Considering ongoing efforts on both sides of the Atlantic to set up governance frameworks around AI, this article explores in what ways each side’s governance efforts address privacy-related risks. The EU AI Act with its risk-based approach and the US NIST AI Risk Management Framework will be in the focus, especially since these two frameworks are rapidly becoming more concrete and being readied for implementation. However, other relevant governance initiatives are also surveyed. Importantly, besides establishing a risk-based framework, the EU AI Act also ascertains extraterritorial reach which becomes interesting in terms of the privacy-related implications. Meanwhile in the US the NIST AI Risk Management Framework might be considered as one of the key specific efforts to set up initial voluntary rules and guardrails. Considering the previous successes and failures concerning setting up meaningful regimes for data governance and privacy, this project will seek to map and contrast approaches towards AI technologies and privacy being adopted in the US versus the EU. The article discusses a concrete application through a case study on facial recognition technologies. Despite some divergences in approach between the two geographical areas, the potential for alignment between EU and US AI governance efforts is briefly examined.