More than 30 countries sent delegations to Sydney to talk about AI governance, but they left with bilateral introductions, not a shared mechanism.

The convergence of principles is real; the enforcement gap is measurable in dollars, dates, and jurisdictions; the integrating layer that would close it does not exist. For firms, that absence translates into a structural cost premium on every cross-border AI deployment in 2026. For countries, it leaves a strategic opening for whichever jurisdiction or institution first builds a credible integrating framework, since the demand for one is now documented and the supply is still zero.

The Thesis

While the U.S. compliance conversation still anchors on Brussels and Washington, the structural fact has moved east. In January 2026 alone, Singapore launched the world’s first agentic AI framework and South Korea enforced Asia-Pacific’s first binding comprehensive AI law on the same day, with the EU AI Act’s most consequential provisions phasing in on August 2, 2026 to complete the picture. The result is four jurisdictions operating under four distinct philosophies with no shared mechanism connecting them, leaving institutions that deploy AI across borders to pay for a compatibility that every regulator assumes already exists.

The Signal

Three moves repriced global AI governance this cycle.

Signal 01
Sydney convened the world. It left without a framework.

What happened. The Future Action Summit 2026 in Sydney drew delegations from across the Global South and beyond. Abdullah Ishak Khan, HSI’s Global Fellow on the ground, described the pattern in his field notes: every delegation arrived with a localized solution, but none arrived with a mechanism to coordinate one across borders.

Why it matters. The pattern is structural, not Sydney-specific. The OECD AI Policy Observatory tracks over 1,000 AI policy initiatives across 69 countries, converging on the same four principles: risk-based classification, transparency, human oversight, and accountability. Every multilateral summit since Bletchley Park has produced a declaration. The 2025 Paris AI Action Summit could not even get the U.S. and U.K. to sign. The convergence is on the page. The enforcement is not.

Second-order effect. Firms deploying AI across the EU, South Korea, Singapore, and U.S. markets cannot satisfy four regimes with one compliance posture. The integrating layer between them does not exist, and the cost of its absence falls on operators first in three concrete forms: parallel documentation pipelines, with global operations multiplying consulting costs by 2.5x across multiple legal frameworks compared to single-jurisdiction deployment; delayed product launches in the most restrictive jurisdictions as legal review extends; and litigation exposure when a deployment compliant in one regime triggers enforcement in another. The DLA Piper January 2026 fines survey documented €1.2 billion in GDPR fines issued in 2025 alone, with over 60% of the total fine value imposed since January 2023 — the trajectory the EU AI Act enforcement cycle is now entering.

Signal 02
Asia-Pacific reached comprehensive enforcement first. The penalty regimes are unrecognizable to each other.

What happened. On January 22, 2026, Singapore’s Infocomm Media Development Authority launched the world’s first Model AI Governance Framework for Agentic AI at Davos. The same day, South Korea’s AI Basic Act took effect as the Asia-Pacific’s first binding comprehensive AI law. The text of the EU AI Act was passed in 2024, but full high-risk enforcement only begins on August 2, 2026.

Why it matters. English-language regulatory coverage remains weighted toward Brussels; the Asia-Pacific enforcement frontier is receiving measurably less analyst attention. The penalty structures share a vocabulary and almost nothing else. South Korea caps administrative fines at KRW 30 million, roughly $20,700, with a one-year grace period for enforcement. The EU AI Act imposes penalties of up to EUR 35 million or 7% of global annual turnover, with extraterritorial reach. Singapore’s framework is non-binding industry guidance. The U.S. has no federal AI law, relying instead on the NIST RMF, executive orders, and a patchwork of state laws, including Texas TRAIGA (effective January 1, 2026). Same principles. Penalty severity diverges by three orders of magnitude. The practical consequence for U.S. operators is that a single AI deployment can trigger compliance obligations in three regimes with incompatible documentation requirements, incompatible enforcement timelines, and incompatible definitions of what counts as high-risk. There is no efficient way to build one compliance posture that satisfies all of them, which means the cost of cross-border AI deployment in 2026 is structurally higher than the cost of single-jurisdiction deployment.

Second-order effect. For U.S. firms, the practical consequence is unfamiliar regulatory exposure with no domestic precedent. South Korea’s AI Basic Act applies extraterritorially through a domestic representative requirement, with three disjunctive triggers: global annual revenue above KRW 1 trillion (about $690M), Korean users above 1 million daily, or Korean revenue above KRW 10 billion (about $6.9M). A mid-cap U.S. firm with a single B2B contract in Seoul can trigger the third threshold without realizing it, and most U.S. compliance teams are not testing against it. Firms measuring exposure against the global-revenue line alone will miss the Korean-revenue line by two orders of magnitude, and the cost of discovering that gap at the point of enforcement is materially higher than discovering it now.

