From Framework Debates to Operational Compliance: How AI Regulation Grew Up
The conversation about AI regulation has changed character entirely in the space of two years, and the people who spend their working lives inside consultations, rule-makings and standards bodies are the first to recognise this shift. What was once a debate about principles and high-level frameworks has turned into something far more concrete, operational, and demanding for suppliers and counterparties - who now find AI compliance embedded in every procurement conversation.
And this change is not cosmetic; it reflects a deeper shift in how governments, enterprises, and even the lawyers who advise them - understand what regulating this technology actually requires. It is most visible to those whose job is to sit across the table from regulators, while a rule is still being written.
Magdalena Konig, General Counsel at Sirius International Holding, has watched the substance of customer enquiries change beyond recognition. “The shift between 2024 and 2026 in the AI regulatory conversation has been from framework debates to operational compliance,” she explained, pointing to entirely new substantive areas- agents, synthetic content and frontier model governance- that barely registered as customer questions two years ago.
The change she described is not merely one of volume but of expectation. Customers no longer ask whether AI should be governed; they ask how their suppliers intend to demonstrate that it already is, and they have begun to fold that expectation into the same risk, procurement and governance disciplines they apply to every other category of supplier.
“They expect their suppliers and counterparties to have answers,” Konig explained, describing a market in which AI compliance has stopped being treated as an exotic and separable topic and started being absorbed into ordinary commercial diligence.
That same operational turn is visible from the cybersecurity vantage point, where the questions arrive framed less by contract law than by threat exposure. Alessandro Liotta, EMEA Regulatory Affairs Lead at Fortinet, traced the same trajectory through the enquiries his customers now bring to the table. “
Two years ago, most AI conversations were centred around experimentation, productivity and early-stage adoption,” he explained, contrasting that period with the present in which organisations press for answers on governance, sovereignty, visibility, runtime protection and AI-related cyber risk. The maturing of the technology has dragged the regulatory conversation along with it, and the people staffing these engagements describe a discipline that has matured at the same pace.
What customers want now, on their account, is visibility and control over how AI applications are being used, assurance that sensitive data remains protected, and confidence that AI-enabled threats can be detected and contained as deployments spread across hybrid and multi-cloud environments.
Engaging a live rulemaking now demands relationship-building long before a consultation opens
The mechanics of how an enterprise engages with a live rulemaking reveal just how far this work has travelled from its origins in occasional correspondence with regulators. Konig described an approach shaped substantially by the jurisdiction she works within, where the posture toward the technology differs markedly from the risk-first instincts of Europe. The UAE, she explained, treats AI primarily as a strategic capability to acquire and deploy rather than a risk to manage or a market to win, and rulemaking follows directly from that orientation.
The distinction matters because it determines the entire register of the engagement. Where a regulator begins from the premise that AI is a hazard to be contained, the conversation tends toward restriction, but where the starting point is national capability, the conversation becomes one about how to enable deployment without sacrificing safeguards.
The work itself, on her account, is multi-phase and multi-stakeholder, running from intelligence-gathering through pre-consultation engagement, formal response, post-consultation follow-up and eventual implementation. “There is a passion in the UAE for making things happen; policy work isn’t just writing letters; it’s sustained relationship-building, intelligence work, and substantive expertise combined into a discipline,” Konig explained.
Her team weighs the scope of any proposed regulation against alternative models drawn from global best practice, examines the degree of implementation flexibility on offer, and scrutinises the procedural protections built into the regime, engaging not only the regulator but industry peers, trade bodies, customers and academic voices in the process. Effectiveness, she explained, depends on being specific, supporting positions with evidence, engaging at the right moment in the cycle, and building the kind of trust that makes a regulator willing to listen, none of which can be improvised at the point a consultation opens.
For Liotta, the same broadening of engagement has reshaped how the function is staffed and resourced, and the change has been pronounced. The work that once sat primarily with legal and policy teams now draws in cybersecurity leadership, engineering, cloud architects, product organisations and threat intelligence specialists.
“Compared with two years ago, AI governance discussions have become significantly more operational and much more cross-functional,” he explained, attributing the change to the rapid growth of frontier AI, generative systems, sovereign AI initiatives and AI-enabled cyber threats.
