The European Commission published draft guidance on Annex III of the AI Act on Friday, May 22, that narrows the categories carrying high-risk classification for critical infrastructure, law enforcement, and judicial functions while broadening the categories covering employment, insurance, and education. [1] Three days earlier, on Monday, May 19, the Federal Trade Commission opened compliance enforcement under the TAKE IT DOWN Act with letters to Meta, Google, X, Microsoft, Apple, Reddit, Snapchat, and TikTok carrying a $53,088 per-violation penalty schedule. [2] The two documents land inside the same five-day window. They move in opposite directions. The platform counsel doing reverse-mapping over the weekend are reading them as one frame.

The paper's Friday account of the FTC's enforcement-letter wave read it as the first time U.S. federal enforcement under TAKE IT DOWN converted compliance language into a dollar-figure-per-violation schedule. The Friday account of the Annex III deferral read the Brussels political compromise as a sixteen-month delay for industry. What the May 22 Commission draft does is fill out that delay with substantive scope changes. The deferral was not just a calendar move; it was cover for a narrowing.

Read closely, the Annex III draft does two things at once. It removes from high-risk classification certain critical-infrastructure AI applications where the technology is "supportive rather than determinative" — a phrase that, in regulatory practice, lets a vendor argue its system flags risks for a human operator rather than acting autonomously. [1] It removes law-enforcement and judicial uses where the AI is "purely analytical" rather than decision-supporting. These are the categories where European civil-society groups have been loudest. They are now narrower.

At the same time, the draft expands the language around employment AI to cover not just hiring and termination but performance evaluation, scheduling, and access to internal training. It expands insurance AI to cover underwriting in life and health products. It expands education AI to cover access decisions, evaluation, and accommodations. The places it broadens are the places most enterprises actually use AI day to day. The places it narrows are the places where civil-society objections are loudest.

The two arcs together create a rotation. A vendor selling predictive-maintenance software to a utility may now sit outside Annex III. A vendor selling resume-screening software to the same utility is now more clearly inside it. The technology stack is identical; the regulatory burden has shifted by use case. This is the structural significance of Friday's publication, not the line-item count.

In the United States, the same week, the FTC moved in the opposite direction. The TAKE IT DOWN Act, signed into law in 2025, prohibits non-consensual intimate imagery and synthetic deepfake distribution on covered platforms. [3] The May 19 letters convert the prohibition into a $53,088 per-violation penalty, calibrated to the FTC's annual civil-penalty inflation adjustment. Eight platforms received the letters. The number is conservative read against the universe of plausible violations. It is aggressive read against the precedent of FTC enforcement under any comparable consumer-protection statute.

What platform counsel are doing this weekend is the reverse-mapping work. A piece of software that an enterprise deploys in both jurisdictions — a content-moderation classifier, a recommender system, an AI translation layer — now sits inside a U.S. enforcement regime calibrated per violation and an EU classification regime calibrated by use case. Compliance does not converge across the two systems. It diverges further. The cost of a single platform supporting both regulatory tracks goes up; the cost of choosing one over the other becomes a strategic decision rather than a default.

Hannah Arendt's observation about the gap between law and administration is the lens that fits here. Brussels has narrowed what its administrative system will classify as high-risk and broadened what it will not. Washington has broadened what its administrative system will fine and named the price. The two regulators are doing what regulators do — building the world they already see — and the world they see is not the same one. The platforms operate in both.

The June 23 EU stakeholder feedback deadline is the first calendar marker. The TAKE IT DOWN compliance schedule has rolling violation accrual. The companies receiving the FTC letters have not, as of Saturday morning, issued a unified industry response, only individual statements about cooperation. The Annex III draft has received industry submissions from CCIA, ITI, and DigitalEurope already; the Commission's response posture for July will set the actual scope of the high-risk classification carried into 2026 and 2027 enforcement.

The frame the paper opens with this article is not that one regulator is right and the other is wrong. It is that two AI regulators on the same week produced documents that move in opposite directions, and the compliance arbitrage that follows is the news, not the legal craft. Platform counsel reading both documents this weekend are doing the work of mapping the rotation. The vendors selling those platforms tools are already pricing it.

Whether the rotation holds matters because Annex III is the binding shape of EU AI Act enforcement starting in August 2026 — narrowed scope means narrower enforcement — while $53,088 per violation is the operational shape of TAKE IT DOWN starting in May 2026, broader cost means broader exposure. The platforms have a year to figure out whether they can serve both regimes at once. The first signal from a major American platform on whether they will pull back EU AI features rather than carry the divergent burden is the next data point. The second is whether any EU member state government formally objects to the Commission's narrowed draft before June 23 closes.

-- ANNA WEBER, Berlin