Washington’s AI regulation debate is often described as if it were a single, coherent project—one big legislative push, one unified framework, one moment when the country finally “gets it right.” But what’s actually unfolding looks less like a master plan and more like a coalition-building exercise conducted in public, under time pressure, with multiple audiences watching at once. The result is a patchwork: overlapping proposals, competing definitions of risk, and a growing sense that the process itself—who gets to speak, who gets to set terms, who gets to claim credit—has become as important as the rules being written.
In Washington, AI governance isn’t just being negotiated between government and industry. It’s being negotiated among different kinds of government, different kinds of industry, and different kinds of “public interest” advocates—each with their own tolerance for uncertainty, their own idea of what counts as harm, and their own political calendar. And because elections and broader political dynamics are tightening the timeline, regulators are increasingly expected to deliver not only substance, but also legitimacy: visible progress, clear direction, and a narrative that oversight is happening—even when the technical details are still moving.
That’s why the future of AI regulation can feel chaotic. Not because nobody is trying. Because too many people are trying, and they’re trying for different reasons.
A coalition with mismatched incentives
One of the most striking features of the current moment is how wide the stakeholder net has become. The conversation draws in public officials who want enforceable authority and measurable outcomes. It also pulls in industry figures who want predictability, workable compliance pathways, and—often—room to innovate without being strangled by bureaucracy. Alongside them are influential technologists and policy intermediaries who may be less focused on enforcement mechanics and more focused on shaping norms, standards, and the “architecture” of governance.
These groups don’t merely disagree on policy; they disagree on what governance is supposed to accomplish.
For some lawmakers and agencies, the goal is control: define categories of high-risk systems, require documentation, impose obligations, and create penalties for noncompliance. For others, the goal is speed: establish guardrails quickly enough to keep up with rapid model iteration, while avoiding a regulatory approach that becomes obsolete before it takes effect. For still others, the goal is legitimacy: build a system that the public can understand and trust, even if it’s not perfectly aligned with every technical nuance.
When those incentives collide, you get a patchwork rather than a single framework. You get parallel tracks: one set of efforts aimed at statutory authority, another aimed at agency rulemaking, another aimed at voluntary standards, and another aimed at procurement and testing requirements. Each track can be rational on its own. Together, they can produce confusion—especially for companies trying to comply across jurisdictions and across different interpretations of what “counts” as regulated AI.
The “audience problem” in regulation
A useful way to understand the current dynamic is to treat AI regulation as something being performed in front of an audience. That audience isn’t just the public. It’s also donors, advocacy groups, competitors, international partners, and internal political stakeholders who want to see movement.
In Washington, the pressure to show progress is real. Regulators are expected to demonstrate that they’re responding to public anxiety about deepfakes, misinformation, job displacement, cybersecurity threats, and the possibility of catastrophic misuse. But the same public anxiety can also make it harder to build careful, technically grounded rules. When the stakes are framed as urgent and existential, the temptation is to reach for broad principles or headline-friendly requirements—sometimes before the underlying technical consensus exists.
So the process becomes a negotiation over framing. Who gets to define the threat? What is the baseline risk? Is the main concern model capability, data provenance, downstream deployment, or user behavior? Are harms primarily individual (fraud, discrimination, privacy violations) or systemic (election integrity, market manipulation, infrastructure disruption)? Different factions emphasize different answers, and those answers shape the regulatory design.
This is where the “strangest bedfellows” idea comes from—not because everyone suddenly agrees, but because coalitions form around shared short-term goals. A proposal might attract support from groups that would otherwise clash, simply because it advances their preferred narrative or creates a mechanism they can later steer. Meanwhile, other groups oppose not only the substance but also the process—because who leads the process determines who sets the terms.
The patchwork is also international, whether Washington admits it or not. Companies operate globally, and regulators are aware that overly narrow or overly strict approaches can push innovation elsewhere. That awareness influences how lawmakers talk about “harmonization,” how agencies reference international standards, and how industry groups lobby for compliance frameworks that can travel across borders.
Elections compress the timeline—and expand the rhetoric
AI regulation is happening in an election season, and that changes everything about how policy is communicated. Even when lawmakers and agencies are working through complex technical questions, the public-facing messaging tends to simplify. It’s easier to promise “guardrails” than to explain how risk classification works. It’s easier to announce a task force than to describe how audits will be conducted, what evidence will be required, and how enforcement will be structured.
