Nature abhors a vacuum, rushing to fill it often chaotically. Policymakers, similarly, dislike a regulatory void. The urge to fill it with new laws is strong, frequently leading to shortsighted legislation. There's a common, if flawed, belief that "any law is better than no law." This action bias—our predisposition to do something rather than nothing—might be forgivable in some contexts, but not when it comes to artificial intelligence.
Regardless of one's stance on AI regulation, we should all agree that only effective policy deserves to stay on the books. The consequences of missteps in AI policy at this early stage are too severe to entrench poorly designed proposals into law. Once enacted, laws tend to persist. We even have a term for them: zombie laws. These are "statutes, regulations, and judicial precedents that continue to apply after their underlying economic and legal bases dissipate," as defined by Professor Joshua Macey.
Such laws are more common than we’d like to admit. Consider a regulation requiring truck drivers to place visibility triangles around their rigs when parked. This seemingly minor rule becomes a barrier to autonomous trucking, as there's no driver to deploy the triangles. A simple, commonsense solution, like integrating high-visibility markers into the trucks themselves, exists, yet the outdated regulation persists. Another example is the FDA's attempt to help allergy sufferers by requiring sesame labeling. Rather than simply labeling, many food producers responded by adding sesame to more foods to avoid non-compliance, a comical and wasteful regulatory backfire.
Similar legislative missteps are highly likely in the AI space. With Congress declining to impose a moratorium, state legislatures across the country are rapidly pursuing AI proposals. Hundreds of AI-related bills are pending, addressing everything from broad, catastrophic harms to specific issues such as deepfakes in elections.
The odds of any of these bills getting it "right" are uncertain. AI is a particularly challenging technology to regulate for several reasons: even its creators aren't sure how and why their models behave; early adopters are still figuring out AI’s utility and limitations; no one can predict how current regulations will influence AI's development; and we're left guessing how adversaries will approach similar regulatory questions.
Given these complexities, legislators must adopt a posture of regulatory humility. States that enact well-intentioned regulations leading to predictable negative consequences are engaging in legislative malpractice. I choose these words deliberately. Policymakers and their staff should know better, recognizing the extensive list of tools available to prevent bad laws from becoming permanent.
Malpractice occurs when a professional fails to adhere to the basic tenets of their field. Legal malpractice, for instance, involves "evil practice in a professional capacity, and the resort to methods and practices unsanctioned and prohibited by law." In medicine, doctors are held to a standard of care reflecting what a "minimally competent physician in the same field would do under similar circumstances."
While policymaking lacks a formalized duty of care or professional conduct code, we're not entirely without guidance. A related concept, though less familiar, offers a starting point: maladministration.
Maladministration encompasses "administrative action (or inaction) based on or influenced by improper considerations or conduct," indicating when "things are going wrong, mistakes are being made, and justifiable grievances are being ignored." While typically applied to administrative agencies and politicians, as the creators of such systems, they bear responsibility for anticipating and correcting these mistakes.
Given the inherent difficulties of regulating AI, policymakers should, at a minimum, demonstrate consideration of three key tools to reduce the odds of enacting misguided regulations. These tools align with core democratic values, ensuring policy promotes the common good.
First is experimental policy design via randomized control trials (RCTs). Legislators shouldn't assume one best way to test AI models or report their training. Instead, they should build experimentation into legislation. Some labs might follow steps A, B, and C, while others follow X, Y, and Z. The legislature can then assess which provisions work best, ideally transitioning all regulated entities to superior practices or amending the law. This fosters innovation in regulatory methods.
Second are sunrise clauses. These delay enforcement until prerequisites—basic conditions of good governance—are met. Unlike a simple future effective date, a true sunrise clause imposes a checklist: Is the implementing agency staffed and funded? Have regulated entities been consulted? Do stakeholders understand compliance? In AI policy, these questions are urgent. Enforcing complex laws before infrastructure exists is inefficient and undermines legitimacy. A sunrise clause ensures laws "land" effectively, demanding competence before policy becomes an enforceable rule. This promotes transparency and accountability.
Third are sunset clauses. If sunrise clauses delay a start, sunset clauses enforce an end unless actively renewed. This is critical for fast-evolving technologies. A sunset clause builds in mandatory reassessment: "This law expires in two years unless renewed." This isn't laziness; it’s disciplined humility. AI regulation shouldn't outlive its usefulness, and sunset clauses ensure laws earn their permanence, preventing outdated assumptions from locking in.
The stakes of AI policymaking are too high and the risks of getting it wrong are too enduring for lawmakers to legislate on instinct alone. While action bias is human, embedding it in law is neither excusable nor sustainable. At this early, uncertain stage of AI development, policymakers have a rare opportunity: to regulate with foresight, humility, and discipline.
Kevin Frazier is an AI Innovation and Law Fellow at Texas Law and Author of the Appleseed AI substack.
