In our EU AI Act guide we mapped what the world’s strictest AI law means for mobile apps. The natural next question from any founder shipping to app stores: what about everywhere else? The US, UK, Canada, and Australia together are the largest English-speaking app market on earth — and none of them has an EU-style AI Act.
That does not mean they have no rules. It means the rules live in less obvious places, and the violations happen where teams assume “no AI Act = no obligations.”
Legal state as of: July 2026. AI regulation is moving fast in all four jurisdictions — the US in particular changed materially between December 2025 and June 2026. This is an engineering-team explainer, not legal advice.
United States: no federal act, a live state patchwork, and a preemption fight
What is NOT there. There is no American AI Act. The only AI-specific federal statute enacted so far is the TAKE IT DOWN Act, targeting non-consensual intimate imagery including AI-generated deepfakes. The federal government’s posture under the December 2025 executive order “Ensuring a National Policy Framework for AI” is actively deregulatory: it created an AI Litigation Task Force to challenge state AI laws and pushes Congress toward a preempting federal framework.
What IS binding right now. Until Congress acts or courts rule, state laws remain enforceable — and several arrived in 2026:
- Texas (TRAIGA, in force 1 January 2026): prohibits developing or deploying AI for “restricted purposes” — encouraging self-harm or crime, AI-generated CSAM, unlawful deepfakes, impersonating minors. Applies to anyone providing products used by Texas residents.
- California (1 January 2026): SB 53 targets frontier-model developers (not app teams), but AB 2013 requires training-data documentation for generative AI, and SB 942 — operative 2 August 2026 — requires generative AI providers to offer watermarks, latent disclosures, and detection tools for AI-generated content. Note the date: California’s content-marking duty lands the same week as the EU’s Article 50.
- Illinois (HB 3773, 1 January 2026): prohibits employer use of AI that discriminates against protected classes — directly relevant to any HR or hiring feature.
- Utah (since 2024): disclosure on request that a consumer is interacting with generative AI in regulated transactions.
- Colorado: the cautionary tale. The first comprehensive US state AI law (SB 24-205) was repealed in May 2026 before it ever took effect and replaced with a narrower automated-decision law (SB 26-189) effective 1 January 2027 — pre-use notices, adverse-outcome explanations, human review rights.
Where a mobile app gets in trouble: shipping an AI hiring or screening feature that produces discriminatory outcomes (Illinois, plus federal civil-rights law which applies to AI regardless); generative content without the SB 942 marking capability after August 2026 for California users; any deepfake or impersonation functionality touching Texas.
United Kingdom: no act, but the regulators you already deal with
The UK deliberately chose not to pass an AI statute. As of mid-2026 no AI bill sits before Parliament, and the government’s language has shifted from “safety” to “growth” and standards-setting. The work is pushed down to existing regulators: the ICO on personal data, the FCA on financial services, Ofcom on online services, the MHRA on medical devices.
The one hard change app teams should know: the Data (Use and Access) Act 2025 replaced Article 22 of UK GDPR with new Articles 22A–22D, in force since 5 February 2026. Solely automated decisions about individuals are now lawful in more cases — but only with documented safeguards: transparency, meaningful human review (active review before the decision takes effect, not a token sign-off), and the right to contest.
Where a mobile app gets in trouble: an app feature that makes fully automated decisions significantly affecting users — loan pre-approvals, account bans, pricing — without the 22A–22D safeguards. For a UK audience the compliance rulebook is your sector regulator’s AI guidance, not a future AI Act.
Canada: the law that died
Canada was early — the Artificial Intelligence and Data Act (AIDA) inside Bill C-27 would have been one of the first national AI laws. It died when Parliament was prorogued in January 2025 and has not been replaced as of mid-2026.
That leaves existing law doing the work: PIPEDA federally, Quebec’s Law 25 (which already includes automated-decision transparency duties), human-rights legislation, and consumer protection. Where a mobile app gets in trouble: treating Canada as unregulated. Quebec’s Law 25 in particular requires informing individuals when a decision is based exclusively on automated processing — a duty many apps quietly violate today.
