The AI Governance Ratchet

The AI-governance debate is a fight over who operates the control grid, not whether one gets built. Hard law, voluntary standards, and compute chokepoints — and what held versus what reversed in 2025–26.

2026-06-17 7 min read Research file
Contents

A research position. Sourced, present-all-sides. Named people and organizations carry primary citations; characterizations are attributed to whoever made them, never adopted as fact. This is the public research base for The Ratchet Ch. 20 (“The Blueprint”) and the companion to the live AI Governance Tracker.

The point every AI-governance instrument converges on is not “regulate or don’t.” It is who operates the grid. The EU AI Act, the US compute export controls, the national AI Safety Institutes, the C2PA provenance standard — each was sold as a guardrail against frontier-model risk, and each is also, simultaneously, an implementation calendar for who may build what, import what, and audit whose stack. The four governance camps fight bitterly over which of them should hold the controls. They agree, tacitly, that the controls should exist. That agreement is the ratchet.

The 2025–26 record sharpened the picture: the clicks that held were the ones written into supranational law, global accounting/technical standards, and hardware chokepoints — the parts nobody has to keep voting for. The clicks that slipped were the voluntary coalitions and the single-administration rules. What follows is the infrastructure, camp by camp and layer by layer, with the strongest defense given equal weight.

The infrastructure being built

LayerWhat’s being builtStated purposeControl capability
HardwareExport controls, CHIPS subsidies, compute trackingNational securityWho can build AI
ModelRegistration, conformity assessment, safety testingAI safetyWhat AI can be built
DeploymentHigh-risk classification, human-oversight mandatesProtecting rightsHow AI can be used
ContentWatermarking, provenance, algorithmic transparencyPreventing disinfoTracks AI-generated content
InternationalAI Safety Institutes, Bletchley/Seoul frameworkGlobal coordinationEnforcement consensus

Hard law: the EU AI Act

The world’s first comprehensive horizontal AI law. Regulation (EU) 2024/1689, published 12 July 2024, entered into force 1 August 2024, with staggered application (EUR-Lex; EU AI Act explorer).

  • Risk tiers: unacceptable (banned — public social scoring, certain real-time biometric ID, manipulative systems, workplace/school emotion recognition) → high-risk (conformity assessment, logging, human oversight) → limited (transparency — label chatbots and deepfakes) → minimal (unregulated).
  • Penalties: up to EUR 35M or 7% of global turnover for prohibited-practice breaches; up to EUR 15M or 3% for general-purpose-AI (GPAI) breaches.
  • Frontier/GPAI: models above a 10^25-FLOP training-compute presumption face “systemic risk” duties; open-source models get partial exemptions, but not for systemic-risk frontier models.
  • Early enforcement: the prohibited-practices ban became applicable 2 Feb 2025; GPAI obligations 2 Aug 2025; the Commission published the final GPAI Code of Practice on 10 Jul 2025 (voluntary — a compliance-signalling instrument); most penalty provisions bind from 2 Aug 2026 (implementation timeline).

Voluntary standards that govern anyway

The US chose a voluntary, standards-based path. NIST released the AI Risk Management Framework (AI RMF 1.0) on 26 January 2023 — four functions (Govern, Map, Measure, Manage), legally binding on no one, and now the de-facto compliance grammar US firms and procurement reach for.

The load-bearing observation: hard law (the EU AI Act) and soft law (NIST AI RMF, the GPAI Code of Practice, ISO/IEC 42001) converge on the same operational vocabulary — risk classification, conformity assessment, logging, human-oversight attestation, model cards, red-team reports. Whether or not any single instrument is binding, procurement contracts demand the vocabulary, insurers price against it, audits check for it, and vendors build to it. The standard, not the statute, ends up doing the governing — and a standard has no sunset clause and no electorate.

The hardware chokepoint

US chip export controls are the most consequential AI governance in existence: they decide who can build frontier AI at the hardware level. The October 2022 BIS rule restricted advanced logic chips (A100/H100-class) and chipmaking equipment to China (CSIS). TSMC fabricates ~90% of the most advanced (sub-7nm) chips; ASML is the sole maker of EUV lithography — natural chokepoints (ETO/CSET). The CHIPS Act ($52.7B) bars recipients from expanding advanced-chip manufacturing in China for ten years.

