US AI Action Plan vs EU AI Act: Diverging paths for global AI governance

On 23 July 2025, the White House released ‘Winning the AI Race: America’s AI Action Plan’ during the AI Day Summit in Washington D.C. The 28-page plan outlines The Trump administration’s strategic roadmap for asserting US dominance in the global AI race. It includes more than 90 federal actions based on three pillars: 

1. Innovation: Accelerating progress by removing ‘unnecessary regulatory barriers’ and promoting AI deployment across sectors 
2. Infrastructure: Building a national AI infrastructure, including data centres and semiconductor development 
3. International diplomacy and security: Aiming to set the global standard through exports, partnerships and policy influence 

The plan also emphasises principles such as putting ‘American Workers First’, building bias-free systems, and safeguarding AI systems from theft or misuse by foreign or malicious actors with what is termed ‘constant vigilance’. 

President Trump signed three executive orders to support these goals, including rescinding the Biden-era AI safeguardsWhen transferring personal data to a third country, organisations must put in place appropriate safeguards to ensure the protection of personal data. Organisations should ensure that data subjects' rights will be respected and that the data subject has access to redress if they don't, and that the GDPR principles will be adhered to whilst the personal data is in the... relating to data protection and ethical oversight. Supporters of the plan say that it represents a decisive shift toward growth, resilience, and global AI leadership. 

Critics, including many in the data protection community, urge a pivot toward a more balanced model that does not compromise privacy, transparency or human rights. 

The contrast with the EU’s AI ActThe EU Artificial Intelligence Act was approved by the EU Council on 21 March 2024. A world-first comprehensive AI law, intended to harmonise rules for the development, deployment, and use of artificial intelligence systems across the EU. is stark. While the US approach favours speed, deregulation, and market dominance, the EU has adopted a risk-based framework, closely aligned with the General Data Protection RegulationRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). (GDPR). The EU AI Act sets out clear rules based on the level of risk posed to individuals and society, banning certain uses outright and enforcing strict oversight for high-risk applications, and requiring transparency for limited-risk systems. 

With many already viewing the EU AI Act as the ‘gold standard’ for responsible AI governance, the Trump administration’s plan appears designed to directly compete. 

David Smith, DPO and AI Sector Lead offers this initial assessment: 

‘While the tone of the US AI Action Plan is undeniably bold, the headline rhetoric may mask a more considered strategy, with commitments to open-sourcing, research access, and workforce upskilling. But from a data protection and AI governance perspective, it leaves key questions unanswered. The focus on federal use and deregulation offers little clarity on how core safeguards like fairness, transparency, and data minimisationThe third GDPR principle, requiring organisations to only collect the personal data that is truly necessary to fulfill each purpose for data processing. will apply in practice, especially for SMEs and commercial deployments.

For global AI developers, the bigger question is whether they can afford to maintain divergent compliance strategies. Aligning with the EU’s AI Act may prove the more practical route for organisations seeking legal certainty, operational efficiency, and trusted foundation across markets.’

Any advice for businesses? 

For organisations operating on both sides of the Atlantic, the takeaway is clear: the regulatory divide is widening. To manage competing approaches, businesses will need to remain strategically agile and design governance models that can accommodate both approaches. 

This means establishing clear internal policies that go beyond minimal requirements, building cross-functional teams that include legal, compliance, and technical leads, and staying closely aligned with evolving standards across jurisdictions.