Fortinet’s own engagement now spans executive leadership, public sector teams, threat intelligence specialists and product strategy groups, a spread that reflects how thoroughly governance has ceased to be a containable specialism. The company’s engagement with policymakers, academia, regulators and peers across the value chain, Liotta explained, is oriented toward building operational resilience that is both robust and viable, and toward helping organisations adopt AI securely at the scale their ambitions now demand.
Building compliance into the development pipeline has become a condition of shipping at speed
One of the more consequential changes both leaders described concerns the point in the development cycle at which compliance enters the picture. The older pattern, in which a product was built and then adjusted to satisfy whatever rules applied, has given way to something more integrated. Konig was direct about the change in engineering practice. “The shift in recent years has been towards developers designing for compliance rather than retrofitting for it,” she explained, describing a model in which her organisation builds and goes to market quickly while constructing the compliance infrastructure into the same pipeline rather than treating it as a separate workstream.
The distinction between the two approaches is not academic, because retrofitting compliance after the fact is both slower and more expensive than building it in, and in a market moving at the speed of the current one, it can be the difference between shipping and stalling.
She situated that approach within the UAE’s broader stance, which she characterised as resting on progress, collaboration, community, ethics, sustainability and safety, and within a continuing trend of government support intended to expand the country’s footing as a world-leading AI hub while reducing dependence on foreign technology companies. The ambition is considerable, and the country’s standing lends it weight.
The UAE has held the top global ranking for AI adoption in successive Microsoft analyses, with its diffusion score rising to 70.1% in the firm’s 2026 assessment from 64% a year earlier, a position built on early foundations laid when it appointed the world’s first Minister of State for Artificial Intelligence in 2017 and launched a national strategy spanning nine priority sectors.
Beyond the Gulf, Konig identified a wider set of pressures shaping business strategy, among them rules on training data and copyright, synthetic content provenance, agentic systems, foundation model governance, AI in regulated sectors, security and resilience, and liability, alongside updates to competition and export control regimes that increasingly bear on how international companies plan their deployments.
Liotta located the commercial weight of the emerging regulatory stack in a slightly different but complementary set of requirements, reflecting the security lens through which he reads the same landscape. The biggest operational impact, he explained, was likely to flow from obligations around data sovereignty, governance accountability, auditability, AI infrastructure protection, supply-chain security and secure deployment standards.
“AI infrastructure is becoming a high-value target for cybercriminals,” he explained, describing the consequent shift in focus toward runtime security, segmentation, identity controls and continuous monitoring as organisations move from experimentation to large-scale operational deployment.
The fragmentation across emerging governance frameworks, particularly around data sovereignty, accountability, transparency and operational requirements, was among the most demanding challenges his customers now face, and it has pushed the conversation toward interoperability and implementation rather than abstract principle. Organisations need approaches, he explained, that can support innovation while maintaining control, resilience, visibility and security across environments that grow more complex with every new workload.
Enforceable AI rules are arriving through existing agencies rather than one comprehensive statute
When the conversation turned to where enforceable regulation is genuinely heading over the next eighteen months, Konig drew a careful distinction between the European model and what she expects from the UAE. She did not anticipate a hard-law, horizontal AI act of the kind the EU has enacted, predicting a direction of layered enforcement through existing regimes.
The pattern she described involves narrow, sector-specific rules covering matters such as deepfake disclosure, employment AI bias audits, training data transparency, watermarking and child safety, enforced by existing agencies drawing on authority they already hold rather than by a single new statute erected over the entire field. That approach, on her reading, compounds rather than disrupts the dynamic frameworks the UAE has already built, and it allows enforcement to proceed without waiting for the kind of comprehensive legislation that has taken years to move through other jurisdictions.
On frontier models, Konig was clear that the central question remains genuinely unresolved, noting that pre-release evaluation requirements have been floated but enacted nowhere. She pointed to California and New York as jurisdictions advancing narrow, enforceable frontier model regimes built around safety frameworks, incident reporting and transparency rather than pre-deployment approval, and the statutes themselves bear out that characterisation.
