The open secret of Silicon Valley is that the tech industry has already won the first round of the regulatory war.
For years, public debate centered on whether governments would step in to regulate artificial intelligence. That question is obsolete. Governments have stepped in, but they did so by inviting the largest tech companies to write the rules themselves. This corporate capture of AI regulation poses a fundamental threat to market competition, public safety, and algorithmic accountability. By allowing the creators of frontier models to dictate the legal frameworks governing them, society is effectively letting digital monopolies design their own moats under the guise of public safety. Read more on a similar topic: this related article.
The Architecture of Self Regulation
Washington and Brussels have fallen into a familiar trap. Lawmakers, intimidated by the rapid pace of technological change, have chosen to rely on corporate insiders to draft the technical standards that will govern future systems.
This is not a new playbook. The financial sector did it before 2008. The aviation sector did it with disastrous results. Now, the tech sector is executing the strategy with unprecedented speed. More analysis by TechCrunch highlights similar views on this issue.
When the chief executives of trillion-dollar corporations testify before congress asking for regulation, they are not acting out of civic duty. They are acting out of self-preservation. They understand that a complex, expensive regulatory burden is the ultimate weapon against upstart competitors. A startup working out of a garage can pivot its technology overnight, but it cannot afford a department of fifty compliance lawyers to audit its code against thousands of pages of government mandates.
Consider how the current legislative frameworks approach risk. Most proposed rules focus heavily on frontier models, defined by the sheer amount of compute power used to train them. By focusing regulation on the largest models, incumbents achieve two goals simultaneously. They project an aura of responsibility, and they ensure that any open-source alternative faces a wall of legal liabilities that only a well-capitalized corporation can survive.
The Mirage of Safety Audits
The primary mechanism of modern AI governance is the third-party audit. It sounds objective. It sounds rigorous. In practice, it is largely theater.
Right now, the industry lacks standardized metrics for what constitutes a safe model. Red-teaming, the practice of probing a system for vulnerabilities, remains more of an art than a science. When a company brags that its new model has passed rigorous external safety reviews, it rarely discloses the full methodology, the edge cases tested, or the compensation tied to the audit firm.
+-----------------------------------------------------------------+
| The Corporate Compliance Loop |
+-----------------------------------------------------------------+
| 1. Tech Giants draft the baseline evaluation standards. |
| 2. Governments adopt those standards into formal law. |
| 3. Auditing firms charge premiums to certify compliance. |
| 4. Open-source projects and startups are priced out. |
+-----------------------------------------------------------------+
This dynamic creates a closed loop. The companies build the models, the companies help write the evaluation criteria, and the auditing firms, often staffed by former employees of those exact tech giants, stamp the approval. The public receives an illusion of safety while the market concentration intensifies.
The Hidden Attack on Open Source
The true casualty of corporate-written rules is the open-source community. Open-source software is the foundation of the modern internet. It democratization access to technology, allowing researchers worldwide to scrutinize code, fix vulnerabilities, and build local tools.
Incumbents frequently frame open-source AI as a national security hazard. They argue that releasing the weights of a powerful model is equivalent to handing over blueprints for dangerous technologies. This argument deliberately conflates software capabilities with physical execution. More importantly, it ignores the immense security benefits of public scrutiny.
When code is proprietary, vulnerabilities remain hidden until they are exploited. When code is open, thousands of independent developers can find and patch flaws. By pushing for regulations that criminalize or severely restrict the release of open-source weights, dominant tech firms are trying to outlaw their greatest competitive threat. They want a future where every developer must rent intelligence from a handful of centralized cloud platforms.
The Capture of Public Institutions
The revolving door between big tech and regulatory agencies is spinning faster than ever. Government bodies tasked with overseeing machine learning systems are desperately underfunded. They cannot match the salaries offered by the private sector, which means they cannot retain top-tier technical talent.
To compensate, agencies rely on advisory boards, industry working groups, and seconded executives. The intentions of these individuals may be honorable, but their worldview is shaped by the corporate environments they inhabited. They view risk through the lens of corporate liability, not public harm.
"When an agency relies on the regulated industry to explain how the technology works, the regulation stops being a check on power and becomes an extension of it."
This structural imbalance shows up in the language of the policies themselves. We see mandates for watermarking AI-generated content, a technology that is notoriously easy to bypass, yet highly profitable for the firms patenting the detection tools. We see vague requirements for data provenance that protect copyright holders who can afford litigation, while doing nothing to compensate the millions of creators whose work built these systems in the first place.
The Solution is Structural Disruption
Fixing this crisis requires a complete rejection of the current regulatory approach. We must stop asking tech executives how they should be governed.
First, regulatory frameworks must shift their focus from the size of the model to the specific application of the deployment. A small model used to deny someone a loan or screen a medical diagnosis requires intense oversight. A massive model used to generate creative fiction does not. By regulating the context of the deployment rather than the scale of the compute, we protect consumers without killing innovation.
Second, we need genuine public infrastructure. If the state remains dependent on corporate clouds to run its own evaluations, it will never be independent. Governments must invest in public supercomputing clusters and independent research institutes that do not rely on corporate grants.
True accountability will not come from a voluntary code of conduct signed in a boardroom. It will come from strict liability laws that hold companies financially responsible for the predictable harms caused by their systems, combined with antitrust enforcement that prevents a handful of platforms from controlling the entire stack of human knowledge. The rules of the future belong to the public, not the platforms.