SWITCHED ON
The daily technology series nobody asked for but everyone needed
Who Governs the Machine: The AI Regulation Reckoning
Three major powers. Three completely different approaches. One technology that doesn't care about jurisdictional boundaries. What could possibly go wrong.
Regulating AI is like trying to write a zoning ordinance for a city that is building itself faster than you can type. The rules you finish writing today describe a technology that no longer exists by the time the ink dries.
Yesterday we talked about electric vehicles and the 2035 deadline — what the technology has genuinely achieved, the charging infrastructure gap that home-charging enthusiasts consistently understate, the battery supply chain's uncomfortable dependence on cobalt from the DRC and lithium refined in China, the grid question that has to be solved in parallel, and the political durability of commitments that feel manageable when they are a decade away and considerably less so when they are not. Today we are tackling the topic that underpins this entire series and every technology we have discussed in it. Artificial intelligence regulation: who is trying to govern the most consequential technology of our era, what the major frameworks actually say, where the US, the EU, and China fundamentally disagree, and whether any of it is moving at anything close to the speed required. The short answer is no. The long answer requires the rest of this episode.
Let's establish what we are actually trying to regulate, because the word "AI" covers an enormous range of things and the regulatory conversation frequently suffers from conflating them.
01 — What We Are Actually Trying to Regulate
Artificial intelligence is not a single thing. It is a family of techniques — machine learning, deep learning, large language models, computer vision, reinforcement learning, and others — applied across an extraordinary range of contexts, from the algorithm that recommends what you watch next on a streaming platform to the model that assists in reading medical scans to the frontier systems capable of complex reasoning, coding, and creative work that have become the focus of the most intense regulatory attention.
This breadth creates an immediate regulatory challenge. The risks associated with a recommendation algorithm are different in kind from the risks associated with an autonomous weapons system or a frontier AI model trained on hundreds of billions of parameters. A regulatory framework that treats them the same will either be so restrictive it cripples beneficial applications or so permissive it leaves the most dangerous ones ungoverned. The challenge is calibration — and calibration requires understanding the technology well enough to distinguish between its applications, which most regulatory bodies are still working toward.
The additional complication is pace. AI capabilities have advanced faster over the past five years than most researchers predicted. The GPT-3 to GPT-4 jump in capability was larger than the preceding decade of progress. The systems being deployed now were not anticipated by frameworks drafted two years ago. Any regulation written around the capabilities of current models is, by definition, already partially obsolete by the time it takes effect.
02 — The EU AI Act: The World's First Comprehensive Framework
The European Union's AI Act, which entered into force in August 2024 after years of negotiation, is the world's first comprehensive legal framework for artificial intelligence. It is a genuinely significant piece of legislation and it is already being stress-tested by the pace of AI development in ways that its drafters did not fully anticipate.
The Act takes a risk-based approach, categorising AI systems by the level of risk they pose and imposing requirements proportional to that risk. Unacceptable risk systems — social scoring by governments, real-time biometric surveillance in public spaces, AI that manipulates people through subliminal techniques — are banned outright. High-risk systems — AI used in critical infrastructure, employment decisions, credit scoring, criminal justice, medical devices — face strict requirements around transparency, human oversight, data quality, and accountability. Limited and minimal risk systems face lighter obligations, primarily around transparency.
Frontier AI models — what the Act calls "general purpose AI models" with significant capabilities — face additional obligations including transparency about training data, cooperation with regulators, and, for the most powerful models, systemic risk assessments. This was added late in the negotiation process, after ChatGPT's release made it obvious that the original draft had not adequately accounted for large language models.
The EU AI Act is the most serious attempt by any jurisdiction to create comprehensive AI governance. It is also a document negotiated over several years to govern a technology that changed dramatically during the negotiation, and it shows.
The enforcement challenge is significant. The Act relies on national market surveillance authorities in each member state, with coordination through a newly established AI Office in Brussels. These authorities do not yet exist in adequate form in most member states. The technical expertise required to audit complex AI systems is scarce. The fines — up to 35 million euros or seven percent of global turnover for the most serious violations — are substantial, but meaningful enforcement requires the institutional capacity to identify violations, which is a harder problem than writing the rules.