Australia: guardrails shelved, but two dates on the calendar
Australia consulted on mandatory guardrails for high-risk AI in 2024, then pivoted: the National AI Plan (December 2025) shelved the mandatory regime in favour of existing laws, voluntary guidance (the National AI Centre’s “AI6” practices), and a new AI Safety Institute.
Two binding things remain on the calendar:
- 10 December 2026: new Privacy Act transparency obligations — organisations must disclose in privacy policies the types of personal information used in substantially automated decisions that significantly affect people, and the nature of those decisions.
- Since 28 March 2026: maximum penalties under consumer law doubled to AUD 100 million per contravention — and the ACCC has flagged “AI-washing” (misleading claims about AI capabilities) as an enforcement priority.
Where a mobile app gets in trouble: marketing copy that overstates what your “AI” does. In Australia the biggest near-term AI legal risk is not an AI law at all — it is misleading-conduct law with freshly doubled penalties.
What this means if you ship one app to all four markets
The pattern across all four jurisdictions is consistent, and it is good news for engineering teams: the obligations converge on the same handful of capabilities the EU AI Act already demands.
- Disclose AI interactions — EU Article 50, Utah, UK ICO expectations, and plain consumer-protection law everywhere.
- Mark AI-generated content — EU (Aug/Dec 2026) and California SB 942 (Aug 2026) within weeks of each other. Build the marking layer once.
- Keep humans in consequential decisions — UK Articles 22A–22D, Colorado’s 2027 law, Quebec Law 25, Illinois employment rules.
- Document what your AI does and doesn’t do — and make sure marketing matches reality (Australia’s AI-washing enforcement, the FTC’s deception authority).
This is exactly why we recommend building against the EU baseline and treating everything else as an adaptation layer — one architecture, four markets. And it is why the cheapest moment to add these capabilities is during a rebuild: if you are already migrating a legacy Xamarin or Cordova app to Flutter, disclosure UI, a content-marking layer, and decision audit logging cost a fraction of what a retrofit will. Start that migration the way we describe in The Bus Factor Is Zero: recover what the system actually does before deciding what it must comply with.
Not sure which tier your app lands in? Our free self-assessment checker (EN/ES) classifies your AI feature and generates a PDF obligations report in five minutes. And if you want to walk through your specific product, book a 20-minute call.
FAQ
Is there a federal AI law in the United States?
No comprehensive one. As of mid-2026 the only enacted federal AI-specific statute is the TAKE IT DOWN Act, targeting non-consensual intimate imagery including AI deepfakes. Binding obligations for app makers come mostly from state laws — Texas, California, Illinois, Utah — plus existing consumer-protection and anti-discrimination law, while a federal executive order pushes to preempt state rules. Until courts or Congress settle that fight, state AI laws remain enforceable.
Does the UK have an AI Act like the EU?
No. As of mid-2026 there is no UK AI statute and no government AI bill before Parliament. AI in the UK is regulated through existing regimes — UK GDPR as amended by the Data (Use and Access) Act 2025, the ICO, the FCA, Ofcom and other sector regulators. Since 5 February 2026, new Articles 22A–22D govern solely automated decisions about individuals, requiring transparency, human review, and a right to contest.
What happened to Canada’s AI law (AIDA)?
The Artificial Intelligence and Data Act, part of Bill C-27, died when Parliament was prorogued in January 2025 and had not been replaced as of mid-2026. AI in Canada is currently governed through existing privacy law (PIPEDA federally, Law 25 in Quebec), human-rights law, and sector rules rather than a dedicated AI statute.
Do I still need to care about the EU AI Act if I only target these markets?
If any output of your AI system is used by people in the EU, the EU AI Act can apply regardless of where you are based. And practically, building to the EU baseline — disclosure, content marking, documentation, human oversight — satisfies or approximates most obligations in the US states, the UK, and Australia, which is why many teams use it as their single global standard.
This article summarizes the regulatory position in the United States, United Kingdom, Canada, and Australia as of July 2026, based on official sources and major law-firm analyses. Several of these regimes are in active flux — notably the US federal–state preemption dispute. This is general information, not legal advice.