- Omdia identifies seven core challenges that any effective AI regulatory framework must address: safety, privacy and data management (including copyright), controllability, ethics, transparency and accountability, security, and collaboration and interoperability.
- EU AI Act and South Korea’s AI Basic Act stand as the most prominent examples of frameworks that have moved beyond policy papers to enacted law.
The global AI regulatory landscape is moving decisively from principles to enforcement, with a new comprehensive report from Omdia revealing that the credibility of AI governance frameworks now hinges on their ability to impose meaningful consequences for non-compliance. The research, encompassing a global analysis alongside regional case studies covering the Americas, Asia & Oceania, and Europe, signals that the era of voluntary AI ethics guidelines is giving way to binding legislation backed by significant financial penalties — and in some jurisdictions, criminal sanctions.
“Mechanisms for addressing non-compliance should be a critical element of any AI regulatory framework,” said Sarah McBride, Principal Analyst for Regulation at Omdia.
The report underscores that without credible enforcement; even the most thoughtfully designed regulatory architecture risks being dismissed as aspirational rather than operational.
Financial penalties remain the most widely adopted enforcement instrument globally, though Omdia notes that a growing number of countries are layering on additional sanctions. These range from the suspension of AI services — effectively shutting down non-compliant systems — to, in certain jurisdictions, criminal prosecution and imprisonment for the most serious violations.
This graduated enforcement spectrum reflects a regulatory philosophy that differentiates between administrative lapses and deliberate or systemic misconduct.
The scale of financial exposure now confronting organisations is substantial and varies dramatically across jurisdictions.
Under the EU AI Act, which entered into force in August 2024 with requirements being introduced in stages, organisations face fines of up to €35 million ($41 million) or 7 per cent of global annual turnover — whichever is greater.
This places AI non-compliance penalties on par with those under the General Data Protection Regulation (GDPR), which has already demonstrated the power of large-scale financial sanctions to reshape corporate behaviour.
By contrast, South Korea’s AI Basic Act, which came into force in January 2026, imposes fines of up to KRW 30 million (approximately $20,000). While notably more modest than the EU regime, the Korean framework provides a grace period of at least one year before penalties take effect, giving industry time to align their operations with the new requirements.
This divergence in penalty magnitude underscores the fragmented nature of the global AI regulatory environment and the compliance complexity facing multinational organizations operating across multiple jurisdictions.
Seven challenges shaping regulatory agenda
Omdia’s analysis identifies seven core challenges that any effective AI regulatory framework must address: safety, privacy and data management (including copyright), controllability, ethics, transparency and accountability, security, and collaboration and interoperability.
These dimensions form an interconnected matrix of concerns that regulators worldwide are grappling with, though the weight given to each varies by region.
Safety has emerged as perhaps the most urgent priority, particularly in the context of frontier AI models capable of autonomous decision-making. The report indicates that regulators are increasingly focused on establishing mandatory safety testing and pre-deployment risk assessments, especially for high-risk AI applications in sectors such as healthcare, transportation, and critical infrastructure.
Privacy, data management, and copyright constitute a second pillar, and one that intersects directly with existing legal frameworks. The use of large-scale datasets — often scraped from the open internet — to train generative AI models has triggered an intensifying global debate about intellectual property rights.
Omdia’s findings suggest that copyright considerations are likely to become one of the most contentious and commercially significant dimensions of AI regulation, with implications for model training, content generation, and the broader creative economy.
The remaining challenges — controllability, ethics, transparency and accountability, security, and collaboration and interoperability — round out the regulatory agenda.
Transparency obligations, in particular, are gaining traction, with a growing expectation that organizations deploying AI systems must be able to explain how those systems reach decisions and provide meaningful avenues for redress when outcomes are contested.
The security dimension extends beyond traditional cybersecurity to encompass adversarial attacks on AI models themselves, including data poisoning and model inversion techniques.
Rise of AI sovereignty
Beyond binding regulation, Omdia’s research documents the proliferation of national AI strategies globally. These strategies, the report notes, share a common ambition: achieving or sustaining a leading position in the global AI economy.
“These strategies typically emphasize support for AI research and innovation, building AI skills and workforce capacity, accelerating adoption across public and private sectors, and strengthening data ecosystems and ICT infrastructure,” McBride explained.
Yet beneath these shared objectives, a more distinctly geopolitical dynamic is gathering force. “AI sovereignty is also becoming an increasingly important priority for governments because of national security and economic considerations,” McBride added.
The concept of AI sovereignty — the capacity of a nation to develop and control AI capabilities aligned with its own values, interests, and security needs — is reshaping procurement decisions, infrastructure investments, and trade policy, particularly in the context of critical technologies such as semiconductor fabrication and cloud computing infrastructure.
This sovereignty imperative is driving a wave of investment in domestic AI compute capacity, national large language model development programmes, and data localisation requirements. It also adds a layer of geopolitical complexity to the regulatory landscape, as governments weigh the tension between open innovation — long the default posture of the technology sector — and the desire for strategic autonomy in an era of intensifying technology competition.
Implementation phase
Despite the growing volume of national AI strategies, Omdia observes that relatively few regulators have actually introduced dedicated AI legislation. The EU AI Act and South Korea’s AI Basic Act stand as the most prominent examples of frameworks that have moved beyond policy papers to enacted law.
Both are now entering what Omdia characterises as the critical implementation phase — a period in which ambitious legislative intent must be translated into practical compliance guidance, operational measures, and consistent enforcement.
For the telecommunications sector specifically — a key lens through which Omdia examines regulatory impact — the implications are clear and immediate. “The main impact of these regulations on telecommunications companies will be additional compliance requirements and higher operational costs,” McBride concluded.
The report suggests that regulators must now pivot from the design and adoption of AI laws to the more granular work of providing clear industry guidance, establishing practical operational compliance measures, and demonstrating a willingness to enforce standards when they are breached.
This implementation challenge is not trivial. Organisations across sectors must now build or acquire the internal capabilities needed to navigate an increasingly complex and multi-jurisdictional regulatory environment.
This includes establishing AI governance frameworks, conducting risk assessments for AI systems, maintaining documentation trails that satisfy transparency obligations, and training personnel on compliance requirements that differ from one market to the next.