03 — The US Approach: Executive Orders and Voluntary Commitments
The United States has taken a characteristically different approach — less prescriptive regulation, more reliance on existing legal frameworks, executive action, and voluntary commitments from industry. The Biden administration's Executive Order on AI, issued in October 2023, was the most significant federal AI policy action to that point. It required developers of frontier AI models to share safety test results with the government before deployment, directed federal agencies to develop AI use policies, and established standards for AI safety and security through the National Institute of Standards and Technology.
The Trump administration, returning to office in January 2025, revoked that executive order on its first day. The replacement approach prioritised AI development and competitiveness over precautionary governance, explicitly framing heavy regulation as a threat to American AI leadership. The NIST AI Risk Management Framework — a voluntary guidance document rather than binding regulation — remains in place and is widely used by industry, but voluntary frameworks govern behaviour only to the extent that companies choose to follow them.
Congressional attempts to pass comprehensive AI legislation have stalled repeatedly. The US legislative process is slow, the technology moves fast, and the lobbying investment by major AI companies in Washington is substantial. What exists instead is a patchwork: sector-specific guidance from financial regulators, the FTC, and healthcare agencies; state-level legislation in California and a handful of other states; and the voluntary commitments that major AI companies have made to the White House, which are meaningful signals of intent and unenforceable in law.
04 — China: Regulation as Control
China's approach to AI regulation is the one most rarely examined in Western coverage, which is an oversight given that China is the second-largest AI market and an increasingly capable AI developer. It is also an approach that illuminates a different set of priorities from either the EU or the US.
China has passed a series of targeted AI regulations covering specific applications: rules on algorithmic recommendation systems, rules on deep synthesis technology (deepfakes and synthetic media), and rules on generative AI services. These regulations are notable for what they emphasise — content must not undermine state authority, must not spread false information, must not threaten national security, and must align with "socialist core values." The regulatory focus is less on safety in the technical AI safety sense and more on content control and maintaining political stability.
Chinese AI companies operate under a dual requirement: comply with government content requirements, which are extensive and enforced, while competing globally in capabilities. The result is a regulatory environment that is in some ways more restrictive than the West — content moderation requirements are stringent — and in others considerably less so. There is no Chinese equivalent of the EU's prohibition on social scoring by government, for the obvious reason that social scoring by government is a feature, not a bug, of the Chinese approach to AI governance.
05 — The Fundamental Problem Nobody Has Solved
AI regulation faces a structural problem that distinguishes it from most previous technology regulation: the technology being regulated is borderless, the companies developing it are concentrated in a small number of jurisdictions, and the regulatory frameworks of different jurisdictions are sufficiently different that regulatory arbitrage — developing in permissive jurisdictions, deploying globally — is a real and available option.
A pharmaceutical company cannot sell a drug that fails EU safety standards in EU markets regardless of where it was developed. An AI system developed in a jurisdiction with minimal safety requirements can be accessed from anywhere in the world via a web browser. The enforcement mechanisms that work for physical products do not translate directly to software services, and the international coordination required to close the gap does not yet exist in any meaningful form.
The deeper question — the one that the regulation debate tends to orbit without landing on — is what we are actually trying to prevent. Near-term harms from current AI systems: bias in hiring algorithms, misinformation at scale, fraud, privacy violations. These are real, documentable, and addressable with existing regulatory tools applied with adequate expertise. Medium-term risks from increasingly capable systems: labour displacement at scale, concentration of AI capabilities in a small number of actors, erosion of human oversight in critical decisions. These require forward-looking frameworks that most current regulation does not yet provide. Long-term risks from systems that may eventually exceed human capabilities in consequential domains: this is the conversation that frontier AI labs are having seriously and that most regulatory frameworks have not yet begun to engage with adequately.
The gap between the pace of AI development and the pace of AI governance is not closing. If anything, as models become more capable faster than anticipated, it is widening. This is the defining regulatory challenge of the decade, and most of the people responsible for addressing it are still arguing about definitions.
Tomorrow we are looking at the other side of the AI coin — not how we govern it, but what it is doing to creative work. AI art, AI writing, and copyright: who owns what an AI generates, what the courts have said, what the artists are doing about it, and whether the creative industries are facing a disruption comparable to what the internet did to music or something considerably more fundamental. See you then.
Switched On is a daily technology series covering AI, social media, data privacy, and the digital forces reshaping modern life — with no corporate spin, no false comfort, and absolutely no mercy for buzzwords.
