Improving economic policy
Suggested keywords:
EU AI regulation should trade lower ex-ante burden for robust ex-post monitoring, judicial review and liability to curb harms without stifling markets
Reading time: 27 minutes
Reading time: 27 minutes
Executive summary
The European Union’s Artificial Intelligence Act was conceived as a traditional ex-ante product safety regulation: AI systems must comply with a set of requirements before deployment. Yet AI escapes the narrow product definition. It operates in unknown environments and takes actions that were unforeseen at the time of coding. Given that inherent unpredictability, an ex-ante regime cannot effectively safeguard against unforeseeable harm. The AI Act is unlikely to protect against AI harm while minimising market distortion. It risks replicating the outcomes of the 2016 EU General Data Protection Regulation, which has contributed to market concentration by disproportionately burdening smaller firms.
To rebalance EU AI regulation, the AI Act should be revised, moving away from a predominantly ex-ante approach to a balanced mix of ex-ante and ex-post measures. Ex-post regulation relies on monitoring and enforcement after deployment, typically through fines after incidents materialise. A reduction in the AI Act ex-ante compliance burden for most AI suppliers should be traded for a solid ex-post judicial review based on an ad-hoc AI liability framework, together with new ex-post learning, monitoring and enforcement tools. Because the net effect on compliance costs for AI companies would be negative, the package should garner the political support needed in the EU legislative process.
This Policy Brief benefitted from discussions within Bruegel. Many thanks in particular to Stephen Gardner, Fiona Scott Morton and Jeromin Zettelmeyer for their helpful comments.
The main focus of the European Union-level public policy debate on artificial intelligence is reducing the compliance burden for tech companies while stimulating innovation. A regulatory simplification plan, known as the Digital Omnibus and AI Omnibus, agreed in principle at EU level in May 2026, illustrates this orientation – it relaxes deadlines on rules for high-risk AI systems, for example1. Work on limiting harms from AI is happening in parallel through implementation of the EU’s 2024 AI Act (Regulation (EU) 2024/1689), draft guidelines from the European Commission (2026) on classification of high-risk AI systems and work on liability, but it is deregulation that has the policy momentum (Mariniello, 2025).
This shows that the harm problem (how to defuse AI risk) and the market problem (how to avoid distorting developers’ incentives) are often addressed in isolation, resulting in a preference-driven public debate between champions of risk minimisation and champions of AI development. Such polarisation threatens to crowd out efficient solutions that address both together.
However, it is possible to improve the design and enforcement of the EU AI regulatory framework while reducing compliance costs. The EU regulatory framework based on the AI Act should be seen as a strength, not a weakness, for stimulating AI development. It can dispel uncertainty, reduce adverse AI effects, stabilise demand and foster tech adoption, ultimately raising investment. The United States, for example, still lacks AI supervision tools at federal level and, although it currently attracts far more AI investment than the EU in absolute terms, may face greater regulatory uncertainty and demand fluctuations over time, with unfavourable effects at the margin, particularly for smaller and more risk-averse firms (Musquera and Brennen, 2026).
Yet the AI Act has serious flaws, making it uncertain whether it can efficiently tackle AI harms (Box 1). The AI Act was largely conceived as a traditional ex-ante product-safety regulation2, under which AI systems should, in principle, conform to a set of requirements before being deployed in markets. In many ways, though, AI escapes the narrow product definition. Manufactured products, such as toys, pose risks that are relatively easy to predict (for example, a toy should have no small parts that could cause suffocation if ingested). Conversely, a most compelling feature of AI systems is their unpredictability (Anderljung et al, 2023).
AI systems can, by definition, operate in dynamic environments, taking actions that were not necessarily pre-coded. There are thus significant limits to what product-safety requirements targeting the design of AI systems can achieve. The ex-ante approach contrasts with the ex-post approach, which relies on monitoring and enforcement after deployment, typically through fines after incidents materialise3.
