When the EU AI Act was first drafted in April 2021, ChatGPT did not exist. By the time trilogue negotiations concluded in December 2023, large language models had remade the public imagination around AI. Negotiators inserted an entirely new title β Title VIII on general-purpose AI β to address a class of system that the original text had not anticipated. The episode illustrated a structural dilemma: statute-writing is slow, technology is fast.
That tension forced European lawmakers to embed delegated acts and review clauses directly into the regulation, creating a mechanism by which technical standards can be updated without reopening primary legislation every time a new model architecture emerges.
Adaptive governance is a regulatory philosophy in which rules, standards, and oversight mechanisms are designed to update continuously in response to new evidence, new capabilities, and new risks. Rather than fixing a single ruleset at the moment of enactment, adaptive frameworks build in structured review cycles, sandbox provisions, and delegated technical authority.
The concept draws on experience from other fast-moving domains. The Basel III banking accords were overhauled twice after the 2008 financial crisis, incorporating stress-testing requirements that regulators had not conceived of in the original 1988 Basel I framework. Environmental regulators use adaptive management in fisheries: total allowable catches are recalculated annually from population surveys rather than fixed by statute.
Applied to AI, adaptive governance means that the classification of a system as high-risk, the conformity-assessment procedures it must satisfy, and the post-market monitoring data it must generate can all change as evidence accumulates β without requiring full legislative re-enactment each time.
The US Food and Drug Administration spent years attempting to approve AI-enabled medical devices under a framework built for static hardware. A locked algorithm could be validated once; a continuously learning model could not. In January 2021 the FDA released an Action Plan for AI/ML-Based Software as a Medical Device, proposing "predetermined change control plans" β a manufacturer commits in advance to the bounds within which an algorithm may update without triggering full re-review. This is adaptive governance logic applied to product regulation.
Several structural tools recur across adaptive AI governance proposals worldwide:
Regulatory sandboxes allow firms to test novel AI applications in a controlled environment with relaxed compliance obligations in exchange for shared data with the regulator. The UK Financial Conduct Authority ran the world's first fintech sandbox from 2016; the EU AI Act mandates member states to establish AI sandboxes by 2026.
Sunset and review clauses embed mandatory re-evaluation dates into legislation. Canada's Artificial Intelligence and Data Act (AIDA), introduced in 2022 as part of Bill C-27, includes a five-year parliamentary review requirement.
Delegated technical standards allow specialist bodies β such as CEN/CENELEC in Europe or NIST in the United States β to issue and update technical requirements without primary legislation. The EU AI Act explicitly references harmonised standards developed under mandate from the Commission.
Post-market surveillance requires providers of deployed AI systems to collect performance data and report anomalies to regulators, creating a real-time signal about whether a system behaves as its conformity assessment suggested. Analogies exist in pharmacovigilance (adverse drug event reporting) and aviation safety management systems.
Even adaptive frameworks face a pacing problem. The EU AI Act's GPAI provisions were inserted during trilogue but the implementing codes of practice β the detailed documents that specify what frontier model providers must actually do β were still being finalised months after the regulation's entry into force in August 2024. Drafting a code of practice for systems that may not yet exist requires regulators to specify obligations at a level of abstraction that can frustrate compliance teams.
The United States took a different approach in Executive Order 14110 (October 2023), directing NIST to develop a Secure, Safe, and Trustworthy AI framework and requiring frontier model developers to share safety test results with the government before deployment. This created a soft adaptive loop β not through statute but through executive direction β allowing obligations to be adjusted without congressional action.
Singapore's Model AI Governance Framework, first released in 2019 and updated in 2020, takes a principles-based rather than rules-based approach precisely because its authors recognised that specific technical requirements would become obsolete faster than they could be revised. Singapore opted for flexibility over precision.
Adaptive governance trades legal certainty for responsiveness. Businesses prefer clear, stable rules that allow long-term planning. Regulators prefer flexibility to respond to surprises. The core design challenge is building mechanisms that update quickly without creating regulatory uncertainty that chills investment or enables regulatory capture by well-resourced incumbents who can influence the update process.
