Washington Races to Regulate AI as Technology Outpaces Policy

Last updated 6 days ago. Our resources are updated regularly but please keep in mind that links, programs, policies, and contact information do change.

Artificial intelligence is a defining technology of our era. It rapid advancement presents Washington with a monumental challenge: how to govern technology with the power to reshape global power balances, spark new industries, and revolutionize how Americans live and work.

The federal government’s response is a complex race to both realize AI’s promise and avoid its risks. This involves balancing innovation to maintain U.S. global leadership with establishing guardrails to protect citizens from harms like discrimination, privacy violations, and national security threats.

AI systems already make decisions affecting millions of Americans’ access to credit, employment, and healthcare. Automated systems screen job applications, determine loan approvals, diagnose medical conditions, and influence criminal justice outcomes. Meanwhile, the technology’s military applications and potential for social disruption create national security implications that extend far beyond domestic policy.

In This Article

• Rapid AI development has outpaced U.S. legislative and regulatory frameworks, creating policy gaps.
• Federal actions have been fragmented—executive orders, agency guidance, and voluntary frameworks—but no comprehensive national AI law exists.
• Congress remains divided on how to balance innovation, competition, and risk management.
• State governments (e.g., Colorado, Utah, Texas) are advancing their own AI regulations, creating a patchwork compliance landscape.
• Industry concerns include unclear enforcement standards and potential overregulation; advocates warn of risks to privacy, discrimination, and national security.
• International rivals (e.g., EU, China) are moving faster toward formal AI governance, increasing pressure on the U.S. to respond.
• Regulation by enforcement—where agencies act through lawsuits or settlements—is filling the policy void but creating uncertainty.

So What?

• The U.S. faces a critical policy inflection point: how it regulates AI will shape innovation, competition, and civil rights for years to come.
• A fragmented or reactive approach could increase legal uncertainty for businesses and weaken U.S. leadership in global AI governance.
• Clear, consistent, and forward-looking policy is essential to balance innovation with accountability and public trust.
• Decisions made in the next few years could set long-term precedents for AI oversight and technological power.

Competing White House Visions

The executive branch has driven national AI policy through presidential power, but the direction has shifted dramatically between administrations, reflecting different philosophies about government’s role, innovation’s nature, and AI’s strategic importance in global competition.

These competing visions represent more than policy differences—they embody fundamentally different theories about how democracies should govern emerging technologies. The contrast illustrates broader ideological divides about the proper relationship between government and industry, the role of international cooperation in technology governance, and the balance between innovation and social protection.

Biden’s Safety-First Architecture

The Biden administration characterized its AI approach through proactive efforts to establish safeguards before technology became irrevocably embedded in society. This philosophy emerged from observations of previous technological disruptions, particularly social media platforms, where regulatory responses came only after significant social harms had already occurred.

The administration’s approach was built on the premise that AI’s potential benefits could only be realized if public trust was maintained through demonstrable safety measures. This required getting ahead of the technology rather than reacting to its consequences—a deliberate reversal of the traditional American approach to technology regulation.

The culminating achievement was Executive Order 14110 on October 30, 2023, widely regarded as the most comprehensive AI governance action by the United States to date. The order’s 111 pages represented months of interagency coordination and extensive consultation with industry, civil society, and academic experts.

The order’s title—”Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence”—encapsulated its core philosophy. It established eight primary policy goals creating broad federal mandates: developing AI safety and security standards, protecting Americans’ privacy, advancing equity and civil rights to prevent algorithmic discrimination, promoting innovation and competition, managing AI risks in sectors from healthcare to education, strengthening American AI leadership abroad, ensuring responsible government use of AI, and protecting workers from AI-related disruptions.

A key structural innovation required major federal agencies to appoint chief artificial intelligence officers within 60 days to oversee their technology use and ensure compliance with new directives. This represented a systematic approach to embedding AI governance throughout the federal bureaucracy, acknowledging that AI adoption was already widespread across government operations.

The executive action built on extensive earlier groundwork. The 2022 Blueprint for an AI Bill of Rights established five principles for automated systems design and deployment:

• safe and effective systems,
• algorithmic discrimination protections,
• data privacy,
• notice and explanation, and
• human alternatives and oversight.

The administration also secured voluntary AI safety commitments from 15 leading technology companies, including OpenAI, Google, Microsoft, and Meta, creating industry buy-in for more formal regulatory requirements.

Unprecedented Government Oversight

The order’s most controversial provisions required companies developing AI systems that pose serious risks to national security, economy, or public health to share safety test results and other critical information with the U.S. government before releasing their models. This represented unprecedented government oversight of private AI development, justified by the administration as necessary given AI’s potential for catastrophic harm.

Despite its comprehensive nature, Executive Order 14110 was notable for what it didn’t do. It stopped short of creating a new federal AI oversight agency, avoided establishing mandatory licensing for advanced AI models, and didn’t require companies to release detailed information about model training data. These limitations reflected strategic choices to work through existing federal agency powers rather than seeking new legislative authority from a divided Congress.

The administration also emphasized international cooperation, working with allies to establish AI Safety Institutes and participating in global forums on AI governance. This multilateral approach reflected beliefs that AI’s global nature required coordinated responses and that American leadership would be most effective through partnership rather than unilateral action.

Trump’s Dominance Strategy

The Trump administration framed AI primarily through geopolitical competition and economic deregulation lenses, viewing the technology as a critical weapon in strategic rivalry with China and other competitors. This approach reflected broader administration themes of America First nationalism and skepticism of multilateral cooperation.

Initial groundwork came through Executive Order 13859, the “American AI Initiative,” in February 2019, which focused on five pillars: increasing research and development investment, unleashing federal data resources for AI training, setting technical standards to reduce regulatory barriers, building AI-ready workforces, and engaging international allies to maintain America’s technological edge. Many goals were later codified into law through the bipartisan National AI Initiative Act of 2020, demonstrating early consensus on federal AI development support importance.

Upon returning to office in 2025, the administration dramatically accelerated this approach, viewing AI not just as technology to manage but as the critical front in global power competition. Trump immediately revoked aspects of Biden’s approach to AI, establishing a significantly different policy. This vision was articulated in a 103-point plan released July 23, 2025, titled “Winning the Race: America’s AI Action Plan.”

Shifting Priorities on AI Oversight

The plan’s rhetoric signaled significant philosophical shifts from the previous administration’s safety focus. Rather than emphasizing risk mitigation and international cooperation, it positioned AI development as a zero-sum competition where American dominance was essential for national survival. Its three pillars—accelerating innovation, building American infrastructure, and leading international diplomacy and security—all aimed at achieving “unquestioned and unchallenged global technological dominance.”

The plan explicitly rejected what it termed the previous administration’s “diffusion policy,” which sought to spread AI benefits globally through international cooperation and safety standards. Instead, it embraced an “accumulation strategy” designed to concentrate AI capabilities within the United States and allied nations while denying them to competitors.

President Trump signed three executive orders the same day to implement this vision, each targeting specific aspects of the new strategy:

Executive Order 14318 on accelerating federal data center permitting aims to speed physical AI economy buildout by directing agencies to reduce regulatory barriers and streamline environmental reviews under the National Environmental Policy Act for data centers, semiconductor facilities, and energy infrastructure. The order establishes 18-month deadlines for environmental reviews and creates fast-track approval processes for critical AI infrastructure projects.

The order reflects recognition that AI development depends heavily on massive computational infrastructure requiring enormous energy inputs. By prioritizing speed over environmental review, the administration signaled willingness to accept environmental costs in exchange for technological advantages.

Executive Order 14320 on promoting American AI technology exports formalizes AI as foreign policy tool, establishing an American AI Exports Program within the Commerce Department to promote global deployment of U.S.-origin technology packages from chips and cloud services to AI models themselves. The program aims to create technological dependencies that enhance American geopolitical influence.

The order directs federal agencies to develop “full-stack” AI export packages combining hardware, software, and services into integrated offerings that make it difficult for importing countries to substitute components from competing nations. This represents a significant shift from traditional technology export policies that treated individual components separately.

A Brookings Institute analysis of the government’s full-stack imperative says it will stifle collaboration among companies, perhaps hindering American AI development.

Executive Order 14319 on preventing “woke AI” in federal government addresses administration concerns that AI models may be compromised by ideological bias, specifically principles associated with Diversity, Equity, and Inclusion. It directs the Office of Management and Budget to require AI companies doing federal business to provide “truth-seeking” and ideologically neutral models free from what the order terms “ideological dogmas.”

The order requires federal contractors to certify their AI models don’t incorporate what the administration considers biased perspectives on topics like race, gender, and social inequality. It establishes review processes for federal AI procurements and creates mechanisms for challenging AI outputs deemed ideologically compromised.

This collection represents more than simple regulatory priority changes—it marks fundamental strategic posture pivots. The shift moves from defensive approaches centered on risk mitigation and multilateral safety consensus to offensive focus on deregulation, aggressive export promotion, and direct geopolitical competition.