To improve the EU framework, it should be recalibrated from a predominantly ex-ante approach to a balanced mix of ex-ante and ex-post measures. A reduction in the ex-ante compliance burden for most AI suppliers should be traded for a solid ex-post judicial review, based on an ad-hoc AI liability framework and the introduction of new ex-post learning, monitoring and enforcement tools. The recalibration would more effectively prevent AI-related harm while reducing market distortion. The net effect on AI companies’ compliance costs is expected to be negative.
The rest of the paper is organised as follows. Section 2 introduces the AI Act and discusses its blind spots. Section 3 analyses the trade-off between ex-ante and ex-post AI regulation. Based on this, section 4 proposes measures to recalibrate the AI Act.
Box 1: The studied risks of AI
The need for supranational ad-hoc AI regulation, such as the EU AI Act, is grounded in economic theory. AI is set to generate great value (Trammell and Korinek, 2023), but equally poised to generate great harm (Bengio et al, 2024). AI can, for example, lead to discrimination, cognitive manipulation, surveillance and disinformation (Whittaker et al, 2018). It can foster exploitation, generate systemic safety risks – for example, by helping to fabricate bioweapons – and dramatically increase energy consumption (Crawford, 2021).
AI companies, if unconstrained, cannot be expected to curb the risk of harm. AI markets are prone to failure. Developers have little reason to worry about potential social harm if it is not reflected in reduced profits. Reputational fears are unlikely to constrain behaviour: big-tech firms have weathered high-profile scandals without major effects on sales (Acquisti et al, 2006; Makridis, 2021). It is thus no coincidence that the gap between AI capability and AI safety is rising sharply (Sajadieh et al, 2026).
AI systems are opaque (Burrell, 2016). Developers may not fully understand why their model behaves as it does (Pasquale, 2015), but they still know more about its architecture and training data than regulators, downstream integrators or end users. After an incident, they can exploit that asymmetry to shift blame along the value chain. Regulation helps mitigate the effects of negative externalities, asymmetric information and moral hazard, and, preferably, it should be deployed at the supranational level, given AI systems’ economies of scale and network effects (Mariniello, 2022). EU countries, for example, are ill-suited to regulate AI with national legislation (ideally, AI harm should be addressed at the global level4).
Regulating AI faces three main hurdles. First, the highly dynamic nature of AI markets makes it difficult to anticipate the harms that might emerge, even in the near future (Taeihagh et al, 2021). Because the EU lawmaking process is slow, by the time a regulation is enforced, it may already have been superseded by market developments: the problem of ‘regulatory pacing’, which is particularly acute in AI markets (Marchant, 2011).
Second, there is very limited experience of enforcement of AI regulation (Busuioc, 2021; Martens, 2024). Because of the complexity and opacity of AI systems (Box 1), it is reasonable to expect regulators to struggle when enforcing detailed rules. Third, the global race for AI dominance is driving countries towards suboptimal AI regulation. Jurisdictions fear that strict regulation will drive innovation elsewhere, creating a global race to the bottom and potentially leading to excessive pressure to reduce regulatory constraints – what has been called global “mutually assured deregulation” (Abiri, 2025).
In response to these challenges, the EU AI Act treats AI systems as products5 that can only be deployed in the market if presumed safe (for example, Art. 48 of the AI Act regulates the use of safety conformity (CE) marking that high-risk AI systems must have to be sold in the single market).
The AI Act approach is risk-based. It bans AI applications considered excessively risky (such as systems that use subliminal techniques to exploit vulnerabilities; Art. 5 AI Act) and sets requirements for ‘high-risk’ AI (for example in medical devices, toys, transport) and applications in sensitive sectors (for example in education, employment and access to essential services)6. All remaining systems are non-high-risk and subject to no or light requirements. A consumer chatbot, for example, needs only to warn users that they are interacting with an AI system and not a human (Art. 50, AI Act).
