13  AI for Policy and Governance

Why regulation is necessary

Regulation is required not to stifle the technology, but to ensure it develops in a way that is compatible with a safe, equitable, and democratic society. The risks that necessitate it are not speculative. They build from the immediate threats to the individual to the structural risks facing the whole.

AI’s ability to analyse vast quantities of personal information at scale creates the potential for a pervasive surveillance apparatus, operated by both corporations and governments, that was previously the preserve of dystopian fiction. The only effective countermeasure is a proactive regime that establishes privacy as the default. That means comprehensive data privacy laws that grant individuals clear rights over their data and place strict limits on what information can be collected, for what purpose, and for how long. Policy must shift the burden of proof, forcing organisations to justify their data practices rather than forcing citizens to fight a perpetual rearguard action to protect their private lives.

When AI systems are trained on biased historical data, they risk automating and scaling up discrimination in critical areas like hiring, lending, and criminal justice. Because market forces alone may not prioritise fairness over the raw predictive performance that can be extracted from those biases, regulation is essential to protect fundamental civil rights. Policy can create powerful legal and economic incentives by mandating algorithmic transparency and requiring independent fairness audits for any AI system used in high-stakes decisions. The pursuit of technological efficiency must not come at the cost of societal equity.

Existing legal frameworks for intellectual property and ownership are unprepared for content generated by artificial intelligence, and the resulting ambiguity chills innovation and threatens the livelihoods of human creators. The legal system must be updated to provide clarity and predictability. The early-2026 docket is the live test of how that update is happening: The New York Times Company v. Microsoft and OpenAI, filed in the Southern District of New York in December 2023, is the central US training-data infringement case still active at the time of writing¹; the Recording Industry Association of America’s 2024 suits against the music-generation services Suno and Udio are running the same arguments in audio²; the US Copyright Office has issued staged policy guidance, most recently in the pre-publication Part 3 release in May 2025 on the use of copyrighted material in training³. None of these are settled. They are the texture of an entire legal subfield being constructed in real time. Decisive legislative action is required to define the copyright status of AI-generated works, establish clear rules for the use of copyrighted data in training foundation models, and create an environment where both human artists and AI innovators can operate with confidence.

The power of generative AI to manufacture convincing fake news and deepfakes presents a direct threat to the shared sense of reality on which democracy depends, eroding trust in institutions and fuelling social polarisation. The regulatory response here requires a delicate balance. Outright censorship is itself a threat to democratic values. A more pragmatic policy focuses on a healthier information ecosystem by mandating transparency, such as the clear and consistent labelling of AI-generated content, and by holding platforms accountable not for the content itself but for its algorithmic amplification. Combined with robust public funding for media and AI literacy, that combination can empower citizens to navigate the digital world more critically without resorting to authoritarian measures.

The rapid advance of AI into cognitive tasks promises substantial workplace disruption, displacing workers at a pace that could strain social and economic stability. The goal of policy in this area is not to halt the productivity gains of automation, but to manage the human transition. That requires a two-pronged national strategy: investing heavily in accessible, large-scale retraining and lifelong-learning programmes to equip the workforce with new skills, and modernising the social safety net to provide a robust economic cushion for those navigating the transition. This is a fundamental challenge of economic stewardship in the 21st century.

The deployment of lethal autonomous weapons threatens to alter the nature of conflict, removing human empathy and judgement from the decision to use lethal force. This is not a problem that market forces or technological solutions can solve. It is an ethical challenge that demands a global political response. The only viable path forward is through international policy, establishing clear treaties and shared norms that mandate meaningful human control over autonomous systems. The goal is to draw an unambiguous red line, preventing a destabilising arms race in an arena where the potential for catastrophic error is immense.

The challenge of smart regulation

Identifying the risks is only the first step. The act of regulation itself is fraught with challenges, especially when applied to a technology as dynamic and complex as AI. A naive approach can be as harmful as no regulation at all, generating unintended consequences that stifle beneficial innovation or fail to address the core problems. Smart regulation requires navigating three pitfalls: the pacing problem, the risk of overreach, and the black box problem.