The approach introduces significant internal contradictions. While promising deregulation to unleash innovation, the “Preventing Woke AI” order imposes new, arguably more burdensome ideological regulation. Terms like “ideological bias” and “truth-seeking” are legally vague and invite arbitrary enforcement, creating substantial compliance challenges while raising First Amendment concerns about government regulation of speech and ideas.

Legal experts have noted that requiring AI models to conform to particular ideological perspectives may violate constitutional principles of government neutrality on matters of opinion and belief. The practical implementation challenges are equally daunting, as determining whether AI outputs reflect “bias” requires subjective judgments about complex social and political questions.

The Infrastructure Imperative

Both administrations recognized that AI development depends critically on massive computational infrastructure, but they approached this challenge differently. The Biden administration emphasized sustainability, environmental review, and community engagement in infrastructure development. The Trump administration prioritized speed and scale, viewing bureaucratic processes as obstacles to national competitiveness.

This infrastructure focus reflects AI’s unprecedented resource requirements. Training state-of-the-art AI models requires enormous computational power, consuming electricity equivalent to small cities and requiring specialized facilities with advanced cooling systems and high-speed network connections. The companies and countries that can build this infrastructure fastest gain decisive advantages in AI development.

The competition extends beyond domestic infrastructure to global network effects. Countries with advanced AI infrastructure can attract international talent, investment, and research collaboration, creating virtuous cycles of technological advancement. Conversely, countries that fall behind in infrastructure development risk being marginalized in the global AI economy.

Surprising Bipartisan Ground

Despite starkly different private-sector regulation philosophies, surprising bipartisan consensus has emerged around federal government’s own AI use. This common ground, established through Office of Management and Budget memos spanning both administrations, provides stable foundations for responsible AI adoption within federal agencies.

This consensus reflects shared recognition that government AI use poses unique risks and responsibilities. Unlike private sector applications, federal AI systems can directly affect citizens’ constitutional rights, access to benefits and services, and interactions with law enforcement and regulatory agencies. The government’s role as sovereign authority creates heightened obligations for fairness, transparency, and accountability.

Key agreement points include:

High-Impact System Regulation: Both administrations agree on identifying and applying special scrutiny to high-impact AI systems affecting citizens’ rights and safety in law enforcement, federal benefits determination, healthcare delivery, and national security operations. These systems undergo enhanced testing, monitoring, and oversight procedures.

Governance Structure Creation: Bipartisan support exists for Chief AI Officers and interagency councils to coordinate policy, ensure consistent implementation, and establish clear responsibility and accountability lines. These structures create institutional mechanisms for ongoing AI governance within the federal bureaucracy.

Minimum Practices and Transparency Requirements: Both administrations require high-impact AI systems to undergo rigorous testing, impact assessments, and human oversight provisions before deployment. They also mandate federal agencies maintain public AI use case inventories, providing transparency about government AI applications.

Risk Assessment and Mitigation: Both approaches require agencies to assess potential risks from AI systems and implement mitigation measures before deployment. This includes evaluating risks to privacy, civil liberties, and mission effectiveness.

This bipartisan consensus on internal government governance contrasts sharply with contentious private-sector regulation debates, suggesting that while policymakers disagree on market regulation, they largely agree government itself must meet high safety, accountability, and transparency standards when deploying powerful AI tools.

The durability of this consensus across administration changes suggests it may provide a foundation for broader AI governance frameworks. Lessons learned from federal AI use could inform private-sector regulation, and successful government AI governance models could be adapted for commercial applications.

Congressional Activity Without Comprehensive Action

While the White House sets overarching policy through executive orders, the legislative branch struggles to keep pace with rapid technological evolution. Congress shows intense AI activity that hasn’t translated into comprehensive legal frameworks, resulting in landscapes defined by targeted bills, competing blueprints, and persistent consensus lack.

The challenges facing Congress reflect broader difficulties democratic institutions face governing rapidly evolving technologies. The legislative process, designed for deliberation and consensus-building, often moves too slowly to keep pace with exponential technological change. By the time comprehensive legislation can be developed, debated, and enacted, the technology it seeks to govern may have evolved beyond recognition.

The Scope of Legislative Activity

The most striking feature of federal legislative AI response is the absence of single, overarching law. No federal statute establishes broad regulatory authority over private-sector AI development or use. The U.S. approach remains cautious, focusing more on overseeing government’s own AI use than imposing comprehensive industry regulatory regimes.

This cautious approach contrasts with other major technological disruptions where Congress eventually enacted comprehensive frameworks. Unlike telecommunications, where the Communications Act established broad regulatory authority, or financial services, where multiple laws create comprehensive oversight regimes, AI remains largely ungoverned by specific federal legislation.

In this regulatory vacuum, Congress saw floods of AI-related bills—more than 30 introduced in 2023 alone, with hundreds more proposed in subsequent sessions. These bills tend toward narrow problem focus rather than broad framework creation, reflecting both the complexity of comprehensive AI regulation and the political difficulty of achieving consensus on controversial technology policy.

Legislative agendas are dominated by recurring themes that reflect public concerns and political pressures: mitigating deepfake harms that threaten individual privacy and democratic processes, protecting national security from foreign adversaries seeking to exploit AI for espionage or disruption, enabling beneficial AI use in specific sectors like healthcare and weather prediction where government support could accelerate positive applications, and funding workforce development programs to help Americans adapt to AI-driven economic changes.

The pattern reveals Congress’s comfort zone: addressing specific, well-defined problems with clear victims and villains while avoiding broader questions about AI’s role in society and economy. This approach allows legislators to demonstrate responsiveness to constituent concerns without grappling with complex trade-offs between innovation and regulation that might alienate important interest groups.

Notable legislative success includes the bipartisan Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks (TAKE IT DOWN) Act, signed into law in May 2025. This act requires online platforms to establish clear notice-and-takedown processes for nonconsensual intimate imagery, including AI-generated content.

The law’s passage demonstrates Congress can act decisively when facing clear, tangible, politically salient harms with broad public consensus. The issue of nonconsensual intimate imagery created by AI appeals to legislators because it involves obvious victims (individuals whose likenesses are misused), clear perpetrators (those creating and distributing the content), and straightforward solutions (requiring platforms to remove content when notified).

However, the law also highlights the reactive nature of congressional AI policymaking. Rather than establishing proactive frameworks for governing AI development and deployment, Congress waits for specific harms to become politically undeniable before acting. This approach may be sufficient for addressing individual problems but leaves broader questions about AI governance unresolved.

The Sectoral Approach Challenge

Congress’s tendency toward narrow, sector-specific legislation reflects both institutional capabilities and political realities. Legislators often have expertise in particular policy areas—healthcare, transportation, financial services—that shapes their approach to AI regulation. Committee structures reinforce this sectoral approach, with different committees claiming jurisdiction over AI applications in their traditional areas.

This creates coordination challenges as AI systems increasingly cross sector boundaries. An AI system used in healthcare might also have employment implications if it affects hiring decisions for medical professionals, financial implications if it influences insurance coverage decisions, and privacy implications if it processes personal health data. Sectoral approaches struggle to address these intersections effectively.

The sectoral approach also creates regulatory gaps and inconsistencies. AI applications in different sectors face different rules, compliance requirements, and oversight mechanisms, even when they use similar technologies and pose comparable risks. This inconsistency can distort innovation incentives and create competitive disadvantages for companies operating across multiple sectors.

Three Competing Comprehensive Frameworks

While targeted bills see some success, comprehensive federal AI law debate revolves around several competing high-level frameworks representing different regulatory philosophy approaches that haven’t gained passage momentum.

These frameworks reflect deeper disagreements about AI regulation’s proper scope, intensity, and mechanisms. The debates reveal fundamental tensions between American preferences for market-based solutions and growing recognition that AI’s unique characteristics may require new regulatory approaches.

The SAFE Innovation Framework: Championed by Senate Majority Leader Chuck Schumer, this framework structures around five principles: Security, Accountability, Foundations, Explainability, and Innovation. Intended as high-level future legislation roadmaps, it emphasizes transparency needs, advancing U.S. technological leadership, and ensuring accountability while avoiding prescriptive rules that might stifle innovation.

The framework’s strength lies in its flexibility and bipartisan appeal. By focusing on principles rather than specific requirements, it allows for adaptation as technology evolves and provides common ground for legislators with different regulatory philosophies. The emphasis on innovation reflects recognition that excessive regulation could undermine American competitiveness in global AI development.

However, critics argue the framework’s generality makes it ineffective for addressing specific AI risks. Principles-based approaches rely heavily on implementation details that may be left to agencies with limited expertise or conflicting priorities. Without specific requirements and enforcement mechanisms, principles may have limited practical impact on industry behavior.

The framework has not been introduced as comprehensive legislation, instead serving as guidance for future lawmaking efforts. This approach allows for continued refinement and stakeholder input but also permits indefinite delays in actual regulatory action.

Bipartisan Framework for U.S. AI Act: Introduced by Senators Richard Blumenthal and Josh Hawley, this framework proposes more muscular regulatory approaches modeled partly on European Union approaches while incorporating distinctly American concerns about national security and competition.

Key provisions include establishing licensing regimes for high-risk AI systems, creating independent federal oversight bodies with expertise and resources to effectively govern AI development, and stripping AI companies of broad liability protections under Section 230 of the Communications Decency Act that currently shield them from lawsuits over content their systems generate or amplify.