As a result, the policy landscape can shift quickly. One week, the emphasis might be on transparency and labeling. Another week, it might be on safety testing and red-teaming. Another week, it might be on liability and consumer protection. These shifts aren’t necessarily signs of incompetence. They can be signs of adaptation to political pressure and shifting public attention.
But adaptation has consequences. When priorities change midstream, stakeholders recalibrate their strategies. Industry groups may push for exemptions or phased compliance. Advocacy groups may demand stronger enforcement or narrower loopholes. Agencies may adjust their rulemaking posture. And lawmakers may introduce new bills to capture momentum—sometimes overlapping with existing efforts, sometimes contradicting them, sometimes simply creating alternative pathways.
The result is a regulatory environment that feels like it’s constantly reassembling itself.
Why “one solution” is hard when the technology keeps moving
Another reason the system resists unity is that AI governance is not just about writing rules; it’s about defining what is being regulated. AI models evolve. Capabilities improve. Deployment contexts change. A system that looks low-risk in one setting can become high-risk in another. Even the same model can behave differently depending on fine-tuning, prompting patterns, retrieval augmentation, or integration into workflows.
That makes static regulation difficult. If rules are too specific, they can become outdated quickly. If rules are too general, they can be vague enough to be unenforceable or easy to game.
Washington’s patchwork reflects this tension. Some proposals lean toward principle-based obligations—general duties to prevent harm, ensure transparency, or maintain accountability. Others lean toward more operational requirements—documentation, evaluation, incident reporting, and auditability. Both approaches have merits. But when they coexist without a single coordinating framework, companies face a compliance maze.
And because the compliance burden is politically salient—especially for smaller firms—there’s pressure to avoid requirements that appear to favor large incumbents. That pressure can lead to carve-outs, safe harbors, or tiered obligations. Those design choices can be reasonable, but they also add complexity.
The performative side of governance: momentum and legitimacy
There’s also a less discussed dimension: governance is becoming more public and more performative. That doesn’t mean it’s fake. It means that legitimacy is now part of the policy product.
In earlier eras, regulation could be largely technocratic: agencies wrote rules, companies complied, courts interpreted disputes. In the AI era, the public expects ongoing reassurance. People want to know that someone is watching. They want to see that risks are being measured. They want to hear that safety work is happening.
So governance efforts increasingly include public-facing elements: conferences, announcements, partnerships, and high-profile convenings. These events can help coordinate stakeholders and surface concerns early. They can also function as signals—about seriousness, about alignment, about who is in charge.
That’s why the coalition-building aspect matters. If a group can claim it is central to the process, it can influence the eventual shape of oversight. Even if the final rules are still under development, the narrative of leadership can become a bargaining chip.
In this environment, “momentum” is not just a metaphor. It’s a political resource.
What the patchwork looks like in practice
While the details vary across proposals and agencies, the patchwork generally includes several overlapping components:
First, there is a focus on risk categorization. Many approaches attempt to distinguish between low-risk and high-risk uses, with heightened obligations for the latter. The challenge is that “high-risk” is not a purely technical category—it depends on context, scale, and potential impact.
Second, there is a push for transparency and documentation. This can include requirements to disclose that certain systems are being used, to maintain records of training and evaluation, or to provide information to regulators and auditors. Transparency is attractive because it seems objective, but it raises questions about trade secrets, security, and what level of detail is actually useful.
Third, there is an emphasis on safety testing and evaluation. Some proposals call for pre-deployment assessments, red-teaming, and ongoing monitoring. The difficulty is that evaluation methods are contested. Different stakeholders prioritize different failure modes: bias, hallucination, jailbreak susceptibility, cyber abuse, or emergent behaviors.
Fourth, there is a growing interest in incident reporting and accountability mechanisms. If something goes wrong, who must report it, how quickly, and what happens next? Enforcement design is where policy meets reality. Without credible enforcement, obligations can become symbolic.
Fifth, there is a procurement and standards track. Governments can influence the market by requiring certain practices from vendors. Standards bodies and industry consortia can also shape expectations. But these efforts can lag behind model evolution, and they can create uneven compliance landscapes.
When these components are pursued simultaneously without a single harmonizing structure, the result is not a unified system