'%3e%3cpath%20d='M248.027%20159.993C292.176%20159.993%20328.105%20124.1%20328.105%2079.996C328.105%2035.892%20292.191%200%20248.027%200C203.863%200%20167.95%2035.892%20167.95%2079.996C167.949%20124.101%20203.878%20159.993%20248.027%20159.993ZM213.969%2045.973C223.069%2036.882%20235.155%2031.873%20248.027%2031.873C260.899%2031.873%20272.986%2036.882%20282.086%2045.973C291.186%2055.064%20296.2%2067.154%20296.2%2079.997C296.2%2092.84%20291.186%20104.93%20282.086%20114.021C272.986%20123.112%20260.899%20128.12%20248.027%20128.12C235.155%20128.12%20223.069%20123.111%20213.969%20114.021C204.869%20104.93%20199.871%2092.84%20199.871%2079.997C199.871%2067.154%20204.884%2055.063%20213.969%2045.973Z'%20fill='%23EE4323'/%3e%3cpath%20d='M150.16%200L57.6821%20159.993H94.5381L187%200H150.16Z'%20fill='%23EE4323'/%3e%3cpath%20d='M92.478%200L0%20159.993H36.856L129.334%200H92.478Z'%20fill='%23EE4323'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_296_834'%3e%3crect%20width='328.105'%20height='159.993'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
AI regulations across the US, EU, and UK are converging on five categories of obligation that most organizations cannot meet without browser-layer visibility into how employees actually use AI tools.
AI regulations across the US, EU, and UK are converging on five categories of obligation that most organizations cannot meet without browser-layer visibility into how employees actually use AI tools.
The AI regulatory landscape is moving fast
The regulatory landscape around AI has shifted from theoretical to operational faster than most compliance teams expected. Several regulations are already in force, presenting not just a legal but also significant operational challenge to organizations covered by these regulations.
First, here's a summary of the key frameworks and what they require:
Regulation | Jurisdiction | What it requires for AI | Status |
EU | AI system inventory and risk classification; AI literacy for all staff; cybersecurity resilience for high-risk AI; transparency and human oversight | Art. 4 (literacy) in force Feb 2025; high-risk obligations Aug 2026 | |
EU financial services | AI tools in ICT risk framework; AI providers in third-party risk registers; resilience testing covering AI-enhanced attacks | In force Jan 2025 | |
EU digital products | AI-enabled software must meet essential cybersecurity requirements; vulnerability management and incident reporting | Reporting Sep 2026; full compliance Dec 2027 | |
US (NY financial services) | AI-resistant MFA; employee training on AI threats; third-party AI risk assessment; | Phased 2023–2025; AI-specific guidance issued Oct 2024, Oct 2025, May 2026 | |
US (20+ states) | Automated decision-making transparency, opt-out rights, and impact assessments; AI and children's data protections | Rolling 2024–2027 (CA, CO, CT leading) | |
US healthcare | AI tools in mandatory technology asset inventory; mandatory encryption covering AI; AI-enhanced attack preparedness | Final rule expected 2026 | |
UK | Reformed automated decision-making rules (new Arts. 22A-22D UK GDPR): meaningful information about decisions, right to make representations, human intervention and contestation rights; stricter controls for special category data; new complaints-handling duty with 30-day response clock (from June 2026) | Main provisions Feb 2026; complaints duty June 2026 |
Even if your organization isn't yet subject to these specific regulations, the direction of travel matters. The EU has a track record of setting global regulatory standards: GDPR reshaped data privacy practices worldwide, and the Digital Markets Act is influencing antitrust enforcement well beyond European borders.
The EU AI Act is the world's first comprehensive AI law, and the pattern of obligation categories it establishes is already visible in NYDFS guidance, US state privacy legislation, and the UK's reformed automated decision-making framework. Organizations that build the operational foundations to meet these obligations now will be ahead of whatever comes next, regardless of jurisdiction.
