Don’t Regulate AI Models. Regulate AI Use

Model‑centric regulation quickly runs into practical and legal roadblocks. Once a model’s weights are released—whether intentionally, through a leak, or via foreign competitors—they can be duplicated and redistributed at virtually no cost. Attempts to restrict publication clash with U.S. jurisprudence that treats source code as protected speech, exposing regulators to constitutional challenges and creating a compliance burden for law‑abiding firms while reckless actors simply move offshore.

A risk‑based, use‑focused framework sidesteps these pitfalls by tying obligations to the context in which AI systems affect people. The proposal defines five tiers, from general‑purpose consumer chatbots to high‑impact safety‑critical applications and hazardous dual‑use tools. Each tier mandates proportional safeguards such as clear disclosures, documented risk assessments, human‑in‑the‑loop oversight, and rigorous testing. Enforcement concentrates on chokepoints where AI becomes actionable—app stores, enterprise marketplaces, cloud providers, payment rails, and insurers—allowing regulators to monitor identity, capability gating, and incident reporting without trying to control the underlying code.

Internationally, the approach harmonizes with the EU AI Act’s outcome‑oriented risk categories while avoiding Europe’s reliance on unified market mechanisms. It also borrows pragmatic elements from China’s labeling and filing requirements for synthetic media, adapting them to liberal‑democratic safeguards. By aligning liability, procurement, and insurance incentives with compliance, the framework creates market pressure for developers to embed safety features, fostering a resilient AI ecosystem that protects users and sustains innovation.