While aligning with EU consumer protection focus, the framework adds strong national security components preventing advanced AI acquisition by foreign adversaries. This includes export controls, investment screening, and technology transfer restrictions designed to maintain American advantages in critical AI capabilities.

The licensing approach represents a significant departure from traditional American technology regulation. Rather than regulating AI applications or uses, licensing would govern the development of AI systems themselves, potentially requiring companies to demonstrate safety and reliability before releasing powerful models.

Critics argue licensing could entrench existing market leaders by creating barriers to entry for startups and open-source developers. Large companies with resources to navigate complex licensing processes might gain advantages over smaller competitors, potentially reducing innovation and competition in AI development.

The framework has generated significant debate but has not advanced as formal legislation, reflecting both its controversial nature and the broader difficulties of achieving consensus on comprehensive AI regulation.

National AI Commission Act (H.R. 4223): This bipartisan House bill by Representatives Ted Lieu and Ken Buck takes different procedural approaches to the challenge of comprehensive AI regulation. Rather than prescribing specific regulatory regimes, it proposes creating 20-person “blue-ribbon commissions” composed of technology, civil society, industry, and government experts.

These commissions would review current AI governance approaches, analyze emerging risks and opportunities, and recommend binding, risk-based regulatory frameworks for congressional consideration after year-long studies. The commission approach reflects recognition that effective AI regulation requires deep technical expertise that Congress may lack.

Commission membership would be designed to balance different perspectives and interests, with representatives from major technology companies, civil rights organizations, academic institutions, and government agencies. This balanced composition aims to produce recommendations with broad stakeholder buy-in.

The commission approach offers several advantages. It provides time for careful study of complex technical and policy issues, allows for extensive stakeholder input and expert analysis, and creates political cover for legislators who can point to expert recommendations when supporting potentially controversial regulations.

However, critics argue the commission approach is primarily a delay tactic that allows legislators to appear responsive to AI concerns while avoiding difficult decisions. Previous technology policy commissions have sometimes produced reports that gather dust on shelves rather than driving concrete policy changes.

The bill was introduced in June 2023 and referred to committee, where it has seen no further action, highlighting legislative inertia on comprehensive reform efforts.

The Political Economy of AI Legislation

The legislative landscape reveals fundamental tensions within Congress that reflect broader American attitudes toward technology regulation. There are impulses to act decisively on narrow, popular issues where harms are clear and “villains” easily identifiable, as seen with the TAKE IT DOWN Act. Simultaneously, there are strong tendencies to defer action on complex, comprehensive questions by proposing commissions, studies, and high-level frameworks.

This pattern reflects several political realities. First, legislators face electoral incentives to demonstrate responsiveness to constituent concerns, which is easier with specific, well-defined problems than abstract governance challenges. Second, comprehensive AI regulation involves complex technical issues where legislators may lack expertise and confidence. Third, major technology regulation affects powerful economic interests that can mobilize significant political resources to influence outcomes.

The influence of lobbying and campaign contributions shapes legislative approaches to AI regulation. Technology companies have dramatically increased their Washington presence and political spending, hiring former government officials and investing millions in lobbying efforts. This influence may contribute to preferences for voluntary standards and industry self-regulation over mandatory requirements.

However, growing public concern about AI risks and increasing media attention to AI-related harms create counterpressures for regulatory action. High-profile incidents of AI bias, privacy violations, or safety failures can create political momentum for legislation that overcomes industry resistance.

The pattern suggests that while legislators can rally around punishing specific technology misuses, they lack consensus and political will to establish broad, forward-looking rules affecting major economic interests and requiring difficult innovation-safety trade-offs.

As a result, the most probable path for federal AI law in the near term is continuation of reactive, “whack-a-mole” approaches, with Congress passing targeted bills to address specific harms as they become politically undeniable, while comprehensive federal frameworks remain elusive goals.

Federal Agencies on the Front Lines

With Congress largely deadlocked on comprehensive legislation, real day-to-day AI governance work falls to federal agencies. Armed with decades-old legal mandates, these agencies adapt existing authorities to novel AI challenges, creating de facto regulatory frameworks through enforcement actions, voluntary standards, and expert guidance.

This agency-driven approach to AI governance reflects both the strengths and limitations of American administrative law. Federal agencies possess technical expertise, operational flexibility, and enforcement capabilities that enable rapid responses to emerging technological challenges. However, they also operate under legal authorities designed for different technological eras, creating questions about the scope and legitimacy of their actions.

The result is a complex, evolving regulatory landscape where AI governance emerges through interactions between different agencies, each bringing distinct perspectives and legal authorities to bear on various aspects of AI development and deployment.

NIST’s Risk Management Foundation

At the heart of U.S. government responsible AI approaches is the AI Risk Management Framework developed by the National Institute of Standards and Technology. Called for by the National Artificial Intelligence Initiative Act of 2020, the framework represents a collaborative effort to establish common standards for AI governance that can be adopted voluntarily by organizations across sectors.

NIST’s role reflects a distinctive American approach to technology standards development. Rather than imposing mandatory requirements, NIST develops voluntary guidelines that often become de facto industry standards through market adoption and regulatory reference. This approach leverages private sector expertise while providing government leadership on critical technical issues.

The AI Risk Management Framework is a comprehensive guide helping organizations manage AI risks throughout technology lifecycles from initial design through deployment, monitoring, and retirement. The framework’s development involved extensive consultation with hundreds of organizations from industry, academia, civil society, and government, ensuring broad stakeholder input and buy-in.

The framework structures around four core functions providing practical, repeatable AI governance processes:

Govern: Establishing risk management cultures and clear organizational responsibility lines. This includes developing AI governance policies, assigning accountability for AI decisions, ensuring adequate resources for risk management, and creating mechanisms for ongoing oversight and review.

Map: Identifying contexts and potential risks associated with specific AI systems. This involves understanding the intended use cases, potential impacts on different stakeholder groups, technical limitations and failure modes, and broader social and ethical implications.

Measure: Using qualitative and quantitative tools to analyze, assess, and monitor AI risks. This includes developing metrics for system performance and fairness, conducting regular assessments of risk levels, and establishing monitoring systems to detect emerging problems.

Manage: Allocating resources to mitigate identified risks and deciding response approaches. This involves implementing technical and procedural safeguards, developing incident response procedures, and continuously improving risk management practices based on experience and changing circumstances.

Each function includes detailed subcategories providing specific guidance for implementation. For example, the “Measure” function includes subcategories for evaluating AI system performance, assessing fairness and bias, and monitoring ongoing risks after deployment.

Though voluntary, the AI Risk Management Framework has become a gold standard for AI governance domestically and internationally. Its development was highly collaborative, involving hundreds of private sector, academic, and civil society organizations, lending significant credibility. It provides common vocabularies and best practice sets shaping responsible AI development norms far beyond government confines.

The framework’s influence extends through several channels. Government agencies reference it in their own AI policies and procurement requirements, creating incentives for contractors to adopt its approaches. Industry associations and professional organizations promote framework adoption among their members. International organizations use it as a model for their own AI governance initiatives.

NIST also provides practical resources to support framework implementation, including the AI RMF Playbook offering concrete suggestions for applying framework principles in specific contexts, sector-specific guidance documents addressing unique challenges in different industries, and training materials helping organizations build internal AI governance capabilities.

FTC as Enforcement Watchdog

The Federal Trade Commission has emerged as key AI enforcement, aggressively applying long-standing authority to police “unfair or deceptive business practices” to digital realms. Agency leadership repeatedly affirms there is no AI exemption from laws on the books, sending clear messages that AI-driven harms will meet legal action.

The FTC’s approach reflects a broader strategy of applying existing consumer protection laws to new technologies rather than waiting for new legislation. This approach allows for immediate action against harmful practices while building a body of precedents that clarify how traditional legal principles apply to AI systems.

FTC enforcement focuses on several key areas that reflect the agency’s traditional consumer protection mission adapted to AI-specific challenges:

Deceptive AI-Washing: The agency has filed lawsuits against businesses making false or unsubstantiated claims about their AI capabilities. For example, actions against companies like FBA Machine and Ascend Ecom for claiming their AI-powered software could help consumers generate significant passive income through online storefronts without adequate evidence to support such claims.

These cases establish important precedents about truthful advertising in AI contexts. Companies cannot simply add “AI-powered” to their marketing materials without being able to substantiate specific claims about AI system capabilities and benefits.

False Capability Claims: High-profile cases include FTC action against DoNotPay for deceptively marketing services as “the world’s first robot lawyer,” alleging products failed to live up to ambitious claims and couldn’t effectively substitute for human attorney expertise in legal matters.

This enforcement area addresses growing concerns about AI systems being marketed with capabilities they don’t actually possess, potentially causing harm when consumers rely on inadequate AI services for important decisions.

Algorithmic Bias and Fairness: The FTC has targeted companies for unsubstantiated claims about AI system fairness, reaching settlements with companies like IntelliVision Technologies over allegations of falsely advertising facial recognition software as free of gender or racial bias without adequate testing to support such claims.

