Foundation News Tuesday, July 7 2026 08:34 GMT

When regulators, investors and industry sit down together: Our Brussels roundtable on AI governance

A candid conversation about responsible AI – and how far most companies still have to go.

Artificial intelligence (AI) is developing faster than the rules designed to govern it. That gap, between what AI can do and what companies are actually doing to manage it responsibly, is one of the defining challenges of our moment. It’s also the kind of problem that doesn’t get solved in isolation.

On 23rd June in Brussels, the Thomson Reuters Foundation brought together the people who need to be in the same room. Members of the European Parliament (MEPs), corporate leaders, asset managers and civil society representatives convened at the European Parliament for a candid conversation about what responsible AI governance looks like in practice, and how far most companies still have to go.

The event, “Beyond Compliance: From Principles to Practice in Corporate AI Governance,” was co-hosted by Foundation CEO Antonio Zappulla and MEP Brando Benifei, the co-rapporteur of the EU AI Act, with industry voices from Siemens, Vodafone and Amundi among the participants. The discussion was grounded in fresh data from the Foundation’s AI Company Data Initiative (AICDI), the world’s largest dataset on corporate AI adoption, drawn from public disclosures by 3,000 companies globally.

What emerged was a picture of a regulatory moment at a crossroads: one framework increasingly shaping global norms, and a significant gap between the policies companies are writing and the practices they are implementing.

Why this moment matters: The Brussels Effect

The EU AI Act, which came into force in 2024 and is now being phased in across member states, is the world’s most comprehensive attempt to regulate AI. But its influence has already spread well beyond Europe’s borders, in ways that are reshaping how companies everywhere think about AI risk, accountability and trust.

This is what scholars call the ‘Brussels Effect’: the tendency of EU regulation to become a de facto global standard, because it is simply more efficient for multinational companies to maintain one compliance framework than many. It happened with data protection after General Data Protection Regulation. It is now happening with AI.

The Foundation convened the roundtable to ask what that means in practice for regulators trying to enforce a complex new framework, for companies trying to implement it, and for the workers and communities affected by AI systems that are making consequential decisions.

What the data tells us, and why it matters beyond Brussels

The AICDI findings, published in the report Responsible AI in practice: 2025 global insights, provided the backbone for the discussion. Here is what they reveal.

1. The EU AI Act is becoming a global AI governance benchmark

More than half of global companies using an AI framework cite the EU AI Act, and nearly half of those companies are headquartered outside the EU. US firms are the largest group of non-European adopters. For many, this is not only a compliance calculation. Aligning with the Act is increasingly seen by investors and partners as a signal of operational maturity.

2. Companies citing the Act significantly outperform peers on governance

Katie Fowler, Director of Responsible Business at the Foundation, noted that companies referencing the Act show better governance indicators “by a wide margin.” Non-EU companies citing the Act disclose data governance practices at a rate of 76%, compared to EU-based citers at 59%.

On board-level AI oversight, the gap is 90% versus 35% respectively. The sharpest divide is in data quality and bias management: 61% disclosure among Act-citers, and just 7% for non-citers.

The takeaway is that non-EU companies that choose to align with the Act are, on average, governing AI more rigorously than European companies that are formally subject to it.

3. Ethical impact assessments remain a near-universal blind spot

Seven out of 10 companies globally report conducting no AI impact assessment whatsoever. Without one, a company has no structured way to evaluate what its AI systems might do to people’s rights, opportunities, or safety. Even among European companies citing the EU AI Act, only 17% carry out ethical assessments.

Luda Svystunova, Head of Social Research within ESG Research, Engagement and Voting at Amundi, pointed to a real-world barrier: a genuine shortage of experts qualified to conduct human rights impact assessments for AI, which makes it harder for even well-intentioned companies to act. This is a market gap as much as a governance one.

4. Having a policy is not the same as implementing it

Only 12.4% of companies surveyed globally reported having a Human Oversight Policy, the kind of mechanism that determines who intervenes when an AI system causes harm. Of those, nearly half have not documented the operational processes that would make such a policy functional. A policy on paper but not in practice doesn’t protect the people it is meant to serve.

5. Worker reskilling is improving, but remains insufficient

Less than a third of companies globally have training or reskilling programmes for employees adapting to AI-integrated workplaces. But EU companies citing the EU AI Act lead in this area as well with 76% disclosing reskilling efforts compared to 55% among non-citers, even though the Act does not specifically mandate it. This shows that European companies abide by EU labour norms even when not specifically required to through AI regulation.

What the roundtable discussion revealed

Data can tell us what is happening. Convening the right people helps explain why and what might change it.

MEP Brando Benifei, who helped write the EU AI Act, was candid about its growing pains. National regulators are responsible for implementing and enforcing the legislation, but there are inconsistencies across member states. As well, the Act intersects with GDPR, consumer rights law and other EU frameworks.

This is not just about simplifying the rules, but rather challenging the fragmentation we have in the implementation and enforcement. Because today, we have too many regulators, too many authorities.

BB

Brando Benifei, MEP

The tension between a regulation designed to standardise and a fragmented reality ran through the whole discussion. So did the bigger question of how to build AI systems that people can actually trust.

The Thomson Reuters Foundation’s role in this conversation

The Foundation has been tracking corporate AI governance through the AICDI since the programme’s launch in 2025, building what is now the most comprehensive public dataset of its kind.

Roundtables like this one, bringing together policymakers, industry and civil society in the same room, grounded in shared evidence, are part of how we turn data into dialogue, and dialogue into change.

The stakes, for workers, for consumers, and for democratic institutions, are too high for conversations such as this one to remain confined only to specialists.

Explore the full findings by downloading the report, Responsible AI in practice: 2025 global insights from the AI Company Data Initiative.

This analysis is part of the Thomson Reuters Foundation’s Insights series. Look out for more data-driven resources from our Insights and Innovation unit, incubating new ideas for the communities we serve, to strengthen free, fair and informed societies.

View All