California’s Transparency in Frontier Artificial Intelligence Act, signed into law in September 2025 and effective from January 2026, requires large frontier developers to publish safety frameworks and to report critical safety incidents to the state’s Office of Emergency Services within fifteen days, or within twenty-four hours where an incident poses an imminent risk of death or serious injury, with civil penalties reaching $1 million per violation and the obligations falling on developers training models above a compute threshold of ten to the power of twenty-six operations.
New York’s Responsible AI Safety and Education Act has advanced through its legislature on a comparable transparency-and-reporting model, carrying materially higher penalties, and the parallel between the two confirms the direction Konig described, in which enforceable frontier rules concern disclosure and incident reporting rather than the licensing of models before release. Konig also expected litigation to define the boundaries of acceptability, suggesting that in the United States, challenges to training disclosure laws and algorithmic discrimination claims would shape what is genuinely enforceable more decisively than any new statute passed within the window.
Liotta’s reading of government signals pointed in the same operational direction, though framed through the lens of resilience rather than disclosure. The direction of travel, he explained, was clearly toward operational accountability, enforceable safeguards, resilience requirements and measurable governance controls.
“Governments are also increasingly treating AI environments as part of critical infrastructure and enterprise attack surfaces,” he explained, describing a consequent emphasis on runtime security, infrastructure protection, data protection, segmentation and continuous monitoring of AI-enabled environments.
The recognition that AI systems, workloads and infrastructure require advanced protection against evolving cyber threats has moved, on his account, from the margins of the policy conversation to its centre.
Over the next 18 months, regulation would become significantly more implementation-focused, with greater weight placed on demonstrable safeguards, operational oversight and resilience requirements tied directly to enterprise deployment rather than to the abstract characteristics of a model.
The compliance questions that matter most begin only after a model is deployed
Both leaders were most animated when describing what their customers have not yet thought to ask, and here their accounts converged on a single theme: the period after deployment. Konig set out the familiar cycle of technology regulation, observed across privacy, financial data and cybersecurity, in which companies underinvest in compliance infrastructure until the first enforcement action against a peer, then overinvest reactively in its wake.
By her assessment, the UAE sits in the early phase of that cycle, which places the customers already asking questions ahead of the curve rather than behind it, and gives those who move now an advantage over those who wait for an enforcement action to concentrate their attention.
She expected procurement teams to begin demanding model tier disclosure and notification rights on model swaps, the better to navigate compute thresholds under regimes including the EU AI Act, California’s SB 53, the UK’s frontier model proposals and US executive orders, and to prevent a vendor from quietly substituting a general-purpose model with a regulated frontier one without the customer’s knowledge.
She also anticipated sharper attention to security and liability questions, among them indirect prompt injection and the insurance coverage now emerging in step with regulation, model degradation and drift over time, and the provenance of training data, alongside a reconsideration of how open-source models such as Llama and Mistral are deployed and what compliance obligations attach to them.
“These questions share a common structure: what happens after deployment, in operation, over time, under stress, in adversarial conditions,” Konig explained, identifying the move from deployment compliance to operational compliance as the single biggest change coming. The shift, she added, reflects a regulatory migration from rules about placing AI on the market toward expectations about how AI is actually used over time, and it is that migration, more than any single statute, that will define the next phase of the work.
Liotta independently identified the same blind spot, locating it in the supply chain. “One of the biggest emerging issues is AI supply-chain risk,” he explained, observing that many organisations remain focused on usage policies and governance frameworks while the risks attaching to third-party models, embedded AI services, APIs, training data integrity and autonomous agents go comparatively unexamined.
The protection organisations require now extends across AI infrastructure, applications, APIs, models and sensitive data, and by the end of the year he expects attention to swing toward runtime AI security, identity governance, operational resilience and the protection of AI workloads as agentic systems proliferate and the attack surface widens with them. More organisations, he explained, would shift their focus from experimentation toward long-term governance models capable of managing security, accountability and operational risk across increasingly autonomous AI ecosystems.
The convergence between the two accounts is striking. Two leaders in different disciplines, working across overlapping jurisdictions, arrive at the same conclusion that the next regulatory frontier lies not in how AI is sold but in how it behaves once it is running, and that the enterprises preparing for that shift now will be the ones still standing when the first enforcement action arrives.