The Governance Gap
The EU AI Act vs. the American Void — Why Regulation Failed, Who Made It Fail, and What Comes Next
Every other powerful technology in modern history — nuclear weapons, pharmaceutical drugs, automobiles, aircraft, financial instruments — has been regulated. Not perfectly. Not without industry capture and lobbying distortion. But regulated: with mandatory safety testing, liability frameworks, oversight bodies, and enforcement mechanisms. Artificial intelligence, which its leading developers describe as potentially more transformative than any of the above, is not. This episode documents why.
The EU AI Act — What It Does and What It Doesn't [C1]
The European Union's Artificial Intelligence Act — adopted in March 2024, the world's first comprehensive AI regulatory framework — establishes a risk-tiered system. Unacceptable risk (banned outright): AI systems that manipulate behavior through subliminal techniques, real-time remote biometric identification in public spaces, social scoring by governments. High risk (mandatory requirements): AI in critical infrastructure, medical devices, employment decisions, law enforcement, border control, education. Limited/minimal risk: chatbots, spam filters, most consumer AI. The Act requires high-risk AI systems to undergo conformity assessments, maintain technical documentation, ensure human oversight, and demonstrate accuracy and robustness before deployment. [C1 — EU AI Act, Regulation 2024/1689]
What the EU AI Act does not do: it does not comprehensively address generative AI safety risks, though it added transparency requirements for foundation models after significant lobbying battles. It does not create enforceable standards for AI systems used in military applications by EU member states. Its enforcement mechanism — national market surveillance authorities — is dependent on member state implementation that varies significantly. France, Germany, and the Netherlands have objected to provisions affecting their AI industries. The Act is the most ambitious regulatory framework on earth and still leaves substantial gaps.
The American Void [C1]
The United States has no federal AI regulatory law as of May 2026. The White House AI Executive Order (October 2023) required safety testing for frontier AI models and issued guidance on federal AI use — but was structured as an executive order rather than legislation, meaning it can be reversed by subsequent administrations without congressional action. In January 2025, the Trump administration revoked the Biden AI Executive Order on its first day in office. The replacement framework — an AI action plan released in April 2025 — prioritized "removing barriers to American AI leadership" and explicitly deprioritized safety mandates. [C1 — White House AI EO (October 2023); Trump EO revoking it (January 2025); AI Action Plan (April 2025)]
OpenAI lobbying: $780,000 in 2023; $1.76M in 2024 — focused on copyright, safety testing standards, federal procurement
Google/DeepMind: $12M+ annually across AI, antitrust, copyright; former FTC chair joins Google board
Microsoft: $11M+ annually; Brad Smith (President) leads multiple AI policy coalitions
Meta: $20M+ annually; extensive lobbying against EU AI Act high-risk classifications for open-source models
Palantir: Direct government contracts preclude extensive traditional lobbying — the product IS the government relationship
The revolving door: Multiple former AI company executives have moved into federal AI policy positions; multiple former federal AI policy officials have moved into AI company advisory roles. The structural dynamic is identical to the financial sector revolving door that contributed to the 2008 crisis: the regulated are writing their own regulations.
What Comes Next — Three Scenarios
Scenario A — International Treaty: Multiple states, led by the UK's Bletchley Park process and the UN's AI advisory body, are pursuing international AI governance frameworks. The precedent is the Nuclear Non-Proliferation Treaty. The obstacles are similar: states with AI advantages resist the constraints that would preserve those advantages; enforcement mechanisms are difficult; the technology is more diffuse and harder to monitor than fissile material. Possible. Not imminent.
Scenario B — Incident-Driven Regulation: The most likely path to significant U.S. federal regulation is a catalyzing incident — a large-scale AI failure with documented mass casualties, or an AI-enabled attack whose scale and attribution are clear. This is how aviation regulation happened after crashes, how pharmaceutical regulation happened after thalidomide, how financial regulation happened after crashes. The question is whether the incident will come before or after the technology is too deeply embedded to regulate meaningfully.
Scenario C — Self-Regulation at Scale: The AI industry has produced voluntary commitments — the Frontier Model Forum, safety frameworks, red-teaming protocols, voluntary disclosure standards. These are better than nothing. They are not sufficient for a technology whose leading developers describe as potentially the most consequential in human history. Voluntary commitments in industries with enormous financial incentives to deploy quickly have a documented historical track record. It is not encouraging.
EU AI Act (Regulation (EU) 2024/1689); White House Executive Order on AI (October 30, 2023); Trump revocation EO (January 20, 2025); White House AI Action Plan (April 2025); OpenAI, Google, Microsoft, Meta lobbying disclosures (OpenSecrets; House/Senate lobbying databases); Bletchley Park AI Safety Summit communiqué (November 2023); UN Secretary-General AI Advisory Body reports (2024); Frontier Model Forum voluntary commitments documentation; Center for AI Safety policy analysis.