The AI Act deals with the pacing challenge by remaining high-level: it sets principles for ex-ante requirements (eg minimising training-data bias, guaranteeing human oversight) and delegates the work of technical specification to European standard-setting organisations (SSOs) such as CEN-CENELEC and the European Telecommunication Standards Institute. Principles are seen as more durable than detailed obligations: should the market evolve unexpectedly, compliance standards adjust faster than laws.
The enforcement challenge is tackled by relying heavily on self-assessment by developers: for most high-risk AI systems, developers can obtain CE marking (and therefore market them in the EU) by assessing whether their systems comply with the AI Act7. Developers can assume their system is compliant if it meets the SSO’s technical specifications.
Finally, the AI Act takes a risk-based approach. According to the European Commission (2021), between 5 percent and 15 percent of AI applications on the EU market are high risk. Aggregate compliance costs were therefore deemed unlikely to be excessive.
Meeting the goals of the AI Act is likely to prove difficult for five main reasons. Some of these, such as disproportionate compliance costs, fragmented enforcement and a democratic deficit in standard-setting, are common to other EU digital legislation. The first reason, by contrast, is specific to AI.
The AI Act classifies systems into risk tiers (unacceptable, high, limited and minimal) based on their intended purpose at the time of deployment in the market. A system’s tier depends on whether its intended purpose appears on a list drawn up in advance by the legislator (for high-risk systems, Annex III of the AI Act), not on any measurement of the probability or severity of the harm it actually poses. Compliance is then demonstrated largely through procedural conformity steps rather than a substantive, ongoing assessment of risk (Veale and Zuiderveen Borgesius, 2021)8.
This approach is based on the assumption that the risk of harm after deployment can be largely predicted. This assumption may hold true generally for products that do not change significantly over time, such as child safety equipment or pharmaceuticals. However, in relation to AI systems, it is fallacious.
Most importantly, AI systems, particularly those built on general-purpose models, are not static products. Their behaviour changes with model updates, fine-tuning, prompt engineering and deployment context. A system classified as minimal risk at deployment may become high risk because of a change in use case that the developer neither intended nor controls (Anderljung et al, 2023). AI systems are unpredictable, since pre-training data does not contemplate all the uses that the system might be put to; most AI capabilities are discovered after deployment (Bengio et al, 2024). It could be objected that no rule can foresee the future, and that many products are subject to dual use. However, a chemical’s hazards, for example, are fixed by its molecular structure; fertiliser, if used to make a bomb, becomes dangerous when deliberately repurposed by a third party. With AI, instead, risk changes during ordinary use, with no new product and often no deliberate act. Reclassifying systems one by one, after the fact, is exactly what an ex-ante regime does too slowly to keep pace with AI markets (Marchant, 2011).
An entertainment chatbot, for example, is not classified as high risk under the AI Act and is therefore subject to the minimum transparency requirements. Yet, interactions with chatbots have raised concerns about them leading teenagers to self-harm (Clark, 2025)9. Chatbots that provide voting information are not high risk either. Yet AI chatbots tested in the 2024 US elections gave systematically incorrect voting information10. The UK Electoral Commission has urged new regulations to control AI chatbots, following a report that these systems made significant errors during the May 2026 Scottish election11. These examples are not an argument for simply moving chatbots into the high-risk list. The harm arises in uses unanticipated by the ex-ante classification. An AI system can cross tier boundaries as its behaviour changes after deployment, so the flaw is structural rather than a misclassification that re-listing could address.
Even if at the aggregate level, compliance costs may be low, at the company level, costs may be disproportionately high. Haataja and Bryson (2021) estimated that, for an average AI system (with a development cost of €170,000), compliance costs for developers range from €14,623 to €29,277. This represents roughly 9 percent to 17 percent of total development costs. Since requirements do not scale with developer size, the AI Act risks favouring large firms that can absorb compliance costs and entrenching incumbent dominance. A notable precedent of a similar distortive effect caused by the introduction of the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) is well documented (Johnson et al, 2023).
