Aldo Ricardo · AI & Law · Articles
← All articles

Regulation & Policy

You Don't Know What You Don't Know: The Illusion of Regulating Artificial Intelligence

Over the past few weeks I have taken part in numerous discussions on artificial intelligence regulation. Conferences…

You Don't Know What You Don't Know: The Illusion of Regulating Artificial Intelligence

View on LinkedIn

Over the past few weeks I have taken part in numerous discussions on artificial intelligence regulation. Conferences, panels, legislative proposals—a complete ecosystem dedicated to "controlling AI." And while I acknowledge the good intentions behind many of these initiatives, I also observe a troubling pattern: most proposals reveal a fundamental disconnect between regulatory ambition and technical reality.

The issue is not opposition to all regulation, but rather a recognition that regulating something we barely understand demands more intellectual humility than we are currently showing. AI systems are probabilistic, not deterministic; evolutionary, not static; emergent, not programmed line by line.

The problem is not that we want to regulate AI. The problem is that we want to regulate it as if it were anything else.

The Most Problematic Proposals in the Current Debate

1. Applying the pharmaceutical regulatory model to AI

The proposal to subject AI to FDA-style processes sounds sensible until you examine the fundamental differences. Drugs are controlled molecules tested in laboratories; AI processes trillions of texts across infinitely variable contexts. A drug either fails or works; AI operates across probabilistic spectrums. Clinical trials assess specific effects in defined populations; AI generates a unique response for every interaction. Applying pharmaceutical frameworks to adaptive systems is like regulating human conversation using the same criteria we use to approve antibiotics.

2. Requiring impossible labels on every response

Some envision every AI output carrying a label along the lines of: "Warning: this response was generated using data comprising 40% academic texts, 25% Wikipedia, 35% social media. Bias detected toward Western sources. Confidence: 73%." Setting aside that it is technically impossible to trace the origin of every word in a model trained on billions of parameters, it would be like requiring that every time you speak to someone, you declare which books, conversations, and experiences gave rise to each of your ideas.

3. Demanding a perfectly fair, bias-free AI

A zero-bias utopia dressed up as moral virtue. Mathematicians have already demonstrated that different criteria of "fairness" contradict one another: if an algorithm is "fair" according to one metric, it will automatically be "unfair" according to another. It is like demanding that a number be simultaneously even and odd. Yet regulators keep asking algorithms to resolve social inequalities that humanity has spent millennia failing to resolve.

4. Demanding technical explanations that even experts cannot provide

They require that when ChatGPT answers "Paris is the capital of France," it explain exactly which of its 175 billion parameters were activated, why, and how they are connected. It is like asking your brain to explain precisely which neurons you used to remember where you left your keys. Not even the researchers who created these models fully understand how they process information—yet regulators want detailed user manuals.

5. Shifting responsibility onto everyone except the user

If someone uses ChatGPT to write a plagiarized essay, the fault lies with OpenAI for not "preventing misuse." If someone generates a deepfake image, the fault lies with the developer for not "implementing sufficient safeguards." It is like blaming Microsoft if someone uses Word to write a threatening letter, or blaming Toyota if someone drives drunk. Individual responsibility vanishes as if by magic the moment an AI is involved.

6. Requiring mandatory ethics audits for every model

They propose committees of "ethics experts" to evaluate whether each AI system is morally acceptable before launch. The problem: these committees typically consist of philosophers, lawyers, and bureaucrats who do not understand how machine learning works. It is like asking a committee of art critics to approve the design of a nuclear reactor. Without technical knowledge, "ethics audits" become moral theater in which good intentions are evaluated instead of real-world outcomes.

7. Inventing ethical AI certifications

They want to create seals along the lines of "Ethically Approved AI" that companies can display like an ISO certificate. But unlike industrial standards—which measure things such as material resistance—"algorithmic ethics" varies by culture, context, and application. It is like creating a universal certification for "Ethically Delicious Food" that works equally well in Mexico, India, and Japan.

8. Demanding alignment with "human values" without defining which ones

Regulators demand that AI reflect "universal human values," but never specify what those are. Silicon Valley values (innovation, disruption)? Brussels values (privacy, precaution)? Beijing values (stability, collectivism)? What some consider a virtue (absolute freedom of expression) others consider a danger (hate speech without filters). Universal human values do not exist—which is precisely why we have different countries, religions, and political systems.

9. Requiring informed consent for every piece of training data

They propose that before training any AI, explicit permission must be obtained from every person whose data is used. This sounds reasonable until you realize it means contacting every user who ever contributed to Wikipedia, posted on Reddit, or uploaded a photo to the internet—essentially all of digital humanity. It is technically impossible and legally absurd, like requiring Shakespeare to posthumously seek permission from every person who inspired his characters.

10. Creating ethics committees in every company

Requiring every startup and technology company to have an "AI Ethics Committee" sounds progressive, but in practice it means executives without technical training making decisions about algorithms they do not understand. It is like requiring every restaurant to have a quantum physics committee to approve how its microwaves work. Moreover, these committees shift their positions with intellectual fashions—what is "ethically correct" today may be "problematic" tomorrow.

