California SB-53: Transparency in Frontier Artificial Intelligence Act (TFAIA)
CA-SB-53 · US
SB 53 (TFAIA), signed Sept. 29, 2025 (Chapter 138), is the first US state law expressly regulating 'frontier' AI; it succeeds the vetoed SB 1047 with a transparency-and-disclosure design rather than pre-deployment liability. It applies to 'frontier developers' training foundation models above a 10^26 FLOP compute threshold, with heightened duties on 'large frontier developers' (affiliate-group revenue > $500M): publish a frontier AI framework and pre-deployment transparency reports, report critical safety incidents to the Office of Emergency Services (15 days; 24 hours for imminent danger), and whistleblower protections. Core developer obligations took effect Jan. 1, 2026; CalOES annual reporting and the CalCompute consortium report are due Jan. 1, 2027. Enforced by the Attorney General with civil penalties up to $1,000,000 per violation.
Background & scope
California SB-53: Transparency in Frontier Artificial Intelligence Act (TFAIA) addresses 3 contested AI-governance topics explicitly, 4 via general principles.
Provisions & coverage
- governsFoundation Models / GPAI
Art. 22757.11[10] - implicitCompute-Threshold ReportingBus. & Prof. Code § 22757.11 uses a 10^26 FLOP compute threshold to SCOPE the regulated class + § 22757.12 ties disclosure to compute-defined frontier models; no standalone compute-figure reporting mandate to a regulator[10]
- governsTransparency Obligations
Art. 22757.12(c)[10] - implicitIndividual RedressLab. Code §§ 1107–1107.2 — whistleblower anti-retaliation gives covered employees a PRIVATE right of action (employee-brought civil suit, attorney's fees, injunctive relief); the substantive transparency/framework/incident obligations are AG-enforced only (§ 22757.15). No general consumer/data-subject redress for AI harms.[10]
- implicitSovereign AI DoctrineGov. Code § 11546.8 — CalCompute: a consortium to develop a framework for a public cloud computing cluster expanding access to compute (report due Jan. 1, 2027; operative on appropriation)[10]
- governsCatastrophic & Existential Risk
Art. 22757.11[10] - implicitAgentic AI GovernanceBus. & Prof. Code § 22757.11 catastrophic-risk prongs cover a model acting 'without meaningful human oversight' or 'evading the control of its developer or user' (§ 22757.13 incident reporting); reached only via the catastrophic-risk lens, not a dedicated agentic-autonomy regime[10]
Operative Mechanics: A Disclosure Regime Keyed to Compute
SB 53 (Cal. Stats. 2025, ch. 138), in force since Jan. 1, 2026, regulates a narrowly drawn class: 'frontier models' trained above 10^26 FLOP, including compute used in fine-tuning (Bus. & Prof. Code § 22757.11). Its core duty is informational, not preventative — a frontier developer must publish a frontier AI framework and a pre-deployment transparency report on its website before or concurrently with release (§ 22757.12). 'Large frontier developers' (affiliate-group revenue over $500M) bear heightened duties, and § 22757.13 requires reporting 'critical safety incidents' to the Office of Emergency Services within 15 days (24 hours where danger is imminent). The Attorney General enforces, with civil penalties up to $1,000,000 per violation (§ 22757.15). The statute thus substitutes mandated visibility for the substantive safety mandates of its vetoed predecessor SB 1047.
Cross-Jurisdiction Position
SB 53 borrows the EU AI Act's compute-trigger logic but draws its line an order of magnitude higher: the 10^26 FLOP frontier threshold in § 22757.11 sits well above the 10^25 FLOP systemic-risk presumption of Regulation (EU) 2024/1689 (Art. 51), so the two scopes diverge rather than align. California also stops short of the EU's tiered obligations and conformity assessment. Where the EU still wrestles with definitional instability across 'AI system, general purpose AI system, foundation model, and generative AI' 1, and with foundation models that challenge 'authorship, accountability, and control' 2, California sidesteps these by regulating disclosure rather than capability or output. The CalCompute consortium (Gov. Code § 11546.8) echoes the sovereign-compute drive that Kollar and Stokols 3 trace to land, energy, and regulatory restructuring in the US and China — but as a study-and-report mandate, operative only on appropriation, not an industrial program.
Key Fault-Lines and Critiques
The 10^26 FLOP scope is the central vulnerability: Pistillo and Villalobos 4 show 'enhancement techniques' can preserve capability while cutting training compute, letting developers slip beneath the threshold — and SB 53 lacks even a standalone compute-figure report to a regulator, defining the class implicitly through § 22757.11. The catastrophic-risk trigger (death or serious injury to over 50 people, or over $1B in damage) privileges what Kasirzadeh 5 calls 'decisive' risk while neglecting 'accumulative' societal erosion. Agentic harms — a model acting 'without meaningful human oversight' or 'evading the control of its developer' — surface only via the catastrophic-risk lens (§ 22757.13), with no dedicated autonomy regime of the kind Kolt 6 and Chan et al. 7 argue agents require. Redress is thin: only whistleblowers get a private action (Lab. Code §§ 1107–1107.2); harmed individuals get none.
