Quick Take
- Narration: Steven Randolph delivers the jurisdictional comparison content with appropriate authority, a clean, professional performance that suits policy-facing legal material without adding unnecessary drama.
- Themes: AI regulatory frameworks, EU AI Act, UK and US governance approaches, compliance strategy
- Mood: Methodical and analytically clear, aimed at practitioners who need orientation rather than reassurance
- Verdict: A rare AI policy book written by someone who clearly understands both the legal mechanisms and the practitioner’s actual compliance problem, precise, current, and genuinely useful.
I have been waiting for a book on AI regulation that commits to actually explaining what the new rules require rather than describing, for several hundred pages, why regulation is complicated. Julian Vexley’s Regulating the Algorithm, at two hours and forty-one minutes, is admirably focused and admirably honest about what it is: a practical guide for people who need to operate within these frameworks, not a political history of why they exist. I listened to it on a Tuesday morning before a meeting on AI governance, and it held up as a working reference in a way that most books in this category do not.
The book covers three regulatory regimes: the EU’s risk-based AI Act, the UK’s pro-innovation sector-regulator approach, and the US patchwork of executive orders, federal agency guidance, and state-level laws. That tripartite structure is more than geography, it maps three genuinely different regulatory philosophies, and Vexley is careful to explain the philosophical commitments behind each rather than treating the differences as arbitrary variation. The EU wants comprehensive coverage of risk categories. The UK wants regulatory flexibility that does not impede innovation. The US has no federal consensus and is managing that gap through executive action and state-level activity. Understanding why those differences exist changes how you navigate them.
The Risk-Based Architecture of the EU AI Act
The EU chapters are the most detailed, which is appropriate: the AI Act is the most structurally complete regulatory framework of the three and the one with the most defined compliance obligations. Vexley walks through the risk classification system (unacceptable, high-risk, limited-risk, minimal-risk), the conformity assessment requirements for high-risk systems, post-market monitoring obligations, incident reporting timelines, and the penalties for non-compliance. For listeners who have heard the AI Act described in press coverage but want to understand what it actually requires of an organization deploying a regulated system, this section provides the clearest compressed overview available in audio form.
The coverage of where the grey areas hide is particularly valuable. Vexley is honest about the compliance questions that the Act’s text does not definitively answer and explains how organizations are currently navigating them. That kind of practical orientation, not just what the law says but what organizations actually do about the parts that are uncertain, is what distinguishes a practitioner-oriented guide from an academic treatment.
The UK Model: Principles Without a Single Statute
The UK sections address the more amorphous challenge of operating under high-level principles rather than a codified act. Vexley explains how sector-specific regulators (the FCA, ICO, CQC, and others) are interpreting their existing mandates to cover AI deployment in their domains, and what responsible innovation looks like in practice under that distributed model. For organizations operating in regulated UK sectors, this translation of principles into day-to-day expectations is exactly what the book promises and delivers.
The contrast with the EU model is instructive: the UK approach gives organizations more flexibility but less certainty, and Vexley is clear-eyed about both the advantages and the compliance risks of operating in a less prescriptive environment. The grey areas under the UK model are different in character from those under the EU Act, and he addresses each on its own terms rather than applying the same framework across both.
The US Landscape: Federal Directives and the State-Level Variable
The US chapters handle the most heterogeneous material in the book with admirable economy. Vexley decodes the executive order landscape and the agency-level guidance from the FTC, EEOC, CFPB, and others before turning to the state-level complexity around biometrics, automated decision systems, and privacy. The Illinois BIPA, the Colorado AI Act, and the California legislative activity get specific attention rather than generic acknowledgment.
At two hours and forty-one minutes, this is not a comprehensive legal treatise, it is an orientation that gives professionals the vocabulary and framework to engage with the actual regulatory texts and their organization’s legal counsel. That scope is calibrated correctly. A book that tried to be comprehensive about all three jurisdictions would be several times longer and would become outdated faster. What Vexley has produced is a stable framework for thinking about AI regulation that will require updating as the frameworks evolve but whose analytical structure will remain useful.
For Whom This Is Most Immediately Useful
Business leaders who need to understand their organization’s regulatory exposure without becoming lawyers will find this the clearest available compressed treatment. Legal and compliance professionals seeking orientation before deeper jurisdictional research will find the comparative structure saves them significant time. Technologists and product managers who need to understand why their legal colleagues are raising certain flags will find the explanations of high-risk system classification and transparency requirements particularly clarifying. Those wanting strategic advocacy positioning on AI policy rather than compliance guidance will need a different book, Vexley’s orientation is the responsible practitioner facing the rules, not the stakeholder trying to change them.
Frequently Asked Questions
Does the book cover the EU AI Act as passed, or is it based on earlier draft versions?
Vexley covers the AI Act’s actual obligations including conformity assessment requirements, post-market monitoring, incident reporting, and penalties, suggesting the treatment is based on the enacted regulation rather than earlier drafts. Given the book’s 2025 publication context, listeners should verify the currency of specific procedural details against the latest implementing regulations.
Does the book explain how companies with operations in all three jurisdictions should manage the overlap and divergence between the EU, UK, and US frameworks?
Yes. Vexley specifically addresses where the regimes overlap, where they diverge, and where the grey areas hide, which is the core practical problem for multinational organizations. The comparative structure of the book is designed for precisely this orientation challenge.
Is this audiobook useful for someone in a non-legal role who needs to understand AI regulatory compliance at a conceptual level?
Vexley writes in plain language explicitly for business leaders, policy teams, technologists, and founders rather than just lawyers. The book does not require legal background to be useful, and the explanations of high-risk system classification and transparency requirements are accessible to technically-oriented readers without legal training.
At under three hours, does the runtime feel insufficient for the breadth of material covered?
The concision is a feature rather than a limitation for most practitioners. Vexley covers the essential compliance obligations and grey areas of all three jurisdictions at a level sufficient to orient a professional and structure further research. Those wanting comprehensive legal analysis of any single jurisdiction will need to go deeper, but the orientation function is served well within the runtime.