Signal 03 · The Deep Cut
The funder pipeline opens on proof of concept, not policy papers.

What happened. Foundation representatives in Sydney were observing, not committing. HSI’s field reporting describes their interest as concentrated on “Synthetic Authenticity” and public trust in AI systems, an area that has not been widely explored in standard policy circles. The findings regarding funder readiness were direct: foundations want proof of concept, particularly in regulated settings like maritime or healthcare, before investing in larger-scale trials.

Why it matters. This is a field-level read, not an announced grant cycle. But it tracks public funder behavior elsewhere. MacArthur’s Technology in the Public Interest program has shifted explicitly toward implementation-stage work over framework production. Bloomberg Philanthropies and Schmidt Sciences have prioritized the deployment of regulated-sector AI over abstract governance research. Maritime and healthcare both face exactly the cross-border externalities Sydney delegations emphasized: ocean pollution carried into Lagos from international waters; clinical AI deployed across jurisdictions with incompatible risk tiers.

Second-order effect. The pipeline is at the stage of foundation conversations and informal interest, not active grant cycles or signed letters of intent. It is a directional read from one summit and one fellow’s field reporting, consistent with public funder behavior at MacArthur and Schmidt Sciences, where regulated-sector AI deployment has moved from research-stage funding into implementation-stage funding over the past 18 months. The reward, when foundation capital does deploy, goes to whoever has operationalized the integrating layer in a specific regulated context first.

The Playbook

Five questions for operators evaluating cross-border AI deployment over the next 18 months.

Step 01
Map jurisdictional exposure before model risk.

Start with U.S. state laws (TX TRAIGA, CO AI Act, CA SB-1047) since those are already in force for your domestic deployments. Then layer the international exposure: EU AI Act for any system serving European customers, South Korea AI Basic Act for any system with the Korean revenue or user thresholds, Singapore MGF for any agentic deployment in the APAC market. Compliance architecture follows the exposure map, not the reverse.

Step 02
Run the Korea triple-trigger test this quarter.

This applies to any U.S. firm with Korean revenue, Korean users, or APAC business operations of any size. The domestic representative requirement attaches when any one of three thresholds is met: KRW 1 trillion global revenue (about $690M), 1 million daily Korean users, or KRW 10 billion Korean revenue (about $6.9M). Mid-cap firms with even modest Korean B2B contracts can trigger the third threshold without realizing it. Most U.S. compliance teams test only the global-revenue line and miss the Korean-revenue line by two orders of magnitude.

Step 03
Treat August 2, 2026 as in-force, not approaching.

The EU AI Act penalties of EUR 35 million or 7% of global turnover apply with extraterritorial reach to any AI system in EU markets. Pre-enforcement documentation is materially cheaper than remediation under regulatory examination; firms that delayed under GDPR consistently paid materially more for the same compliance posture once enforcement began.

Step 04
Build to the strictest regime, port down from there.

Adobe, OpenAI, Google, and Microsoft embedded EU-compliant transparency into global product suites rather than running parallel stacks. The cost differential between satisfying a single strict regime and remediating across four lighter ones is now well-documented.

Step 05
Name a single accountable owner.

Singapore’s MGF makes meaningful human accountability one of four core dimensions, requiring allocation across developers, deployers, operators, and end users. If the accountable owner is unnamed when a regulator opens a file, the regulator will assign one, typically the most senior executive whose name appears in the deployment documentation. That allocation is binding, public, and not negotiable. Naming an owner internally is a one-week decision; having one named externally is a multi-year reputational and personal liability event.

The Verification Test

Claim. My company’s AI deployments are uninsured against the cross-border governance gap.

Test. Have compliance counsel pull every AI deployment with revenue exposure in the EU, South Korea, Singapore, or any U.S. state with AI legislation. For each deployment, identify: (1) which jurisdiction’s risk-tier rules apply, (2) whether the documentation meets the strictest applicable regime, and (3) whether a single named owner is accountable for that deployment’s lifecycle governance.

Pass criteria. Every production AI system maps to a documented regulatory regime, has documentation meeting the strictest applicable standard, and has one named accountable owner. The audit produces a written register that could be handed to a regulator within ten business days.