These actions establish that companies cannot simply assert their AI systems are fair or unbiased without empirical evidence. Claims about algorithmic fairness must be substantiated through appropriate testing and validation procedures.

In September 2024, the FTC launched “Operation AI Comply,” a coordinated law enforcement sweep targeting companies using AI to “supercharge deceptive or unfair conduct.” This operation represented a systematic effort to identify and prosecute AI-related violations across multiple industry sectors.

The FTC coordinates with other agencies through joint statements and enforcement actions. Partnerships with the Department of Justice, Consumer Financial Protection Bureau, and Equal Employment Opportunity Commission create comprehensive approaches to AI-related consumer protection that leverage each agency’s unique authorities and expertise.

The FTC’s enforcement strategy extends beyond individual cases to broader policy development. The agency issues guidance documents, holds workshops, and conducts studies that help establish best practices for AI development and deployment. This educational approach complements enforcement actions by helping companies understand their obligations before violations occur.

DOJ’s Civil Rights Mission

The Department of Justice’s Civil Rights Division ensures long-standing civil rights protections aren’t eroded by new technology deployment. The division actively applies foundational anti-discrimination laws to AI and algorithm cases, focusing on areas where automated decisions can have life-altering individual consequences.

DOJ’s approach reflects recognition that AI systems can perpetuate and amplify existing forms of discrimination while creating new forms of bias that traditional civil rights enforcement must address. The challenge lies in applying legal frameworks developed for human decision-making to algorithmic systems that may discriminate in subtle or complex ways.

Key DOJ enforcement and guidance areas include:

Housing Discrimination: The DOJ asserts Fair Housing Act application to algorithm-based tenant screening services, arguing automated systems can’t shield discriminatory practices. The department views algorithmic screening as subject to the same anti-discrimination requirements as human decision-making, regardless of whether bias is intentional or results from biased training data.

The department reached landmark settlements with Meta over advertising delivery algorithms that enabled advertisers to unlawfully exclude racial and ethnic groups from seeing housing advertisements. These cases established that platforms can be held liable for discriminatory effects of their algorithms, even when discrimination is not explicitly programmed into systems.

Employment Discrimination: The DOJ issued comprehensive technical guidance explaining Americans with Disabilities Act application to AI hiring use, warning that automated tools can unlawfully screen out qualified candidates with disabilities through biased design or implementation.

The guidance addresses specific challenges AI systems create for disability rights, such as algorithms that interpret differences in speech patterns or response times as indicators of reduced capability rather than disability accommodation needs.

The department has settled cases with major companies including Microsoft and Ascension Health Alliance over employment eligibility verification software programmed to discriminate against non-U.S. citizens by requiring different types of documentation based on citizenship status.

Voting Rights Protection: The department intervened in cases involving AI-generated deepfake robocalls designed to intimidate or deceive voters, arguing such technology use can violate Voting Rights Act provisions prohibiting voter intimidation and deception.

These cases address emerging threats to democratic processes from AI-generated misinformation and manipulation, establishing precedents for applying traditional voting rights protections to new forms of technological interference.

Criminal Justice Applications: The DOJ has issued guidance on AI use in criminal justice contexts, including risk assessment tools used in bail, sentencing, and parole decisions. The guidance emphasizes that constitutional due process requirements apply regardless of whether decisions are made by humans or algorithms.

The department has investigated cases where AI risk assessment tools appeared to exhibit racial bias, leading to harsher treatment of minority defendants. These investigations establish that criminal justice agencies cannot simply defer to algorithmic recommendations without ensuring their fairness and accuracy.

Beyond external enforcement, the DOJ developed comprehensive internal AI strategies guiding its own technology adoption, emphasizing public trust building and ethical principle adherence. The department’s internal policies serve as models for other agencies and help establish best practices for government AI use.

Commerce Department’s Strategic Role

The Department of Commerce, through its Bureau of Industry and Security, wields one of the most powerful AI regulatory tools: export controls that govern the flow of critical AI technologies across international borders. These controls operate at the intersection of technology policy, national security, and foreign relations.

Recognizing that advanced AI development depends critically on access to high-performance semiconductor chips, the Bureau implemented stringent worldwide licensing regimes controlling critical component flows and AI model weights they create. These export controls represent direct instruments of U.S. national security and foreign policy.

The export control system creates tiered global access reflecting geopolitical relationships and security concerns:

Trusted Partners: Close U.S. allies including NATO members, Japan, South Korea, and Australia face minimal restrictions on AI technology access, allowing continued cooperation on AI research and development while maintaining security partnerships.

Neutral Countries: Many countries face moderate restrictions requiring licenses for advanced AI technologies but with generally favorable approval prospects, balancing security concerns with commercial relationships.

Countries of Concern: China, Russia, and other nations deemed security threats face “presumption of denial” for license applications, effectively cutting off access to advanced AI technologies except in narrow circumstances.

The system operates through several mechanisms:

Semiconductor Export Controls: Restrictions on high-performance computing chips essential for AI model training prevent adversaries from accessing computational resources needed for advanced AI development.

Software and Model Weight Controls: Restrictions on AI software, algorithms, and trained model parameters prevent adversaries from accessing the intellectual property embedded in advanced AI systems.

Technical Data Restrictions: Controls on technical information and research results prevent knowledge transfer that could accelerate adversary AI development capabilities.

The Trump administration rescinded the Biden-era “AI Diffusion Rule” in May 2025, signaling desires for more industry-friendly stances promoting exports to trusted partners while maintaining hard lines against adversaries. This change reflects different philosophies about AI’s role in foreign policy and the balance between commercial interests and security concerns.

The effectiveness of export controls depends partly on international cooperation. U.S. controls have greater impact when allied nations implement similar restrictions, preventing adversaries from accessing controlled technologies through third countries. However, unilateral controls may be less effective and could harm U.S. commercial interests if other nations don’t participate.

Additional Agency Roles

Beyond these major players, numerous other federal agencies contribute to AI governance within their specific jurisdictions:

Food and Drug Administration: Regulates AI applications in medical devices, pharmaceuticals, and food safety, requiring clinical trials and safety demonstrations for AI systems used in healthcare contexts.

Federal Aviation Administration: Oversees AI use in aviation systems, including autonomous aircraft and air traffic control applications, with stringent safety requirements reflecting aviation’s safety culture.

Securities and Exchange Commission: Examines AI use in financial markets, addressing concerns about algorithmic trading, robo-advisors, and AI-driven market manipulation.

Federal Communications Commission: Regulates AI applications in telecommunications and broadcasting, including robocalls, spectrum management, and accessibility requirements.

Equal Employment Opportunity Commission: Enforces employment discrimination laws in AI contexts, issuing guidance on algorithmic hiring and workplace monitoring systems.

Federal agencies’ collective actions—NIST setting voluntary standards, FTC and DOJ enforcing existing laws, Commerce controlling key technologies, and sector-specific agencies addressing specialized applications—constitute the de facto U.S. AI regulation strategy.

In comprehensive congressional mandate absence, this approach offers flexibility and enables rapid emerging harm responses. Agencies can adapt their enforcement strategies as new AI applications and risks emerge, without waiting for lengthy legislative processes.

However, the approach is inherently reactive and can create business uncertainty. Companies must navigate complex agency interpretation and court precedent webs rather than clear prospective rulebooks. Different agencies may have conflicting priorities or interpretations, creating compliance challenges for companies operating across multiple sectors.

The “regulation by enforcement” approach means American AI law contours are drawn not in legislative chambers but in courtrooms and agency settlement agreements, shaped by current administration priorities and legal interpretations rather than democratic deliberation and consensus-building.

States as Policy Laboratories

In federal legislative gridlock vacuums, state capitols have become primary AI policymaking arenas. Acting as “laboratories of democracy,” states actively experiment with wide-ranging regulatory approaches, creating complex and fragmented legal maps shaping AI governance futures from the ground up.

State-level AI policymaking reflects both the strengths and challenges of American federalism. States can move more quickly than the federal government, adapting to local needs and preferences while testing innovative approaches that may inform national policy. However, the resulting patchwork of different rules creates compliance challenges for businesses and may lead to regulatory races to the bottom or top depending on competitive dynamics.

Explosive Growth in State Legislation

State-level AI legislation surges have been dramatic and accelerating. In the first half of 2025 alone, lawmakers in 47 states introduced more than 260 AI-related bills, with dozens signed into law. This represents a massive increase from just a few years earlier when AI legislation was rare at the state level.

The legislative boom directly results from federal inaction and growing state policymaker recognition that AI issues are too urgent to wait for Washington action. State legislators face constituent concerns about AI impacts on employment, privacy, and fairness, creating political pressures for responsive action even in the absence of federal leadership.

State AI legislation covers remarkably diverse topics reflecting the technology’s broad applications and impacts:

Consumer Protection: Laws requiring disclosure when consumers interact with AI systems, mandating accuracy standards for AI-driven decisions, and creating liability for AI-related harms.

Employment Rights: Regulations governing AI use in hiring, performance evaluation, and workplace monitoring, often requiring human oversight and providing appeal rights for adverse decisions.

