Lecture 2—What Are We Actually Governing When We Govern AI? --for the Lecture Series: AI Governance in Comparative Perspective, Theory and Practice: China, U.S. and E.U

 

Pix credit here

 

I was delighted to have had the opportunity to present a series of Lectures  hosted by the East China University of Political Science and Law (ECUPL) at the end of May. 

The overall theme (and thus the title) of the lectures was AI Governance in Comparative Perspective, Theory and Practice: China, U.S. and E.U, With a Sideways Glance at the U.N. The subject of the lectures requires little by way of introduction: Artificial intelligence is the broad term that has come to represent a growing cluster of non-human and digitalized processes and operations that has as its primary task the constitution of non-human systems capable of performing tasks that were once thought to require human intelligence. And so is the impulse to manage, control, exploit, embed, understand, and regulate these processes, systems, and perhaps eventually non-human consciousness with a huge potential to undertake many of the computational tasks (the mathematical and logical processing of data) that were once the sole domain of and perhaps defined what it meant to be human. That is the point where things get interesting. It is at the point where the development of machines, that is of non-human systems, capable of performing tasks that were once thought to require human intelligence, collide with regulatory structures meant to manage, contain, constrain, liberate, embed, project and exploit such non-human systems, whether they are traditional or emerging, public or private regulatory systems, that human collectives and the machine-systems they have created now find themselves. 

The eight lectures progress sequentially from conceptual and theoretical frameworks (lectures 1 and 2, the objects and subjects of AI regulation), through a deeper consideration of regulatory systems in three distinguishable regulatory regimes--the US, EU, and China (Lectures 3, 4.5). The last two lectures consider judicial efforts to embed AI within traditional legal orders (Lecture 6), and the way in which the object of regulation (in the form of the owners of the larger AI enterprises) understand the relationship between AI, the state, and society (Lecture 7) . Lecture 8 summarizes and draws larger themes going forward.

In a previous post introducing Lecture 1 (From Algorithms to Foundation Models: What Contemporary AI is “Made of”) I suggested that perhaps a useful way of approaching the issue of AI regulation is to start by considering the nature and characteristics of the regulatory subject--what we euphemistically refer to as "AI."  It then occurred to me that it might be useful as well to see if that regulatory object had views of their own respecting their nature character and, more importantly, the relationship of regulation projects to that (self) perception of their nature and character. So I approached Google's Gemini with a series of questions which I thought, in the process of what might pass for a conversation, might help humans begin to understand how at least one AI program thinks of itself. 

This post includes a summary of the Lecture 2 Notes, as well as the Lecture 2 PPT. Those interested may reach out to me to discuss availability of audio of the lecture and the full text of the Lecture 1 notes

Given the nature of the project I thought it might be useful to engage with an commercially available AI service for the production of a summary of the Lecture 1 materials. After some back and forth with Chat GPT (Lecture 1 used Google's Gemini), we came up with the following abstract of Lecture 2.

Lecture 2 Abstract:

Lecture Two argues that artificial intelligence governance is best understood not as the regulation of a single technology but as the selection and deployment of a regulatory palette. AI is neither a unified object nor a stable category. Rather, it comprises interconnected layers of data, models, training processes, deployment systems, institutional practices, infrastructures, and human actors. Consequently, the central challenge of governance is not whether AI should be regulated, but determining what aspect of the AI ecosystem is to become the object of regulation and through what mechanisms governance will be exercised.

The lecture's core contribution is the development of a framework that distinguishes between regulatory objects and regulatory modalities. Regulatory objects identify what is being governed. The lecture highlights seven principal candidates: data, models, outputs, use cases, actors, harms, and infrastructure. Each object produces a distinct governance orientation. Data-centered approaches focus on privacy, consent, provenance, intellectual property, and data sovereignty. Model-centered approaches emphasize training practices, safety evaluations, documentation, and capability assessments. Output-oriented governance addresses generated content, recommendations, rankings, and automated decisions. Use-case approaches assess risk according to social context, particularly in sectors such as healthcare, education, employment, and public administration. Actor-centered governance allocates obligations across developers, deployers, vendors, and users. Harm-based approaches focus on discrimination, fraud, deception, privacy violations, and other legally cognizable injuries. Infrastructure-centered governance treats AI as a strategic capability dependent on chips, cloud computing, energy systems, and technological supply chains.