Fail smell. Counsel produces a compliance summary in policy language rather than a deployment-by-deployment map. “We are aligned with NIST RMF” is not a pass; NIST is not a jurisdiction. If the answer to “who owns this deployment” is “legal and technology, jointly” for any system, the system has no accountable owner and the audit has failed.

The Metric

SAME FAILURE · FOUR REGIMES Maximum administrative penalty · logarithmic scale SOUTH KOREA $20,700 AI Basic Act · KRW 30M cap · one-year grace period EUROPEAN UNION $37M AI Act · EUR 35M ceiling, or 7% of global turnover Singapore: non-binding · U.S.: no federal statute Roughly three orders of magnitude apart.
Sources: EU AI Act (Regulation 2024/1689) and South Korea Ministry of Science and ICT, January 2026.
≈1,800×

What it measures. The multiple between the two regimes with binding caps, for the same compliance failure: the EU AI Act’s EUR 35M ceiling (up to $37M, or 7% of global turnover) is roughly 1,800 times South Korea’s KRW 30M cap (about $20,700). Singapore’s framework is non-binding guidance and the U.S. has no federal statute.

Why it matters now. Put the four regimes side by side, and the gap is no longer abstract. Same principles, same four-part vocabulary, penalty severity diverging by three orders of magnitude. The EU prices AI as a risk to be carried on corporate liability. South Korea treats it as an industry to be cultivated, with light-touch oversight and a one-year grace period. Singapore treats it as a market to be guided rather than commanded. The U.S. has not yet decided. None of these positions is wrong on its own terms; none of them is coordinated.

Source. EU AI Act and MSIT South Korea, January 2026.

The Lens — Horizon Search Institute

Human Performance

Of 30+ countries at the Future Action Summit, most delegations came from the Global South, a sharper concentration than at Bletchley (2023) or Paris (2025). Future Action Summit

Responsible AI

Singapore’s MGF for Agentic AI is the first regulatory document to address autonomous AI agents directly, anticipating risks that emerged after the EU AI Act was drafted. IMDA

Planetary Futures

Cross-border environmental externalities (ocean pollution carried into Lagos, atmospheric carriage of waste) require integrating architectures no single national framework currently supports. OECD.AI

Governance & Diplomacy

Full EU AI Act enforcement begins August 2, 2026 with extraterritorial reach; South Korea already requires foreign operators to appoint domestic representatives on any of three triggers. EU AI Act

Links Worth Your Time

Sources
  1. Infocomm Media Development Authority (Singapore), “Model AI Governance Framework for Agentic AI,” version 1.5, January 22, 2026. imda.gov.sg
  2. Ministry of Science and ICT (South Korea), AI Basic Act and Enforcement Decree, effective January 22, 2026. msit.go.kr
  3. European Union, AI Act (Regulation 2024/1689), enforcement phase August 2, 2026. eur-lex.europa.eu
  4. OECD.AI Policy Observatory, “Policy Navigator,” accessed May 2026. oecd.ai/en/dashboards
  5. HSI Reflection Memo, Abdullah Ishak Khan, “Future Action Summit 2026 (Sydney),” April 28, 2026 (internal).
  6. HSI Interview, Abdullah Ishak Khan with Hernando Liu, April 29, 2026 (internal transcript).
  7. Baker McKenzie, “Singapore: Governance Framework for Agentic AI Launched,” January 29, 2026. bakermckenzie.com
  8. White & Case LLP, “AI Watch: Global Regulatory Tracker — South Korea,” April 6, 2026. whitecase.com
  9. Cooley LLP, “South Korea’s AI Basic Act: Overview and Key Takeaways,” January 27, 2026. cooley.com
  10. Bloomsbury Intelligence and Security Institute, “Global Fragmentation of AI Governance and Regulation,” February 13, 2026. bisi.org.uk
  11. KoreaTechDesk, “Between Innovation and Oversight: Korea’s AI Basic Act Enters Enforcement,” January 22, 2026. koreatechdesk.com
  12. Law.asia, “Korea’s new AI Basic Act: Characteristics and significance,” April 8, 2026. law.asia
  13. MacArthur Foundation, Technology in the Public Interest program strategy. macfound.org
  14. Lucid, “AI Trends in Cross-Border Compliance 2026,” January 30, 2026. lucid.now
Issue Credits
Author
Hernando Liu
Managing Editor
Cynthia Chen
Editor-in-Chief
David Lovejoy
Published by Horizon Search Institute · EIN 42-1954110 · A Delaware nonprofit corporation · horizonsearch.org