Five obligation categories appear across frameworks
Across these frameworks, the AI-specific obligations cluster into five categories. Individual regulations word them differently and scope them to different sectors, but the compliance actions they require are largely the same.
1. AI inventory and classification
You can't classify AI systems by risk level if you don't know which ones your employees are using. Multiple regulations now require organizations to maintain a complete inventory of AI tools in their environment — whether as part of risk classification, asset management, or third-party risk registers.
Most organizations are dealing with uncontrolled Shadow AI sprawl. We find that the average organization has 16 unique AI apps in active use, 17 unique AI browser extensions, and 17 unique AI OAuth integrations connected into just Google Workspace and Microsoft 365 — with some organizations reaching as high as 40 unique AI apps, 163 AI extensions, and 55 OAuth connections to AI apps respectively. At the other end, the smallest organization with the lowest adoption level is actively using two.
2. AI literacy and employee guidance
Regulators increasingly expect organizations to demonstrate that employees understand the AI tools they use — not through annual training alone, but through continuous, contextual guidance at the point of interaction. Several frameworks now require auditable evidence that staff have been educated about AI risks and acceptable use policies. The common thread is the need for ongoing education, not as a one-off compliance exercise, but continuously at the point of interaction.
3. AI data governance and exposure control
Regulations are converging on the requirement for controls over what data enters AI tools. This includes sensitive personal data, health data, and data subject to automated decision-making. Organizations need to know where personal data is being processed by AI and have mechanisms to prevent unauthorized exposure.
4. AI-resistant authentication and phishing defense
AI is making phishing attacks more convincing and harder to detect through traditional means. Several frameworks now require authentication methods that can withstand AI-enhanced attacks, specifically naming phishing-resistant options like digital certificates and security keys over SMS or voice-based authentication. Beyond authentication, organizations need defenses against AI-powered phishing that bypasses the lure-quality signals users were trained to spot.
In the UK, the ICO's May 2026 blog names AI-generated phishing, deepfake social engineering, and credential stuffing as specific threats organisations must address under UK GDPR Article 32. It calls for multi-factor authentication on all remote access, admin accounts, and email, alongside layered defences that assume foundational controls alone are insufficient against AI-powered attacks.
5. Third-party AI risk and supply chain governance
Employees adopt AI tools faster than procurement can track them, and each one that connects to corporate systems via OAuth creates a persistent trust relationship. Regulators now require organizations to know which third-party AI services they depend on, what permissions those services hold, and whether they introduce concentration risk.
In May 2026, CISA and Five Eyes partners published the first multinational guidance on agentic AI adoption, identifying privilege escalation and accountability gaps as core risks — a signal that AI agent governance will soon move from best practice to regulatory expectation.
How the regulations will be enforced
The consequences extend well beyond fines. EU AI Act penalties reach €35 million or 7% of global turnover for prohibited practices, but the operational impact may bite harder: non-compliant AI systems cannot be placed on the EU market, and providers bear direct responsibility for conformity under Articles 16 and 26 — meaning the CISO who signed off on an AI deployment that turns out to be non-compliant has personal exposure, not just a budget line item.
Italy's implementation law (Law No. 132/2025) goes further, introducing criminal penalties including imprisonment for AI-related offenses like deepfake dissemination.
NYDFS penalties accumulate at $2,500 per day per violation, and the regulator has been aggressive: it levied $14 million in fines from companies with inadequate MFA. CISOs sign annual compliance certifications under §500.17 where false certification carries personal liability.
The UK's Data (Use and Access) Act preserves ICO enforcement powers with fines up to £17.5 million or 4% of global turnover, and introduces a new statutory right for individuals to complain directly to controllers about automated decisions, with a 30-day response clock.
Where Push maps to these obligations
The five obligation categories above map to specific Push capabilities, some directly, others as supporting evidence. Push's relevance to AI regulation isn't a new product direction. The same capabilities that security teams already use for shadow SaaS discovery, phishing defense, and identity posture hardening are what compliance teams need to demonstrate AI governance.