The lecture then examines the principal modalities through which these objects may be governed. Market governance relies on competition, consumer choice, procurement, and ex post enforcement. Risk-based governance classifies systems according to their potential impacts and imposes obligations proportionate to those risks. Rights-based governance centers the protection of affected individuals through privacy, equality, due process, explanation, and remedy. Safety and assurance governance emphasizes testing, robustness, auditing, monitoring, and lifecycle management. Platform and content governance focuses on information ecosystems, recommender systems, synthetic media, and public discourse. Industrial-strategic governance treats AI as a national capability linked to economic competitiveness, technological sovereignty, and geopolitical power.

This framework provides the foundation for comparative analysis. The United States, the European Union, and China do not merely adopt different AI rules; they construct different regulatory objects and deploy different governance modalities. The United States tends to govern through markets, harms, litigation, sectoral regulation, and national-security authorities. The European Union privileges risk classification, administrative supervision, transparency, and fundamental-rights protection. China integrates platform governance, content control, data governance, industrial policy, and state-directed technological development. The same technical system may therefore appear as a consumer product, a rights-based risk, a platform function, or a strategic infrastructure asset depending on the governing framework.

The lecture concludes that AI governance is ultimately an exercise in political ordering. Decisions about what AI is, what aspects matter most, and what governance tools are appropriate reveal competing visions of social organization. The central question is therefore not how much AI should be regulated, but what conception of society regulation seeks to advance through the governance of AI.

 

 

 

Links to Lectures:

Lecture 0 -- Introduction
Lecture 1—From Algorithms to Foundation Models: What Contemporary AI is “Made of”
Lecture 1A--A Computation/Conversation With Google's "Maschinenmensch" Gemini:
Lecture 2—What Are We Actually Governing When We Govern AI?
Lecture 3—The “Markets State”: U.S. Approach
Lecture 4—The “Rights State”: EU Approach
Lecture 5—The “Guided State”: The Chinese Approach
Lecture 6—Courts, Companies, and the Legal Construction of AI
Lecture 7—AI Narratives: Palantir; Anthropic; Open AI; and Leopold Aschenbrenner
Lecture 8—Putting It All Together: Trends, Trend Lines, and Regulatory Dialectics

 

 

 

Executive Summary: The Regulatory Object and the Regulatory Palette of Artificial Intelligence Governance

Lecture Two advances a central proposition that serves as the conceptual foundation for the remainder of the series: artificial intelligence governance is fundamentally an exercise in classification. Before states can regulate AI, they must first determine what AI is for regulatory purposes. This determination is neither self-evident nor purely technical. AI is not a single object but a complex assemblage of data, computational models, training processes, deployment environments, institutional practices, infrastructures, and social relationships. Consequently, governance begins not with rulemaking but with the construction of a regulatory object.

The lecture argues that discussions about AI regulation often proceed as though artificial intelligence were a coherent and self-contained technology. In reality, governance systems confront a distributed ecosystem in which responsibility, control, risk, and authority are fragmented across multiple actors and technological layers. The central question is therefore not whether AI should be regulated, but which dimensions of AI should become the focus of governance and through what mechanisms those dimensions should be managed.

At its core, the lecture introduces what may be understood as a regulatory palette—a set of possible regulatory objects and governance modalities available to policymakers. Different jurisdictions select different combinations from this palette, producing distinctive governance architectures that reflect broader political, economic, and ideological commitments. The comparative study of AI governance thus becomes an inquiry into competing conceptions of social order as much as competing regulatory techniques.

The Problem of Regulatory Object Construction

The lecture begins from the observation that modern AI systems are distributed systems. A large language model deployed in a hospital, for example, may involve data collected from numerous sources, a foundation model developed by one company, cloud infrastructure owned by another, a vendor responsible for integration, institutional decision makers who deploy the system, and professionals who rely on its outputs. When harm occurs, identifying the proper object of regulation becomes difficult.

Should governance focus on the training data, the model developer, the cloud provider, the deployer, the user, the output, or the resulting harm? Each answer generates a different regulatory architecture. Consequently, AI governance cannot begin with the vague ambition to "regulate AI." It must begin by determining where legal obligations will attach and how responsibility will be distributed across the technological ecosystem.

The lecture proposes a useful organizing principle: governance seeks to match obligations to control. Actors that possess the capacity to shape risk should bear responsibilities proportionate to that capacity. Yet because AI systems distribute both control and knowledge across multiple layers, assigning responsibility becomes one of the defining challenges of contemporary governance.