Reliance on self-assessment by companies may be dangerous. Smuha and Yeung (2025), for example, drew a parallel between the AI Act and shortcomings in the EU’s medical device regime, under which breast implant manufacturers could choose different inspection methods to certify their implants as CE compliant. In the ‘PIP scandal’, inspection failings meant a failure to spot substandard, industrial-grade silicone used in thousands of implants, leading to widespread health hazards.
Under the AI Act, developers who wrongly assert safety face fines of up to 3 percent of turnover. But enforcement is unlikely to be effective or symmetric across the single market. The European Commission lists more than 2,000 sectoral national market surveillance authorities across EU countries12. Most of these authorities were originally designed for physical product safety, such as checking whether toys meet fire-resistance standards, not for evaluating whether AI systems exhibit discriminatory patterns in dynamic deployment contexts. Authorities in smaller countries may be particularly exposed to a shortage of technical staff to conduct conformity assessments of complex AI systems (Graux et al, 2025). Because AI is embedded in products and services across the economy, the number of authorities drawn into assessing AI systems would be far larger than for any conventional product category. Once again, the risk is of replicating a scenario in which regulatory enforcement is highly ineffective because of single-market fragmentation, as observed, for example, in GDPR enforcement (Gentile and Lynskey, 2022). The additional AI-specific risk is the dispersal of AI oversight across many different authorities, each operating beyond its technical competence.
According to the AI Act, developers can demonstrate compliance by adhering to standards developed by SSOs (most notably CEN-CENELEC’s Joint Technical Committee 2113). These standards are mostly written by industry experts behind closed doors, with civil society groups, consumer organisations and academics playing marginal roles. Yet the drafting process is not merely technical; the decisions SSOs must make are often value-laden (Kaminski, 2023). SSOs take political choices disguised as technical (Hadfield and Clark, 2023). For example, they need to decide what can be considered ‘unfair’, ‘safe’ or ‘unbiased’, a highly subjective exercise (Selbst, 2021). The process is often captured by larger firms with incentives to steer it (Smuha and Yeung, 2025). It can lack transparency and democratic accountability and be inadequate for defining requirements that affect fundamental rights14. It is therefore unlikely to meaningfully constrain developers, with potentially high detrimental welfare effects15.
The AI Act is not complemented by an ad-hoc AI liability framework, nor does it envisage any redress mechanism for victims of AI harm. This means that if an AI system causes harm, victims must navigate existing product-liability and tort law frameworks that were not designed for algorithmic decision-making. Proving causation, identifying the responsible party in a value chain and overcoming information asymmetries could prove difficult (Hacker, 2023). This is particularly concerning for immaterial damages, for which the EU product-liability framework does not apply.
For example, if a bank relying on an AI-powered screening application incorrectly denies a mortgage application, the applicant would face very high hurdles in compelling the bank to pay compensation under national tort law. She would need to first identify the responsible party (the bank, the AI application developer, the developer of the underlying LLM, the training data provider). She would then need to prove that the algorithm caused the harm, despite having no access to the model or the training data. Finally, she would need to prove that the AI application violated a specific law or contract.
These conditions make the task daunting for victims of AI harm, especially given the opacity of AI systems. Successful litigation wouldn’t be impossible under existing law, but the set of victims who can credibly obtain redress would be far smaller than the set who suffer compensable harm, with plaintiffs without institutional support facing particular difficulties (Hacker, 2023). Combined with weak regulatory enforcement, violators face limited practical consequences for non-compliance.
Most of the weaknesses in the EU AI regulatory framework could be mitigated by reducing its dependence on ex-ante requirements in favour of ex-post measures. A large legal and economic literature suggests that the choice between ex-ante and ex-post regimes is not straightforward (for example, Shavell, 1984; Kolstad et al, 1990; Innes, 2004). Ex-ante regimes tend to be preferred when harms are very high or irreversible and regulators have an ex-ante information advantage (ie harm dynamics can be predicted accurately).