You are advising a national parliament drafting an AI bill. The minister wants a single fixed ruleset. You have been asked to make the case for adaptive governance mechanisms instead β and to draft the key clause language. Use the AI assistant below to explore the tradeoffs and develop your clause.
On 1β2 November 2023, representatives of 28 governments gathered at Bletchley Park β the wartime codebreaking site β for the first AI Safety Summit. The summit produced the Bletchley Declaration, a non-binding statement acknowledging that "the most significant risks of AI" are international in character and require "international action." Among the signatories: the United States, China, the European Union, India, and fourteen other nations. It was the first time China and the West had co-signed a document on AI risk.
The declaration was thin on obligations β no enforcement, no institution, no funding commitment. But it established a fact: nations with sharply divergent domestic AI policies had found enough common ground to articulate shared concern. The question of what to build on that foundation remained open.
AI governance is currently characterised by regulatory fragmentation: a patchwork of national and regional frameworks with different scope, different risk classifications, different compliance obligations, and different enforcement agencies. As of 2024, the EU has the AI Act; the US relies primarily on sector-specific regulation and executive orders; China has a suite of algorithmic regulation decrees; Brazil has passed a framework AI law; the UK has opted for a principles-based sectoral approach; Canada's AIDA awaits full enactment.
This fragmentation creates several problems. For multinational firms, compliance costs multiply as each jurisdiction demands separate conformity assessments, documentation, and registrations. For smaller developers β including those in lower-income countries β the cumulative regulatory burden can be prohibitive, creating a market in which only large incumbents can afford compliance at scale.
More seriously, fragmentation creates regulatory arbitrage: developers may choose to train, deploy, or incorporate in jurisdictions with lighter requirements, then serve global markets. This dynamic is already visible in data protection, where companies have used structural arrangements to route data through permissive jurisdictions.
The EU's General Data Protection Regulation applies to any organisation processing data of EU residents, regardless of where that organisation is established. This extraterritorial reach forced US technology companies to comply with GDPR standards globally β or implement geographic differentiation. The EU AI Act adopts the same approach: it applies to providers placing AI systems on the EU market and to operators using AI systems in the EU, regardless of where the provider is based. The GDPR model suggests that large-market jurisdictions can export their standards even without global agreement.
Several bodies have attempted to establish international AI governance norms, with varying success:
The OECD AI Principles (2019) were the first intergovernmental standard on AI, endorsed by 46 countries. They established five principles: inclusive growth, human-centred values, transparency, robustness, and accountability. They are non-binding but widely referenced in national legislation. The OECD also maintains the AI Policy Observatory, a database of AI policies across member and partner states.
The UNESCO Recommendation on the Ethics of AI (2021) was adopted by all 193 member states and covers AI ethics across the full lifecycle, with specific provisions on gender equality, environment, and cultural diversity. Like the OECD principles, it is non-binding.
The Council of Europe Framework Convention on AI, opened for signature in September 2024, is the first legally binding international instrument on AI. It focuses on human rights, democracy, and rule of law, and is open to non-Council-of-Europe states (the US, Canada, Japan, Israel, and Australia signed at opening). Unlike the EU AI Act, it does not prescribe technical standards β it requires signatories to implement its principles through domestic law.
The Global Partnership on AI (GPAI), launched in 2020 with 25 founding members, funds research on responsible AI and facilitates knowledge sharing, but has no regulatory authority. In 2024 GPAI was integrated into the OECD structure.
Analysts have proposed several models for stronger international AI governance. The IAEA analogy suggests an International AI Agency with inspection powers and the authority to set binding safety standards for the most powerful AI systems β modelled on the International Atomic Energy Agency's safeguards regime for nuclear materials. Proponents include some AI safety researchers and former government officials; critics note that AI proliferation is far harder to monitor than fissile material.
The IPCC analogy suggests an intergovernmental panel on AI risk that synthesises scientific evidence about AI capabilities and harms, informing but not binding national policymakers β modelled on the Intergovernmental Panel on Climate Change. The UN Secretary-General's High-Level Advisory Body on AI, which reported in 2024, recommended elements of this model, proposing an International Scientific Panel on AI and a new multi-stakeholder forum within the UN system.