Implementation Trajectory
The rollout is phased. Core developer obligations — framework publication, transparency reports, and incident reporting under §§ 22757.12–22757.13 — became operative Jan. 1, 2026, while CalOES's annual aggregate report and the CalCompute consortium report (Gov. Code § 11546.8) fall due Jan. 1, 2027, making the law's first compliance cycle a live experiment in self-described safety practice. As the first US state statute to name 'frontier' AI, SB 53 is positioned as a template, yet its disclosure-only architecture leaves substantive risk governance to developers' own frameworks. Whether that suffices for catastrophic biosecurity or multi-agent threats — the dual-use synthesis risks mapped by Eskandar 8 and the miscoordination, conflict, and collusion failure modes identified by Hammond et al. 9 — will test whether transparency meaningfully constrains, or merely documents, frontier deployment.
Enforcement & impact
Cross-jurisdiction comparison
How peer instruments treat the topics California SB-53: Transparency in Frontier Artificial Intelligence Act (TFAIA) governs.
| Topic | EU-AIA-2024 | US-EO-14110 | US-EO-14179 | UK-WHITEPAPER-2023 | CN-GENAI-2023 | G7-HIROSHIMA | OECD-AI-PRIN | COE-AI-CONV | UN-RES-2024 | NIST-AI-RMF | BLETCHLEY-2023 | SEOUL-2024 | NIST-AI-RMF-GENAI | CA-SB-1047 | IN-DPDP-2023 | BR-AIBILL-2024 | ASEAN-AI-GUIDE-2024 | AU-AI-STRATEGY-2024 | ANTHROPIC-RSP-2024° | OPENAI-PREPAREDNESS-2023° | DEEPMIND-FSF-2024° | META-FRONTIER-2024° | UK-US-AISI-MOU-2024 | WH-VOLUNTARY-2023 | SG-MODEL-AI-2024 | JP-METI-AI-2024 | EU-GDPR-2016 | EU-GPAI-COP-2025 | OMB-M-24-10 | GSA-AI-GUIDE-2024 | DOD-RAI-2022 | FEDRAMP-AI-2024 | DFARS-252-204 | CA-SB-243 | CA-SB-942 | EU-PLD-2024 | UNESCO-AI-ETHICS-2021 | EU-PWD-2024 | CN-DEEPSYN-2022 | NY-RAISE-2025 | US-TAKEITDOWN-2025 | IT-AILAW-2025 | JP-AIPROMO-2025 | UN-GDC-2024 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Foundation Models / GPAI | governs | governs | silent | implicit | governs | governs | implicit | implicit | silent | governs | governs | governs | governs | governs | implicit | governs | implicit | silent | governs | governs | governs | governs | governs | governs | governs | governs | silent | governs | implicit | governs | implicit | implicit | implicit | silent | implicit | silent | silent | silent | silent | governs | silent | silent | implicit | implicit |
| Transparency Obligations | governs | implicit | silent | implicit | conflicts | governs | governs | governs | implicit | governs | implicit | governs | governs | implicit | implicit | governs | governs | silent | governs | implicit | implicit | governs | implicit | governs | governs | governs | governs | governs | governs | governs | governs | governs | silent | governs | governs | implicit | governs | governs | governs | governs | silent | governs | governs | governs |
| Catastrophic & Existential Risk | implicit | governs | silent | implicit | silent | governs | silent | silent | implicit | implicit | governs | governs | governs | governs | silent | governs | silent | silent | governs | governs | governs | governs | implicit | implicit | silent | silent | silent | governs | silent | silent | implicit | silent | silent | silent | silent | silent | silent | silent | silent | governs | silent | silent | silent | implicit |
°= industry self-imposed voluntary framework. Comparing a voluntary code's "governs" tint with a binding regulation's "governs" tint flattens the legal-force distinction; use the instrument-page banner for the operative status of each.
See also
Per-audience views
- Provisions →Article-by-article obligation breakdown for procurement + RFP authors.
- Disclosure form →Vendor-disclosure questionnaire derived from this instrument's operative obligations.
- Harm narratives →Documented harms relevant to this instrument's topics, for civil-society advocacy.
- Briefing pack →Journalist-ready summary with quotes + dates + primary-source links.