Privacy Protection: Requirements for consent, data minimization, and security when AI systems process personal information, often building on existing state privacy frameworks.

Bias Prevention: Mandates for algorithmic auditing, impact assessments, and fairness testing, particularly for AI systems used in high-stakes decisions like housing, credit, and criminal justice.

Election Security: Restrictions on deepfakes and AI-generated content in political advertising, requirements for disclosure of AI use in campaigns, and protections against AI-driven voter deception.

This activity surge creates classic American federalism examples: diverse and sometimes conflicting law “patchworks.” For nationwide-operating companies, this creates significant compliance challenges navigating different data privacy, transparency, and algorithmic bias rules in each state.

The complexity fueled contentious federal preemption debates. Technology industry groups advocate for federal legislation that would override state laws, arguing that inconsistent state requirements make nationwide business operations impractical and stifle innovation.

Attempts to include 10-year state AI law moratoriums in federal budget bills were narrowly defeated in the Senate, but pushes for single national standards receive strong tech industry and Washington ally support to avoid complex regulatory environments.

Civil rights groups like the ACLU strongly advocate against preemption, arguing it would stifle important state-level protections and prevent states from addressing problems the federal government ignores. They view state legislation as necessary safeguards that protect citizens when federal action is inadequate or absent.

Leading State Approaches

State approaches vary widely in scope, ambition, and regulatory philosophy. Some opted for comprehensive, overarching legislation attempting to create complete AI governance frameworks, while others pursued targeted, issue-specific strategies addressing particular problems or applications.

California’s Sectoral Strategy: California, home to many of the world’s largest technology companies, initially pursued comprehensive AI regulation but shifted to more targeted approaches after facing industry resistance and gubernatorial vetoes.

The state has enacted a series of narrower laws addressing specific concerns:

• Assembly Bill 2273 requires companies to provide clear disclosures when AI systems are used to make decisions affecting consumers
• Senate Bill 1001 mandates warnings when AI-generated content could mislead viewers about its authenticity
• Assembly Bill 2602 protects performer rights by requiring consent before creating AI-generated replicas of their voices or likenesses
• Various privacy laws extend existing California privacy protections to AI applications

California’s approach reflects the complex political dynamics in a state that is both a technology innovation center and a location with strong privacy and consumer protection advocacy. The sectoral strategy allows for progress on specific issues while avoiding comprehensive battles that might be difficult to win.

Colorado’s Comprehensive Framework: Colorado emerged as a leader in comprehensive AI regulation, passing the Colorado AI Act in 2024. This landmark law creates wide-ranging regimes for “high-risk” AI systems, defined as those that make or significantly impact consequential decisions affecting individuals in areas like employment, housing, education, healthcare, financial services, and legal proceedings.

The law imposes detailed requirements on both developers and users of high-risk AI systems:

• Developers must conduct algorithmic impact assessments identifying potential risks and bias
• Users must implement risk management programs and provide transparency about AI system use
• Both developers and users must enable appeals processes for individuals affected by AI decisions
• Regular auditing and reporting requirements ensure ongoing compliance

Colorado’s approach represents the most ambitious state-level AI regulation in the United States, creating a comprehensive framework similar in scope to the European Union’s AI Act but adapted to American legal and regulatory traditions.

The law’s implementation faces significant challenges, including defining exactly which systems qualify as “high-risk,” developing practical standards for compliance, and creating enforcement mechanisms that are effective without being overly burdensome.

Texas’s Volume Approach: Texas has distinguished itself by passing the highest number of AI-related laws overall, though these tend to be narrower in scope than Colorado’s comprehensive approach.

Texas laws cover diverse areas including:

• Government transparency requirements for AI use by state agencies
• Consumer protection measures for AI-driven financial services
• Privacy protections for AI processing of personal data
• Educational policies governing AI use in schools and universities
• Criminal justice restrictions on AI use in certain contexts

The Texas approach reflects a preference for addressing specific problems as they arise rather than creating comprehensive regulatory frameworks. This strategy may be more politically feasible but could result in gaps or inconsistencies in coverage.

Common Legislative Themes

Across diverse state approaches, several common themes have emerged as top priorities for state legislators, reflecting widespread public concerns about AI’s potential negative impacts:

Nonconsensual Intimate Imagery: Combating AI-generated “deepfake” pornography has been a leading concern, with 53 related bills introduced in 2025. These laws typically require platforms to provide takedown mechanisms, impose criminal penalties for creation and distribution, and create civil liability for victims.

The focus on deepfake pornography reflects both the clear harm it causes to victims and the broad public consensus that such content should be prohibited. These laws often pass with strong bipartisan support because they address obvious wrongs without creating significant opposition from legitimate business interests.

Election Integrity: This hot-button issue saw 33 bills in 2025 focused on requiring disclosure of AI use in political advertising and banning deceptive deepfake use targeting candidates. These laws attempt to preserve democratic processes by ensuring voters have accurate information about political communications.

Election integrity legislation faces more political challenges than deepfake pornography laws because it intersects with partisan concerns about election administration and free speech rights. However, concerns about AI’s potential to disrupt democratic processes have created bipartisan support for some protective measures.

Generative AI Transparency: Significant numbers of bills aim to ensure consumers are clearly informed when interacting with AI chatbots rather than humans. These transparency requirements reflect consumer protection principles that people should know when they’re dealing with automated systems.

Transparency laws are generally less controversial than other AI regulations because they don’t restrict AI use but simply require disclosure. However, implementation challenges include defining exactly when disclosure is required and what form it should take.

Government AI Use: Many states established clear rules and oversight for their own agency AI system procurement and deployment. These laws often mirror federal approaches by requiring impact assessments, human oversight, and public reporting for government AI applications.

Government AI use laws tend to be less controversial because they regulate state agencies rather than private companies. They also serve important democratic accountability functions by ensuring public awareness of how taxpayer-funded AI systems operate.

Employment Protection: Large volumes of legislation address AI use in hiring decisions, performance evaluations, and workplace monitoring. These laws typically require human oversight, provide appeal rights for adverse decisions, and mandate disclosure of AI use in employment contexts.

Employment AI laws reflect worker concerns about fairness and job security in an era of increasing workplace automation. They often receive support from labor unions and worker advocacy groups while facing opposition from business organizations concerned about compliance costs.

Healthcare Applications: Numerous bills address AI use in medical diagnosis, treatment recommendations, and insurance coverage determinations. These laws often require physician oversight, patient consent, and transparency about AI’s role in medical decisions.

Healthcare AI laws reflect the high stakes of medical decision-making and the importance of maintaining physician-patient relationships. They attempt to ensure that AI augments rather than replaces human medical judgment.

Enforcement and Implementation Challenges

State AI laws face significant enforcement and implementation challenges that may limit their effectiveness:

Technical Complexity: Many state legislators and enforcement officials lack the technical expertise needed to understand AI systems and evaluate compliance with regulatory requirements. This knowledge gap may lead to ineffective implementation or enforcement.

Resource Constraints: State agencies often lack the resources needed for effective AI regulation oversight. Unlike federal agencies with specialized technical staff, state agencies may struggle to develop the expertise needed for AI governance.

Jurisdictional Limitations: AI systems often operate across state lines, making it difficult for individual states to regulate them effectively. A company based in one state may serve customers in many others, creating questions about which state’s laws apply.

Industry Resistance: Technology companies have significant resources to challenge state laws through litigation, lobbying, and regulatory compliance strategies. They may be able to delay or weaken enforcement of state AI requirements.

Definitional Challenges: Many state laws use terms like “artificial intelligence,” “algorithmic decision-making,” or “automated systems” without precise definitions. This ambiguity creates uncertainty about which technologies and applications are covered.

National Impact of State Innovation

Despite implementation challenges, state-level activity has profound impacts extending far beyond state borders. While law patchworks are complex, influential legislation from large, economically significant states like California and Colorado effectively sets nationwide AI regulation baselines.

This “California Effect” or “Delaware Effect” occurs because it’s often operationally and financially impractical for national technology companies to develop different product or policy versions for each state. Consequently, they frequently adopt strictest state regulation standards across all U.S. operations to ensure compliance—phenomena previously observed with data privacy laws like the California Consumer Privacy Act and automotive emissions standards.

When Colorado’s AI Act requires high-risk system developers to build in anti-discrimination measures, those features are likely incorporated into core products sold nationwide, not just within Colorado borders. When California requires AI disclosure labels, companies often apply similar labeling across all their services rather than creating state-specific versions.

This dynamic means that de facto national standards for certain AI practices emerge from bottom up, driven by state legislature actions rather than federal legislation. The most stringent state requirements effectively become national requirements through market mechanisms rather than legal mandates.

This creates both opportunities and risks for AI governance. Opportunities include allowing innovative states to test regulatory approaches that may prove effective and worthy of national adoption. States can move faster than the federal government and adapt to local preferences and needs.

Risks include creating compliance complexity that may favor large companies over smaller competitors, potentially inconsistent requirements that create inefficiencies, and regulatory approaches that may not be optimal for national markets or international competitiveness.

The dynamic puts increasing pressure on Congress to act—either codifying emerging state standards into unified federal laws that provide clarity and consistency, or explicitly preempting state laws with different, potentially weaker national frameworks that prioritize other values like innovation or competitiveness.

