AI Governance Daily, 12 May 2026

Three regulators. Twenty-four hours. One message.

The FTC told a dozen tech companies to comply with the Take It Down Act. Ursula von der Leyen used a Copenhagen summit to put children's safety at the centre of EU AI policy. The CNIL fired a warning shot at connected glasses. All inside a single news cycle.

Here's the bit nobody wants to say out loud: the "AI ethics" conversation is over. What you're watching now is enforcement, and it's coordinated across jurisdictions in a way the AI industry hasn't faced before.

= ethics committees out, enforcement letters in.

🇪🇺 Europe & Regulation

• VDL puts children at the centre of EU AI policy. When a Commission President headlines a summit on AI and kids, that's not a vibes exercise. It's the political cover for whatever comes next on age assurance, dark patterns, and recommender systems. If your product touches under-18s in any EU market, you are now the case study somebody wants to make. Read

• CNIL flags connected glasses. Smart glasses are doing to consent what dashcams did to public space, except now it's biometric and on someone's face in your office. The CNIL is telling employers and individuals to pay attention before this becomes normalised. Workforce policy teams: this one is for you. Read

🇺🇸 US

• FTC tells tech companies: comply with Take It Down Act. Ferguson didn't sue anyone. He sent letters. That's the polite version of "we know where you live." Non-consensual intimate imagery, including AI-generated, is the cleanest possible enforcement target. Anyone shipping image gen without a takedown pipeline is now operating on borrowed time. Read

• FTC and Illinois go after AI-generated fake listings. Premium Home Service generated thousands of fake local businesses with fake reviews. The novelty isn't the fraud. It's that "we used AI to scale it" is now an aggravating factor, not a defence. Synthetic content plus deception equals priority enforcement. Read

🌏 Global / Strategy

• Lawfare: nuclear deterrence as a model for Europe's AI strategy. The provocative claim: Europe should chase "AI latency", the ability to deploy frontier capability when needed, rather than "AI sovereignty", the fantasy of building everything in-house. If you're advising a European government or a national champion, read this before your next strategy offsite. Read

🏢 Enterprise & Operating Model

• OpenAI launches DeployCo. The pivot is loud. OpenAI doesn't just want to sell you tokens, it wants to run your deployment. For buyers, that's faster time to value and a much bigger lock-in surface. Procurement and architecture teams: re-read your exit clauses this week, not next quarter. Read

🧠 Voices worth 5 minutes

• Joanna Bryson: AI companies are the new utilities. She walks through railways, electricity, telecoms, and asks the obvious question nobody at Davos wants asked: if these things are infrastructure, why are we regulating them like consumer apps? Useful intellectual scaffolding for the next five years of policy fights. Read

⚠️ Watchlist

• Trump AI security executive order still expected. No primary source yet, treat reporting accordingly.
• Council and Parliament formal adoption of the EU Omnibus deal before 2 August 2026.
• Article 50(2) provider transparency obligations now land 2 December 2026.
• High-risk AI system obligations now 2 December 2027.

---

Three regulators, one cycle, zero coincidence. Plan accordingly.