Article tools — track changes, suggest an edit
View history — every captured revision of this article · What links here
Further reading
110 academic & grey-literature sources on the topics this instrument addresses (not commentary on the instrument itself) — catalogued metadata with a primary link; one-line findings are ✦ AI-generated summaries, labeled as such (charter §7.9). Browse the full literature index.
- Artificial intelligence and synthetic biology: biosecurity risks, dual-use concerns, and governance pathways Peer-reviewed✦ AIReviews biosecurity and dual-use risks at the AI-synthetic-biology interface and maps governance pathways for emerging catastrophic threats.
- Geopolitical ecologies of cloud capitalism: Territorial restructuring and the making of national computing power in the U.S. and China Peer-reviewed✦ AIUS and Chinese drives for sovereign AI/cloud dominance depend on reorganizing land, energy and regulatory systems to sustain large-scale national computing power.
- Governing AI Agents Preprint✦ AIUses "agency law and theory to identify and characterize problems arising from AI agents" and proposes governance infrastructure built on inclusivity, visibility, and liability.
- Infrastructure for AI Agents Peer-reviewed✦ AIProposes "agent infrastructure": external technical systems for attributing actions "to specific agents, their users, or other actors," shaping interactions, and remediating harms.
- Multi-Agent Risks from Advanced AI Research institute✦ AIIdentifies three failure modes of advanced multi-agent systems — "miscoordination, conflict, and collusion" — plus seven risk factors, posing challenges distinct from single-agent AI.
- An interdisciplinary account of the terminological choices by EU policymakers ahead of the final agreement on the AI Act: AI system, general purpose AI system, foundation model, and generative AI Peer-reviewed✦ AITraces how the AI Act's legal text shifted across versions among the terms 'AI system, general purpose AI system, foundation model, and generative AI', exposing definitional instability in the regime.
- The EU model of AI governance: regulating artificial intelligence through law and policy Peer-reviewed✦ AIAnalyses how the AI Act's risk-based model handles general-purpose and foundation models whose 'autonomous content generation challenges legal categories of authorship, accountability, and control'.
- Generative AI and data protection Peer-reviewed✦ AIExamines friction between foundation-model training and the GDPR, noting models that 'memorize and leak pieces of training data' cannot be treated as anonymous.
- Defending Compute Thresholds Against Legal Loopholes Preprint✦ AIIdentifies 'enhancement techniques that are capable of decreasing training compute usage while preserving... model capabilities', exposing loopholes in compute-reporting thresholds.
- Identifying Algorithmic Decision Subjects' Needs for Meaningful Contestability Peer-reviewed✦ AIEmpirically elicits what decision subjects need for contestation to be 'meaningful', informing the design of effective remedies and appeal mechanisms for ADM.
- Two Means to an End Goal: Connecting Explainability and Contestability in the Regulation of Public Sector AI Preprint✦ AIInterview study with 14 regulation experts distinguishes judicial vs non-judicial and individual vs collective contestation channels for public-sector AI remedies.
- Two types of AI existential risk: decisive and accumulative Peer-reviewed✦ AIDistinguishes 'decisive' (sudden takeover) from 'accumulative' AI existential risk, arguing governance must address gradual societal erosion as well as abrupt scenarios.
+ 98 more across this instrument's topics — see the literature index.
References
Sources cited inline in the analysis (linked from the superscript markers), then the primary instrument sources behind the classifications.