The International Context

American AI regulation debates unfold against a backdrop of global regulatory activity that both influences domestic policy and is influenced by American approaches. The international context creates competitive pressures, provides models for potential regulation, and shapes the strategic environment in which U.S. AI governance decisions are made.

The EU AI Act as Global Benchmark

The European Union’s AI Act represents the world’s most comprehensive AI regulation and is poised to have significant global influence through both direct application to American companies and indirect influence on regulatory approaches worldwide.

The EU AI Act establishes a comprehensive, horizontal regulatory framework applying across all economy sectors. Its core is a risk-based approach categorizing AI systems into four tiers based on their potential for harm:

Prohibited AI Practices: Systems posing unacceptable risks are banned outright, including government-run social scoring systems, real-time biometric identification in public spaces (with limited exceptions), and AI systems that use subliminal or deceptive techniques to manipulate behavior in ways that cause harm.

High-Risk AI Systems: Applications in critical areas like medical devices, transportation safety, hiring decisions, credit scoring, and law enforcement are permitted but subject to strict requirements including risk management systems, high-quality training data, detailed documentation, human oversight provisions, and conformity assessments before market placement.

Limited Risk Systems: Applications like chatbots face lighter transparency obligations, primarily requirements to inform users they’re interacting with AI systems rather than humans.

Minimal Risk Systems: The vast majority of AI applications fall into this category and face no specific new requirements under the Act.

The EU approach contrasts sharply with current U.S. approaches, which are largely sector-specific and rely on various agencies enforcing existing legal authorities. The EU created detailed, prospective rulebooks for entire markets, while the U.S. builds AI law bodies through post-hoc enforcement actions and voluntary standards.

The EU’s comprehensive approach is expected to have significant “Brussels Effects,” where multinational companies adopt European standards globally to streamline operations, influencing AI development practices far beyond European borders. American companies serving European markets must comply with EU requirements, potentially leading them to adopt similar standards for their U.S. operations.

Chinese AI Governance

China has developed its own distinctive approach to AI governance that emphasizes state control, algorithmic transparency for government oversight, and alignment with social stability objectives. Chinese regulations include requirements for algorithmic recommendation services to be transparent to government regulators, restrictions on AI applications that might undermine social stability, and mandates for AI systems to reflect “socialist core values.”

The Chinese approach creates competitive dynamics with U.S. policy. American policymakers worry that excessive AI regulation might handicap U.S. companies in competition with Chinese firms operating under different regulatory frameworks. Conversely, some argue that responsible AI governance could become a competitive advantage if it leads to more trustworthy and reliable AI systems.

Chinese AI governance also raises national security concerns that influence U.S. policy. Export controls and investment restrictions aim to prevent China from accessing advanced AI technologies that could enhance its military capabilities or surveillance systems.

Other International Approaches

Other major economies are developing their own AI governance frameworks:

United Kingdom: Emphasizes principles-based regulation and industry self-regulation, with existing sector regulators adapting their approaches to address AI within their domains.

Canada: Developing comprehensive AI legislation (the Artificial Intelligence and Data Act) that would create rights and obligations for AI system development and deployment.

Japan: Focuses on voluntary guidelines and industry cooperation, emphasizing innovation and competitiveness while addressing safety and ethical concerns.

South Korea: Developing comprehensive AI governance frameworks while investing heavily in AI development and deployment.

These different approaches create both opportunities and challenges for American AI governance. Opportunities include learning from international experiences and best practices, coordinating with allies on shared challenges and values, and developing interoperable standards that facilitate international trade and cooperation.

Challenges include potential regulatory fragmentation that creates compliance complexity for global companies, competitive pressures from countries with more or less restrictive approaches, and difficulties coordinating policies across different legal and political systems.

The Great Regulatory Debate

Activity flurries in the White House, Congress, state capitols, and international forums reflect deeper society-wide debates over fundamental questions about AI governance. This debate shapes competing values, divergent stakeholder interests, and fundamentally different future visions, pitting urgent innovation needs against equally urgent protection needs.

The debate is complicated by AI’s unique characteristics as a “general purpose technology” that affects virtually every sector of the economy and society. Unlike previous regulatory challenges that focused on specific industries or applications, AI governance requires consideration of impacts across domains and stakeholder groups.

The Core Innovation vs. Protection Dilemma

At AI policy debate hearts lie classic regulatory dilemmas: striking right balances between fostering technological advancement and ensuring public safety, ethical use, and accountability. However, AI’s unique characteristics make these trade-offs particularly complex and consequential.

The Case for Regulation: Clear AI rule proponents argue they’re essential for several key reasons that reflect both traditional regulatory concerns and new challenges posed by AI’s unique characteristics:

Safety and Risk Mitigation: AI systems deploy in high-stakes domains where failures have severe consequences, from biased loan applications and wrongful arrests to potential catastrophic failures in autonomous vehicles or medical diagnosis systems. The scale and speed of AI deployment mean that safety problems can affect millions of people before they’re detected and corrected.

Unlike traditional technologies where safety risks are often localized and gradual, AI systems can fail in ways that are systematic, sudden, and difficult to predict or control. Traditional safety regulations may be inadequate for technologies that can behave unpredictably and affect large populations simultaneously.

Ethical Considerations and Civil Rights: AI models trained on historical data can inherit and amplify societal biases, leading to discrimination against protected groups in employment, housing, credit, and criminal justice. The mathematical nature of these systems can make discrimination appear objective and neutral while actually perpetuating unfair treatment.

AI systems can also create new forms of discrimination that don’t fit traditional categories, such as discrimination based on digital behaviors or consumption patterns that correlate with protected characteristics. Traditional civil rights enforcement may be inadequate for addressing these novel forms of bias.

Transparency and Public Trust: Many AI systems operate as “black boxes” where even their creators don’t fully understand how they reach specific decisions. This opacity can undermine democratic accountability and public trust, particularly when AI systems are used by government agencies or in domains affecting fundamental rights.

The complexity and scale of modern AI systems make traditional approaches to transparency and explainability inadequate. New regulatory frameworks may be needed to ensure adequate understanding and oversight of AI decision-making processes.

Accountability and Legal Clarity: When AI systems cause harm, traditional legal concepts of responsibility and liability may be inadequate. Complex supply chains involving data providers, model developers, system integrators, and end users can make it difficult to assign responsibility for AI-related harms.

Current liability frameworks may create incentives for companies to disclaim responsibility for AI system outcomes while claiming credit for their benefits. Clear regulatory frameworks could establish appropriate accountability mechanisms that ensure victims have recourse when AI systems cause harm.

Market Concentration and Competition: The enormous computational resources and data requirements for advanced AI development may lead to excessive concentration of AI capabilities in a few large companies. Without appropriate regulation, this concentration could stifle innovation and create monopolistic market structures.

Regulatory frameworks could help preserve competition by ensuring smaller companies have access to necessary resources and preventing dominant companies from using their AI capabilities to unfairly advantage themselves in other markets.

The Case for Lighter Regulatory Touch: Those advocating more cautious, hands-off regulation approaches raise several significant counterarguments that reflect both traditional concerns about regulatory overreach and specific challenges posed by AI’s rapid development:

Innovation and Competition Concerns: The United States faces fierce global competition, particularly with China, for AI leadership. Overly stringent or premature regulations could slow research and experimentation, ceding critical technological and economic advantages to rivals with more permissive regulatory environments.

AI development is characterized by rapid experimentation and iteration that could be stifled by regulatory requirements designed for slower-moving technologies. The benefits of AI innovation may be so significant that regulatory caution is justified to avoid impeding beneficial developments.

Economic Impact and Regulatory Burden: Complex regulation compliance costs can be substantial, creating high barriers for startups and smaller companies while inadvertently favoring large, well-resourced technology incumbents. This could reduce innovation and competition in AI development while entrenching existing market leaders.

Regulatory requirements designed for large companies may be disproportionately burdensome for smaller companies that drive much innovation in AI. Excessive regulatory compliance costs could channel AI development toward a few large companies with resources to navigate complex regulatory requirements.

The Pacing Problem and Technological Uncertainty: AI development pace is exponential while legislative processes are slow and deliberate. This creates significant risks that specific enacted laws will be obsolete by implementation time, making flexible, principles-based approaches more viable than rigid, prescriptive rules.

The rapid pace of AI development also means that regulatory responses based on current technology may be inappropriate for future AI systems. Premature regulation could lock in approaches that become counterproductive as technology evolves.

Technical Complexity and Definitional Challenges: AI encompasses a broad range of technologies and applications that may require different regulatory approaches. Generic AI regulations may be too broad to be effective or too narrow to address emerging applications and techniques.

The technical complexity of AI systems may make effective regulation difficult for policymakers and enforcement officials who lack specialized expertise. Poorly designed regulations based on incomplete understanding could be ineffective or counterproductive.

Open Source and Global Development: Growing AI development portions happen in open-source communities where models and code are developed by decentralized, global contributor networks. Regulating these development models is exceptionally difficult since there are no single corporate entities to hold accountable.

