When OpenAI's board abruptly fired CEO Sam Altman on November 17, 2023, the five-day crisis that followed exposed a profound governance gap: a nonprofit board with legal authority over a company whose technology was already shaping global markets had no coordinated mechanism to manage the fallout. Within 72 hours, investors, employees, and governments on three continents were scrambling to understand what oversight structures even existed. The episode became a case study in why AI governance cannot be improvised.
AI governance refers to the full set of rules, norms, institutions, and enforcement mechanisms that shape how AI systems are developed, deployed, and audited. It operates simultaneously at four levels: individual organizations, national governments, regional bodies, and international agreements.
Each level has distinct instruments. Organizations use internal policies, ethics boards, and model cards. National governments use legislation, regulatory agencies, and procurement rules. Regional bodies β most notably the European Union β use binding regulations that apply across member states. International bodies such as the OECD, UNESCO, and the G7 produce voluntary principles and technical standards.
The critical insight for anyone entering a policy or governance career is that these levels interact: a company operating in the EU must comply with EU law regardless of where it is headquartered, and a national government adopting the OECD AI Principles signals alignment with a broader international framework even when those principles carry no legal force on their own.
EU AI Act (2024). After three years of negotiation, the European Parliament adopted the world's first comprehensive AI law in March 2024. It classifies AI applications by risk tier β unacceptable risk (banned), high risk (strict requirements), limited risk (transparency obligations), and minimal risk (largely unregulated). Providers of high-risk AI systems face mandatory conformity assessments, registration in an EU database, and ongoing post-market monitoring. The law applies to any provider whose system is used inside the EU, regardless of where the company is based.
US Executive Order 14110 (October 2023). President Biden's Executive Order on Safe, Secure, and Trustworthy AI directed federal agencies to develop sector-specific guidance, required developers of powerful models to share safety test results with the government, and created new NIST standards for AI risk management. The order did not create binding law for private actors but reshaped federal procurement and signaled where future statutory regulation might land.
UK AI Safety Summit, Bletchley Park (November 2023). Twenty-eight governments signed the Bletchley Declaration, the first multilateral agreement specifically addressing frontier AI risks. Signatories included the United States, China, the EU, and the UK. The declaration committed governments to sharing information about AI risks and cooperating on safety evaluations β notably without creating any enforcement body.
Every major governance framework published since 2019 β from the OECD Principles to the G7 Hiroshima AI Process β has been voluntary for private actors. The EU AI Act is the first instrument with binding legal force and cross-border reach. Understanding the difference between voluntary principles and binding law is the single most important conceptual tool for anyone working in AI policy.
Policy and governance roles require fluency in both technical AI concepts and legal/regulatory frameworks. The most effective practitioners in this space β at places like the EU AI Office, NIST, or in-house at major AI companies β combine a working understanding of how models are built with knowledge of how laws are structured, negotiated, and enforced.
You are advising a mid-sized US healthcare technology company that wants to deploy an AI diagnostic tool in both the US and Germany. Use the AI advisor to map which regulatory frameworks apply, what compliance obligations are triggered, and how the company should structure its governance program.
When the Biden administration created the Office of Science and Technology Policy's National AI Initiative Office in 2021, it needed to staff a function that had never formally existed at that scale in the federal government. The office hired professionals from academic AI ethics, civil rights law, technology policy, and national security backgrounds β not primarily computer scientists. By 2023, more than 40 US federal agencies had designated AI Officers under the requirements of the National AI Initiative Act of 2020. The creation of these roles represented the institutionalization of AI governance as a professional discipline.
AI policy and governance careers cluster into five broad settings, each with distinct incentives, timelines, and work products. Understanding which setting fits your skills and goals is the first step in building a credible career path.