Conversely, ex-post regimes are better suited to preserving the dynamic efficiency of markets. They tend to entail lower compliance costs and distort innovation less – in ex-ante regimes, developers have a reduced incentive to produce a risky product because of higher compliance costs. Moreover, in ex-post regimes, products are observed in real-world use, conveying valuable information to regulators that can improve their market knowledge through continuous learning (Gans, 2025). Ex-post regimes, however, critically hinge on their ability to induce producers to anticipate the costs for them that an incident caused by their product may entail (for example, a fine imposed by the regulator, or the prospect of liability costs). Often, even that may not be enough because producers are insufficiently cautious or expect not to be caught by regulators if something goes wrong. With AI, this may happen often: a voter who received incorrect information from a chatbot may never realise it was wrong.
Thus, ex-post regimes may not be entirely suitable to prevent harm: enforcement often occurs only after someone has already been hurt. If fines or potential liability are not sufficiently dissuasive, ex-post regulatory regimes can allow very high levels of potentially irreversible harm to materialise. Acemoglu and Lensman (2024) argued forcefully for ex-ante restraint when harm is potentially transformative. We take this as binding: the recalibration we propose in section 4 preserves a strict ex-ante regime for large or irreversible damage and shifts regulatory weight to ex-post tools only for the lower-damage segment.
To inform our analysis of how the EU AI framework could be improved by adopting both ex-ante and ex-post elements, we develop a simple theoretical model that formalises the trade-offs in the AI context (see the appendix for details). Figures 1 to 3 show the results from this model. Each figure shows the social costs under the ex-ante regime (dashed blue line) and the ex-post regime (solid red line) as one parameter varies; other parameters are held constant at realistic values. Social cost rises with expected harm and with compliance costs; compliance costs proxy innovation costs (the higher the burden, the lower the investment). A welfare-optimising regulator chooses the regime with the lower social cost. Figure 1 plots social costs as the damage from an AI incident rises (imagine a low d as a delayed train, and a high d as a user’s death after deceitful chatbot information). Figure 2 plots social costs as non-high-risk applications become progressively riskier. Figure 3 plots the costs as developers become less able to estimate their own risk.
Figure 1: Social costs from damage caused by an AI application
Source: Bruegel. See the appendix.
Figure 2: Social costs as true risks of an AI application are revealed
Source: Bruegel. See the appendix.
Figure 3: Social costs and developer’s own risk perception
Source: Bruegel. See the appendix.
Figure 1 shows that, for a given enforcement capacity, there is a damage threshold below which an ex-post regime would, in principle, be preferable. Above the threshold, the expected damage is so high that the cost imposed on a negligent developer does not compensate for it16. In such a case, ex-post enforcement would fail to prevent AI harm, because the incentive given to developers to invest in risk mitigation is less than what would be desirable from a social viewpoint. The ex-ante regime forces maximum risk mitigation for high-risk systems regardless of developer choice. When damage is large, ex ante therefore implies lower social costs.
Figure 2 indicates that the ex-ante regime entails lower social costs if the regulator can accurately predict risk and accurately categorise AI systems based on the probability that they will cause harm. This is the case on the left of the figure, where the latent risk of safe applications is close to zero. If applications that are considered safe instead prove unexpectedly to be likely to cause an incident (right side of the figure), social costs under the ex-ante regime skyrocket because it offers no protection against harm generated by applications considered safe: they are subject to no ex-ante requirements. Under an ex-post regime, by contrast, developers have an incentive to invest in mitigation regardless of category; what matters is the expected ex-post cost, represented by the fine.
Figure 3 shows that if developers are unable to estimate the true risks of their AI applications, the case for ex-ante requirements is stronger. As misperception and overconfidence grow, developers fail to account for the consequences of weak internal risk management. Their expected ex-post cost is lower than it would be with accurate risk perception.
Consistent with the broader literature, no regime always dominates in AI markets; outcomes depend on parameters. For the EU, this argues for a recalibration of the AI Act from a mostly ex-ante approach to a hybrid model that blends ex-ante and ex-post features.