AI development is increasingly global, with research and development happening in many countries simultaneously. Unilateral U.S. regulations may be ineffective if they can be circumvented through development in other jurisdictions.

Sector-Specific vs. Horizontal Regulation

A key debate within AI governance concerns whether regulation should be sector-specific (different rules for AI in healthcare, finance, transportation, etc.) or horizontal (common rules applying across all AI applications regardless of sector).

Sector-Specific Approaches have several advantages:

• They can address unique risks and requirements in different domains
• They build on existing regulatory expertise and frameworks in each sector
• They may be more politically feasible because they work within established regulatory structures
• They can adapt to different risk profiles and stakeholder needs across sectors

However, sector-specific approaches also have limitations:

• They may create regulatory gaps for AI applications that cross sector boundaries
• They can lead to inconsistent requirements that create compliance complexity
• They may not address systemic risks from AI that affect multiple sectors simultaneously
• They could create regulatory arbitrage where companies choose sectors with lighter regulation

Horizontal Approaches offer different advantages:

• They provide consistent standards that reduce compliance complexity
• They can address cross-cutting issues like bias, transparency, and accountability systematically
• They may be more effective for addressing general-purpose AI systems used across multiple domains
• They can provide clearer guidance to developers about universal requirements

But horizontal approaches have their own challenges:

• They may not adequately address sector-specific risks and requirements
• They could impose unnecessary burdens on low-risk applications
• They may be difficult to design effectively given AI’s diverse applications
• They might conflict with existing sector-specific regulatory frameworks

The optimal approach likely involves elements of both horizontal and sector-specific regulation, with horizontal frameworks addressing common issues while sector-specific rules address unique domain requirements.

Risk-Based vs. Technology-Neutral Approaches

Another fundamental debate concerns whether AI regulation should specifically target AI technologies or focus on harmful outcomes regardless of the technology used to create them.

Risk-Based Approaches categorize AI systems based on their potential for harm and apply different requirements based on risk levels. This approach, exemplified by the EU AI Act, focuses regulatory attention on highest-risk applications while minimizing burdens on lower-risk uses.

Advantages of risk-based approaches include:

• They concentrate resources on areas where regulation is most needed
• They avoid unnecessary burdens on beneficial or low-risk AI applications
• They can adapt to new AI technologies by focusing on outcomes rather than specific technical approaches
• They provide clearer guidance about regulatory expectations based on application context

Challenges include:

• Difficulty in categorizing AI systems accurately based on risk levels
• Potential for gaming where companies design around regulatory categories
• Problems addressing systemic risks that emerge from combinations of individually low-risk systems
• Challenges in predicting risks from rapidly evolving AI technologies

Technology-Neutral Approaches focus on harmful outcomes or illegal activities regardless of whether they involve AI. Under this approach, existing laws against discrimination, fraud, or safety violations would apply to AI applications just as they apply to human activities.

Benefits of technology-neutral approaches include:

• They avoid the need for new AI-specific legislation
• They prevent regulatory gaps that emerge when technology evolves faster than regulation
• They provide consistency in legal treatment regardless of technological methods
• They may be easier to implement using existing enforcement mechanisms

Limitations include:

• Traditional legal frameworks may be inadequate for addressing AI-specific risks and characteristics
• They may not address prevention of harm as effectively as technology-specific approaches
• They could result in under-regulation of AI-specific risks or over-regulation of beneficial AI applications
• They might not provide adequate guidance to AI developers about compliance requirements

Stakeholder Perspectives and Interests

The AI governance debate involves multiple stakeholders with different interests, expertise, and perspectives on appropriate regulatory approaches.

Technology Companies represent diverse interests ranging from established technology giants to AI-focused startups. Large companies like Google, Microsoft, and Meta publicly advocate for “responsible AI” and have published extensive ethical principles, but they also have significant commercial interests in maintaining operational flexibility and avoiding costly regulatory compliance requirements.

These companies often favor principles-based regulation, industry self-regulation, and approaches that leverage their technical expertise while avoiding prescriptive requirements that might limit their competitive advantages. They emphasize innovation benefits and warn about regulatory approaches that might harm American competitiveness.

However, there are tensions within the industry. Some companies, particularly those with strong market positions, may actually benefit from regulatory barriers that make it harder for new competitors to enter markets. Companies with different business models (cloud computing vs. consumer applications vs. enterprise software) may have different regulatory preferences.

Civil Society Organizations focus primarily on protecting individuals and communities from AI-related harms. Organizations like the American Civil Liberties Union, Electronic Frontier Foundation, and various civil rights groups emphasize the need for strong protections against discrimination, privacy violations, and other harms.

These organizations often advocate for transparency requirements, algorithmic auditing, individual rights to explanation and appeal, and strong enforcement mechanisms. They tend to be skeptical of industry self-regulation and voluntary approaches, preferring mandatory requirements with government enforcement.

However, civil society organizations also have different priorities and perspectives. Privacy advocates may emphasize data protection, while civil rights groups focus on anti-discrimination measures. Some organizations prioritize free speech concerns while others emphasize safety and security.

Academic Researchers and Think Tanks contribute technical expertise and policy analysis to AI governance debates. They often focus on evidence-based approaches and try to identify effective regulatory mechanisms based on research and international comparisons.

Academic perspectives vary widely based on disciplinary backgrounds, research focus, and institutional affiliations. Computer scientists may emphasize technical feasibility of regulatory requirements, while policy scholars focus on implementation and enforcement challenges. Legal scholars analyze constitutional and regulatory law implications.

Government Officials at various levels bring different perspectives based on their roles and responsibilities. Federal agencies focus on their specific jurisdictions and legal authorities. State and local officials often emphasize constituent concerns and local impacts. Members of Congress balance multiple interests including economic development, consumer protection, and national security.

Government perspectives also vary by political affiliation and ideology, with different views about appropriate government roles in technology regulation, relationships with private industry, and priorities for regulatory action.

The Liability Question: Who Pays When AI Fails?

Beneath public debate surfaces lies perhaps the most fundamental question that will determine AI governance trajectories: who bears responsibility and financial liability when AI systems cause harm?

Current legal frameworks provide inadequate answers to liability questions raised by AI systems. Traditional products liability law assumes manufacturers have control over product design and can predict failure modes. AI systems, particularly those using machine learning, may behave in ways their creators didn’t anticipate or intend.

Traditional negligence law assumes defendants have duties of care that can be defined and evaluated. With AI systems, it may be unclear what constitutes reasonable care in development, deployment, or oversight of systems whose behavior cannot be fully predicted or controlled.

Contract law may limit liability through terms of service and user agreements, but these may not adequately protect third parties affected by AI system failures or provide appropriate incentives for safety and reliability.

The liability question has several dimensions:

Developer Liability: Should companies that create AI models be responsible for harms caused by their use, even in applications they didn’t anticipate or control? Strong developer liability could incentivize safety but might discourage beneficial innovation and research.

User Liability: Should organizations that deploy AI systems bear primary responsibility for their appropriate use and oversight? User liability could encourage responsible deployment but might discourage adoption of beneficial AI applications.

Shared Liability: Should liability be distributed across AI supply chains based on each party’s contributions to risks and harms? Shared liability might provide appropriate incentives but could create complex legal disputes and uncertainty.

Insurance and Compensation Mechanisms: Should AI-related harms be addressed through mandatory insurance, compensation funds, or other mechanisms that ensure victims receive compensation without requiring proof of fault? Such mechanisms could provide victim protection while enabling continued innovation.

The proposed Bipartisan Framework for U.S. AI Act took direct aim at liability issues by suggesting removal of Section 230 immunity for AI companies, which currently shields internet platforms from liability for user-generated content. This change could fundamentally alter incentives for AI development and deployment.

Civil rights groups actively use litigation to establish legal accountability, as seen in ACLU lawsuits against Clearview AI’s facial recognition database. These cases are gradually establishing precedents about AI-related liability, but the process is slow and uncertain.

Technology companies often seek to limit their liability exposure through terms of service, user agreements, and corporate structures that separate AI development from deployment. They argue that excessive liability could discourage beneficial innovation and research.

The liability question resolution will be a powerful driver of AI governance outcomes. Regulatory regimes imposing significant liability on AI developers would compel them to prioritize safety and fairness out of direct financial self-interest, likely proving more effective than specific technical standards or voluntary guidelines.

Conversely, liability frameworks that shield AI developers from responsibility for system failures would encourage faster, more aggressive deployment of AI technologies while shifting costs of failures to users, victims, and society at large.

The allocation of AI-related liability will ultimately determine whether the costs of AI failures are internalized by those who create and profit from AI systems or externalized to those who are harmed by their failures. This allocation will shape incentives for safety, transparency, and accountability throughout the AI development and deployment ecosystem.

Looking Forward: The Path to AI Governance

Washington’s race to regulate AI reflects broader challenges democratic societies face governing rapidly evolving technologies that outpace traditional policymaking processes. The current approach—competing executive orders, fragmented congressional activity, agency enforcement through existing authorities, experimental state legislation, and industry self-regulation—creates regulatory uncertainty while failing to address fundamental governance questions.

