We are being told that artificial intelligence regulation must follow a specific playbook: centralized safety assessments, government gatekeeping, and institutional oversight models borrowed from nuclear energy and pharmaceuticals. This framing has become nearly unquestioned in policy circles. It shouldn't be.
The emerging consensus around "AI safety" as a regulatory imperative carries real consequences for how technology develops, who controls it, and what gets built. Yet the underlying assumptions deserve the kind of hard scrutiny they are not currently receiving.
Start with the basic sales pitch. We hear constantly that AI poses novel risks requiring novel governance structures. The argument has intuitive appeal. Dangerous things need guardrails. But this framing glosses over something important: much of what we call "AI risk" is actually a risk management problem we already know how to handle through existing legal frameworks. Consumer protection law, employment discrimination statutes, antitrust enforcement, data privacy regulations, product liability standards. These tools exist. They are imperfect, but they exist.
Yet the "AI safety" narrative suggests these tools are insufficient, that we need something new and specialized. This conveniently benefits a specific coalition: incumbent tech firms with compliance budgets, consulting firms, academic institutions seeking research funding, and government agencies seeking new authority. That is not a coincidence.
Consider what "AI safety" frameworks actually do in practice. They tend to create high barriers to entry for smaller developers and startups. When you require extensive pre-deployment safety certifications, independent audits, and government approval processes, you are not equally burdening all market participants. You are protecting those who can afford compliance infrastructure from those who cannot. The companies championing these frameworks have already internalized compliance costs as a business model. Startups and open-source developers have not.
There is also something worth interrogating about the framing itself. "Safety" is doing rhetorical work here. It presupposes that current AI development is unsafe in ways that require centralized institutional control. But safety compared to what? Compared to human decision-making? Compared to legacy systems? These comparative claims rarely get examined closely. We assume AI systems need more scrutiny than the systems they might replace, but that assumption is often unstated.
The recent visibility of government agencies taking central roles in AI governance should intensify this skepticism, not diminish it. When institutional actors become stakeholders in regulatory frameworks, they have incentives to expand those frameworks. This is not a conspiracy theory. It is how institutions work.
None of this means AI development should proceed without any consideration of potential harms. That would be foolish. But there is a difference between "we should think carefully about consequences" and "we should establish centralized institutional gatekeeping over technological development."
The first principle is compatible with distributed responsibility, market competition, and existing legal accountability structures. The second principle requires accepting that the current coalition of institutions, companies, and regulators is the right group to make binding decisions about technological futures. History suggests skepticism is warranted.
We should ask harder questions about what problems we are actually trying to solve and whether the proposed solutions match those problems. We should resist the framing that one specific regulatory model is inevitable. And we should remember that once institutional gatekeeping is established, it becomes very difficult to dismantle, regardless of whether it actually worked.
The "AI safety" consensus is being sold as inevitable. It is not. It is a choice. And choices deserve scrutiny.