As AI regulation tightens, legal foresight will define success

The clock is ticking for organisations that build, deploy, or rely on AI systems. With phase two of the European Union’s AI Act fast approaching, the world’s first binding AI regulation is ushering in a new era of enforceable AI governance.

The act introduces strict requirements to ensure transparency, safety, and human oversight, grouping AI systems into four risk tiers that define how they are governed. Phase one, which came into force on February 2, 2025, banned AI systems deemed to pose unacceptable risk and required organisations operating in the EU to improve AI literacy among employees. The next phase places new obligations on general-purpose AI, including models such as ChatGPT, Claude, DALL·E, Midjourney, Anthropic, Meta, and Google BERT. These requirements mandate greater transparency, the creation of detailed technical documentation, and the disclosure of copyrighted materials used during training.

Recommended For You

Rain, clouds possible during Eid Al Fitr in UAE; temperatures may reach 39°C

India invokes force majeure, gives priority to gas sales to key sectors

GPS disruptions in UAE? Why your Google Maps, Waze may show wrong locations

Nearly 700,000 displaced in Lebanon as war enters second week

UAE combats rising prices as regional conflict impacts tomato, onion costs

 

European companies have already called for a pause on these measures, which the EU has rejected. From my perspective, this signals two realities. The first is that the era of enforceable AI regulation has arrived and will only continue to evolve. And the second, is that while responsible AI frameworks have been discussed for years, many businesses are still working out how to get prepared.

Legal foresight as a strategic advantage

Treating AI compliance as a reactive exercise has never been sustainable. But today, with the pace at which the regulatory landscape relating to AI and responsible and ethical AI, is evolving, legal foresight is more essential than ever.

It must be embedded into how AI systems are built, deployed, and scaled from the outset. This is especially critical for general-purpose models, which are complex, fast-evolving, and capable of broad downstream impact.

Integrating compliance into the development process, rather than retrofitting it later, helps reduce operational risk while strengthening trust with customers, partners, and regulators. This proactive approach is already being embraced in forward-looking jurisdictions such as the UAE, where regulation is positioned as a catalyst for innovation.

In recent years, the UAE has formalised its AI governance through initiatives like the Artificial Intelligence and Advanced Technology Council (AIATC) and the UAE AI Charter, both of which emphasise ethics, transparency, and public interest. These efforts underscore the importance of co-design between government and industry to ensure that emerging technologies are not only cutting-edge, but also responsibly deployed.

The co-regulation imperative

No single organisation can navigate this evolving regulatory landscape alone. Engaging with industry peers, policymakers, and technology providers is essential. Co-regulation, where governments, private companies, and civil society collaborate to shape rules and guardrails which promote progress, is emerging as the most effective approach. The UAE’s partnership with the World Economic Forum through the Global Regulatory Innovation Platform (GRIP) is a prime example. GRIP provides shared frameworks, benchmarking tools, and collaborative mechanisms that transform regulation from a constraint into an enabling model, aligning speed, inclusivity, and ethical standards.

This collaborative mindset also shapes how Core42 designs its infrastructure. We embed regulatory and sovereignty requirements directly into our platforms to ensure compliance is not an afterthought. Our Sovereign Public Cloud, built on Microsoft Azure and supported by our sovereign controls platform Insight, addresses the complex challenges of data sovereignty and compliance for governments and regulated industries while still enabling public cloud innovation. With built-in sovereign control sets, comprehensive audit capabilities, and streamlined compliance management, organisations can manage sensitive data with confidence while benefiting from hyperscale agility and security.

For customers requiring fully isolated environments for classified workloads, our Signature Private Cloud extends the same principles by combining the scalability of cloud with the control and assurance of on-premises systems.

Preparing for the next frontier

As governments worldwide move toward more comprehensive oversight through the regulation of AI, the organisations that thrive will be those that invest in proactive legal strategies today and seek to ensure their perspectives are tabled during the co regulation phase. 

In the Middle East, we are already seeing this next frontier take shape. The launch of the Responsible AI Foundation by G42 and Microsoft, in collaboration with MBZUAI, is establishing region-specific standards for fairness, transparency, and accountability. Additionally, G42’s 2024 report on Sovereign AI Ecosystems highlights the growing importance of robust data governance frameworks as demand for data, storage, and computational power accelerates with AI advancements. As such, future regulations are likely to set clear parameters for data sovereignty, cross-border flows, and the accountability of AI systems operating on national infrastructure, addressing both technical integrity and the socio-cultural considerations unique to the region.

In addition, continuous risk assessments, real-time auditing, and sector-specific governance will soon become standard practice. To prepare, legal teams must build cross-functional expertise, be creative and immersed in the dynamism of the environment in which the world is operating and work closely with engineers, product owners and data scientists to anticipate the regulatory landscape that will apply to what they are building rather than react to it. 

For companies developing or deploying AI, success will not hinge solely on technological breakthroughs but on the ability to navigate an increasingly complex legal environment. Those who approach this with foresight and integrity will be best positioned to earn public trust and capture long-term value.

The writer is General Counsel, Core42.