What reversed (2025–26): the January 2025 “AI Diffusion Rule,” which would have extended the tiering globally, was rescinded by BIS on 13 May 2025 before it took effect (BIS); the H20 chip, blocked in April 2025, was allowed back into China in July 2025 under a 15%-of-revenue arrangement. The core China-directed controls persisted; the global expansion did not. The rule churns; the licensing machinery and the chokepoints stay.

DeepSeek-R1 (January 2025) — the compute-moat bomb: a Chinese lab operating under the export controls (H800s, not H100s) released a frontier reasoning model, open-weight, its underlying V3 base reportedly trained for ~$5.6M. Nvidia lost ~$589B in market cap on 27 January 2025, the largest single-day loss in market history (CNBC; Reuters). It challenged the export-control premise, the compute moat, and the safety argument for restricting model access at once. The chokepoints (TSMC, ASML) are real; the claim that they would hold a durable capability gap open is the part that cracked.

On-chip governance is the frontier of the hardware layer: Heim et al. propose chips that cryptographically attest to workloads, firmware compute caps, tamper-resistant usage logs, and remote attestation — modeled on nuclear arms-control verification. Critics call it “a kill switch in every GPU.”

The four governance camps

The debate is usually flattened to “regulate vs. don’t.” It is better mapped as four camps, each attributed to representative voices, none adopted as this page’s own — the fuller treatment is in AI worldview camps and the AI-ethics poles:

  1. Existential-risk / “doomer”: frontier AI poses catastrophic risk; favor pauses, compute caps, licensing. Representative: Eliezer Yudkowsky (most extreme), and the more moderate CAIS statement / FLI pause letter signatories (Bengio, Hinton).
  2. Accelerationist / light-touch: regulation entrenches incumbents and cedes the race; favor permissionless innovation. Representative: Marc Andreessen.
  3. Incumbent / license-it-our-way: favor government licensing/registration of frontier models. Representative: Sam Altman’s May 2023 Senate testimony. Critics note the structural effect is a barrier to entry favoring well-funded incumbents (a critic characterization, not asserted motive).
  4. AI-ethics / present-harms: the extinction frame distracts from bias, surveillance, labor, and concentration happening now; favor accountability and civil-rights enforcement over speculative-risk licensing. Representative: Timnit Gebru, the DAIR Institute, the “stochastic parrots” critique.

These camps cut across left and right; the discipline here is to map the structural argument each makes, not assign a political team.

The Biden-EO → Trump-rescission ratchet

Biden’s EO 14110 (30 Oct 2023) set reporting thresholds for large training runs, red-teaming disclosure, and watermarking guidance. Trump’s EO 14179 (23 Jan 2025) revoked it. But the institutional infrastructure persisted: NIST AI RMF, the US AI Safety Institute, and the core BIS export controls were not rescinded, and the corporate compliance practices the EO catalyzed continued because the EU AI Act requires them regardless. The order was revoked; the grammar was not.

The defense (at full strength)

The strongest “this is ordinary, proportionate governance” case:

  1. Risk-tiering is proportionate. The EU AI Act regulates uses, not the technology; minimal-risk AI (the vast majority) is untouched.
  2. Voluntary frameworks are voluntary. NIST AI RMF and the GPAI Code impose nothing by force.
  3. The mandates did roll back. Trump revoked Biden’s EO; SB 1047 was vetoed; the FLI pause never happened; the AI Diffusion Rule was rescinded. Evidence the system is contestable, not a one-way ratchet.
  4. Export controls are national-security policy, not domestic censorship — and DeepSeek arguably showed they don’t even achieve their narrow aim.
  5. Real harms exist now (the AI-ethics point): bias, deepfake fraud, CSAM, election manipulation — governance as a response to documented harm, not a pretext.

The counter, kept for balance: “voluntary” standards become de-facto-mandatory through procurement and insurance; revoked EOs leave the scaffolding (NIST, AISI, export controls) intact; and the same machinery built for safety is, by construction, a content-monitoring capability. Both cases are laid out; the documented record does the work.

Where it converges

Across hard law, soft law, hardware, and content provenance, the AI-governance apparatus lands on one point: the genuinely contested question is not whether a control layer gets built — it is which camp, which jurisdiction, and which administration operates it. The 2025–26 reversals are the test: what a single administration could revoke, it did (EO 14110, the Diffusion Rule, SB 1047, the voluntary alliances); what was written into supranational law, global standards, and physical chokepoints, it could not. Different pawls, same ratchet — and the ratchet’s teeth are the standards and the chokepoints, not the coalitions.

Get updates on the Evil Robots series

Newsletter essays on AI escape, deception, and the humans who built them.