Skip to content
AltsWire
Click Here to Subscribe to Our Free Daily News Updates

Why Technology-Agnostic Regulations Will Shape AI Compliance in 2026

By Guest Contributor

Why Technology-Agnostic Regulations Will Shape AI Compliance in 2026

By Robert A. Cruz, Vice President of Regulatory and Information Governance, Smarsh

AI adoption has moved faster than almost anyone expected. In 2024, a report from Stanford University’s Human-Centered Artificial Intelligence, or HAI, found that 78% of organizations said they were using artificial intelligence in some form, up from just 55% the year before, and that number will only rise in 2026 as AI becomes more deeply embedded into business operations across every industry.

However as adoption grows, regulation isn’t keeping up. Instead, compliance expectations are remaining technology-agnostic, meaning firms must fit their AI use cases into the same frameworks that already govern recordkeeping, surveillance, and disclosure.

That shift puts pressure on compliance teams to rethink how they manage risk, data integrity, and governance without waiting for a brand-new AI rulebook to arrive. The firms that act early will be the ones best positioned to protect both their reputation and their regulatory standing.

Why Regulations Are Staying Technology-Agnostic

We’re entering a period where AI could be used in dangerous and unpredictable ways: think financial crimes powered by machine learning, state actors manipulating markets, or threats to critical infrastructure. The potential for misuse is vast, and regulators know they can’t anticipate every scenario.

It’s tempting to think that regulators will eventually roll out a detailed set of AI-specific rules. But the reality is that they probably won’t, at least not soon. Historically, regulations have always lagged technology, and AI is no exception.

Regulators tend to take a principle-based approach: focus on outcomes, not the specific tools that get you there. That’s because the risks – fraud, data misuse, market manipulation – don’t really change with each innovation.

The goal of keeping rules agnostic is to make regulations flexible enough to apply to whatever comes next. The current administration has even stated that any new rule should be offset by the elimination of two existing ones, reinforcing the idea that we won’t see an explosion of AI-specific mandates anytime soon.

For firms, this means AI governance can’t sit on the sidelines waiting for clarity. Compliance teams will need to map AI activities to existing requirements, and the same rigor that applied to other technologies must now also apply to AI.

The Risks of a Technology-Agnostic Approach

Of course, a technology-agnostic framework has its downsides. The biggest is regulatory arbitrage, which is when employees start using unapproved or unsupervised AI tools because there’s no clear guidance telling them not to.

That creates blind spots. Sensitive data might end up in external systems, model outputs might go unchecked, and leadership might not even know what tools are being used across the organization. It’s a recipe for compliance risk and reputational damage.

However, even without AI-specific laws, firms are expected to prove they have governance frameworks in place: policies for AI usage, monitoring mechanisms, and clear documentation of how AI decisions are made and validated.

The real danger comes when firms approach AI oversight like a checklist exercise and focus only on meeting the literal language of a rule. Generative AI, or GenAI, introduces new challenges around data accuracy, intellectual property, and explainability. A box-checking approach might meet the letter of the law but fail the spirit of responsible governance.

The Data Behind the AI Tools

As federal AI policy remains limited, U.S. states are stepping in with their own rules. This patchwork of state-level regulations will only make compliance more complex for national and global firms. The answer lies in tying AI governance directly to data governance.

AI is only as good as the data it’s trained on. If that dataset is incomplete, biased or poorly secured, it doesn’t matter how advanced the model is; the risk remains high. That’s why compliance teams are expanding their AI risk frameworks to include data privacy, cybersecurity, and IP protection.

In addition, we’re seeing AI sprawl, where different departments or teams adopt their own tools independently. Without centralized oversight, firms end up with fragmented systems, inconsistent data pipelines, and little visibility into how AI is being used.

By 2026, the strongest organizations will be those that give as much attention to data lineage and integrity as they do to the AI tools themselves. Governance can’t stop at the model level; it must go all the way down to the data sources.

Building the Foundation for Trust

All of this points to a critical inflection point for compliance leaders in 2026. Regulations may remain technology-agnostic, but that doesn’t make them soft. In fact, it raises the bar. Firms will be expected to apply the same, if not greater, rigor to AI that they apply to any other regulated technology.

The shift now is from reactive rule-following to proactive governance. Instead of waiting for regulators, firms should define it for themselves:

  1. Conduct AI risk assessments;
  2. Set clear policies for tool usage;
  3. Map data flows; and
  4. Train employees to recognize the risks.

In the end, compliance isn’t just about ticking boxes, it’s about trust. AI may be evolving faster than the rulebook, but the principles of transparency, accountability, and integrity haven’t changed. The firms that live by those principles will be the ones leading confidently in the AI-driven economy ahead.

Robert Cruz leads the global regulatory and information governance team for Smarsh, a communications data and intelligence firm. The team’s primary objective is to help Smarsh customers stay apprised of regulatory developments and deploy best practices in the use of digital communications technology. Cruz is an author, speaker, and subject matter expert in the area of digital communications compliance and brings over two decades of leadership in the governance, risk, and compliance market. Based in the Silicon Valley area, Cruz holds an MBA degree from the Stanford University Graduate School of Business.

The views and opinions expressed in the preceding article are those of the author and do not necessarily reflect the views of AltsWire.

Click here to visit the AltsWire directory page.