The 2026 regulatory landscape

The principles above need grounding in current fact, because they are no longer abstract. By early 2026, the world has roughly three working models for how to govern AI, and the contrast between them is itself part of the policy conversation any new actor enters.

The European Union is the only major jurisdiction with a comprehensive, horizontally binding statute in force: Regulation 2024/1689, the AI Act, adopted in mid-2024 and phasing into application across 2025–2027⁹. The Act sorts systems into four risk tiers: unacceptable uses such as social-credit scoring and untargeted biometric scraping are prohibited; high-risk uses in employment, education, law enforcement, and similar domains carry obligations on documentation, oversight, and conformity assessment; limited-risk uses face transparency rules such as the disclosure that one is interacting with a chatbot; minimal-risk uses are unconstrained. A separate horizontal chapter governs general-purpose AI, with sharper obligations for the largest frontier models. The Act has extraterritorial effect: any provider whose system is placed on the EU market must comply, which gives the regulation a global reach disproportionate to the EU’s share of frontier-model development.

The United States has moved in the opposite direction inside a single year. President Biden’s Executive Order 14110, signed in October 2023, required reporting from frontier-model developers, tasked the National Institute of Standards and Technology with developing technical standards, and established a federal AI safety institute¹⁰. The companion NIST AI Risk Management Framework had been published nine months earlier as a voluntary baseline, organising governance into four functions — govern, map, measure, manage — and is still the de-facto reference even where it has no statutory force¹¹. In January 2025, President Trump rescinded the Biden order outright and issued a replacement, Removing Barriers to American Leadership in Artificial Intelligence, which reoriented federal AI policy toward competitiveness, removed the safety-evaluation mandates, and tasked an AI Action Plan whose details continue to evolve¹²¹³. The federal pivot is a policy fact in itself: it tells a global audience that the American posture on AI governance can shift sharply with an election. State-level action, including the California SB 1047 attempt and its veto, fills part of the gap.

The People’s Republic of China has taken a third path, sectoral and content-focused rather than horizontal or risk-tiered. The Cyberspace Administration’s Interim Measures for the Management of Generative AI Services, in force since August 2023, requires service providers to ensure that generated content conforms to socialist values and Chinese law, mandates training-data legality, and imposes labelling obligations on synthetic media¹⁴. The instrument is narrower in scope than the EU Act but moves faster: it was the first major operational regulation of generative AI anywhere in the world.

International coordination is the fourth track, running alongside all three national models. The Bletchley Declaration, signed by twenty-eight states and the European Union at the first AI Safety Summit in November 2023, committed signatories to shared scientific evaluation of frontier risk¹⁵. The Seoul Declaration in May 2024 broadened the agenda to include innovation and inclusion¹⁶. The Paris AI Action Summit in February 2025 shifted the framing again, from safety to action, and the refusal of the United States and the United Kingdom to sign the resulting statement made the gap between the European and Anglo-American postures plain¹⁷. The G7 Hiroshima Process International Code of Conduct for Advanced AI Systems, agreed in 2023, sits underneath all of these as a voluntary soft-law instrument that frontier-model developers can attest to¹⁸. Around the institutional perimeter, an AI Safety Institute network now spans the United Kingdom, the United States, Japan, Singapore, the European Union, and the Republic of Korea, providing shared technical capacity even where political consensus is incomplete.

The industry has not waited for any of this. Anthropic’s Responsible Scaling Policy, first published in September 2023, ties internal capability commitments to risk levels, requiring stronger safeguards as the company’s models cross specified thresholds¹⁹. Google’s Secure AI Framework publishes a corresponding security-oriented stack²⁰. Voluntary self-governance is not a substitute for binding rules, but the lineage matters: the operational scaffolding of the EU GPAI Code of Practice borrows directly from these industry frameworks. The relationship between voluntary commitments and statutory obligation is iterative, not adversarial.