- David Fernández-Llorca, Emilia Gómez, Ignacio Sánchez, Gabriele Mazzini (2025) An interdisciplinary account of the terminological choices by EU policymakers ahead of the final agreement on the AI Act: AI system, general purpose AI system, foundation model, and generative AI, Artificial Intelligence and Law. 10.1007/s10506-024-09412-y — Traces how the AI Act's legal text shifted across versions among the terms 'AI system, general purpose AI system, foundation model, and generative AI', exposing definitional instability in the regime. ↩
- Martina Hulok (2025) The EU model of AI governance: regulating artificial intelligence through law and policy, ERA Forum. 10.1007/s12027-025-00869-1 — Analyses how the AI Act's risk-based model handles general-purpose and foundation models whose 'autonomous content generation challenges legal categories of authorship, accountability, and control'. ↩
- Justin Kollar, Andrew Stokols (2026) Geopolitical ecologies of cloud capitalism: Territorial restructuring and the making of national computing power in the U.S. and China, Environment and Planning A: Economy and Space. 10.1177/0308518X251369704 — US and Chinese drives for sovereign AI/cloud dominance depend on reorganizing land, energy and regulatory systems to sustain large-scale national computing power. ↩
- Matteo Pistillo, Pablo Villalobos (2025) Defending Compute Thresholds Against Legal Loopholes, arXiv (cs.CY). arXiv:2502.00003 — Identifies 'enhancement techniques that are capable of decreasing training compute usage while preserving... model capabilities', exposing loopholes in compute-reporting thresholds. ↩
- Atoosa Kasirzadeh (2025) Two types of AI existential risk: decisive and accumulative, Philosophical Studies. 10.1007/s11098-025-02301-3 — Distinguishes 'decisive' (sudden takeover) from 'accumulative' AI existential risk, arguing governance must address gradual societal erosion as well as abrupt scenarios. ↩
- Noam Kolt (2025) Governing AI Agents, Notre Dame Law Review (forthcoming). arXiv:2501.07913 — Uses "agency law and theory to identify and characterize problems arising from AI agents" and proposes governance infrastructure built on inclusivity, visibility, and liability. ↩
- Alan Chan, Kevin Wei, Sihao Huang, Nitarshan Rajkumar, Elija Perrier, Seth Lazar, Gillian K. Hadfield, Markus Anderljung (2025) Infrastructure for AI Agents, Transactions on Machine Learning Research. arXiv:2501.10114 — Proposes "agent infrastructure": external technical systems for attributing actions "to specific agents, their users, or other actors," shaping interactions, and remediating harms. ↩
- Kirolos Eskandar (2026) Artificial intelligence and synthetic biology: biosecurity risks, dual-use concerns, and governance pathways, AI and Ethics (Springer). 10.1007/s43681-025-00872-9 — Reviews biosecurity and dual-use risks at the AI-synthetic-biology interface and maps governance pathways for emerging catastrophic threats. ↩
- Lewis Hammond, Alan Chan, Jesse Clifton, et al. (Cooperative AI Foundation) (2025) Multi-Agent Risks from Advanced AI, Cooperative AI Foundation. arXiv:2502.14143 — Identifies three failure modes of advanced multi-agent systems — "miscoordination, conflict, and collusion" — plus seven risk factors, posing challenges distinct from single-agent AI. ↩
- Cal. Stats. 2025, ch. 138 (SB 53); Bus. & Prof. Code §§ 22757.10–22757.16; Gov. Code § 11546.8; Lab. Code §§ 1107–1107.2
- Bus. & Prof. Code § 22757.11 — defines 'foundation model' + 'frontier model' (>10^26 FLOP) as the regulated class
- Bus. & Prof. Code § 22757.11 uses a 10^26 FLOP compute threshold to SCOPE the regulated class + § 22757.12 ties disclosure to compute-defined frontier models; no standalone compute-figure reporting mandate to a regulator
- Bus. & Prof. Code § 22757.12 — frontier developers must publish a frontier AI framework + a pre-deployment transparency report
- Lab. Code §§ 1107–1107.2 — whistleblower anti-retaliation gives covered employees a PRIVATE right of action (employee-brought civil suit, attorney's fees, injunctive relief); the substantive transparency/framework/incident obligations are AG-enforced only (§ 22757.15). No general consumer/data-subject redress for AI harms.
- Gov. Code § 11546.8 — CalCompute: a consortium to develop a framework for a public cloud computing cluster expanding access to compute (report due Jan. 1, 2027; operative on appropriation)
- Bus. & Prof. Code § 22757.11 (definition) operationalized by §§ 22757.12 (framework) + 22757.13 (critical-safety-incident reporting to CalOES)
- Bus. & Prof. Code § 22757.11 catastrophic-risk prongs cover a model acting 'without meaningful human oversight' or 'evading the control of its developer or user' (§ 22757.13 incident reporting); reached only via the catastrophic-risk lens, not a dedicated agentic-autonomy regime
How to cite this article
Cite this article 8 formats · BibTeX, RIS, APA, Chicago, … · 1-click copy
Persistent identifier: https://policywindow.org/wiki/ca-sb-53 — committed-stable URL with content-versioning via ?asOf= (rollout pending per methodology §7). DOIs via Zenodo are on the roadmap.
Does this instrument’s approach work? — the social-science evidence
Aggregated over the 7 topics this instrument governs: whether each harm is empirically real, and whether the peer-reviewed evidence shows governance reduces it. The badge is the epistemic status of the evidence— “thin”/“absent” efficacy evidence is itself a finding (the “second silence”). Each epistemic-status label is Policy Window's editorial assessment of the cited evidence base (a structured classification), not a verdict any single source issues.
Of the 7 governed topics with a social-science evidence review, evidence that governance reduces the harm is established for 0, contested for 0, thin for 0, and absent for 7 — for most, no replicated study yet shows this instrument's approach works (the "second silence").