This recalibration should take into account three main factors:
Note that the theoretical model is an abstraction based on simplifying assumptions that ensure its tractability. For example, the model treats the two regimes as at either end of a spectrum (the ex-ante regulator forces maximum effort for risky systems and imposes no requirements for safe systems; the ex-post regulator relies solely on the expected fine; see the appendix) and assumes that damage is uniform across applications. The model should therefore be treated as a tool for identifying the direction of the effects of changes in the relevant parameters. Conversely, the model does not aim to accurately replicate the complexity of reality.
Section 4 translates these results into policy.
Based on the analysis in section 3, we recommend three sets of measures: (1) recalibrate the ex-ante requirements of the AI Act based on expected deployment scale; (2) introduce an AI ad-hoc ex-post liability system and an effective ex-post monitoring and supervision structure; (3) increase ex-post universal transparency for high and low-risk AI systems.
The AI Act is largely agnostic about firm size. For example, LinkedIn Recruiter, an AI-powered hiring tool used by thousands of firms and affecting millions of hiring decisions a year, and an experimental resumé-screening tool from a small start-up sit in the same high-risk category (employment, AI Act Annex III). The optimal approach, however, should depend on expected harm (section 3). Harm depends on both risk (the probability of an incident) and total social damage, which correlates with the number of users affected. Limited deployment of an AI tool affects few people; widespread deployment affects many. Small-scale applications are therefore better handled ex post, which avoids overburdening small firms with excessive ex-ante costs. Ex-ante requirements remain essential for large-scale deployment, because expected ex-post fines or liability costs are less effective when expected damage is large.
To address this inconsistency, we recommend introducing a multitiered ex-ante requirements system based on expected deployment scale. The new framework would mimic the structure of the Digital Services Act (DSA, Regulation (EU) 2022/2065), which subjects online platforms to progressively tighter constraints the larger they are17.
We propose three tiers for providers of high-risk AI systems:
The cost a developer might face under an ex-post regime when their AI system causes an incident is a powerful incentive for investment in risk mitigation. Two complementary measures should be introduced.
First, the EU needs a comprehensive ad-hoc AI liability framework. But under pressure to cut red tape, the European Commission withdrew in early 2025 a proposal for an AI Liability Directive20. For material harm, victims of AI harm will be able to rely on the EU Product Liability Directive (Directive (EU) 2024/2853) as of 9 December 2026, when the Directive becomes applicable. For immaterial harm, victims can only rely on national tort law, facing prohibitive hurdles in the opaque AI environment: proving harm, fault and causation. For example, a job applicant rejected because an AI-powered CV scrutiny tool downgraded her based on her gender would have a very hard time claiming compensation. This is not just incompatible with human rights protection, it also leads developers to underinvest in risk mitigation, as they have no reason to fear additional liability costs in the event of an incident.
The Commission should revive its AI liability proposal, shifting the burden of proof from victims to AI developers. The framework should be tiered. For prohibited and high-risk systems, strict liability is justified: these systems pose risks of serious or irreversible harm and the operator is best placed to manage them, as the EU Product Liability Directive already does for defective products21. For other AI systems, a rebuttable presumption of defectiveness and causation is the appropriate instrument (Hacker, 2023). Moreover, a harmonised EU AI liability regime would reduce legal uncertainty and likely support innovation: the current patchwork of national tort regimes is itself a significant compliance burden, falling disproportionately on smaller firms22. Note that the liability framework’s effectiveness would depend on companies’ financial solvency. For Tier 1 firms, this concern would be offset by design: the tier would be restricted to applications causing reversible harm, with a capped expected deployment scale23.
