Governments on both sides of the Atlantic have spent the past two years building a regulatory framework around artificial intelligence, issuing executive orders, passing binding legislation, and standing up safety consortiums. The largest AI developers, including OpenAI and Anthropic, have signed voluntary agreements to cooperate with federal testing programs. Yet the speed at which new models reach the public continues to outpace the institutions designed to evaluate them, creating a widening gap between what regulators have warned about and what companies are actually doing to address those warnings.
Washington and Brussels Draw the Lines
The clearest signal from Washington came with Executive Order 14110, titled “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” The order directs federal agencies to conduct standardized evaluations and red-teaming of AI systems, with specific attention to national-security threats spanning bioweapons, cyberattacks, critical infrastructure disruption, fraud, disinformation, and discrimination. It represents the most detailed set of federal instructions ever aimed at the AI industry, and it puts developers on notice that the government considers their products a source of measurable risk.
The European Union went further by turning warnings into law. Regulation (EU) 2024/1689, known as the Artificial Intelligence Act, establishes binding obligations and compliance timelines for companies operating in the EU market. The law applies risk-based governance categories to AI systems and includes specific requirements for general-purpose AI, or GPAI, models. As provisions phase in, companies that treat these deadlines as aspirational rather than enforceable face real financial exposure. The combination of a U.S. executive order and a European statute means that the two largest consumer markets for AI now have formal, documented expectations for how these systems should be built, tested, and monitored.
Safety Infrastructure Without Enforcement Teeth
Federal agencies have tried to give these warnings practical shape. The National Institute of Standards and Technology published its AI RMF 1.0, which lays out what “AI risk” means in operational terms. The framework covers governance, mapping, measuring, and managing risks across the full AI lifecycle, and it calls for repeatable evaluations and clear accountability at every stage. It is not a regulation, but it is the closest thing to an industry playbook that the federal government has produced, and it was designed to be referenced by both regulators and developers as they translate abstract concerns into concrete testing plans.
Building on that framework, the Biden-Harris administration announced the first-ever AI safety consortium, known as AISIC. The consortium was tasked with developing guidelines for red-teaming, capability evaluations, risk management, and watermarking of AI-generated content. Later that summer, the U.S. AI Safety Institute signed memorandums of understanding with both Anthropic and OpenAI, granting the institute access to major new models before and after public release for safety testing and evaluation; those agreements with leading labs were billed as a way to align cutting-edge development with public oversight. On paper, this looks like a functioning safety pipeline. In practice, the agreements are voluntary, and no public audit has yet confirmed whether the testing has kept pace with the release cadence of new models.
The Gap Between Frameworks and Deployment
The core tension is not that warnings are absent. They are everywhere. The problem is that frameworks, consortiums, and memorandums of understanding all depend on good-faith participation from companies whose primary incentive is speed to market. NIST’s risk management guidance, housed at its Computer Security Resource Center, provides detailed steps for evaluating AI systems, from identifying potential harms to documenting mitigation strategies. But guidance without mandatory compliance deadlines functions more as a recommendation than a constraint. When a company can release a model globally in hours, a voluntary testing agreement that operates on a government timeline creates an obvious mismatch between regulatory aspiration and commercial reality.
This is where the dominant assumption in current coverage deserves scrutiny. Much of the conversation frames the relationship between AI labs and regulators as cooperative, pointing to signed MOUs and consortium memberships as evidence of alignment. That framing misses the structural reality, companies control the release schedule, and no existing U.S. mechanism compels them to delay a launch based on safety findings. The EU’s Artificial Intelligence Act does include binding timelines, but its enforcement provisions are still being phased in, and the most consequential obligations for general-purpose models have yet to be stress-tested in court. Until penalties actually land, the incentive structure rewards companies that move fast and treat compliance as a trailing concern rather than a prerequisite, especially in competitive races to deploy ever-larger models.
Ethical Alarms Predate the Current Boom
The warnings are not new. As far back as 2020, researchers at Harvard flagged that oversight was overwhelmed as AI took on larger decision-making roles in areas like hiring and policing, arguing that lawmakers were struggling to keep up with algorithmic systems embedded in everyday life. That gap has only grown wider as generative models have turned once-esoteric research into mass-market products. The international community attempted to address the problem through events like the 2023 Bletchley AI Safety Summit, which produced declarations on shared global risk and called for closer coordination on frontier models. Yet declarations without enforcement mechanisms have done little to change corporate behavior, and there is still no binding global standard for how powerful AI systems should be evaluated before deployment.
Critics argue that this pattern, strong language, weak enforcement, has become the default. They note that voluntary commitments and high-profile summits can create a sense of progress without materially altering incentives. From this perspective, the most important question is not how many frameworks or principles exist, but whether any of them can force a delay or redesign when evaluations uncover serious problems. Without that leverage, ethical alarms, however prescient, risk becoming background noise against the louder signal of rapid commercial rollout and investor pressure to ship new capabilities.
From Voluntary Cooperation to Binding Accountability
Closing the gap between regulation and reality will likely require moving beyond soft-law instruments to structures that can withstand commercial pressure. One approach is to treat certain AI systems (particularly those with broad, open-ended capabilities) as closer to critical infrastructure, subjecting them to pre-deployment testing obligations analogous to those in pharmaceuticals or aviation. Under this model, frameworks like AI RMF 1.0 would not merely guide best practices but anchor formal review processes, with clear thresholds for acceptable risk and transparent documentation of testing results. The existence of detailed NIST guidance shows that the technical vocabulary for such reviews already exists; what is missing is the legal authority to make them a condition of market access.
Another route is to lean on market incentives by tying access to major jurisdictions to demonstrable compliance. The EU’s risk-based regime hints at this strategy by making high-risk and general-purpose systems subject to specific obligations, backed by potential fines. If those provisions are enforced rigorously, developers may find it more costly to treat compliance as an afterthought. Similarly, deeper cooperation between safety institutes and leading labs could evolve from voluntary memorandums into standardized access arrangements, where early sharing of models is paired with binding commitments to address identified vulnerabilities before public release. Until such mechanisms are in place, the world’s most ambitious AI safety infrastructure will remain largely aspirational, impressive on paper, but struggling to keep pace with the systems it is meant to govern.
More From The Daily Overview
*This article was researched with the help of AI, with human editors creating the final content.
Grant Mercer covers market dynamics, business trends, and the economic forces driving growth across industries. His analysis connects macro movements with real-world implications for investors, entrepreneurs, and professionals. Through his work at The Daily Overview, Grant helps readers understand how markets function and where opportunities may emerge.