The Seven Regulatory Objects

The lecture's most significant contribution is its systematic identification of seven principal regulatory objects.

Data as Regulatory Object

The first and perhaps most familiar object is data. Under this approach, AI is understood primarily as a data-processing enterprise. Governance therefore focuses on collection, consent, provenance, retention, deletion, representativeness, privacy, intellectual property, cybersecurity, and cross-border data flows.

This orientation links AI governance to existing frameworks governing privacy, data protection, labor information, intellectual property rights, and data sovereignty. It reflects the insight that machine-learning systems are deeply dependent on the quality, legality, and representativeness of the data from which they learn.

At the same time, the lecture cautions against reducing AI governance to data governance. Problems may arise not merely from data collection but from deployment contexts, institutional practices, or model behavior. Data governance is therefore necessary but insufficient.

Models as Regulatory Objects

A second approach focuses on the model itself. Governance then centers on model architecture, training processes, capabilities, evaluations, documentation, release practices, access controls, and safety testing.

This orientation has become increasingly important with the emergence of foundation models. Because such models can be adapted to innumerable downstream applications, policymakers have become interested in regulating the development process itself rather than waiting to address harms arising from particular uses.

Model-centered governance has generated debates regarding model cards, system cards, frontier model evaluations, compute thresholds, red-teaming, open-weight releases, and capability assessments. Yet the lecture notes that models remain only one component within a larger ecosystem. A single model may support beneficial and harmful uses simultaneously, limiting the effectiveness of purely model-based approaches.

Outputs as Regulatory Objects

A third strategy focuses on outputs. Governance then addresses generated text, images, audio, video, rankings, recommendations, classifications, and automated decisions.

Output-oriented regulation has become particularly important in discussions concerning misinformation, deepfakes, synthetic media, fraud, intellectual property, and content moderation. This approach is attractive because harms often become visible through outputs.

However, the lecture emphasizes that output regulation tends to be reactive. It addresses consequences after they emerge rather than governing the upstream conditions that produced them. Harmful outputs may reflect deficiencies in training data, model design, deployment incentives, or institutional decision-making.

Use Cases as Regulatory Objects

The fourth regulatory object is the use case. Under this framework, governance focuses on how AI is used rather than what AI technically is.

Risk is understood as socially situated. A recommendation system used to suggest music raises different concerns than a system used to determine access to healthcare, employment, education, housing, credit, welfare benefits, or criminal justice outcomes.

This approach is closely associated with risk-based governance frameworks, particularly within the European Union. Its strength lies in connecting regulation to real-world consequences. Its weakness arises from the increasing generality of foundation models, whose ultimate applications may not be known during development.

Actors as Regulatory Objects

The fifth approach regulates actors rather than technologies. Obligations are assigned to developers, providers, deployers, distributors, employers, cloud providers, public agencies, and users.

This framework reflects the practical reality that law often governs through the assignment of duties and liabilities to legal persons. It seeks to determine who possesses knowledge, authority, and control over particular risks.

Yet modern AI supply chains complicate this approach. Responsibility may be distributed among multiple entities connected through contracts, technical dependencies, and platform relationships. The result can be fragmentation of accountability and uncertainty regarding legal responsibility.

Harms as Regulatory Objects

The sixth approach focuses on harms. Rather than creating comprehensive AI-specific frameworks, regulators identify injuries and apply existing legal categories.

Discrimination, fraud, deceptive practices, unsafe products, privacy violations, copyright infringement, manipulation, market abuse, and national-security threats become the relevant objects of governance. This approach is particularly characteristic of the United States.

The strength of harm-based regulation lies in its flexibility. The weakness is its tendency toward reactive intervention. Systemic risks may emerge gradually and remain invisible until substantial harms have already occurred.

Infrastructure as Regulatory Object

The seventh object is infrastructure. Here AI is viewed as a strategic capability dependent on chips, cloud computing, data centers, energy systems, compute resources, talent, and capital.

Infrastructure governance has become increasingly important as advanced AI development requires concentrated material resources. Export controls, chip restrictions, cloud reporting requirements, industrial subsidies, sovereign AI initiatives, and technology-transfer controls all emerge from this perspective.

This approach recognizes that AI is not merely software but also a material and geopolitical phenomenon embedded within global supply chains and national development strategies.