Agentic AI Governance
The capability that agentic governance targets — autonomous multi-step action — is real and rapidly, measurably advancing: METR finds the task length AI agents complete at 50% reliability has doubled roughly every seven months for the past six years (about 50 minutes for frontier 2025 models), and the UK AI Security Institute's first Frontier AI Trends Report (Dec 2025, >30 systems) reports models now finish hour-long software tasks >40% of the time versus <5% in late 2023. The distinct realized HARM from agency (as opposed to the underlying model) is, however, thinly documented: on consequential real-world tasks agents still fail the majority — Gemini 2.5 Pro completed only 30.3% of TheAgentCompany's 175 professional tasks (OpenHands scaffold, project leaderboard) — so the agency-specific harm magnitude is early and context-dependent rather than established at scale.
Sources: Kwa, West, Becker et al. 2025 (METR; arXiv:2503.14499, 'Measuring AI Ability to Complete Long Tasks'); UK AI Security Institute 2025 (Frontier AI Trends Report, Dec 2025); Xu, Song, Zhou et al. 2024 (TheAgentCompany, arXiv:2412.14161); 30.3% figure per TheAgentCompany leaderboard (OpenHands)
There is no impact-evaluation evidence that agent-specific governance reduces agentic harm: the operative regimes — the EU GPAI Code of Practice (published July 2025, voluntary/non-binding), the Seoul Frontier AI Safety Commitments (2024, voluntary), and AISI agent evaluations — are 2024-25 vintage and have never been measured against an outcome. The scholarship itself has not settled the contested unit of regulation: Kolt (2025) argues for governing the agentic relationship via principal-agent and agency-law tools, while Chan, Ezell, Kaufmann et al. (2024) propose agent-specific visibility mechanisms (identifiers, real-time monitoring, activity logging) that remain proposal-stage and unevaluated — meaning the field has design proposals but, as with most frontier-AI rules, the evidence that any of them works is absent rather than merely thin.
Sources: Kolt 2025 ('Governing AI Agents', 101 Notre Dame L. Rev., forthcoming; arXiv:2501.07913); Chan, Ezell, Kaufmann et al. 2024 ('Visibility into AI Agents', ACM FAccT 2024, pp. 958-973; DOI 10.1145/3630106.3658948); EU AI Office 2025 (GPAI Code of Practice, July 2025); Seoul Frontier AI Safety Commitments 2024
Catastrophic & Existential Risk
The catastrophic-uplift premise is genuinely contested: the empirical uplift studies that exist find current frontier models add little. RAND's red-team study found no statistically significant difference in the viability of bioweapon-attack plans produced with vs. without LLMs (Mouton, Lucas & Guest 2024), and OpenAI's 100-participant trial found GPT-4 gave at most a mild, non-significant accuracy uplift (mean +0.88 out of 10 for PhD experts, +0.25 for students; Patwardhan et al. 2024). Honest caveat: the harm is forward-looking, not yet observed — expert opinion on the catastrophic tail is sharply split (median AI researcher puts ~5% on extremely-bad/extinction outcomes, mean ~9-16% across differently-framed questions, n=2,778; Grace et al. 2024), and forecasters underestimated how fast risk-relevant capabilities (e.g. virology troubleshooting) actually arrived (Forecasting Research Institute 2025), so the relevant capabilities are a moving target rather than a settled magnitude.
Sources: Mouton, Lucas & Guest 2024 (RAND RR-A2977-2, Operational Risks of AI in Large-Scale Biological Attacks: Results of a Red-Team Study); Patwardhan et al. 2024 (OpenAI, Building an Early Warning System for LLM-aided Biological Threat Creation); Grace et al. 2024 (Thousands of AI Authors on the Future of AI, arXiv:2401.02843); Forecasting Research Institute 2025 (Forecasting LLM-enabled Biorisk and the Efficacy of Safeguards)
There is essentially no impact evidence that catastrophic-risk governance reduces catastrophic risk, and structurally there cannot yet be: the harm is a low-probability civilisational tail event, so no controlled trial or before/after evaluation of a realised catastrophe is possible. The dominant instruments are recent, voluntary developer frameworks (Anthropic's Responsible Scaling Policy 2023; OpenAI's Preparedness Framework 2023) built on if-then capability thresholds the developers themselves describe as speculative and qualitative rather than validated risk thresholds. The closest evidence is adjacent and indirect: trained-in deceptive behaviours can persist through standard safety training (Hubinger et al. 2024) — a demonstration that current mitigation may be insufficient, not that any governance regime works — and Anthropic's documented loosening of earlier commitments (RSP 2025 dropped the original pledge to define higher-tier ASL evaluations before developing the corresponding models) illustrates that even the strongest voluntary regimes lack external enforcement or measured efficacy.