| Setting | Typical Roles | Primary Output | Key Institutions |
|---|---|---|---|
| Government | Policy Analyst, AI Officer, Regulatory Counsel | Legislation, regulations, agency guidance | NIST, FTC, DOD CDAO, OMB, EU AI Office |
| Think Tank / NGO | Research Fellow, Policy Director, Advocacy Lead | Reports, testimony, model legislation | AI Now Institute, CSET, Partnership on AI, RAND |
| Industry | AI Ethics Lead, Trust & Safety PM, Chief AI Officer | Internal policies, impact assessments, public commitments | Google DeepMind, Microsoft, Meta, Anthropic |
| Academia | Assistant Professor, Research Scientist, Center Director | Peer-reviewed research, expert testimony, teaching | MIT, Stanford HAI, Oxford Internet Institute |
| Law / Consulting | Technology Counsel, Regulatory Affairs Manager | Legal memos, compliance programs, client strategy | Law firms, Big Four, specialist consultancies |
Government AI Officers. Under OMB Memorandum M-24-10 (March 2024), all US federal agencies with significant AI use were required to designate a Chief AI Officer by August 2024. These roles are responsible for coordinating agency AI use inventories, ensuring compliance with AI governance policies, and overseeing high-impact AI deployment. The work is administrative and legal β not engineering.
AI Policy Analysts at Think Tanks. Organizations like the Center for Security and Emerging Technology (CSET) at Georgetown and the AI Now Institute at NYU employ researchers who analyze government AI strategies, evaluate regulatory proposals, and publish reports that feed into legislative processes. CSET, for example, produced extensive analysis of China's AI talent pipeline that directly informed Congressional debate in 2021β2022.
Industry Ethics and Trust Roles. In 2020, Google published its AI Principles and created a dedicated Responsible AI team within Google Research. Microsoft's Office of Responsible AI, established in 2019, coordinates internal governance across product teams. These roles combine policy analysis, stakeholder engagement, and internal consultation β reviewing product designs against ethical frameworks before public launch.
Practitioners who have moved fluidly between government, industry, and academia share a consistent skill profile. Policy writing β the ability to translate technical concepts into clear, precise language for non-technical audiences β is universally valued. Stakeholder mapping β understanding who is affected by an AI system and how β underlies both impact assessments and regulatory analysis. Technical literacy β not the ability to write code, but to understand training data, model outputs, and failure modes β distinguishes effective governance professionals from purely legal or communications staff.
Reading primary documents is non-negotiable: the EU AI Act, NIST AI RMF, OMB M-24-10, and sector-specific guidance from the FDA, FTC, and CFPB are the foundational texts of the field. Practitioners who cite these documents accurately in policy memos gain credibility quickly.
The Federal Trade Commission has used its existing Section 5 unfair or deceptive practices authority to bring AI-related enforcement actions without waiting for new AI-specific legislation. In January 2023, the FTC settled with WealthSimple's subsidiary over deceptive representations about its AI-driven financial product. The FTC's approach demonstrates how existing regulatory agencies are expanding AI governance authority through enforcement rather than legislation β a pattern that policy analysts must track across every sector regulator.
One of the fastest-growing new roles in AI governance is the AI incident investigator β a professional who documents, analyzes, and classifies cases where AI systems caused harm or behaved unexpectedly. The AI Incident Database, maintained by the Partnership on AI, has catalogued over 700 AI incidents since 2021. Investigators in this role combine elements of forensic analysis, policy assessment, and technical evaluation. Several governments are now designing mandatory incident reporting regimes β the EU AI Act includes such requirements for high-risk systems β creating sustained demand for professionals trained in this methodology.
The Chief AI Officer title has become standard in Fortune 500 companies since 2022, but the role's scope varies enormously. Before targeting a specific organization, research whether their CAIO sits in legal, technology, or executive leadership β the reporting line signals whether the role has genuine authority over product decisions or is primarily focused on external communications and compliance documentation.
You are a policy professional considering a move into AI governance. Use the AI strategist to map realistic career pathways based on your background, identify skill gaps, and develop a concrete 12-month plan to position yourself for a specific governance role.
In May 2016, ProPublica published its investigation into COMPAS β a recidivism prediction tool used by judges in Broward County, Florida. The investigation found that Black defendants were roughly twice as likely as white defendants to be incorrectly flagged as high risk for future crime, while white defendants were more likely to be incorrectly flagged as low risk. The Northpointe (now Equivant) company disputed the methodology, and researchers disagreed about which fairness definition should apply β but the episode established algorithmic auditing as a necessary professional practice. By 2020, multiple jurisdictions had passed laws requiring algorithmic impact assessments for public-sector AI systems.
