Two bodies. Two instruments. One week.
On March 12, 2026, the European Parliament approved the Council of Europe’s Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law – confirmed by the Parliament’s official records (A10-0007/2026). The vote, according to reports, was 455 in favour, 101 against, with 74 abstentions. The EU Council separately agreed a position streamlining AI Act rules the same week. The timing is not coincidence. European institutions are moving on multiple AI governance tracks simultaneously, and the two tracks do not perfectly overlap.
Two Bodies, Not the Same Institution
Before comparing the instruments, the bodies must be distinguished. The EU AI Act is European Union law. It was developed by EU institutions (the Commission, Council, and Parliament) and applies within EU member states. The Council of Europe Framework Convention is an instrument of the Council of Europe, a separate international organization with 46 member states. It includes all EU member states, but also non-EU countries such as the United Kingdom, Turkey, Georgia, and others. The United States and Canada participated in drafting the convention and may sign as non-member observers.
Conflating “Council of Europe” with “European Council” or “EU Council” is a common error with material consequences for compliance analysis. They are distinct bodies.
What the EU Parliament’s Approval Actually Means
The Parliament’s vote on March 12 approves the EU’s conclusion of the treaty, its formal consent to the convention on behalf of the Union. This is a procedural milestone, not entry into force. The treaty still requires ratification by individual Council of Europe member states. The timeline to ratification across member states, and the date the convention would become effective for those states, is not confirmed in the current reporting package and requires further verification before compliance teams should treat it as an active deadline.
Comparing the Instruments: A Structured View
| Dimension | EU AI Act | Council of Europe Framework Convention |
|---|---|---|
| Governing body | European Union | Council of Europe (46 member states) |
| Geographic scope | EU member states (plus EEA/equivalence) | All Council of Europe signatories, including non-EU states |
| Applicability to private actors | Yes, providers, deployers, importers, distributors | Yes, expressly covers private sector AI activities |
| Binding nature | Directly binding EU law | Binding international treaty, implementation via domestic law |
| Core obligations | Risk classification, conformity assessment, transparency, registration, prohibited practices | Transparency, accountability, human oversight, human rights, democracy, rule of law |
| Enforcement | National competent authorities; GDPR-style supervisory structure | Domestic implementation; international monitoring mechanism |
| Status (March 2026) | In force; phased deadlines through 2028 (Council position) | EU Parliament approved; ratification by member states pending |
Where They Overlap
Both instruments require transparency in AI systems, meaningful human oversight, and accountability for AI-related harms. Both apply to private sector actors, a point that matters because international treaties often govern state conduct only. Organizations subject to the EU AI Act and operating in non-EU Council of Europe countries will find that the Framework Convention imposes an additional layer of obligations in those jurisdictions, delivered through domestic implementing law rather than directly applicable EU regulation.
The areas of highest overlap are transparency, risk management, and human rights impact assessment. An organization with a mature EU AI Act compliance program will have a significant head start on convention compliance, but the Framework Convention’s framing is at a higher level of abstraction. It does not (at this stage of reporting) prescribe the same operational specificity as the AI Act’s conformity assessment process. Domestic implementing legislation will determine how much specificity is added in each signatory state.
Where They Diverge
The EU AI Act is operational law today, with specific timelines, defined categories of high-risk systems, and clear documentation requirements. The Framework Convention is principles-based and internationally scoped. Where the two diverge most sharply is in the EU AI Act’s risk classification machinery, the Annex I and Annex III categories, prohibited practices, and conformity assessment procedures. The convention does not replicate this. It sets floors.
For non-EU Council of Europe countries, the convention provides the primary AI governance framework. For EU-based organizations operating across Council of Europe states, the convention adds obligations in jurisdictions where the AI Act does not directly apply. Which instrument takes precedence? In EU member states, EU law governs directly. In non-EU Council of Europe states, the convention governs, implemented through domestic law.
What Compliance Teams Should Do Now
Three immediate actions follow from this development.
Map your geographic footprint against Council of Europe membership. If your AI systems operate in non-EU European jurisdictions, the convention’s ratification timeline in those states is now a compliance horizon to monitor. According to the U.S. Department of State, the convention covers both public and private actors – there is no sector carve-out.
Do not conflate convention compliance with EU AI Act compliance. A compliance program built entirely on the AI Act’s operational requirements may satisfy the convention’s principles in EU member states. It will not necessarily satisfy domestic implementing legislation as Council of Europe states translate the convention into national law.
Watch the ratification calendar. The convention’s effective date is determined by ratification, not by the EU Parliament’s approval vote. That timeline is not yet confirmed. Assign responsibility for monitoring it now, before it becomes a reactive scramble.
The EU AI Act is not the full picture of AI governance. It wasn’t last week. It is less so this week.