Second, ex-post regimes require investment in detection infrastructure to be credible. The US Food and Drug Administration offers a model (Tutt, 2017; Lenhart and Myers West, 2024). Its Sentinel Initiative actively queries electronic health records to detect adverse drug events in near real-time. An EU AI equivalent could draw on it. The practical design would hinge on API (application programming interface) traffic24 sampling and AI observability platforms25 and would require feasibility analysis beyond the scope of this paper. It would need to be calibrated to firm size and deployment context and reconciled with confidentiality and data-protection safeguards.
Detection infrastructure can serve two purposes. The narrower purpose is informational: monitoring reduces opacity and enables fines or liability to be triggered when harm has materialised. The broader purpose is supervisory: a public authority observes deviations from expected baselines and, on that basis, asks operators to change behaviour before harm ramps up, similarly to what happens with financial supervision, or pharmaceutical regulators issuing label changes and recalls. The two roles are complementary: the prospect of fines incentivises developers to invest in risk mitigation; supervision prevents imminent potential harm.
Two design choices follow. First, the supervisory role must be assigned to a specific institution. The European Commission’s AI Office, which already supervises general-purpose AI systems under the AI Act (Articles 88-89), is a natural candidate: its mandate should be extended to cover non-general-purpose systems flagged by the detection infrastructure. This would require significant additional staffing26. National market surveillance authorities can complement that mandate for purely domestic cases, but they cannot serve as the primary supervisor, given the fragmentation problem identified in the AI Act (section 2). Second, supervisory powers must be calibrated to avoid de-facto ex-ante regulation. Interventions should be triggered by an observed deviation detected by the detection infrastructure, rather than by general regulatory discretion. Remedies should be proportionate and subject to judicial review.
When developers underestimate risk, ex-post regulation fails even with strong liability and fines: developers who genuinely believe their system is safe will not invest in safety. A third set of measures is therefore needed to change the information environment so developers become aware of the true risks and regulators get better information on hard-to-anticipate harms.
To increase universal (ie related to any type of AI system) ex-post transparency, we recommend three measures. First, external third-party auditing of deployed AI systems is crucial to improve awareness of AI risks (Raji et al, 2022; Casper et al, 2024). Using the Digital Services Act (section 4.1) again as a source of inspiration, the new AI regulatory framework could envisage structured access for vetted researchers and auditors (Art. 40, DSA)27. This requires a legal mechanism to give researchers access to API traffic, training data and model architectures, with effective trade-secret safeguards. It also requires safe-harbour rules for independent researchers who carry out unannounced adversarial testing (red teaming28) that may breach developers’ terms of service. If trade-secret protections (confidentiality clauses, non-disclosure agreements, usage restrictions, data rooms) are sufficiently robust, developers would have a genuine interest in external auditing: external knowledge would flow back to them, exposing flaws they did not detect.
A second measure could take inspiration from the aviation industry, a recognised exemplar of safety excellence. Aviation safety rests on a solid safety culture deliberately nurtured over time by public agencies and regulators. In 1976, NASA and the US Federal Aviation Administration initiated the Aviation Safety Reporting System29. Its key design feature is non-punitive near-miss reporting: pilots and controllers report safety incidents without fear of prosecution, generating data on failures that would otherwise go unreported. Chatzipanagiotis (2026) proposed a similar framework for AI, though the contexts differ (eg pilots have a direct self-interest in plane safety) and the framework would require a strong safety culture that AI markets currently lack. Developers should report confidential AI near-misses to an independent EU authority without enforcement powers. A developer who discovers, for example, that her system produces biased recommendations should be able to report swiftly without fear. Near-misses would be aggregated, analysed and fed back to developers, deployers and regulators30.
Finally – and complementing the first two measures – a standardised AI incident taxonomy should be adopted and a systematic harm registry established. A good starting point is OECD (2025), which proposes a common framework for reporting AI incidents based on 29 criteria to gauge information, such as the type or severity of the harm caused, the affected demographic and the system’s deployment context. The OECD also runs the OECD AI Incidents and Hazards Monitor (AIM) tool31, tracking global news in real time and categorising AI incidents according to criteria including the type of harm, their severity and affected stakeholders.
