Financial institutions are increasingly using AI technologies for a variety of purposes, including marketing, process automation, and back-office functions. The EU AI Act will regulate the development and deployment of AI in financial services, particularly for high-risk use cases such as credit assessment and insurance underwriting. Financial institutions may seek exclusion from high-risk status if they can demonstrate that their use of AI does not pose significant risk. The Act introduces new obligations and requirements, such as technical documentation, data governance measures, risk management, and transparency rules. Financial institutions can integrate some of their AI-related obligations into their existing regulatory frameworks. Proper preparation for compliance is important due to the complex dimensions of AI in finance.

The European AI Office has started the drafting process of the first-ever Code of Practice for general-purpose AI (GPAI) models under the EU AI Act. The Code of Practice aims to provide guidelines for providers of GPAI models to comply with the stringent requirements of the Act. The drafting process involves four rounds of consultation and input from working groups. Once finalized, the Code of Practice will serve as an essential tool for providers of GPAI models to demonstrate compliance with the AI Act's requirements. The Code will remain in effect until a European harmonized standard is published. The relevant provisions for GPAI models will begin applying from 2 August 2025, and the final Code of Practice is expected to be published in April 2025. If the Code of Practice is not ready or deemed inadequate, the European Commission may intervene to introduce common rules through implementing acts.

California Governor Gavin Newsom has vetoed the Safe and Secure Innovation for Frontier Artificial Models Act (“SB1047”), which aimed to establish a comprehensive regulatory framework for the development and deployment of large-scale AI solutions in California. The bill would have set strict safety standards for developers of powerful AI models, but also faced opposition from the industry over concerns regarding stifling innovation and business growth. Governor Newsom vetoed the bill citing the need for a more thorough analysis of industry practice. The veto comes amidst a growing regulatory agenda on AI, with 10 AI bills signed by Newsom recently.

California, home to 32 of the top 50 AI companies globally, has enacted several new laws and regulations related to AI, focusing on transparency, ethical use, and protecting individuals from harmful AI-generated content. Key legislative activity includes laws prohibiting non-consensual deepfake content, protecting against unauthorized sharing of intimate digital images, mandating clear disclosures for digitally manipulated political advertising, and imposing stricter requirements on collecting and sharing personal information. Governor Newsom is set to decide on pending bills mandating AI developer disclosures and setting safety standards for powerful AI systems. Controversial bills face significant opposition from industry leaders, who argue they could stifle innovation, while supporters believe they could serve as a model for future regulations. Other proposed laws regulate AI in healthcare, transportation, and communications, with specific provisions for autonomous vehicles, healthcare decision-making, and consumer privacy. Stakeholders across various industries are closely monitoring these developments as California continues to lead efforts in AI regulation.

NHelp, EPIC, and Upturn have filed a complaint against Deloitte over the accuracy of its Texas Integrated Eligibility Redesign System (TIERS), which is used to evaluate individuals' eligibility for Medicaid. The complaint accuses Deloitte of violating the Federal Trade Commission (FTC) Act, claiming that the system is deceptive and unfair, and cites several established voluntary AI frameworks including the OECD AI Principles and the Universal Guidelines for AI to support its case. The complaint calls for Deloitte to adopt these frameworks, increase transparency, and implement harm mitigation measures. The complaint highlights the value in voluntarily adopting responsible AI frameworks to reduce reputational and legal risks.