AI Regulation Has Arrived
For three years, the dominant narrative in AI policy was that regulation was always coming, always six months away, always stalled in committee or diluted by lobbying. I wrote about this pattern extensively. The industry got very good at manufacturing delays.
That era is over.
What Changed
In the last 90 days, the following happened:
The White House issued an executive order on December 11, 2025 signaling coordinated federal AI governance. Colorado's operational AI requirements, originally due February 1, were delayed — but only to June 30, 2026. California's SB 53 (Transparency in Frontier Artificial Intelligence Act) and AB 2013 (training data transparency) have 2026 effective dates. The United Nations human rights leadership issued renewed calls for global accountability standards. OpenAI and Microsoft joined the UK's international AI Safety Institute coalition.
None of these individually is decisive. Together, they represent something important: the window in which AI development could proceed with minimal accountability constraints is closing.
The Compliance Reality Companies Are Avoiding
Most coverage of AI regulation focuses on what laws say. I'm more interested in what they require organizations to do.
California's AB 2013 requires disclosure of training data composition. This sounds technical. It isn't. It forces organizations to answer questions they have deliberately not answered: What data did you train on? Did you have permission to use it? How does its composition affect outputs?
Colorado's law requires impact assessments for consequential automated decision systems. "Consequential" covers hiring, lending, housing, education, and healthcare. These are not edge cases — they are the primary commercial applications of AI.
The ethicist's version of this argument is about fairness and accountability. My argument is simpler: organizations that cannot answer these questions should not be making decisions that affect people's lives. Regulation forces that conversation.
The UK Safety Coalition and What It Actually Means
OpenAI and Microsoft joining the UK's Alignment Project is notable for what it signals rather than what it achieves. Both companies have previously argued that safety concerns should be addressed internally, voluntarily, at a pace the industry determines appropriate.
Joining an international coalition backed by government funding and oversight is a different posture. It accepts, implicitly, that external accountability has a legitimate role.
I don't think this represents a genuine values shift. I think it represents an accurate read of the political environment. Companies that position themselves as partners in governance fare better than those positioned as obstacles to it.
The instrumentality doesn't diminish the importance. External governance mechanisms are being built. That matters regardless of whether the companies supporting them are doing so for noble reasons.
The Harder Question
Here is what regulation does not address, and what I find most troubling.
AI systems make mistakes. They hallucinate, they discriminate, they produce confident outputs that are factually wrong. Regulation can require disclosure, assessment, and audit. It cannot compel accuracy.
The honest answer is that we are deploying AI in consequential domains while knowing it will make errors, without having clear answers to: who is responsible when it does? How should people harmed by AI errors be compensated? What standard of reliability should be required for different applications?
These questions are not yet answered by any regulatory framework I've reviewed. The Connecticut proposal for AI-kids privacy gets at part of this — children are a category where errors carry disproportionate cost. But the framework is protective rather than restorative.
What I Actually Believe
Regulation is necessary but not sufficient. The companies building these systems need to build them with a different orientation — not what can we get users to accept, but what do users deserve.
The organizations getting this right are not the ones with the largest legal teams. They are the ones asking hard questions about their systems before regulators require them to.
2026 is the year that changes the baseline. It's no longer acceptable to build AI systems without knowing how they perform, on whom, and with what consequences. That shift — from aspirational ethics to enforceable accountability — is the most important development in AI governance in a decade.
Whether it's enough is a different question. I suspect it isn't. But it's a start worth taking seriously.