A more modest proposal β already partially implemented β involves mutual recognition agreements, in which two jurisdictions agree that conformity assessment under one regime is sufficient for market access under both. This is how medical device approvals work between many allied nations. Extending this logic to AI would reduce compliance costs without requiring full regulatory harmonisation.
Any durable global AI governance framework must grapple with China. China has developed its own comprehensive AI governance architecture β algorithmic recommendation rules (2022), deep synthesis rules (2022), and generative AI interim measures (2023) β reflecting domestic priorities around social stability and party oversight rather than individual rights. The Bletchley Declaration showed co-signature is possible on narrow questions of catastrophic risk. Whether deeper coordination on standards, auditing, or market access is achievable remains one of the defining open questions of future AI governance.
A foundation model is trained in the United States, fine-tuned by a startup incorporated in the Cayman Islands, and used by a hospital in Germany that relies on it for diagnostic triage recommendations. The model produces a systematic error that affects a patient demographic. Consider: which governance frameworks apply, where the gaps are, and what international mechanism β existing or proposed β could help.
In 2016 the Wisconsin Supreme Court decided State v. Loomis, upholding the use of the COMPAS recidivism risk score in sentencing. COMPAS, developed by Northpointe (later Equivant), assigned defendants numerical risk scores used by judges in pre-sentence reports. Eric Loomis argued his due process rights were violated because he could not inspect the proprietary algorithm.
The court upheld the sentence but acknowledged the concern, requiring that judges not use the score as determinative and noting the score should be considered alongside other information. The same year, ProPublica published "Machine Bias", a statistical analysis concluding that COMPAS produced false-positive predictions of recidivism at nearly twice the rate for Black defendants compared to white defendants. Northpointe disputed the methodology. The debate exposed how deeply contested algorithmic auditing can be β even when the audit is performed on the same dataset.
Algorithmic auditing is the structured examination of an AI or automated decision system to assess whether it performs as its developers claim, whether it produces discriminatory outcomes, and whether it complies with applicable law. Audits may be conducted by internal teams (first-party), by contracted specialists (second-party), or by independent external parties with or without regulator mandate (third-party).
The field has grown rapidly but lacks standardisation. There is no agreed definition of what an AI audit must include, no universal methodology, no accreditation standard for auditors, and no requirement in most jurisdictions that audit results be public. The absence of standards creates a market for audit washing β commissioning superficial reviews that provide a compliance veneer without substantive scrutiny.
The EU AI Act requires providers of high-risk AI to undergo conformity assessments before deployment. For the highest-risk categories (biometric identification, certain safety components), third-party conformity assessment by notified bodies is mandatory. For most high-risk categories, self-assessment against harmonised standards is permitted. Critics argue this creates an incentive to classify systems as lower risk to avoid third-party scrutiny.
In 2020 Amsterdam and Rotterdam suspended an algorithmic system used to prioritise welfare fraud investigations after an audit by Lighthouse Reports found it relied on proxies correlated with ethnicity and housing tenure. The Dutch Data Protection Authority subsequently investigated. The case illustrated both the value of investigative algorithmic auditing and the structural problem: the audit was conducted by journalists, not a statutory regulator. The Netherlands had no dedicated algorithmic auditing authority at the time.
Even well-designed audits face fundamental technical constraints. Three are particularly significant:
The black-box problem. Many high-performing AI systems β particularly large neural networks β do not yield to simple inspection of their decision logic. Post-hoc explainability tools (LIME, SHAP) can approximate feature importance but do not reveal why the model makes specific decisions or how robust those explanations are. An audit that relies solely on post-hoc explainability is not the same as an audit of the model's actual decision process.
The distributional shift problem. A model audited on historical data may perform very differently on future inputs if the underlying population or environment changes. A hiring algorithm audited on pre-pandemic applicant pools may discriminate against post-pandemic labour market entrants in ways the original audit would not have detected. Audits are snapshots; models operate continuously.