Sources: Anthropic 2023 (Responsible Scaling Policy); OpenAI 2023 (Preparedness Framework); Hubinger et al. 2024 (Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training, arXiv:2401.05566); Hendrycks, Mazeika & Woodside 2023 (An Overview of Catastrophic AI Risks, arXiv:2306.12001)
Compute-Threshold Reporting
Whether training-compute (FLOP) is a defensible proxy for governance-relevant capability is genuinely contested in the literature. The strongest empirical pressure against it is algorithmic efficiency: Ho, Besiroglu, Erdil et al. (2024) estimate the compute needed to reach a fixed language-model performance level has halved roughly every eight months (95% CI ~5-14 months, i.e. ~3x/year), so any static FLOP-to-capability mapping decays quickly; Hooker (2024) argues FLOP measures operations rather than end-performance, since techniques such as fine-tuning, retrieval, chain-of-thought and tool use can add large capability gains without proportional training compute, and Ord (2025) shows inference-time scaling further decouples deployed capability from training compute. Honest caveat: defenders (Heim & Koessler 2024; Pilz, Heim & Brown 2025) note compute remains the most quantifiable, externally verifiable, and ex-ante measurable correlate of frontier capability currently available, while themselves conceding it is an imperfect proxy that should not be used in isolation — the disagreement is about durability and precision, not whether any correlation exists.
Sources: Ho, Besiroglu, Erdil, Owen, Rahman, Guo, Atkinson, Thompson & Sevilla 2024, Algorithmic progress in language models, NeurIPS 2024 (arXiv:2403.05812; Epoch AI); Hooker 2024, On the Limitations of Compute Thresholds as a Governance Strategy (arXiv:2407.05694); Ord 2025, Inference Scaling Reshapes AI Governance (arXiv:2503.05705); Heim & Koessler 2024, Training Compute Thresholds: Features and Functions in AI Regulation (arXiv:2405.10799); Pilz, Heim & Brown 2025, Increased Compute Efficiency and the Diffusion of AI Capabilities (AAAI 2025; arXiv:2311.15377)
There is no rigorous evidence that compute-threshold reporting reduces harm or achieves its stated aim, because the regimes have not produced an evaluable record. The US 10^26-FLOP reporting obligation (Executive Order 14110, invoking the Defense Production Act) was revoked on 20 January 2025 (by EO 14148) before its recurring binding reporting rule was finalized — the implementing BIS notice of proposed rulemaking (Sept 2024) never took effect, so no durable reporting record materialized; and the EU AI Act's 10^25-FLOP systemic-risk obligations for general-purpose models only became applicable on 2 August 2025 (with transitional periods into 2027), so no outcome evaluation yet exists. Moreover the 10^25 figure is a rebuttable presumption sitting alongside qualitative high-impact criteria (Art. 51(1)(a) and (2), rebuttable under Art. 52(2)), not a validated risk cutoff. The closest analogue is the broader regulatory-disclosure-mandate literature (Fung, Graham & Weil 2007), which documents that transparency policies' effects on outcomes are highly heterogeneous and frequently ineffective or counterproductive absent enforcement and downstream use — implying that the reporting trigger working as intended is an open empirical question, not a documented result.
Sources: U.S. Executive Order 14110 (2023), Sec. 4.2 (10^26 FLOP, Defense Production Act); revoked by Executive Order 14148 (Jan 20, 2025); EU AI Act, Reg. (EU) 2024/1689, Art. 51 (10^25 FLOP systemic-risk rebuttable presumption; applicable Aug 2, 2025); Fung, Graham & Weil 2007, Full Disclosure: The Perils and Promise of Transparency (Cambridge University Press)
Foundation Models / GPAI
Whether the foundation-model category maps to a coherent capability/risk tier is genuinely contested. The original case rests on scale-driven 'emergent abilities' that appear unpredictably above a size threshold (Wei et al. 2022; Ganguli et al. 2022 documented capabilities that are smoothly predictable in aggregate loss yet locally surprising), but Schaeffer, Miranda & Koyejo (2023, a NeurIPS Outstanding Paper) showed many 'emergent' jumps are artefacts of discontinuous metrics and dissolve under linear/continuous scoring — implying capability scales more smoothly than a sharp tier would suggest. Honest caveat: this is a live empirical disagreement about measurement, not a settled finding either way, and compute (the regulatory proxy) is an imperfect stand-in for capability or risk regardless of which side is right.
