This paper challenges the legitimacy of the EU’s purportedly “fundamental rights–based” AI regulation, revealing how rights discourse is instrumentalized to sustain institutional stability and manage systemic risks—not to substantively protect rights. Employing historical institutionalism, comparative policy analysis, critical discourse analysis, and normative political theory, the study systematically demonstrates— for the first time—that EU AI governance is not genuinely rights-oriented, introducing the original concept of “rights illusion.” Through a comparative analysis of the EU and the U.S. across five key domains, it deconstructs the regulatory legitimacy narrative underpinning EU AI policy. The findings falsify the widely held consensus on the EU’s rights-based approach, contest its claim to global normative leadership, and advocate for moving beyond monolithic regulatory paradigms. By exposing the gap between rhetorical commitment and substantive protection, the research provides both theoretical foundations and practical insights for pluralistic democracies to develop context-sensitive, adaptive AI governance frameworks.

Whether and how to regulate AI is one of the defining questions of our times - a question that is being debated locally, nationally, and internationally. We argue that much of this debate is proceeding on a false premise. Specifically, our article challenges the prevailing academic consensus that the European Union's AI regulatory framework is fundamentally rights-driven and the correlative presumption that other rights-regarding nations should therefore follow Europe's lead in AI regulation. Rather than taking rights language in EU rules and regulations at face value, we show how EU AI regulation is the logical outgrowth of a particular cultural, political, and historical context. We show that although instruments like the General Data Protection Regulation (GDPR) and the AI Act invoke the language of fundamental rights, these rights are instrumentalized - used as rhetorical cover for governance tools that address systemic risks and maintain institutional stability. As such, we reject claims that the EU's regulatory framework and the substance of its rules should be adopted as universal imperatives and transplanted to other liberal democracies. To add weight to our argument from historical context, we conduct a comparative analysis of AI regulation in five contested domains: data privacy, cybersecurity, healthcare, labor, and misinformation. This EU-US comparison shows that the EU's regulatory architecture is not meaningfully rights-based. Our article's key intervention in AI policy debates is not to suggest that the current American regulatory model is necessarily preferable but that the presumed legitimacy of the EU's AI regulatory approach must be abandoned.