Multi-Jurisdictional AI Governance Gaps Threaten Enterprise Compliance, arXiv Study Finds
Source
arXivWhat happened
A research preprint published on arXiv, available at https://arxiv.org/html/2512.02046v1, provides a structured comparative analysis of AI governance requirements across the United States, European Union, and Asia-Pacific region. The study catalogs areas where regulatory frameworks including the EU AI Act, the NIST AI Risk Management Framework, and various national and state-level mandates converge or conflict, identifying specific implementation gaps that organizations face when translating legal obligations into operational controls. The preprint does not carry binding legal force but offers compliance practitioners a detailed mapping of control requirements across major regulatory regimes. The EU AI Act imposes risk-based obligations tied to specific use-case classifications, with prohibitions on unacceptable-risk systems already in effect and obligations for high-risk systems phasing in through 2026 and 2027. The research is intended to serve as a diagnostic tool for enterprises assessing the completeness of existing AI governance programs operating across multiple jurisdictions simultaneously.
Why it matters
- ·Organizations subject to the EU AI Act face binding and time-sensitive compliance deadlines through 2027, and failure to close identified gaps in areas such as transparency obligations and high-risk system classification could result in direct regulatory exposure and financial penalties.
- ·Enterprises operating internationally must reconcile structurally different frameworks, such as the mandatory risk-based EU AI Act and the voluntary NIST AI RMF, creating operational complexity when designing unified governance programs that satisfy divergent documentation, oversight, and enforcement requirements.
- ·Compliance teams that rely on control inventories built around a single jurisdiction may face significant organizational risk when audited under a second or third framework, as gaps identified in the preprint suggest existing controls frequently fail to satisfy the full scope of overlapping mandates.
Governance controls affected
What to do now
- ☐Map your organization's current AI control inventory against the gap areas identified in the arXiv preprint, with priority given to transparency obligations, human oversight mechanisms, and high-risk system classification criteria.
- ☐Conduct a jurisdiction-by-jurisdiction review of which EU AI Act high-risk obligations apply to your deployed AI systems and confirm readiness against the phased compliance timeline running through 2026 and 2027.
- ☐Assess whether your existing HOC-001 risk classification methodology aligns with the use-case-based classification logic required under the EU AI Act as compared to the voluntary NIST AI RMF structure.
- ☐Review and update model documentation and audit logging practices to ensure they satisfy the most stringent documentation requirements across all jurisdictions in which your organization operates.
- ☐Track whether the arXiv preprint is accepted for peer-reviewed publication, as that status would increase its utility as a reference point in regulatory discussions and external audit contexts.
What to watch next
Compliance teams should monitor the phased implementation schedule of the EU AI Act, particularly the obligations for high-risk AI systems coming into effect through 2026 and 2027, to ensure remediation timelines are aligned with binding legal deadlines. Teams should also track the development of national AI frameworks in Asia-Pacific jurisdictions and any new state-level initiatives in the United States that may introduce additional divergence from existing federal guidance such as the NIST AI RMF. The potential peer-reviewed publication of this arXiv preprint warrants monitoring, as a formally published version could carry greater weight in regulatory and audit discussions. Broader enforcement signals from EU supervisory authorities as the AI Act matures will also provide important guidance on how gap analysis findings of this type are weighted in practice.