Sources: Wei et al. 2022 (Emergent Abilities of Large Language Models, TMLR; arXiv:2206.07682); Schaeffer, Miranda & Koyejo 2023 (Are Emergent Abilities of Large Language Models a Mirage?, NeurIPS 2023, Outstanding Paper; arXiv:2304.15004); Ganguli et al. 2022 (Predictability and Surprise in Large Generative Models, ACM FAccT; DOI 10.1145/3531146.3533229)
There is no impact evaluation showing that GPAI/foundation-model governance reduces harm — the rules are too new (EU AI Act GPAI obligations and the 10^25-FLOP systemic-risk presumption only began binding on 2 August 2025) and the central regulatory lever is itself contested: Hooker (2024) argues compute thresholds are a shortsighted proxy because compute does not reliably track capability or risk, and the thresholds already diverge across jurisdictions (EU 10^25 vs. the now-rescinded US EO 14110's 10^26 operations, rescinded 20 January 2025). The mandated mitigation methods also lack validated efficacy: model evaluation and red-teaming face well-documented coverage limits and an 'audit gap' in the survey/position literature (behavioural testing cannot establish the absence of untested failure modes), and adversarial red-teaming repeatedly defeats deployed safeguards — the UK AI Safety Institute reports finding universal jailbreaks for every frontier system it has tested, and a large public agent-injection competition elicited policy violations across all 22 frontier models tested from ~1.8M attacks (Zou et al. 2025). Even compliant evaluation therefore cannot yet certify the safety the rules demand. (Caveat: this is an absence-of-evidence claim — no efficacy study has been done — not evidence the rules are ineffective.)
Sources: Hooker 2024 (On the Limitations of Compute Thresholds as a Governance Strategy, arXiv:2407.05694); EU AI Act Arts. 51 & 55 (GPAI systemic-risk presumption, 10^25 FLOP; binding 2 Aug 2025); US EO 14110 (10^26-operation reporting threshold, rescinded 20 Jan 2025 by EO 14148); Zou et al. 2025 (Security Challenges in AI Agent Deployment: Insights from a Large Scale Public Competition / Gray Swan Arena, arXiv:2507.20526 — 22 frontier agents, ~1.8M attacks); UK AI Safety/Security Institute, Frontier AI Trends Report (universal jailbreaks for every system tested); METR, Common Elements of Frontier AI Safety Policies (2024)
Individual Redress
The premise behind redress — that affected people lack meaningful recourse against automated decisions — is real, but the flagship instrument is weaker than commonly assumed. Wachter, Mittelstadt & Floridi (2017) show GDPR creates only a limited 'right to be informed,' not a binding 'right to explanation' of specific decisions; and controlled work finds the explanations actually delivered do not measurably improve lay decision accuracy over showing the bare AI prediction (Alufaisan et al. 2021; and a 2022 meta-analysis by Schemmer et al. — screening 393 articles down to 9 in the final analysis — reports 'no effect of explanations on users' performance compared to sole AI predictions,' even though XAI overall had a positive effect). Honest caveat: the legitimacy/dignity value of being heard is empirically well established in the procedural-justice tradition even where outcome accuracy is unchanged, so 'redress fails' depends on which aim is measured.
Sources: Wachter, Mittelstadt & Floridi 2017 (International Data Privacy Law 7(2):76); Alufaisan, Marusich, Bakdash, Zhou & Kantarcioglu 2021 (Proceedings of the AAAI Conference on AI 35(8):6618); Schemmer, Hemmer, Nitsche, Kühl & Vössing 2022 (AAAI/ACM AIES '22, meta-analysis)
There is no rigorous impact evaluation showing that mandated redress mechanisms (right-to-explanation, appeal, human-in-the-loop review) actually reduce erroneous or unfair automated decisions — the evidence that the rule works is itself missing. The closest experimental analogues are discouraging: explanations increase humans' acceptance of AI recommendations regardless of correctness (Bansal et al. 2021), and algorithm-in-the-loop oversight can introduce racial disparities and exhibit automation bias rather than reliably catching model errors (Green & Chen 2019). The procedural-justice literature (Tyler 1990; Lind & Tyler 1988) robustly supports a legitimacy and compliance benefit of fair process, but it measures perceived fairness, not reduction of the substantive decision harm redress is meant to cure.
Sources: Bansal, Wu, Zhou, Fok, Nushi, Kamar, Ribeiro & Weld 2021 (CHI '21); Green & Chen 2019 (Disparate Interactions, ACM FAT* '19); Tyler 1990 (Why People Obey the Law, Yale Univ. Press); Lind & Tyler 1988 (The Social Psychology of Procedural Justice, Plenum Press)
Sovereign AI Doctrine
Sovereign-AI doctrine is post-2023 and largely aspirational, so its core empirical premise — that frontier model deployment can be meaningfully bound to a national jurisdiction — is only just beginning to be tested. What IS measurable is the underlying compute geography the doctrine reacts to: an audit of 775 non-U.S. data-center projects estimates U.S. companies operate ~48% of them when weighted by investment value (a proxy for compute capacity, and explicitly an initial public-data approximation), implying 'in-territory' hardware is frequently still subject to foreign corporate/legal control (Richardson et al. 2025). Honest caveat: there is no peer-reviewed evidence base establishing whether jurisdiction-bound frontier deployment is technically feasible at scale — the descriptive dependency (foreign operation of locally-sited hardware) is documented, but the doctrine's central feasibility claim is thin and early.