An algorithmic audit is a systematic examination of an AI system to assess whether it performs as intended, produces equitable outcomes, complies with relevant laws, and operates transparently. Audits can be conducted internally by the deploying organization, externally by independent firms or researchers, or by government regulators with enforcement authority.
The field distinguishes several audit types. Performance audits assess accuracy, reliability, and robustness across conditions. Bias and fairness audits evaluate whether system outcomes differ systematically across demographic groups. Transparency audits examine whether users, affected individuals, and regulators can understand how decisions are made. Legal compliance audits check conformance with specific regulatory requirements such as those in the EU AI Act or New York City Local Law 144 (automated employment decision tools).
Effective July 2023, NYC Local Law 144 requires employers and employment agencies using "automated employment decision tools" to conduct annual bias audits by independent auditors and publish summary results publicly before the tool can be used. The law defines covered tools broadly β including rΓ©sumΓ© screening and interview scheduling algorithms. It was the first US law to mandate third-party auditing of a specific AI application category.
An Algorithmic Impact Assessment (AIA) is a structured pre-deployment process in which an organization evaluates the potential harms of an AI system before launching it. The Canadian government's Directive on Automated Decision-Making (2019) introduced one of the first mandatory AIA frameworks for federal departments, categorizing systems by impact level and requiring progressively more rigorous assessment and human oversight as impact severity increases.
The structure of a typical AIA includes: system description and purpose; identification of affected populations; assessment of likely harms (accuracy errors, discrimination, privacy violations, due process); analysis of safeguards and mitigations; and governance plan for ongoing monitoring. The EU AI Act requires high-risk systems to document this kind of analysis in a "fundamental rights impact assessment" before market entry.
A key methodological challenge is that impact assessments require auditors to reason about harms that may not yet have occurred β essentially, predicting failure modes of complex adaptive systems. This requires both technical understanding of how the model produces outputs and sociological understanding of how those outputs will interact with real institutional contexts.
One of the most important insights from the COMPAS controversy is that multiple mathematically valid definitions of fairness exist β and they cannot all be simultaneously satisfied. Researchers identified that calibration (a score of 7 means roughly the same recidivism risk regardless of race), equal false positive rates (the system incorrectly flags low-risk individuals at the same rate across races), and equal false negative rates (the system misses high-risk individuals at the same rate across races) are mutually exclusive when base rates differ between groups.
This is not a software bug β it is a mathematical constraint. Governance professionals must understand this constraint to engage credibly in debates about algorithmic fairness. When an auditor or regulator demands that a system satisfy a specific fairness criterion, they are making a value judgment about which type of error is more acceptable β a fundamentally normative choice that technical measurement cannot resolve.
The commercial AI auditing market is expanding rapidly in response to regulatory requirements. Professionals with a combination of quantitative methods skills, legal literacy, and domain expertise in high-stakes sectors (healthcare, criminal justice, financial services, hiring) are well-positioned for roles at specialist auditing firms, regulatory bodies, and in-house compliance teams. The NYC LL 144 auditing requirement alone has created a distinct market for third-party audit services.
A county government is using an AI tool to prioritize social services case assignments. Community advocates have raised concerns about disparate impact on families of color. You have been hired to design an independent audit. Use the AI consultant to develop your audit methodology, identify which fairness criteria apply, and determine what data you need access to.
On October 30, 2023, President Biden signed Executive Order 14110 on AI safety. The next day, the Chinese government published its Global AI Governance Initiative. Within the same week, the UK AI Safety Summit opened at Bletchley Park with delegations from 28 countries β including the United States and China simultaneously. The near-simultaneous release of competing national AI governance frameworks was not a coincidence: each government understood that the global norms being established in late 2023 would constrain AI development choices for years to come.
Three distinct governance philosophies are shaping the international AI landscape. Understanding their differences β and the genuine values disputes underlying them β is essential for anyone working in international AI policy.
The EU's precautionary rights-based approach. The EU AI Act embeds AI governance within the EU's fundamental rights framework β the Charter of Fundamental Rights, GDPR, and anti-discrimination law. The underlying assumption is that AI systems capable of affecting fundamental rights require pre-market conformity assessment and ongoing accountability, regardless of whether harm has yet occurred. This approach prioritizes protection of individuals and vulnerable populations, accepting that it may slow certain applications.
