDRC, MIIT, the Ministry of Public Security, and SAMR. 4 A July 2 compliance checklist identified five filing or assessment layers for covered services: generative AI service filing, generative-synthesis algorithm filing, anthropomorphic-service security assessment, basic internet qualifications, and additional overlay filings. 4
The compliance impact is scope control. Virtual companion and emotional-interaction AI products should not treat a generative-AI filing as sufficient if the service creates humanlike interaction, emotional dependence, or companion-style user relationships.

China adds a network-data risk assessment date

China issued Network Data Security Risk Assessment Measures on June 18, and the measures take effect August 20. 9 The measures establish a formal framework for assessment execution, supervision, and reporting. 9
The compliance impact is data-governance alignment. AI teams using China network data for training, evaluation, analytics, personalization, or cross-border processing should connect AI governance inventories to network-data risk assessment controls before August 20.

Canada pauses AI-adjacent bills through summer recess

Canada's Bill C-36, the privacy reform bill, received first reading on June 15 and remains at second reading with no activity during summer recess. 22 Canada's Bill C-34, the Safe Social Media Act, received first reading on June 10 and also remains at second reading with no activity. 23 Parliament entered summer recess on June 18 and is scheduled to return September 21. 24
The compliance impact is preparation time, not closure. C-36 would bring automated-decision transparency, cross-border transfer impact assessment duties, child-data protections, and penalties tied to global revenue, while C-34 would regulate AI chatbots and social-media child safety. 24

APAC signals point to comment integrity, platform speech, and governance proof

Japan's Cabinet Office received 8,774 public comments during the June 19-23 consultation on the draft AI Basic Plan revision, compared with 603 comments in the prior comparable process, and officials suspected 2,000 to 3,000 submissions were AI-generated. 25 The policy signal is procedural: agencies may start treating AI-generated mass comments as a consultation-integrity problem.
South Korea's amended Network Act takes effect July 7 and creates punitive damages up to five times losses for intentional dissemination of false or manipulated information by covered media entities and large YouTubers. 26 Content platforms and creator-tool providers should assess takedown, provenance, and dispute workflows before the effective date.
Singapore and Hong Kong still do not have standalone AI legislation, but a July 3 Mayer Brown assessment says both markets increasingly expect organizations to demonstrate responsible AI governance through privacy, financial-services, and cybersecurity obligations. 27 India also moved from watchful use of existing IT rules toward possible standalone AI legislation after MeitY Secretary S Krishnan said on July 3 that "the time is getting right" to begin looking at AI regulation. 28
For multinational AI teams, APAC work should focus on proof of governance, not just policy monitoring: consultation authenticity, synthetic-content controls, child and companion-AI safeguards, regulator-ready audit trails, and jurisdiction-specific evidence that human oversight exists in practice.
Cover image: AI-generated illustration.

参考来源

  1. 1Osborne Clarke — Artificial intelligence, UK Regulatory Outlook June 2026
  2. 2The White House — NSPM-12
  3. 3Missouri Senate — SB 1019 bill information
  4. 4Tencent Cloud Developer Community — Anthropomorphic AI compliance checklist
  5. 5AI Governance Playbook — AI Deadline, Thursday 2 July 2026
  6. 6FTC — Proposed Policy Statement Concerning the Suppression of Accuracy in Artificial Intelligence Systems
  7. 7Federal Register — GSAR acquisition of information and communication technology
  8. 8Licentium — EU Council adopts Digital Omnibus amendments to AI Act
  9. 9Hunton Andrews Kurth — China issues new measures for network data security risk assessment
  10. 10Illinois General Assembly — SB0315 bill status
  11. 11Federal Register — EO 14409
  12. 12CISA — BOD 26-04, Prioritizing Security Updates Based on Risk
  13. 13California Legislative Information — AB 2148
  14. 14New Jersey Legislature — A4015, 2026-2027 session
  15. 15Pennsylvania General Assembly — HB 2006
  16. 16Cyprus Presidency of the Council of the EU — Council gives final green light to simplify and streamline rules
  17. 17EUR-Lex — Official Journal C series daily view, 2 July 2026
  18. 18Anglo Celt — Government introduces AI Bill
  19. 19Bratby Law — DRCF generative AI assurance benchmark
  20. 20Risk Advisory — Beijing's new outbound investment rules redraw transaction risk
  21. 21Shumaker — China made Meta give back a $2 billion AI acquisition
  22. 22Parliament of Canada — Bill C-36 LEGISinfo
  23. 23Parliament of Canada — Bill C-34 LEGISinfo
  24. 24ABA Business Law Today — Canada's proposed legislative overhaul has cross-border implications
  25. 25The Mainichi — Japan AI policy draft draws flood of comments suspected to be AI-generated
  26. 26Seoul Economic Daily — Tougher fake news penalties must not chill policy criticism
  27. 27Mayer Brown — AI regulation in Singapore and Hong Kong, a mid-year checkpoint
  28. 28Big News Network / ANI — AI law may be considered as time is getting right

更多来自该频道

相似内容

  • 登录后可发表评论。