Weekly AI Governance Brief: 18–24 May 2026
Bringing you the latest developments in the AI governance world.
European Commission opens consultation on draft high-risk classification guidelines
The European Commission published draft guidelines on the classification of high-risk AI systems on 19 May 2026 and opened a targeted consultation running until 23 June 2026. According to the Commission, the exercise is intended to help providers, deployers, and other relevant actors determine whether an AI system falls within the high-risk category under the AI Act, while also testing the clarity and practical usefulness of the draft through stakeholder feedback.
The consultation forms part of the Commission’s broader implementation work under the AI Act and focuses on the operational interpretation of high-risk classification criteria.
Why this matters
High-risk classification determines whether an AI system falls within the AI Act’s most extensive compliance obligations. The publication of draft interpretive guidance therefore marks a shift from legislative framework-setting toward operational implementation.
For organisations developing or deploying AI systems, the consultation provides an early indication of how supervisory interpretation may develop around scope, categorisation, and regulatory obligations. It also reflects the Commission’s role in translating legislative text into practical compliance guidance for market participants.
Commission launches copyright review that explicitly includes generative AI
The European Commission launched a call for evidence on 18 May 2026 concerning the review and possible modernisation of the EU copyright framework, including an assessment of the practical impact and effectiveness of the 2019 DSM Copyright Directive.
The Commission’s announcement explicitly refers to challenges raised by generative AI in relation to licensing and enforcement of rights. The review also addresses issues connected to piracy, remuneration, and research-use exceptions. The consultation remains open until 25 June 2026 and may contribute to a targeted legislative initiative.
Why this matters
The inclusion of generative AI within a formal copyright review process represents an important institutional development in the EU’s handling of AI-related intellectual property disputes.
The review directly intersects with governance questions around training-data provenance, licensing arrangements, rights enforcement, and documentation obligations. It also signals increasing convergence between AI governance discussions and broader digital regulatory frameworks governing data access and content use.
UK pensions regulator publishes sector-specific AI governance plan
The UK’s Pensions Regulator (TPR) published an AI plan and accompanying press release on 20 May 2026, addressing the use of AI within workplace pensions administration and related services.
The regulator stated that trustees and scheme managers remain accountable for outcomes even where AI-supported decision-making or outsourced functions are involved. The plan outlines initial expectations concerning governance, testing, monitoring, risk controls, scam prevention, data strategy, and compliance with data protection obligations.
TPR also indicated that additional guidance may follow later in 2026 and noted ongoing work with the Financial Conduct Authority concerning alignment across the pensions supply chain.
Why this matters
The publication illustrates how sectoral regulators are beginning to translate broad AI governance principles into operational expectations tailored to specific industries.
The plan is notable for embedding AI governance within existing supervisory concerns such as fraud prevention, cyber risk, delegated-service oversight, and data quality management. It therefore treats AI as part of broader operational governance responsibilities rather than as a separate innovation issue.
FTC brings enforcement action over alleged false AI claims
On 21 May 2026, the FTC announced administrative complaints and proposed consent orders against CMG Media Corporation, MindSift LLC, and 1010 Digital Works LLC concerning marketing claims linked to an “Active Listening” AI-powered advertising service.
According to the FTC, the companies claimed that the service could target local advertising using conversations captured from smart devices and that consumers had consented to the practice. The complaints allege that the service did not use voice data and instead relied on email lists acquired from data brokers.
The proposed settlements include total payments of $930,000 and prohibit future misrepresentations relating to service functionality, voice-data collection, consent, and geographic targeting. The FTC stated that the proposed orders would be subject to public comment before becoming final.
Why this matters
The case highlights increasing regulatory scrutiny of AI-related marketing claims and data-governance representations.
The FTC’s action addresses both the claimed AI functionality itself and the associated representations concerning consumer consent and data practices. For AI vendors and deployers, the case reinforces that public claims regarding AI capabilities, system operation, and data usage may form part of enforceable regulatory representations.
Looking ahead
This week’s developments reflected a broader shift from high-level AI policy toward operational governance and supervisory interpretation. Within the EU, attention continued to move toward implementation questions, particularly around regulatory scope and the interaction between AI systems and existing legal frameworks such as copyright law.
Outside the EU, regulators focused more directly on accountability and market conduct. The UK pensions regulator approached AI governance through existing oversight responsibilities, while the FTC’s enforcement action highlighted increasing scrutiny of claims made about AI capabilities and data practices.
Taken together, the developments suggest that governance activity is becoming more embedded within existing regulatory systems and supervisory structures rather than developing as a separate policy field.
Sources
Targeted consultation on draft guidelines for the classification of high-risk artificial intelligence systems:
European Commission consultation page
Council document 9247/26, interinstitutional file 2025/0359(COD):
Council compromise text PDF
Commission review of EU copyright rules:
European Commission copyright review announcement
The Pensions Regulator AI plan:
TPR AI plan
TPR press release on responsible use of AI in workplace pensions:
TPR press release PN26-12
FTC press release on “Active Listening” AI marketing complaints:
FTC enforcement press release