The metric selection problem. The COMPAS debate illustrated this directly: ProPublica and Northpointe used different fairness metrics (false positive rate parity vs. predictive value parity) and reached opposite conclusions about whether the model was biased. It is mathematically impossible to simultaneously satisfy all common fairness criteria when base rates differ between groups. Auditors must choose which metric operationalises fairness β a value judgment that technical analysis cannot resolve.
Several institutional approaches to AI auditing are developing in parallel. The AI Safety Institute (AISI), established by the UK government in November 2023, is the world's first government body dedicated to evaluating frontier AI model safety. It conducted pre-deployment evaluations of models from Anthropic, OpenAI, and Google DeepMind under voluntary agreements, publishing findings from its evaluation of GPT-4o and Claude 3 Opus in May 2024. The United States established a companion AISI within NIST in February 2024; the two institutes signed a memorandum of understanding committing to shared methodology.
At the sectoral level, financial regulators have the most developed audit traditions. The Bank of England's Prudential Regulation Authority published SS1/23 in June 2023, requiring firms to be able to explain model decisions to supervisors and to maintain model risk management frameworks covering AI. The European Banking Authority has produced parallel guidelines on model risk for credit-scoring AI.
Civil society organisations have developed independent auditing capacity. AlgorithmWatch in Germany, The Markup in the United States, and Lighthouse Reports across Europe conduct investigative algorithmic audits using a combination of statistical analysis, freedom-of-information requests, and technical reverse engineering. These organisations have produced more impactful accountability findings than most formal regulatory audits to date β but operate without legal access rights to model weights or training data.
The central unsolved problem in algorithmic auditing is access. Meaningful audits often require access to model weights, training data, and system logs β information that providers treat as trade secrets. Regulators in most jurisdictions lack compulsory access powers for AI systems that have not yet caused demonstrable harm. The EU AI Act's database of high-risk systems is not publicly accessible in full. Until auditors β whether regulators, researchers, or journalists β have structured legal access rights, the accountability ecosystem will remain dependent on voluntary disclosure and investigative inference.
A city government is procuring an AI system to assist with school admissions decisions, ranking applicants across 50,000 applications. You have been asked to design the key elements of an independent third-party audit that would be required before the system goes live and annually thereafter. The vendor is resisting full model access; the city's legal team is uncertain what access rights the procurement contract must include.
On 22 March 2023, the Future of Life Institute published an open letter calling for a six-month pause on training AI systems more powerful than GPT-4. Within weeks it had attracted over 33,000 signatures from AI researchers, technology executives, and public intellectuals. Geoffrey Hinton resigned from Google the following month, citing concerns about AI risk. The episode was notable not for producing any regulatory outcome β no pause occurred β but for demonstrating that senior figures within the AI industry itself had concluded that existing governance frameworks were inadequate for the systems being built.
The concern was not about current harms. It was about a different category of risk: systems capable of strategic deception, self-replication, or autonomous goal pursuit in ways that could be catastrophic and potentially irreversible. These risks β grouped under the heading of catastrophic or existential AI risk β require governance approaches that differ fundamentally from the risk-classification models designed for narrow AI applications.
Governance frameworks for high-risk AI β the EU AI Act's risk tiers, sector-specific regulators, conformity assessments β were designed around AI systems deployed in defined applications: a medical imaging model, a credit-scoring algorithm, a biometric access system. These systems have bounded functions, identifiable deployers, and harm patterns that can be assessed relative to a specific use case.
Frontier AI models β large-scale general-purpose systems trained on broad datasets with emergent capabilities β do not fit this paradigm cleanly. Key governance challenges include:
Capability unpredictability. Frontier models demonstrate capabilities that were not anticipated by their developers and that emerge discontinuously as model scale increases. OpenAI's GPT-4 technical report acknowledged that the model's capabilities exceeded what the company had predicted from its earlier models. Governance that relies on developers accurately declaring a system's capability profile faces a fundamental problem if developers themselves cannot fully characterise it.
