The lack of a uniform approach to AI regulation across jurisdictions creates complexities for international businesses. Regulatory approaches differ in form and scope. The European Union’s (EU) Artificial Intelligence Act adopts a risk-based model, with strict requirements for high-risk AI systems. The US takes a sector-specific approach that emphasizes innovation and competitiveness. China prioritizes state control, data sovereignty and comprehensive monitoring.
This regulatory landscape requires internationally operating businesses to monitor developments closely—and compounds AI’s other risks for investors.
Data Risks Can Damage Brands
In business, AI is often deployed through generative tools—such as text, video and voice generation—and large language models (LLMs). LLMs underpin applications such as chatbots, automated content creation and large-scale data analysis.
Many companies have found that AI innovations may involve potentially brand-damaging risks. These can arise from biases inherent in the data on which LLMs are trained and have resulted in banks inadvertently discriminating against minorities in granting home-loan approvals, and in a US health insurance provider facing a class-action lawsuit alleging that its use of an AI algorithm caused extended-care claims for elderly patients to be wrongfully denied.
Risks also stem from AI training data. In September 2025, Anthropic settled a class action over pirated training data for about $1.5 billion. By year-end, more than 70 generative AI copyright lawsuits had been filed, including The New York Times v. OpenAI and Microsoft, Disney and Universal v. Midjourney, and Getty Images v. Stability AI. AI training data risk is increasingly a quantifiable balance-sheet risk.
Bias, discrimination and training data are key regulatory risks that should be on investors’ radars; others include intellectual property rights and privacy considerations concerning data. Risk-mitigation measures—such as developer testing of the performance, accuracy and robustness of AI models, and providing companies with transparency and support in implementing AI solutions—should also be scrutinized.
Dive Deep to Understand AI Regulations
Regulatory approaches to AI are diverging in ways that matter for investors. The EU’s AI Act, a comprehensive, risk-based framework, has been rolling out in phases since 2024. The US, by contrast, relies on existing federal agencies, voluntary frameworks and state-level laws rather than a single overarching regime. The UK has taken a principles-based approach, deferring comprehensive legislation. And China has moved quickly with targeted rules focused on specific applications—particularly those tied to content control, social stability and data sovereignty.
For investors, this divergence has real implications. It is increasingly relevant to ask which jurisdiction a portfolio company is effectively optimizing for, as the rules governing a global business may vary materially by market.
Investors, in our view, should do more than drill down into jurisdiction-specific AI regulations. They should also understand how existing legal frameworks—such as copyright law to address data infringements and employment legislation where AI has an impact on labor markets—are being applied to AI.
Fundamental Analysis and Engagement Are Key
A useful rule of thumb for investors assessing AI risk is that companies that proactively disclose their AI strategies and policies are likely to be better prepared for new regulations. More generally, fundamental analysis and issuer engagement are central to this area of research.
As we see it, fundamental analysis should examine not only company-level AI risks but also risks along the business chain and across the regulatory environment, testing insights against core responsible-AI principles (Display).
