TL;DR

• EU, U.S., and China documents describe different oversight paths for high-risk AI and technical access.
• These differences shape what agencies can inspect and what companies can plan for.
• Classify your systems, prepare submission materials, and verify the current U.S. reference framework.

Technical materials can end up in agency reviews, not only paperwork.
That shift can affect audits, incident response, and accountability.

Example: A public service uses automated tools to handle complaints and inspections.
Convenience rises, yet accountability questions can surface after an incident.
Reviewers can ask who kept records, who is responsible, and who can inspect internals.

The EU outlines oversight for “high-risk AI” by Member State authorities.
The U.S. had an executive order covering critical infrastructure risk assessments.
China’s Interim Measures framework describes multi-ministry supervision for generative AI.
It also describes security assessments and algorithm filings for certain services.
It also describes cooperation duties during supervisory inspections.

These differences set limits for “company–state reversal” claims in practice.
Outcomes can depend on inspection scope and enforcement actors.
They can also depend on exceptions, such as national security.
They can also depend on what gets measured, like productivity and employment.

Current status

EU pages repeatedly describe agency access to internal AI-system materials.
A European Commission page describes market surveillance authorities enforcing the AI Act.
It mentions prohibited practices and high-risk AI rules.
Related pages also mention an AI Office and national market surveillance authorities.
They describe intervention for risk or suspected non-compliance.
They also describe access to provider-held information.
That description includes documentation, datasets, and source code.

High-risk scope is a central boundary in the EU framing.
An EP summary page includes “Management and operation of critical infrastructure.”
That can cover AI used beyond office automation.
It can also expand potential authority involvement by Member State bodies.
The EP page also describes complaint rights to designated national authorities.
This keeps redress channels linked to national authorities.

In the United States, the status of key documents can vary over time.
E.O. 14110 addressed critical infrastructure and cybersecurity risk management.
It stated that each relevant regulatory agency should take roles.
It also referenced coordination with CISA.
검색된 공신력 있는 자료에 따르면 Executive Order 14110은 2025년 1월 20일에 rescinded(철회/폐지)된 것으로 보고됩니다.
This investigation does not confirm any replacement framework.
That gap suggests additional verification can be needed.

China’s Interim Measures describe supervision by multiple ministries.
They include internet information authorities, by assigned responsibilities.
They describe security assessments and algorithm filings for certain services.
The text specifies public opinion influence and social mobilization attributes.
During inspections, the framework describes explanation duties.
It mentions training-data sources, the model, and algorithm mechanisms.
It also describes cooperation through technical and data support.

Analysis

A power-only narrative can miss operational mechanisms.
Regulation can work through compelled submissions and enforceable access.
Key elements include documentation, datasets, and source code access.
Enforcement actors also matter, such as Member State market surveillance authorities.
Domain definitions also matter, including critical infrastructure operations.
EU descriptions can be read as seeking deeper technical inspectability.
This can apply even when private systems automate public tasks.

Policy continuity can also change compliance dynamics.
The U.S. example includes a withdrawal on 2025-01-20.
That can destabilize internal compliance reference points.
It can also reduce predictability for enforcement planning.
This investigation does not confirm post-withdrawal replacements.
So, conclusions about continuity should stay tentative.

Macro indicators can be hard to link to “state replacement.”
BLS reported U.S. private nonfarm-sector TFP increased in 2024.
BLS later posted a revised figure on 2025-12-19.
Europe’s JRC reports that 30% of EU workers use AI tools.
These figures do not quantify policing or defense cost changes.
This investigation found no official statistics with causal attribution on those costs.
So, evaluation may require more direct cost and responsibility measures.

Practical application

The “company replaces state functions” hypothesis can hinge on auditability.
It can also hinge on feasible submission of technical materials.
EU-style access expectations can change operational planning.
Teams can treat supervisory response as a system capability.
This sits alongside security and IP controls.

The U.S. example suggests another operational risk.
A withdrawal on 2025-01-20 can shift reference documents.
Teams can re-check what applies to their sector.
This investigation does not confirm a substitute framework.
So, legal and policy verification can be a separate workstream.

Macro metrics still provide limited governance insight.
TFP changes in 2024 and a 2025-12-19 revision do not show enforcement shifts.
A 30% AI-tool usage figure also does not assign responsibility.
Track costs, accountability, and enforcement actors separately.
Track where they move, and where they stay stable.

Checklist for Today:

• Break services into functions, and map possible high-risk categories, including critical infrastructure operation.
• Prepare a submission-ready package covering dataset provenance, training documentation, and audit-response procedures.
• Ask legal or policy teams to verify U.S. applicable norms, given the 2025-01-20 withdrawal note.

FAQ

Q1. In the EU, how far can the state look into AI?
A. EU pages describe Member State market surveillance authorities enforcing high-risk AI rules.
They describe intervention for risk or suspected non-compliance.
They also describe access to provider-held information.
That description includes documentation, datasets, and source code.

Further Reading

• AI Resource Roundup (24h) - 2026-02-25
• CleaveNet Designs Protease-Cleavable Peptides for Urine Sensors
• Defense AI Procurement: Operations, Logging, Rights, And Incident Response
• Designing Dispute Procedures Beyond Generative Detection Scores
• DoD AI Contracts: Audit Logs, Retention, Access Controls

References

• Governance and enforcement of the AI Act | Shaping Europe’s digital future - digital-strategy.ec.europa.eu
• Market Surveillance Authorities under the AI Act | Shaping Europe’s digital future - digital-strategy.ec.europa.eu
• EU AI Act: first regulation on artificial intelligence | European Parliament - europarl.europa.eu
• Executive Order 14110—Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence | The American Presidency Project - presidency.ucsb.edu
• Congressional Research Service (CRS) Report (HTML) on AI and related Executive Orders (Congress.gov) - congress.gov
• U.S. Bureau of Labor Statistics (BLS) - Total Factor Productivity News Release — 2024 (released March 21, 2025) - bls.gov
• BLS - Revised total factor productivity 2024 (Dec 19, 2025) - bls.gov
• European Commission Joint Research Centre (JRC) - Impact of digitalisation: 30% of EU workers use AI (21 October 2025) - joint-research-centre.ec.europa.eu