When governments compete to attract AI investment, the weakest protections can become the standard everyone else has to live with.

Sam Tabahriti reported for Reuters on June 17 that artificial intelligence adoption in Britain has reached a “tipping point,” with companies and government bodies moving from testing AI tools to using them in larger, more complex operations. Maureen Costello, Google Cloud’s vice president for the United Kingdom, Ireland and Sub-Saharan Africa, told Reuters that organizations are putting AI “into production” and beginning to see returns. London, already home to a major concentration of tech talent and institutions such as Google DeepMind, is trying to cement itself as a global AI hub.

The policy mechanism is speed. AI is moving from pilot projects into business operations, public administration and consumer systems faster than governments are settling the rules for who is accountable when those systems make consequential decisions. That gap is where power moves. Companies deploy first. Regulators interpret later. The people affected by automated decisions often find out after the system has already shaped the outcome.

Britain’s approach makes that gap visible. The UK does not currently have one comprehensive AI law governing AI as a technology. Its model relies on existing regulators, sector-specific oversight and cross-cutting principles such as safety, transparency, fairness, accountability and redress. That structure gives the government flexibility. It also gives companies more room to move before hard obligations arrive.

That is the trade. A principles-based model can adapt as technology changes, but it depends on regulators having the capacity, authority and political backing to enforce those principles across different sectors. Finance, housing, healthcare, employment, immigration and education do not absorb AI risk in the same way. A chatbot used for retail customer service is not the same as an automated tool used to screen job applicants or assess eligibility for public benefits. The harm is different because the gate is different.

The European Union took a different route. The EU AI Act uses a risk-based framework that places stronger obligations on higher-risk systems. The logic is clearer: when AI is used in domains where access, rights or safety are at stake, the burden should sit with the provider and deployer before harm occurs. That does not make the EU model simple. It makes the starting point different. The system asks what the technology can do to people before treating adoption as the default good.

The United States is stuck in another version of the same conflict. Colorado passed SB 24-205, the country’s most comprehensive state AI law, requiring developers and deployers of high-risk AI systems to use reasonable care to protect consumers from algorithmic discrimination. The law included risk management, impact assessments, annual reviews, consumer notices, correction rights, appeal rights and disclosures to the attorney general.

Then Colorado replaced it. SB 26-189 repealed and reenacted the framework around automated decision-making technology in consequential decisions. The new law still creates consumer rights, but it narrows the machinery. It requires notices, technical documentation, records and plain-language explanations within 30 days after an adverse outcome. That matters because the burden shifts. Prevention disciplines institutions. Explanation asks individuals to react after the damage has landed.

Donald Trump’s December executive order shows why that shift cannot be read as a Colorado-only story. The order attacked state-by-state AI regulation as a “patchwork” and specifically criticized Colorado’s algorithmic discrimination law. It directed the attorney general to create an AI litigation task force to challenge state AI laws viewed as inconsistent with a minimally burdensome national framework. The message to states was direct: regulate too aggressively and you may have to defend the law against the federal government.

That is how preemption pressure works even before a final court ruling. The threat of litigation, funding conflict and political escalation can narrow state ambition before enforcement begins. Companies do not need every strict rule defeated. They need enough uncertainty around strict rules to make governments hesitate.

The people most exposed to that hesitation are not usually the companies lobbying for lighter standards. They are workers screened by hiring software, renters evaluated by automated tenant tools, patients triaged by digital systems, students sorted by educational platforms and migrants assessed by border technology. They are not choosing between the UK model, the EU model and the Colorado model. They are living under whichever standard happens to govern the system making the decision.

Regulatory fragmentation is often framed as a startup problem because compliance across jurisdictions can be expensive. That is real. But the larger risk falls on people with the least power to challenge automated decisions. A company can hire counsel, redesign workflows or choose where to launch first. A person denied access may only receive an explanation after the decision has already altered their life.

London’s AI boom is not just a technology story. It is a governance test. If the UK becomes the preferred home for AI growth because its rules are more flexible, other jurisdictions will feel pressure to soften their own standards to remain competitive. If Colorado’s strongest state law can be narrowed before full enforcement, other states will learn that ambition carries legal and political costs. The next phase of AI governance will be decided by whether governments can keep protection attached to deployment, or whether the softest rule becomes the global baseline because it is the easiest place for capital to move.