AI comprises a set of interdependent technologies embedded within a broader digital ecosystem of computing, data, networks and models. This paper asks how non-binding (‘soft law’) instruments, such as standards, frameworks and assurance processes, govern this ecosystem and what institutional variations make them effective. We address this question through a comparative analysis of the US and Israel, showing that each represents a distinct variant of soft law: a market-led regime driven by procurement, voluntary frameworks and deference to private governance in the US and a coordinated regime anchored in national strategy and inter-ministerial alignment in Israel. Both sustain innovation while managing risk, yet they differ systematically in accountability (assurance intensity and oversight mechanisms) and diffusion (the speed and scope of adoption). The analysis demonstrates that there is not a single ‘soft law’ regime and outlines policy options for strengthening adaptive, trust-based governance across digital ecosystems.