The US innovation-first approach. US AI governance has been predominantly voluntary, sector-specific, and enforcement-based rather than pre-authorization-based. The NIST AI RMF is a voluntary framework; federal AI policy has relied on agencies using existing legal authority rather than new AI-specific legislation. This approach reflects a preference for allowing the market to develop while regulators observe and enforce against demonstrated harms. The Biden Executive Order and draft CAIO guidance began shifting this approach toward more structured oversight, but the fundamental posture remains less restrictive than the EU's.
China's state-centric approach. China has enacted AI-specific regulations including the Algorithm Recommendation Provisions (2022), the Deep Synthesis Provisions (2022), and the Generative AI Measures (2023). These require registration of algorithms with the Cyberspace Administration of China, content moderation aligned with "core socialist values," and security assessments before public deployment. China's approach treats AI governance as an instrument of state control over information as much as a consumer protection measure.
Political scientist Anu Bradford coined the term "Brussels Effect" to describe how EU regulations effectively become global standards because multinational companies find it easier to adopt a single global compliance baseline than to maintain different product versions for different markets. The GDPR demonstrated this dynamic: companies worldwide adopted GDPR-aligned privacy practices not because their own governments required it but because serving EU customers required compliance.
The EU AI Act is expected to produce a similar dynamic for AI. A US or Asian company deploying AI systems used by any EU resident must comply. For high-risk applications β medical devices, hiring tools, critical infrastructure β the compliance infrastructure required for the EU is so substantial that companies typically apply the same standards globally. This means the EU AI Act is, in practice, becoming a baseline for global AI governance even as the US and other jurisdictions maintain lighter-touch domestic approaches.
The G7 leaders' summit in Hiroshima in May 2023 launched a dedicated AI governance process, which produced the G7 International Guiding Principles on AI and a Code of Conduct for developers of advanced AI systems in October 2023. The Hiroshima AI Process represented the first time the G7 as a group produced AI-specific governance commitments, though like all G7 outputs they are voluntary. The process created a forum for coordination between the US, EU, UK, Japan, Canada, France, Germany, and Italy β all of which are developing distinct national frameworks.
One of the most consequential developments in international AI governance since 2022 has been the emergence of compute governance β using control over AI hardware supply chains as a regulatory instrument. In October 2022, the US Commerce Department's Bureau of Industry and Security (BIS) imposed export controls restricting the sale of advanced semiconductors and chip-making equipment to China, specifically targeting computing infrastructure capable of training frontier AI models.
The controls were tightened further in October 2023, introducing new thresholds based on chip performance metrics. NVIDIA's A100 and H100 GPUs β the dominant hardware for large model training β became controlled items requiring export licenses for Chinese buyers. This represented a fundamental shift: AI governance was no longer purely about software, data, and deployment practices β it had become embedded in international trade and export control law.
For AI policy careers, this development created demand for professionals who understand both technology policy and international trade law β a combination previously rare in either field.
International AI governance roles exist at multilateral organizations (OECD, UNESCO, ITU, G7/G20 secretariats), in foreign ministries and trade agencies of major governments, at think tanks focused on technology and foreign policy (Chatham House, CNAS, CSIS), and in the government affairs functions of major AI companies operating across jurisdictions.
Language skills are increasingly valuable β French for multilateral organizations, Mandarin for engagement with Chinese regulatory frameworks, and German for engagement with EU policymaking. A combination of AI technical literacy with international law or political science background positions candidates well for roles coordinating between technical AI safety work and diplomatic processes.
The most significant governance development of the 2022β2024 period was the recognition that AI governance is inseparable from geopolitics. Semiconductor export controls, national AI strategies, and competing multilateral frameworks are now linked in ways that require practitioners to understand hardware supply chains, international trade law, and diplomatic processes alongside AI technical fundamentals. The professionals who can navigate all three domains are exceptionally rare β and exceptionally in demand.
You work for a US AI company planning to deploy a foundation model API service to business customers in the US, EU, UK, Japan, and Brazil simultaneously. Use the policy strategist to map the regulatory landscape, identify the most restrictive requirements that will shape your global compliance baseline, and develop a governance strategy for the multi-jurisdiction launch.