arXiv Preprint Maps Multi-Jurisdictional AI Governance Gaps Facing Enterprise Compliance Teams

A research preprint published on arXiv, available at https://arxiv.org/html/2512.02046v1, provides a structured comparative analysis of AI governance requirements across multiple jurisdictions, including the United States, European Union, and Asia-Pacific region. The study catalogs areas where regulatory frameworks such as the EU AI Act, the NIST AI Risk Management Framework, and various national and state-level mandates converge or conflict, identifying specific implementation gaps that organizations face when translating legal obligations into operational controls. While the preprint does not carry binding legal force, it offers compliance practitioners a detailed mapping of control requirements across major regulatory regimes, providing a reference point for organizations assessing the completeness of their existing AI governance programs.

The publication reflects a broader challenge that has emerged as AI-specific regulations have proliferated across multiple jurisdictions in a relatively compressed timeframe. Enterprises operating internationally are increasingly confronted with overlapping mandates that share common objectives but differ materially in scope, definitions, documentation requirements, and enforcement mechanisms. The EU AI Act, for instance, imposes risk-based obligations tied to specific use-case classifications, while the NIST AI RMF operates as a voluntary framework with different structural logic. State-level initiatives in the United States and emerging national frameworks in Asia-Pacific add further layers of divergence. The preprint attempts to address the practical difficulty organizations face in designing a single, unified AI governance program that satisfies these distinct and sometimes conflicting requirements simultaneously.

Enterprise compliance teams should treat this analysis as a diagnostic tool when reviewing the coverage of existing AI governance controls. Specifically, teams should map their current control inventories against the gap areas identified in the preprint, prioritizing remediation in domains where the research highlights conflicts between jurisdictional requirements, such as transparency obligations, human oversight mechanisms, and high-risk system classification criteria. Organizations subject to the EU AI Act face binding compliance timelines, with prohibitions on unacceptable-risk systems already in effect and obligations for high-risk systems phasing in through 2026 and 2027, making gap identification time-sensitive. Compliance teams should also monitor whether the preprint is subsequently published in a peer-reviewed venue, as that would increase its utility as a reference in regulatory discussions or audit contexts.