11. Ordering regular algorithmic audits with no clear methodology

They demand periodic audits of algorithms without explaining what should be audited, how, or according to what criteria. It is like ordering "creativity audits" of artists without defining what makes a painting "auditively correct." Without clear technical standards, these audits become bureaucratic exercises in which documentation is evaluated rather than actual performance.

12. Granting rights to robots before conscious robots exist

Some propose laws on "robot rights" and legal protections for conscious AI, even though we have no evidence that artificial consciousness exists. It is like creating traffic laws for unicorns—science fiction philosophy dressed up as serious public policy. Meanwhile, real problems with current AI (bias, disinformation) go unaddressed because it is more exciting to talk about sentient robots.

13. Demanding total algorithmic neutrality

They assume it is possible to design fully neutral systems, free of values and bias. But every algorithmic decision involves trade-offs: prioritize accuracy or equity? Speed or safety? Privacy or functionality? Pure neutrality does not exist—even "not making a decision" is a decision. It is like demanding the existence of colors that are not colors, or numbers that are not numbers.

14. Requiring AI to report its carbon footprint

They propose that every ChatGPT query come with a report: "This response consumed 0.0034 kWh and generated 0.002g of CO2." Setting aside the technical complexity of calculating this with precision, it turns every interaction with AI into an exercise in ecological guilt. It is like requiring that every time you think, your brain report how much glucose it consumed—technically possible, practically absurd.

15. Shifting the burden of proof onto developers

They seek to protect users by inverting the burden of proof: developers must now demonstrate that their AI will "never do anything harmful, in any context, for any user, ever." They are being asked to prove a universal negative—something logically impossible. In practice, this protects no one; it merely freezes innovation because no company will risk creating something new if it must guarantee absolute perfection across an infinite universe of possibilities.

16. Demanding "adversarial robustness" without understanding the trade-offs

They want models immune to all conceivable attacks, unaware that cybersecurity works like a game of rock, paper, scissors: strengthening defenses against one type of attack typically creates vulnerabilities to others. It is like asking for a perfect security system against thieves, earthquakes, fires, hackers, explosions, and aliens—all at the same time, with no compromises. When regulators demand "total robustness," they are asking for the laws of physics to be violated.

The Patterns Behind These Proposals

These initiatives reveal systematic cognitive biases in how we approach the regulation of emerging technologies:

→ Technological anthropomorphization: We attribute human intentions and capabilities to systems that operate in fundamentally different ways.

→ Regulatory framework transfer: We apply twentieth-century solutions to twenty-first-century phenomena, assuming that AI is "like X but more complex."

→ Illusion of deterministic control: We expect absolute certainty from inherently probabilistic systems.

→ Bureaucratic solutions to technical problems: We respond to engineering challenges with committees and administrative procedures.

→ Availability bias: We regulate the most media-visible risks, not necessarily the most probable or harmful ones.

What Actually Needs Immediate Regulation?

Recognizing the limitations of current proposals does not mean accepting a regulatory vacuum. More promising approaches do exist:

Domain- and risk-specific regulation

Rather than regulating "AI" in the abstract, focus on concrete applications: AI in medical diagnostics, hiring systems, credit-scoring algorithms. Each domain has particular risks and established evaluation metrics.

Transparent data governance

Implement system-level traceability, clear dataset licensing, and reasonable opt-out mechanisms. This is technically feasible and addresses legitimate concerns about consent.

Pre- and post-deployment impact assessment

Protocols with verifiable metrics, not just documentation. Include both technical evaluation (bias, robustness) and sociotechnical evaluation (effects on specific communities).

Distributed and proportional liability

Assign liability according to actual role: developers for design, integrators for implementation, end users for specific use. Avoid both total provider liability and total user irresponsibility.

Operationally useful explainability

Not "parameter X-rays" but explanations that enable informed decisions. For a hiring system: "Prioritized work experience over formal education" is more useful than "Activated 847,392 parameters in layer 12."

Adaptive and continuous security

Regular red teaming, post-deployment monitoring, and updatable contingency plans. Recognize that security in AI is a dynamic process, not a final state.

Conclusion: Toward Informed Regulation

The urgency to regulate artificial intelligence is understandable, but effectiveness requires technical precision. Current proposals fail not from a lack of good intentions but from a disconnect between regulatory ambition and technical reality.

The challenge is no small one: we are trying to create legal frameworks for systems that evolve faster than our legislative processes, that operate in ways we are only beginning to understand, and whose effects emerge from complex interactions among technology, data, and social context.

But acknowledging complexity must not paralyze us. We can regulate intelligently if we accept that AI requires adaptive approaches, not deterministic ones; domain-specific, not universal; and technically informed, not bureaucratically convenient.

The real risk lies not in AI itself, but in regulating it poorly. Poorly designed regulatory frameworks can be worse than none at all: they create the illusion of control while allowing real risks to go unnoticed, stifle beneficial innovation, and divert resources away from effective solutions.

Intelligent regulation of AI begins by acknowledging the limits of our current understanding. That is not an admission of defeat; it is the first step toward frameworks that actually work.