Prohibition vs. Permission Regulatory Models

Regulatory systems can be fundamentally designed around two opposing defaults.

Prohibition-based (EU approach): Activities are prohibited unless explicitly permitted. Risk classification determines what’s allowed. Centralized enforcement. Prevention-oriented.

Permission-based (US approach): Activities are permitted unless explicitly prohibited. Existing laws and market mechanisms correct problems as they emerge. Decentralized enforcement. Remedy-oriented.

The EU AI Act prohibits AI practices unless they meet specific compliance requirements for their risk category. The US approach, exemplified by Executive Order 14110, coordinates existing regulatory agencies rather than creating new prohibitions, relying on consumer protection, intellectual property, and negligence law to address harms.

Neither model is inherently superior. Prohibition-based approaches may prevent harms but risk stifling innovation. Permission-based approaches enable rapid development but may allow harms to occur before correction.

Related: 07-atom—regulatory-philosophy-reflects-trust-in-authority