This Week in AI Regulations

Covering Information Security, Banking, Data Sovereignty, Frontier AI, Amendment. Explore the latest regulatory updates impacting Information Security, Banking, Data Sovereignty, Frontier AI, and Amendment efforts worldwide including new AI risk management frameworks and cyber resilience mandates.

Show Notes

This episode covers critical developments in AI regulations affecting Information Security, Banking, Data Sovereignty, Frontier AI, and legislative amendments globally.

We begin with Russia’s Bank of Russia introducing comprehensive AI risk management guidelines for the financial sector, including mandatory human oversight for high-risk AI payment operations and internal threat modeling. Next, China’s National Financial Regulatory Administration released a detailed framework for AI governance in banking and insurance, emphasizing board-level oversight and lifecycle management of AI applications.

The European Union’s latest initiatives include the European Data Protection Supervisor’s focus on AI transparency and accountability at external borders, as well as new guidance on frontier AI systems that elevate cyber risk. The EU mandates enhanced cybersecurity measures under the Digital Operational Resilience Act (DORA) to protect ICT assets and swiftly respond to incidents.

For more information, visit the Carver Agents website.

Articles mentioned:
  1. AI security in finance: Bank of Russia recommendations
  2. 全国标准参考数据计量技术委员会获批成立
  3. Faster AI attacks call for greater resilience
  4. Latest EDPS Newsletter out now
  5. Industry Strategy 2035: 117 measures – 35 per cent implemented or in the process of being implemented after six months
  6. 北京市发展和改革委员会关于组织开展“人工智能+”能源融合试点申报工作的通知
  7. 国务院关于印发《实施就业优先战略“十五五”规划》的通知
  8. 国家金融监督管理总局关于银行业保险业人工智能安全开发应用的指导意见 - 2023-06-18
  9. Frontier AI Systems and cyber risk
  10. 2026-06-XX - 商务部有关负责人解读关于加快“人工智能+消费”发展的实施意见

What is This Week in AI Regulations?

Weekly news, analysis, and insights from AI regulation updates the world over

Welcome to This Week in AI Regulations for June 21, 2026.

Starting with Russia, the Bank of Russia has published its first comprehensive document addressing AI adoption risks in the financial sector. This guidance outlines cyberattack tactics targeting AI systems and recommends protection measures, including mandatory human confirmation for high-risk AI operations in payment transactions. Financial institutions are required to develop internal threat models and information security policies specifically for AI use. Responsibility for these documents must be assigned to the deputy head for information security.

Turning to China, the National Financial Regulatory Administration issued guidance on June 18, 2026, for the safe development and application of artificial intelligence in banking and insurance. This comprehensive framework mandates the establishment of AI governance structures with board-level oversight and cross-functional coordination. It requires full lifecycle management of AI applications, covering development, deployment, monitoring, and retirement. The guidance also calls for classification and management of AI risks based on application scenarios and complexity, with special controls for high-risk AI uses.

Also in China, the Beijing Municipal Development and Reform Commission has launched a pilot project application process for “Artificial Intelligence plus” energy integration. The initiative focuses on 51 high-value AI energy application scenarios and targets energy enterprises and AI technology providers in Beijing. Applicants must form innovation consortia between energy and AI companies and submit applications online by June 26, 2026. Recommended projects are to be submitted by recommending units by July 30, 2026.

In the European Union, the European Data Protection Supervisor, or EDPS, released its latest newsletter highlighting multiple initiatives related to AI regulation and data protection. Key points include formal comments on AI systems used at EU external borders, data transfer frameworks for medicine safety, and opinions on budget tracking privacy. The EDPS emphasizes clarifying roles and responsibilities for AI systems under the European Union’s AI Act, particularly for public authority use. It also stresses transparency, accountability, and rigorous testing for AI chatbots deployed in visa application platforms.

Additionally, the European Union has issued guidance on frontier AI systems and cyber risk. The emergence of these advanced AI models significantly increases cyber threats by enabling rapid identification and exploitation of IT vulnerabilities. Entities within the European Union are required to reassess their cyber risk profiles and comply with the Digital Operational Resilience Act, or DORA. Key requirements include identifying and inventorying ICT assets, protecting them with updated security measures such as access controls, patching, backups, network segmentation, and penetration testing. Organizations must also detect and respond quickly to ICT incidents with defined responsibilities and incident management procedures, including incident reporting.

In the Netherlands, regulators have noted that advanced AI models accelerate the identification and exploitation of vulnerabilities, reducing response times and increasing pressure on institutions, especially smaller ones, to improve security measures. The Dutch guidance calls for accelerated implementation of critical security updates, preferably automated, enhanced visibility through logging and monitoring to detect anomalies quickly, and rapid incident response capabilities including system segregation and reliable backups.

That wraps up today’s regulatory updates. Visit carveragents.ai for more information.