AI Politics

AI regulation is moving to the level of values: why compliance alone is no longer enough for business

New signals from the US show that the AI governance debate is expanding beyond safety, competition, or innovation. When AI rules are being discussed at the same time by technology companies, politicians, and institutions with moral authority, businesses face a new risk: not only complying with rules, but being able to justify which values their AI systems actually put into practice.

Published: 1 July 2026

AI regulation is moving to the level of values: why compliance alone is no longer enough for business

AI policy is changing rapidly, but the most important shift today is no longer just technical or legal. Recent discussions in the US, where AI governance is being shaped not only by OpenAI, Anthropic, or Congress, but also by actors with moral influence such as the Vatican, point to a broader transformation: AI regulation is moving from the question of “what a system can do” to “what kind of social logic it should serve.”

This matters far beyond Washington. For organizations in Lithuania and across Europe, this direction means that formal compliance alone may no longer be enough. Increasingly, they will be asked whether AI solutions align with institutional values, whether they create disproportionate power asymmetries, whether they preserve the human right to decide, and whether they can be explained not only to auditors, but to the public as well.

AI regulation: from risk management to value-based justification

Until now, most AI policy debates have revolved around familiar issues: safety, transparency, copyright, disinformation, cyber risk, or market concentration. But the new tone of public debate suggests that another layer is emerging: value-based justification.

In other words, it will no longer be enough for organizations to say they have usage rules, a risk register, or vendor security documentation. They will need to show the principles by which AI systems generate recommendations, in which situations a human can override them, how vulnerable users are protected, and where the pursuit of efficiency must stop when it starts to conflict with fairness, privacy, or institutional trust.

This direction is especially relevant in Europe, where the AI Act and related data governance principles are already grounded not only in innovation policy, but in the logic of fundamental rights. As a result, the transatlantic debate over “what must be protected first” may become less of an academic issue and more of a practical criterion in procurement, public tenders, and governance committees.

Data security and human oversight are becoming issues of reputation, not just compliance

In business, it is often assumed that the greatest AI risk is an incorrect answer or a data leak. Those still matter, but the political environment points to a broader standard of evaluation: society and regulators are increasingly interested in whether AI is being used in a way that does not strip people of meaningful control.

For example, in customer communication, employee screening, public service prioritization, or risk assessment, the question is no longer only “is the model accurate?” It is also: who is accountable for the error, can a person intervene in time, is the decision traceable, and has data security been sacrificed for faster automation.

As a result, organizations should review not only the models they use, but also their AI governance architecture: access rights, knowledge base boundaries, log retention, limits on automated actions, and human approval points. In practice, this means AI deployment must be managed as a business process, not as a purely experimental tool. In these situations, it matters to choose solutions whose AI platform capabilities support not only automation, but also clearer workflows, access management, and control layers.

AI automation for business: where value-based regulation will affect daily operations most

This shift toward values-based AI regulation may sound abstract, but its consequences will be highly concrete. First, it will affect the areas where AI directly interacts with people or influences decisions with economic, social, or reputational impact.

  • Customer service: are automated responses clearly labeled, can the customer easily reach a human, and does communication preserve the accuracy of information.
  • Marketing and personalization: is AI using excessive data, and does segmentation create discriminatory outcomes.
  • Internal assistants for employees: do they rely on a trustworthy knowledge base, or do they create a culture of “closed black box” decision-making.
  • Public sector: does AI use undermine procedural fairness, the right to appeal, or the explainability of decisions.

That is why companies should begin with a simple but often overlooked question: where in our organization does AI not only save time, but also change the balance of power between the organization and the individual? That is where regulatory and reputational pressure will arrive first.

What this means for Lithuania and Europe: public procurement, governance committees, and new supplier criteria

In the European context, this shift is likely to appear first through procurement and governance mechanisms. Large organizations, banks, insurers, the health sector, and public institutions will increasingly ask not only for technical specifications, but for a clear explanation of how an AI system aligns with the organization’s principles of ethics, privacy, and human oversight.

This means supplier selection will become more demanding. The winners will not be those who simply promise more automation, but those who can show how AI is implemented in practice: where data is stored, how access is defined, who can see history, how response quality is assured, and how human review points are built in. For organizations preparing today, it is useful to have a clear AI implementation workflow so governance and compliance questions are addressed before scaling.

In Lithuania, this is especially relevant for the public sector and regulated industries. When AI becomes not only a productivity tool but part of the infrastructure of trust, choosing a solution must be justified not only by its features, but by how governable it is.

How leaders can prepare: five practical steps to take now

Leadership teams do not need to wait for a new law to start preparing. More important is agreeing on the principles by which the organization will use AI, and how that will be demonstrated to partners, regulators, and the public.

  • Define the limits of AI use by impact level: where AI only assists, and where its outputs must never be executed without human approval.
  • Review your data security and access model: who can connect internal documents, customer data, and external models.
  • Create a lightweight governance framework for leadership: responsibilities, audit frequency, incident escalation, and communication principles.
  • Bring legal, IT, security, and business functions into one decision chain, rather than treating AI only as an IT project.
  • Prepare for public explanation: if a customer, journalist, or regulator asked how your AI is used, could you answer clearly and without abstraction?

Today’s political signal is clear: AI governance is approaching a stage where organizations will be judged not only by how quickly they adopted the technology, but by whether they did so responsibly, transparently, and in a controllable way.

Want to prepare your organization for AI-driven change?

If you are evaluating how to introduce AI automation in a way that is not only efficient, but also governable, it is worth starting with a practical review of processes and control points. You can explore more about how Clarivex features are applied in business on the Clarivex platform.