The takeaway is durable even if the specifics will shift again before the ink dries. The regulatory environment a frontier-model developer faces in early 2026 is not a single regime but a layered patchwork: an EU statute with global reach, a US posture that has just swung hard, a Chinese regime moving on a different axis, an international coordination layer that has fractured along a transatlantic seam, and an industry self-governance layer that fills the operational interstices. Any chapter on governance written today will partially out-date itself within months. The principles in the next section are the part that does not.

Principles for proactive AI governance

With the pitfalls named and the current jurisdictions in view, I can offer a compass for steering AI development toward outcomes that are safe, equitable, and beneficial. The following are not a rigid checklist. They are the durable principles that survive the next political cycle.

The first is a commitment to evidence over ideology. A risk-based approach, attuned to the principles of techno-pragmatism, means that the level of regulatory scrutiny applied to an AI system should be proportional to its potential for harm. A film-recommendation engine requires a lighter touch than a system that assists in medical diagnoses. The EU AI Act’s tiered structure is the most fully developed institutional expression of this principle, and even regulators outside the EU are converging on the same logic. Where the principle is contested, as it was in the California SB 1047 veto, the question is rarely whether risk-tiering is the right idea. The fight is over whether risk is being measured by the right proxy.

The second is meaningful human control as a direct response to the alignment problem. As Part III makes clear, perfectly specifying human values is an unsolved and perhaps unsolvable problem. For critical systems whose decisions carry significant consequences in medicine, law, finance, or public administration, policy must mandate a human in the loop. This is not a suggestion. It is a non-negotiable backstop against the inevitable failures of alignment, ensuring that a human expert is the final arbiter, accountable for the outcome. AI can and should augment professional judgement; it must not replace it. The EU AI Act, the NIST RMF, the UK AISI evaluation methodology, and almost every other serious governance instrument in 2026 builds in some version of this requirement.

The third is shaping incentives, because a purely market-driven economy has no inherent reason to solve deep issues like fairness or cultural representation. Policy must create those incentives. That can be done through liability reform that holds companies accountable for harms caused by their systems, and through tax credits or procurement preferences that reward investment in safety and ethics research. Governments can also counteract the risk of cultural homogenisation by a few generalist models by funding the development of local and regional AI solutions trained on the specific cultural and linguistic data their populations actually use. Combined with national programmes to foster widespread AI literacy, that produces a more diverse, resilient, and critically engaged society. The early-2026 IP litigation — the Times suit, the RIAA cases, the Copyright Office guidance — is the live test of how the incentive structure for training data will be rebalanced; the outcome will determine whether the economic surplus generated by these models flows in a legible fraction back to the human creators whose work made the models possible.

The fourth is openness and international collaboration, because AI is a global technology and a patchwork of national regulations creates a race to the bottom in which innovation flees to the least-regulated environment. Policy should incentivise the open-sourcing of foundation models where feasible, which enhances safety by allowing the global research community to audit, critique, and improve them. The same spirit must extend to the diplomatic level, forging international agreements and shared norms on the most critical risks. The fractures around the Paris summit are a warning, not a reason to stop trying; even where political consensus is incomplete, the AI Safety Institute network shows that practical technical cooperation can continue across the seam.

Regulation that ages well

The path of technology is not deterministic. The future of artificial intelligence is not a predetermined outcome the world must passively accept, but a set of conditions that will be profoundly shaped by the policy choices made over the next few years. The risks are real; so is the upside. A techno-pragmatist position requires holding both truths at once and engaging with this technology with eyes wide open.

This chapter has moved from identifying the dangers that necessitate governance to surveying how three major jurisdictions are actually building it in 2026, and to naming the principles that should outlast any specific political cycle: risk-based scrutiny, meaningful human control, intentional incentive-shaping, and openness across borders. None of these are designed to erect walls against progress out of fear. They are designed to build the guardrails that keep this technology serving human values, in a world where the alternative is not the absence of governance but governance written badly by whoever moves first.

The work of the next few years is not whether to regulate AI. That question is settled. The work is whether the regulation will be the kind that ages well: legible to the people it binds, evidence-based in what it asks them to do, and honest about what it does not yet know.