WHY NOW 2025–2026 external signals

The control gap is now operational.

Models improved. Agents gained more room to act. Governance expectations hardened. That is why evidence can no longer begin after the action.

For serious buyers and partners, the live question is no longer only what AI can do. It is whether review, provenance, testing, and accountability arrive before consequential use.

Jump to the signals Official sources

~8 mo.

Capability doubling time in some AISI-tested areas

100%

AISI found universal jailbreaks for every system it tested

Apr 2025

OMB moved AI use and acquisition into explicit governance workflows

Aug 2026

EU AI Act majority rules and enforcement begin

Four signals, one conclusion

Why now is no longer abstract.

The pressure is not coming from one place. It is coming from capability progress, real deployment, uneven safeguards, and rules that now have dates.

Capability ~8 months

Review windows are compressing.

AISI says performance in some tested areas is doubling roughly every eight months, and frontier models can now complete software tasks that would take a human expert over an hour.

Execution Critical sectors

AI is moving closer to consequential action.

AISI reports increasing deployment in critical sectors and a rise in higher-autonomy finance-focused agent tooling, including systems positioned closer to asset transfer and trading operations.

Safeguards Universal jailbreaks

Improvement is not the same as hard control.

AISI found universal jailbreaks for every system it tested. Safeguards can improve, but post-hoc monitoring is still not a substitute for dependable pre-action controls.

Accountability 2025–2026

Governance now arrives with dates and workflow duties.

The EU AI Act now applies progressively, OMB has issued use and acquisition memos, and enforcement and high-risk obligations continue to move into view.

The timeline that changed the conversation

Recent dates matter here.

For serious buyers and partners, the external timeline makes the shift concrete.

02 Feb 2025

EU AI Act first provisions apply.

General provisions, AI literacy, and prohibitions start to apply.

03 Apr 2025

OMB issues new AI use and acquisition memos.

Federal AI use and buying now sit inside named governance and cross-functional workflows.

02 Aug 2025

EU GPAI rules apply.

Rules for general-purpose AI apply and governance must be in place.

18 Dec 2025

AISI publishes its first public frontier trends report.

The macro picture becomes measurable, not just anecdotal.

02 Aug 2026

Major EU AI Act rules and enforcement start.

High-risk Annex III rules, Article 50 transparency rules, and enforcement begin.

What sophisticated buyers and partners now ask first

The baseline is getting clearer.

Serious review increasingly expects four things early: a governance owner, pre-deployment testing, provenance and documentation, and a cross-functional review path.

Owner

Someone identifiable has to own the governance decision, not just the deployment enthusiasm.

Test

Pre-deployment testing and risk mitigation need to reflect expected real-world outcomes, not only demo conditions.

Provenance

Content, model, and system facts need enough traceability and documentation to survive internal review.

Review

Security, legal, procurement, and technical teams need a shared way to assess risk before consequential use scales.

Official first

Primary sources behind this page.

This page is built on primary sources rather than commentary. Official materials carry the case.

UK AI Security Institute

Frontier AI Trends Report

Rapid capability growth, uneven safeguards, social effects, and signs of more autonomous activity in critical sectors.

Open source

U.S. OMB

M‑25‑21

AI use guidance covering governance, high-impact AI, minimum risk management practices, and pre-deployment testing.

Open source

U.S. OMB

M‑25‑22

AI acquisition guidance emphasizing cross-functional teams, vendor transparency, and procurement discipline.

Open source

NIST

AI 600‑1 GenAI Profile

Governance, content provenance, pre-deployment testing, and incident disclosure as practical risk-management themes.

Open source

European Commission

EU AI Act timeline

The progressive application calendar that makes the regulatory side of “why now” concrete.

Open source

The overlap

Why now is the overlap of faster capability, wider execution, and harder accountability.

That is why this conversation is no longer theoretical. It is an operating-condition question for any organization touching consequential AI.

Capability Review windows are shrinking faster than legacy governance loops.

Safeguards Post-hoc monitoring still does not equal dependable hard control.

Accountability Rules now arrive with dates, owners, testing, and workflow duties.

Official sources Company