The stakes extend beyond policy mechanics to fundamental questions about democracy’s capacity to govern transformative technologies. How America manages AI governance will influence whether the technology becomes a tool for greater opportunity, innovation, and human flourishing or deepens existing inequalities and creates new forms of social harm.

Emerging Trends and Future Scenarios

Several trends appear likely to shape AI governance development over the coming years:

Continued Federal Fragmentation: Without major legislative breakthroughs, AI governance will likely remain divided across agencies using existing authorities adapted to AI challenges. This approach provides flexibility but creates compliance complexity and regulatory gaps that may inadequately address systemic AI risks.

The fragmented approach may evolve toward greater coordination through inter-agency working groups, joint enforcement actions, and shared standards, but fundamental tensions between agencies with different missions and authorities will likely persist.

State Leadership and Innovation: As federal action stalls, more states will likely pass comprehensive AI legislation, creating increasing pressure for either federal preemption or national standard adoption. States with large economies and technology sectors will have disproportionate influence on national AI governance through market mechanisms.

State-level innovation may provide valuable testing grounds for regulatory approaches that could inform eventual federal legislation. However, the resulting patchwork of state laws may also create compliance challenges that ultimately force federal action to provide consistency and clarity.

Industry Self-Regulation and Standards Development: Facing uncertain regulatory environments, technology companies may increasingly adopt industry standards, best practices, and self-regulatory mechanisms to demonstrate responsibility and avoid stricter government oversight.

Industry self-regulation could provide flexible, rapidly adaptive approaches to AI governance that respond to technological changes faster than formal regulations. However, voluntary approaches may be inadequate for addressing risks where commercial incentives don’t align with social interests.

International Coordination and Competition: The EU AI Act’s global influence will likely pressure U.S. policymakers to develop more comprehensive approaches to maintain competitiveness and influence in global AI governance discussions. Competition with China and other nations will continue to shape American AI policy priorities.

International coordination on AI governance may develop through bilateral agreements, multilateral forums, and technical standard-setting organizations. However, differing national priorities and regulatory philosophies may limit the scope of meaningful international cooperation.

Potential Legislative Scenarios

Several scenarios could drive major federal AI legislation:

Crisis-Driven Regulation: A significant AI-related incident causing widespread harm could create political momentum for comprehensive federal legislation, similar to how major financial crises have driven financial regulation or how privacy breaches have influenced data protection laws.

Such incidents could include AI system failures causing physical harm, large-scale discriminatory impacts, or national security breaches involving AI technologies. Crisis-driven regulation often leads to more prescriptive and restrictive approaches than proactive regulatory development.

Competitive Pressure Response: Concerns about falling behind the EU or other jurisdictions in establishing AI governance frameworks could motivate federal action to maintain American influence in global technology governance and ensure American companies aren’t disadvantaged by inconsistent regulatory approaches.

Competitive pressures might favor regulatory approaches that balance innovation promotion with consumer protection, attempting to provide regulatory certainty without imposing excessive burdens on American companies.

Election-Driven Policy Changes: Major electoral shifts could create new political coalitions and priorities that enable comprehensive AI legislation that has been stalled by divided government or competing priorities.

Different electoral outcomes could lead to very different regulatory approaches, from comprehensive consumer protection frameworks to innovation-focused policies that minimize regulatory burdens.

Industry Consolidation Concerns: Growing concentration in AI markets could drive antitrust and competition-focused AI regulation designed to preserve competitive markets and prevent monopolization of critical AI capabilities.

Such regulation might focus on preventing anti-competitive behaviors, ensuring access to essential AI infrastructure, and maintaining diversity in AI development rather than addressing safety or bias concerns directly.

Key Implementation Challenges

Whatever form future AI governance takes, it will face several persistent implementation challenges:

Technical Expertise and Capacity: Effective AI governance requires sophisticated understanding of rapidly evolving technologies that many government officials and regulatory agencies lack. Building this capacity will require significant investments in education, training, and personnel.

Government agencies may need to develop new approaches to acquiring technical expertise, including partnerships with academia, temporary assignments from industry, and specialized hiring authorities for technical personnel.

Enforcement and Compliance Monitoring: AI systems can be complex, distributed, and rapidly changing, making traditional regulatory enforcement approaches potentially inadequate. New approaches to monitoring compliance and detecting violations may be necessary.

Regulatory agencies may need to develop automated monitoring systems, third-party auditing requirements, and whistleblower protections to effectively oversee AI system compliance with regulatory requirements.

International Coordination and Jurisdiction: AI development and deployment increasingly occurs across national boundaries, making unilateral regulatory approaches potentially ineffective. Effective AI governance may require unprecedented levels of international coordination and cooperation.

Regulatory agencies will need to develop mechanisms for cross-border enforcement, mutual recognition of standards, and coordination of investigation and enforcement actions. This may require new international agreements and institutional arrangements.

Balancing Innovation and Protection: Perhaps the most fundamental challenge is striking appropriate balances between promoting beneficial AI innovation and protecting against AI-related harms. Different stakeholders and political constituencies will continue to have different views about where these balances should be struck.

Regulatory frameworks will need to be adaptive and responsive to changing technologies and circumstances while providing sufficient certainty for business planning and investment decisions.

The Role of Democratic Participation

AI governance decisions will ultimately be made through democratic processes, but meaningful democratic participation requires public understanding of AI technologies and their implications. Current levels of public knowledge about AI may be inadequate for informed democratic decision-making about AI governance.

Educational initiatives, public engagement processes, and transparency requirements could help ensure that AI governance decisions reflect democratic values and priorities rather than being driven solely by technical experts or industry interests.

Public participation in AI governance may need new formats and mechanisms that can handle technical complexity while remaining accessible to diverse communities and stakeholders. Traditional public comment processes and legislative hearings may be inadequate for meaningful engagement with AI governance issues.

Economic and Social Implications

The path chosen for AI governance will have profound economic and social implications that extend far beyond the technology sector:

Economic Competitiveness: Regulatory approaches that effectively balance innovation promotion with consumer protection could enhance long-term American economic competitiveness by building trust in AI systems and enabling broader adoption of beneficial applications.

Conversely, regulatory approaches that either stifle innovation through excessive restrictions or fail to address legitimate concerns about AI risks could undermine competitiveness through reduced innovation or diminished public trust.

Social Equity and Inclusion: AI governance decisions will significantly influence whether AI technologies exacerbate or help address existing social inequalities. Regulatory frameworks that effectively address bias and discrimination in AI systems could help promote more equitable outcomes.

However, regulatory approaches that are ineffective at addressing bias or that inadvertently exclude certain communities from AI benefits could worsen existing inequalities.

Democratic Governance and Accountability: How AI systems are governed will influence broader questions about democratic accountability and participation in technological decision-making that affects society.

Effective AI governance could provide models for governing other emerging technologies and strengthen public confidence in democratic institutions’ capacity to address technological challenges. Ineffective AI governance could undermine trust in government and democratic processes more broadly.

The Window for Proactive Governance

The window for proactive, comprehensive AI governance may be narrowing as AI systems become more embedded in critical societal functions and economic interests crystallize around current arrangements. Early intervention may be more effective and less disruptive than reactive responses to AI-related crises.

Proactive governance approaches could shape AI development trajectories toward more beneficial and socially aligned outcomes while reactive approaches may only address harms after they’ve already occurred at scale.

However, proactive governance also requires making decisions under uncertainty about technologies that are rapidly evolving. Premature or misguided regulatory interventions could impede beneficial developments or create unintended consequences.

The challenge is developing governance approaches that are proactive enough to shape beneficial AI development while remaining adaptive enough to evolve with changing technologies and circumstances.

The Stakes for American Democracy

The AI governance challenge ultimately tests democratic institutions’ capacity to govern transformative technologies that evolve faster than traditional policymaking processes. The question isn’t whether AI needs governance—the technology’s power and pervasiveness make some form of oversight inevitable.

The fundamental question is whether democratic institutions can adapt quickly enough to shape AI’s development trajectory rather than merely react to its consequences. The answer will determine not just the future of artificial intelligence, but the future of democracy in the digital age.

Success in AI governance could demonstrate democracy’s continued relevance and effectiveness in addressing complex technological challenges. It could provide models for governing other emerging technologies and strengthen public confidence in democratic institutions’ problem-solving capacity.

Failure could contribute to broader erosion of democratic legitimacy and effectiveness, potentially leading to more authoritarian approaches to technology governance or to ungoverned technological development that serves narrow interests rather than broader social good.

The choices made in AI governance over the next few years will reverberate for decades, influencing not only how AI technologies develop and deploy but also how societies address future technological disruptions and challenges.

Washington’s race to regulate AI is ultimately a race to preserve democratic governance’s relevance in an age of technological disruption. The outcome will shape whether artificial intelligence becomes a tool for enhancing human capabilities and democratic values or a force that undermines both.

The stakes could not be higher, and the window for effective action may be closing faster than policymakers realize. The next phase of AI governance will test whether American democracy can rise to meet one of its greatest challenges—governing transformative technology in the public interest while preserving the innovation and freedom that are essential to democratic society.

Our articles make government information more accessible. Please consult a qualified professional for financial, legal, or health advice specific to your circumstances.