AI inventory and shadow AI discovery.
Push identifies every AI app, AI browser extension, and AI OAuth integration in use across the organization, not from network traffic patterns or procurement records, but from actual observed usage in the browser.
AI usage policy enforcement and literacy evidence.
Push's custom app banners deliver contextual policy guidance the moment an employee accesses an AI tool: linking to approved usage policies, data handling guidelines, or approved alternatives. Banners are fully customizable: they can include specific instructions, link to AI policy documents or approved alternatives, and messages from the security team tailored to the tool or user group.
When an employee clicks through or acknowledges the banner, Push generates auditable telemetry, creating a documented, timestamped record that the employee received policy guidance at the exact point of AI interaction (not just in a training session six months prior).
AI data exposure controls.
Push observes what users type, paste, and upload into AI tools, and can apply real-time controls, warning or blocking when sensitive patterns are detected. This is browser-layer DLP scoped to the AI interaction surface: it won't replace a dedicated DLP platform, but it closes the specific gap that most DLP tools miss because they lack visibility into browser-based AI interactions. Push provides the detection and enforcement layer at the point where the data actually leaves the organization.
MFA verification and phishing defense.
Push detects where MFA is missing and identifies the type of MFA in use, directly supporting the push toward phishing-resistant authentication methods.
Push's behavioral phishing detection stops AiTM phishing, credential harvesting, device code phishing, and ClickFix attacks because Push detects malicious behavior in the browser, making it effective against even AI-powered phishing attacks, or those that are delivered over traditionally unmonitored channels such as search engines, social media, or even via phone call.
Attackers are increasingly leveraging AI in their phishing campaigns, creating new and derivative phishing kits, adding new capabilities, and finding ways to increase the speed and scale of their operations. But Push's vantage point in the browser means that regardless of the tooling or infrastructure used, Push intercepts the attack at the point of interaction.
This even applies to AI-powered voice and video faking attacks: since most voice-based attacks still result in a user being directed to interact with a browser payload, Push can still intercept them at the point that the caller is lured to a malicious web page or resource.
Third-party AI risk visibility.
Push maps exactly which AI services employees have accessed and used, connected to other business apps via OAuth, what permissions those integrations hold, and who authorized them. This surfaces the AI providers that procurement never approved but employees adopted anyway, before they become a compliance finding or a breach vector.
The compliance gap is an observability gap
The common failure mode across all five obligation categories is the same: the organization has a policy but can't demonstrate enforcement, because the tooling that would provide evidence operates at the wrong layer. IdP logs show managed authentication but not shadow AI logins. Network tools see traffic to AI domains but not the OAuth consent grants or the data in the clipboard. Annual training records exist but can't prove that an employee received guidance at the point of AI interaction.
Browser-layer telemetry closes each of these gaps because it's where the regulated activity actually happens, and where (with Push) you can observe and control it too.
The regulations covered here are the current landscape, but they aren't the final one. AI governance requirements are accelerating: NIST's AI cybersecurity framework profile is expected this summer, CISA's Five Eyes agentic AI guidance landed in May, and EU member states are still building out their national enforcement regimes.
The five obligation categories we've identified aren't artifacts of any single regulation; they reflect a durable regulatory consensus about what responsible AI governance requires. Building the operational capability to meet them now — continuous AI inventory, demonstrable employee guidance, data exposure controls, phishing-resistant authentication, and third-party risk visibility — means you're prepared for future frameworks.
Push Security is the most powerful AI-native security tool in the browser. Think EDR, but for the browser — high-fidelity telemetry and real-time control across every session, on every device, with no browser migration required.
Security teams use Push to detect and stop advanced browser-based attacks like AiTM phishing, ClickFix, and session hijacking; gain visibility and control over AI tool usage across their workforce; harden identities by surfacing credential reuse, SSO gaps, and shadow IT; and support data loss and insider investigations with browser-layer telemetry that other tools can't see.