Sources: Richardson et al. 2025 (arXiv:2508.00932, 'How Sovereign Is Sovereign Compute? A Review of 775 Non-U.S. Data Centers'); Gupta, Walker & Reddie 2024 (arXiv:2411.14425, 'Whack-a-Chip: The Futility of Hardware-Centric Export Controls', UC Berkeley Risk & Security Lab)
There is no rigorous impact evaluation showing that sovereign-AI governance achieves its stated aim of secure, contained national AI capability. The closest direct levers have measurable but mostly adverse or contested evidence: ex-ante simulations of the closest analogue — data-localization mandates — project GDP losses (EU GDP −0.4% under proposed/GDPR-style measures rising to −1.1% under economy-wide localization; Bauer, Lee-Makiyama, van der Marel & Verschelde 2014, ECIPE Occasional Paper No. 3/2014) yet quantify no realized sovereignty benefit, and chip export controls — the other main instrument — show contested efficacy: one cross-firm study finds no innovation harm to 30 leading semiconductor firms (Schumacher 2024, CSIS) while case evidence documents systematic circumvention via software/efficiency gains and chip exfiltration/smuggling (Gupta, Walker & Reddie 2024). No replicated study demonstrates that any sovereign-AI regime measurably delivers the jurisdictional control it asserts.
Sources: Bauer, Lee-Makiyama, van der Marel & Verschelde 2014 (ECIPE Occasional Paper No. 3/2014, 'The Costs of Data Localisation: Friendly Fire on Economic Recovery'); Schumacher 2024 (CSIS, 'Did U.S. Semiconductor Export Controls Harm Innovation?'); Gupta, Walker & Reddie 2024 (arXiv:2411.14425, 'Whack-a-Chip: The Futility of Hardware-Centric Export Controls')
Transparency Obligations
Documentation artifacts (model cards, datasheets) are well-specified as proposals and are genuinely adopted, but the empirical premise that mandated disclosure produces meaningful transparency is contested. Selbst & Barocas (2018) argue inscrutability and non-intuitiveness are distinct problems and that disclosing rules does not resolve the latter, and large-scale audits find documentation is sparsely and unevenly completed: a systematic analysis of 32,111 Hugging Face model cards (Liang et al. 2024) found environmental-impact, limitations and evaluation sections least often filled, and Bhat et al. (2023, 45 practitioners) found a substantial gap between the documentation proposal and actual practice. Honest caveat: the documentation frameworks themselves are real and adopted, so the dispute is about whether disclosure conveys decision-relevant information, not whether the artifacts exist.
Sources: Selbst & Barocas 2018 (Fordham Law Review 87:1085-1139); Liang et al. 2024 (Nature Machine Intelligence, s42256-024-00857-z, 'Systematic analysis of 32,111 AI model cards'); Bhat et al. 2023 (CHI '23, 'Aspirations and Practice of ML Model Documentation', DOI 10.1145/3544548.3581518); Mitchell et al. 2019 (FAccT, Model Cards for Model Reporting); Gebru et al. 2021 (CACM 64(12):86-92, Datasheets for Datasets)
There is no rigorous impact evaluation showing that AI transparency mandates (model cards, training-data summaries) measurably reduce bias, misuse or accidents — the central regulatory assumption is empirically untested, partly because flagship mandates like EU AI Act Art. 53(1)(d) GPAI training-data summaries are only subject to AI Office enforcement/verification from 2 August 2026 (the obligation itself began 2 August 2025 for new models). The closest analogue, mandated consumer disclosure, shows small and context-dependent effects: Bollinger, Leslie & Sorensen (2011) found mandatory calorie posting cut average calories per transaction by about 6%, while Loewenstein, Sunstein & Golman (2014) review evidence that disclosure effects are frequently diminished or even reversed by limited attention and often change provider rather than recipient behavior. These are analogues, not AI studies; no study demonstrates that AI transparency disclosure achieves its stated downstream safety aims.
Sources: Bollinger, Leslie & Sorensen 2011 (AEJ: Economic Policy 3(1):91-128); Loewenstein, Sunstein & Golman 2014 (Annual Review of Economics 6:391-419, 'Disclosure: Psychology Changes Everything'); EU AI Act Art. 53(1)(d) GPAI training-data summary (obligation from 2 Aug 2025; AI Office enforcement from 2 Aug 2026)