Dual-use at the infrastructure level. A foundation model is not itself a product; it is infrastructure on which thousands of applications are built. Governing the infrastructure layer β compute, training runs, model weights β requires different tools than governing end applications. Both US Executive Order 14110 and the EU AI Act attempt this, but their mechanisms remain nascent.
Concentration of development. As of 2024, the ability to train frontier AI models β systems requiring $100 million or more in compute β is effectively concentrated in fewer than ten organisations globally, almost all based in the United States and China. This concentration creates both a governance leverage point (few actors to regulate) and a systemic risk (loss of diversity, potential for regulatory capture).
Section 4.2 of EO 14110 required developers of dual-use foundation models trained above a specified compute threshold (10^26 FLOPs) to report safety test results to the US government before deployment. This was the first binding (via executive authority) requirement for pre-deployment frontier model safety reporting in any jurisdiction. It also directed the Commerce Department to establish reporting requirements for cloud providers on foreign entities using US compute infrastructure β an attempt to close regulatory arbitrage through compute access.
The safety institute model β government-run bodies that evaluate frontier models before release β emerged rapidly in 2023β2024. The UK AISI (November 2023) was first, followed by the US AISI at NIST (February 2024), Japan's AI Safety Institute (February 2024), and Singapore's AI Safety Institute (May 2024). The Seoul AI Safety Summit (May 2024) produced commitments from major AI developers to work with safety institutes, including a joint statement from Google DeepMind, Anthropic, OpenAI, Meta, and others agreeing to provide pre-deployment model access for safety testing.
The evaluations conducted to date have focused on a defined set of dangerous capability areas: biological and chemical weapons uplift, cyberoffensive capabilities, deceptive alignment (the capacity to behave safely during evaluation while planning different behaviour in deployment), and autonomous self-replication. The UK AISI published its evaluation methodology in 2024, providing the first public template for how government safety institutes approach frontier model assessment.
Critics note that all pre-deployment evaluations to date have been conducted under voluntary agreements. Developers can decline to participate, can restrict the scope of access granted, and can dispute published findings. Without statutory authority, safety institutes cannot compel access β a constraint that becomes more significant as the stakes of evaluation increase.
One of the most novel governance proposals focuses on compute governance: using controls on access to AI-specific hardware (GPUs and TPUs from companies such as NVIDIA) as a regulatory lever. The logic is that frontier model training requires extraordinary concentrations of specialised hardware β a physical constraint that is easier to monitor than software. NVIDIA chips already include hardware identifiers; cloud providers can in principle report on workloads above specified thresholds.
The US government implemented the most significant compute governance measure to date in October 2023, when the Bureau of Industry and Security tightened export controls on advanced AI chips to China, including new licensing requirements for exports to over 40 countries and closing loopholes that had allowed re-export through third countries. The stated aim was to prevent adversarial actors from acquiring the compute needed to develop frontier military AI. China's response included accelerated domestic chip development through Huawei's Ascend line and state investment in semiconductor manufacturing.
Proposed extensions of compute governance include requiring cloud providers to implement know your customer procedures for high-compute AI workloads, creating a global compute registry analogous to nuclear material registries, and building hardware-level monitoring capabilities into AI accelerator chips that could report training runs above specified thresholds to a designated authority.
Frontier AI governance is the most contested and rapidly evolving area of AI policy. The core dispute is between those who believe catastrophic risk from frontier systems is speculative and should not drive regulatory design, and those who believe the potential magnitude of harm β even at low probability β justifies precautionary governance that accepts costs to near-term AI development. This dispute maps imperfectly onto political lines; it cuts across the AI industry itself. The institutional forms developed in 2023β2024 β safety institutes, pre-deployment evaluation frameworks, compute controls β represent the first generation of governance responses. Whether they are adequate is the defining policy question of the decade.
You are advising a government that wants to move beyond voluntary safety institute agreements to a mandatory pre-deployment evaluation regime for frontier AI systems above a specified compute threshold. The AI industry has lobbied strongly against mandatory access, citing trade secrets and first-mover disadvantages. Civil society organisations argue that voluntary regimes are structurally inadequate for catastrophic risk governance.