The Regulatory Modalities

Having identified possible regulatory objects, the lecture turns to the modalities through which governance is exercised.

Market Governance

Market governance relies on competition, innovation, procurement, consumer choice, private ordering, and ex post enforcement. Regulators intervene selectively through antitrust law, consumer protection, tort law, and sector-specific oversight.

The United States frequently employs this model. Its strength lies in flexibility and innovation. Its weakness is the possibility that market incentives may privilege efficiency, engagement, and profitability over fairness, accountability, or public welfare.

Risk-Based Governance

Risk-based governance classifies systems according to potential impact and imposes obligations proportional to identified risks.

This approach is exemplified by the European Union's AI Act. Documentation requirements, conformity assessments, human oversight obligations, monitoring requirements, and prohibitions become calibrated to levels of risk.

The attraction of this model is its apparent proportionality. Its challenge lies in classification. Risk changes over time, and general-purpose models often resist simple categorization.

Rights-Based Governance

Rights-based governance places affected individuals at the center of regulation. The focus shifts from technological performance to human consequences.

Privacy, equality, due process, autonomy, dignity, labor rights, explanation, contestation, and access to remedies become primary concerns. This approach is particularly important in high-stakes applications involving public services, employment, policing, healthcare, and welfare administration.

Its strength is normative clarity; its challenge lies in translating abstract rights into operational governance requirements.

Safety and Assurance Governance

Safety governance draws upon engineering, quality-management, and cybersecurity traditions. It emphasizes testing, robustness, security, evaluation, auditing, incident reporting, and lifecycle monitoring.

This modality has become increasingly important in discussions concerning frontier models, autonomous systems, medical AI, and critical infrastructure.

Its principal advantage is operational rigor. Its limitation is that technically safe systems may nonetheless generate social, political, or distributive harms.

Platform and Content Governance

Platform governance treats AI as part of the information environment. It focuses on recommender systems, content moderation, synthetic media, public discourse, transparency, misinformation, and platform power.

This modality has become increasingly significant as AI systems mediate access to information and shape public opinion. It occupies a central place in Chinese governance frameworks and is becoming increasingly important within Europe.

Industrial-Strategic Governance

Industrial-strategic governance treats AI as a national capability linked to economic competitiveness, technological sovereignty, national security, and geopolitical power.

This modality focuses on research funding, talent development, standards-setting, cloud infrastructure, chips, energy resources, export controls, and military applications.

The lecture notes that all major jurisdictions increasingly employ this modality, though they justify it through different political narratives.

The Comparative Significance of the Regulatory Palette

The lecture's broader comparative insight emerges from the interaction between regulatory objects and regulatory modalities. Jurisdictions differ not merely because they adopt different rules but because they construct AI differently.

The United States tends to emphasize markets, harms, actors, procurement, litigation, and national-security instruments. The European Union seeks to render AI administratively legible through risk classification, transparency obligations, conformity assessment, and rights protection. China integrates platform governance, cybersecurity, industrial policy, content regulation, algorithmic supervision, and strategic development into a layered governance framework.

The same technological system may therefore be understood as a commercial product, a fundamental-rights risk, a platform function, a strategic infrastructure asset, or an instrument of social governance depending on the jurisdictional perspective.

Governance as a Dynamic Process

The lecture further emphasizes that governance is not external to technology. AI governance develops through a continuing dialectic in which technological innovation produces new capabilities; deployment generates benefits, harms, and public reactions; governance responds through regulation; and those regulatory interventions subsequently reshape technological development.

Regulation therefore becomes one of the forces shaping innovation itself. Documentation requirements, safety testing, transparency obligations, procurement standards, platform rules, and industrial policies all influence what firms build, how systems are deployed, and what forms of innovation become economically viable.

Conclusion

The lecture concludes that AI governance is ultimately an exercise in political ordering. Regulatory systems do more than constrain technology; they classify, enable, discipline, and legitimate particular forms of technological development. The critical question is not how much regulation AI requires but what conception of AI regulators adopt and what social order they seek to advance through governance.

Viewed through this lens, the central challenge of AI governance becomes clear. Before governments can regulate artificial intelligence, they must decide whether AI is principally data, model, output, use case, actor network, source of harm, strategic infrastructure, or some combination thereof. The answer determines not only the architecture of regulation but also the broader relationship between technology, markets, institutions, and society.