Why the Regulatory Frenzy?
The rapid advancement of artificial intelligence has ignited widespread debate about its regulation, accountability, and societal impact. In response, the European Union has introduced the EU Artificial Intelligence Act, a comprehensive legal framework designed to ensure AI is deployed safely and ethically. While well-intentioned, this regulatory push raises a fundamental question: Why is AI being treated as an entirely new and exotic risk, requiring an extensive, bureaucratic regulatory structure?
Rather than adding layers of complexity, a much simpler and more practical approach would be to treat responsibility for AI systems in the same way as responsibility for employees. Businesses already have well-established frameworks for managing risks associated with human decision-making, machine failures, and process automation—so why should AI be an exception? Instead of overcomplicating AI governance with excessive regulation, policymakers could align AI accountability with existing corporate responsibilities, simplifying compliance while maintaining safety and oversight.
This article, written in collaboration with communication scientist and usability expert Dr Michael Sprenger, argues that AI should be subject to the same risk management principles as human staff or any other technology. The excessive bureaucratic constraints imposed by the EU AI Act, while aiming to safeguard the public, may inadvertently stifle innovation, drive businesses away, and create an economic environment hostile to technological advancement.
Risk Management: The Common Thread Between AI and Employees
Businesses make calculated risk assessments when hiring employees, implementing new software, or investing in infrastructure. AI is no different. If a company integrates AI into its decision-making processes, it must apply the same due diligence as it would when onboarding a new worker. Let’s examine the commonalities between AI and human employment from a risk management perspective.
1. Decision-Making and Accountability
Humans make errors. So does AI. A misinformed decision by an employee can result in financial loss, legal disputes, or reputational damage. The same is true for AI-driven automation. Instead of treating AI as an unpredictable, uncontrollable force, businesses should develop accountability frameworks that mirror those used for human staff:
- AI should undergo training and monitoring, much like an employee undergoing a probationary period.
- AI should be assigned oversight, just as employees report to managers.
- AI’s outputs should be regularly audited, akin to employee performance reviews.
- AI should have clear boundaries and limitations, just like job descriptions.
Under the EU AI Act (Title III, Chapter 2, Article 9), providers of high-risk AI systems must establish a risk management system that ensures the continuous evaluation and mitigation of potential AI failures. However, these stringent obligations should not differ fundamentally from existing corporate compliance measures applied to human decision-making processes.
2. Risk Mitigation Strategies: Human vs. AI
When hiring employees, companies consider background checks, references, and skill assessments to ensure they mitigate potential risks. Similarly, organizations using AI must apply rigorous validation, bias assessments, and stress testing before deploying AI into critical processes.
Furthermore, businesses must ask themselves the same fundamental questions regarding both employees and AI:
- What risks do we accept?
- What risks do we mitigate?
- What measures are in place to minimize errors?
For example, the EU AI Act mandates conformity assessments (Article 43) for high-risk AI systems. These assessments are akin to professional certifications or compliance audits for employees. However, the Act’s broad scope risks overburdening companies with excessive documentation, risk logs, and compliance reports, making AI implementation disproportionately complex.
3. Liability and Responsibility: The AI “Employment Contract”
If AI were an employee, what would its employment contract look like? Businesses must establish clear guidelines for AI usage, data handling, decision-making authority, and liability. The EU AI Act’s stringent requirements make sense for high-risk applications, but treating all AI systems as inherently dangerous overlooks the practicalities of corporate governance.
For example, under Article 14, the EU requires that AI systems used in employment contexts (such as recruitment or worker evaluation) undergo human oversight and transparency measures. While transparency is crucial, these requirements could create a chilling effect where businesses opt to avoid AI entirely due to compliance burdens.
The Burden of Bureaucracy: How the EU’s Approach Stifles Innovation
While risk management is essential, the EU’s excessive regulatory approach is symptomatic of a broader problem—a bureaucratic obsession with control that ultimately hampers technological progress. The EU AI Act, despite its good intentions, imposes a rigid compliance structure that could drive companies and talent away from Europe.
1. The Regulatory Overkill and Innovation Exodus
The European Union has a long-standing tradition of overregulation. From GDPR to the Digital Markets Act, compliance costs have skyrocketed, forcing smaller businesses to abandon innovation due to legal complexities. The AI Act is no different—it introduces heavy administrative burdens, particularly for startups and SMEs, which lack the resources to navigate an ocean of paperwork.
Many AI-driven businesses may opt to relocate to less restrictive environments, such as the US or Asia, where regulatory flexibility encourages growth rather than impeding it. This brain drain only exacerbates the EU’s long-standing problem: the loss of skilled labor to more business-friendly regions.
2. Bureaucracy vs. Market-Driven Regulation
In contrast to the EU’s top-down regulatory model, market-driven risk management fosters adaptability. Companies already implement compliance measures that align with industry best practices, and excessive governmental intervention only adds unnecessary hurdles. The reality is that businesses have natural incentives to minimize AI risks—reputation, customer trust, and financial stability depend on it.
Instead of relying on a rigid regulatory framework, why not let the market dictate best practices? Companies that fail to manage AI risks effectively will face lawsuits, reputational damage, and loss of customers—the same natural consequences that govern human employment and corporate liability.
3. AI Regulation: The Case of Overgeneralization
Not all AI applications present high risks. A distinction must be made between low-risk AI (e.g., chatbots, recommendation systems, automated scheduling) and high-risk AI (e.g., autonomous vehicles, medical diagnostics, law enforcement algorithms). However, the EU AI Act takes a one-size-fits-all approach, treating all AI with an excess of caution. This stifles low-risk innovation while failing to address the nuances of AI governance.
Conclusion: Rethinking AI Regulation Through Practical Governance
AI should be treated like any other employee or technology—with structured risk management, oversight, and accountability. The EU’s bureaucratic stranglehold on AI innovation is counterproductive, pushing businesses and talent toward more flexible regulatory environments.
A practical, business-driven approach to AI risk management—rather than an overregulated, government-mandated framework—would allow European innovation to thrive while maintaining safety and accountability. Businesses already have the tools and incentives to govern AI responsibly; they just need the freedom to do so without excessive bureaucratic interference.
If the EU fails to strike this balance, it risks becoming a graveyard for innovation, watching from the sidelines as the rest of the world advances in AI-driven transformation.