We don’t imprison humans preemptively based on the capability to commit crime. Why regulate AI that way?
· Fortune
The Trump administration has reportedly been looking into reviving a Biden-era approach to regulating the release of new AI models, reversing one of its earliest decisions to give the industry free rein. Just earlier this week, reports surfaced that over 60 of President Trump’s allies sent him a letter urging him to take a more hands-on approach to AI, with pre-release testing and approval. Then, on Thursday, Trump abruptly postponed the signing of an executive order that would’ve provided for more oversight – signaling the ongoing debate over AI regulation.
Visit tr-sport.click for more information.
The approach under consideration, first proposed in 2023, focuses on the wrong target. Like much of the current regulatory momentum across jurisdictions, it focuses on how AI systems are built and how they perform on tests — not on their behavior and impact once deployed in the real world.
We’ve already seen similar initiatives crop up. Consider the European Union AI Act. Under this policy, before a “high-risk” system can enter the market, its developers must complete a conformity assessment documenting that the system meets requirements for accuracy, robustness, and data governance based on its intended purpose, defined up front at the time of classification.
While that act mandates post-deployment monitoring, its center of gravity remains firmly ex ante. Many state-level proposals in the U.S. also emphasize capability-based regulation and pre-deployment certification. All of these approaches share a common premise: that risk can be determined in advance, based on capabilities and pre-deployment testing, without observing how a system actually behaves.
These policies reflect a regulatory instinct borrowed from consumer products — fix the capability, certify the output, call it safe. But consider the absurdity of applying that logic to human beings. Every person on earth is capable of committing crime. We don’t imprison everyone as a precaution. We regulate the act, assign liability for the harm, and build institutions for ongoing oversight. The same logic should govern AI — and yet we’re doing the opposite, trying to contain what a system can do rather than holding it accountable for what it actually does.
AI systems are fundamentally different from conventional software, and the gap is widening. Their generality, open-endedness, and increasing integration with both digital and physical environments — such as agents and robots — make it difficult to predict their behavior, much like with human actors. As a result, regulatory approaches that overemphasize capabilities and pre-deployment testing will struggle to prevent the harms that emerge in real-world use.
Governing AI effectively means rethinking policy from the ground up — not retrofitting frameworks designed for a different class of technology.
AI systems operate in a vast space that cannot be fully specified pre-deployment. They may be asked to perform arbitrary tasks, use a variety of tools, and operate in a variety of contexts. A capability and test-based regulatory approach would therefore need to anticipate all potentially harmful tasks the model might be asked to perform, all tools it might use, and all contexts in which it might operate. This is practically impossible. For example, how could one predict what a system might do with a tool that did not even exist at the time of certification? And how could regulators anticipate every context in which a system will eventually operate?
That’s where an AI Safety Management System comes in — a framework for policy and regulation centered on continuous, real-world evaluation rather than point-in-time certification.
As the behavior of AI models and agents comes closer and closer to human behavior, we should think of AI regulation the same way we think of the frameworks used to govern human activity. We regulate consequential human activities — such as driving, practicing medicine, or operating critical infrastructure — through a combination of baseline qualifications and outcome-based rules focused on harm, responsibility, and duty of care, supported by ongoing oversight and incident investigation.
Policymakers seeking durable AI governance should begin with three principles.
First, center oversight on continuous, independent assessment of real-world behavior. Ex ante testing and certification should serve as a baseline — not a substitute for ongoing scrutiny.
Second, target demonstrable harms while preserving the flexibility necessary for innovation. Continuous evaluation must not impose burdens that favor entrenched incumbents at the expense of startups and open-source developers. The principle is simple: conduct that is illegal for a human must remain illegal when carried out or enabled by AI — but regulation should not reach beyond that boundary.
Third, scale obligations with impact, autonomy, and exposure — and include safe harbors for good-faith monitoring, incident disclosure, and rapid remediation. This would account for the continued evolution of AI systems and the fact that they operate in open-ended environments.
Policymakers must also weigh the strategic dimension carefully. If regulation significantly slows innovation in the United States while other countries advance more rapidly, the result will not be safer AI globally, but a shift in leadership and influence. The choice, however, is not between safety and speed: clear, outcome-based rules grounded in continuous evaluation can increase trust and adoption — and that trust is itself a competitive advantage.
Ultimately, what matters most is not the AI system’s intrinsic capability or what developers imagine it can do, but what the AI system actually does in practice. Regulation should reflect that reality.
The opinions expressed in Fortune.com commentary pieces are solely the views of their authors and do not necessarily reflect the opinions and beliefs of Fortune.
This story was originally featured on Fortune.com