Filter activities

When talking about AI and data regulation, we are looking at quite different approaches on the global political stage. For our newly established TUM Think Tank AI Speaker Series, our first guest, Silicon Valley based attorney Lothar Determan provided a comprehensive overview of the contrasting approaches to AI and data regulation in the European Union and the United States. He highlighted the stark contrasts between the US's reactive, issue-specific AI and data regulations and the EU's proactive, precautionary approach.

The event provided a deep dive into the regulatory philosophies of the US and the EU, offering attendees a clear understanding of the challenges and opportunities presented by each approach. Understanding these differences is crucial for businesses operating internationally, as it informs strategies for compliance, innovation, and data management. Read on to find out our main insights from the talk:

Regulatory Approaches

The US regulatory framework is characterized by a reactive, harm-focused approach. Regulations are often created in response to specific issues, resulting in a multitude of narrowly focused laws. This method allows innovation to flourish but can create a challenging landscape for companies to navigate due to the complexity and specificity of the regulations.
The EU on the other hand employs a precautionary principle, preemptively restricting activities until clear conditions for safe operation are established. This approach is particularly stringent when it comes to personal data processing, aiming to ensure high standards of data protection and security.

AI Regulation

AI regulation in the US is managed through a series of specific laws targeting particular issues. Key examples include:

    • California Business & Professions Code 17941: Requires the disclosure of AI bots.
    • New York City’s regulation on Automated Employment Decision Tools: Governs the use of AI in hiring processes.
    • Colorado AI Act (effective May 2024): Focuses on preventing algorithmic discrimination.
    • Presidential Executive Order: Provides guidance for federal agencies, though it leaves many details open-ended, making it distinct from the EU's comprehensive regulatory approach.

The EU AI Act primarily regulates high-risk AI systems, mandating extensive data for training these systems. However, there is still ambiguity regarding how the AI Act aligns with the General Data Protection Regulation (GDPR), particularly in terms of data requirements and privacy concerns.

Discussion Highlights:

  • The US's approach allows for rapid innovation but requires companies to manage a complex array of specific regulations.
  • The EU's precautionary stance ensures robust data protection but can be restrictive for businesses seeking to innovate.
  • There is a significant difference in regulatory philosophy: the US intervenes when problems arise, while the EU sets strict rules upfront to prevent issues.

This discussion was invaluable for professionals navigating the complexities of compliance and innovation in these regions or students and legal scholars seeking to understand the dynamics of regulatory bodies, law, and the private sector. Many thanks to Lothar Determann for his insightful presentation and to all attendees for their participation.


Lothar Determann is an attorney in Silicon Valey focused on data privacy law compliance, information technology, artificial intelligence, copyrights, product regulations and international commercial law.


Attorney Lothar Determann highlighted the stark contrasts between the US's reactive, issue-specific AI and data regulations and the EU's proactive, precautionary approach.

Don't lose track of innovation.

Sign up to our newsletter and follow us on social media.