This article that contains some Microsoft views provides helpful thoughts on where we are on pertinent regulation of data and AI. Consideration begins with the local regimes, even though a company is global in reach. So local laws will be honoured, but on a policy basis, some countries might be avoided. The article references human rights, but difficult data laws might also be an issue. Take for example my prior write up of the USMCA impact on AI regulation. Would you locate in Mexico before the data trading chapter comes into effect or, if they were a year away at the time you considered investing, would you wait?
If the EU GDPR contains hefty fines, would a company locate where fines are not hefty?
And what about cohesiveness which is reflected both in the USMCA rules and the example given of the matching regulations in Brazil and GDPR? Presumably this makes Brazil an easier choice for investment by global tech companies who are willing to be regulation compliant.
Right now we have many supra-national, national and sub-national entities and agencies considering these matters. Some are clearly more advanced than others. Some are addressing matters general in scope and others have more of an industry focus. Until a level field of general principles starts to permeate across regulation and legislation (local variations will always be acceptable), companies will have to make very considered investigations into how they locate their operations or conduct them locally. Bad actors may also use the availability of these choices to their advantage.