The EU should establish an EU AI public incident registry based on the OECD framework, requiring universal reporting when AI incidents occur. Currently only high-risk AI systems must report incidents (AI Act Arts. 72 and 73), and there is no common, publicly available EU incident registry. For companies, the cost of reporting is minimal, especially if standard reporting templates are developed. Similarly, the cost of maintaining such a public EU registry would be small. The registry would foster awareness of AI risks among stakeholders and significantly contribute to an AI safety culture. A side benefit would accrue to AI liability insurance markets, which currently price risk against limited data. A public harm registry and structured researcher access would reduce information asymmetry between insurers and developers, supporting more accurate insurance quotes and, all else being equal, lower premiums for firms with lower realised risk.
These three recommendations – multitiered ex-ante requirements, ex-post liability and supervision and ex-post transparency – should be treated as a package. Lighter ex-ante requirements for small firms work only if accompanied by higher expected liability costs and greater risk awareness; at the same time, an EU AI liability framework would gain political traction only as part of a broader reform that reduces compliance burdens for small firms.
The European Commission is required to start an evaluation of the AI Act’s effectiveness from August 2028. The Commission may propose amendments to improve the enforcement of the AI Act by August 2031 – in other words, far in the future, judged by the standard of AI markets. The EU does not have the luxury of experimenting only to find itself locked into a GDPR-like fallacy, with strong market distortions that favour concentration and inadequate enforcement. The Commission should therefore not wait until 2031 to propose amendments to the AI Act. It should start now to refine the EU AI regulatory framework instead of waiting for it to fail, with potentially dramatic social and economic consequences.
Abiri, G. (2025) ‘Mutually assured deregulation’, mimeo, available at https://arxiv.org/abs/2508.12300
Acemoglu, D. (2021) ‘Harms of AI’, Working Paper 29247, National Bureau of Economic Research, available at https://www.nber.org/papers/w29247
Acemoglu, D. and T. Lensman (2024) ‘Regulating transformative technologies’, American Economic Review: Insights 6(3): 359-376, available at https://www.aeaweb.org/articles?id=10.1257/aeri.20230353
Acquisti, A., A. Friedman and R. Telang (2006) ‘Is there a cost to privacy breaches? An event study’, ICIS 2006 Proceedings 94, available at https://aisel.aisnet.org/icis2006/94/
Anderljung, M., J. Barnhart, A. Korinek, J. Leung, C. O’Keefe, J. Whittlestone … K. Wolf (2023) ‘Frontier AI regulation: Managing emerging risks to public safety’, mimeo, available at https://arxiv.org/abs/2307.03718
Angwin, J., A. Nelson and R. Palta (2024) Seeking Reliable Election Information? Don’t Trust AI, AI Democracy Projects, Institute for Advanced Study, available at https://www.ias.edu/sites/default/files/AIDP_SeekingReliableElectionInformation-DontTrustAI_2024.pdf
Bengio, Y., G. Hinton, A. Yao, D. Song, P. Abbeel, T. Darrell … S. Mindermann (2024) ‘Managing extreme AI risks amid rapid progress’, Science 384(6698): 842-845, available at https://doi.org/10.1126/science.adn0117
Burrell, J. (2016) ‘How the machine “thinks”: Understanding opacity in machine learning algorithms’, Big Data & Society 3(1): 2053951715622512, available at https://doi.org/10.1177/2053951715622512
Busuioc, M. (2021) ‘Accountable artificial intelligence: Holding algorithms to account’, Public Administration Review 81(5): 825-836, available at https://doi.org/10.1111/puar.13293
Casper, S., C. Ezell, C. Siegmann, N. Kolt, T.L. Curtis, B. Bucknall … D. Hadfield-Menell (2024) ‘Black-box access is insufficient for rigorous AI audits’, FAccT ‘24: Proceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency: 2254-2272, available at https://doi.org/10.1145/3630106.3659037
Chatzipanagiotis, M. (2026) ‘Incident reporting and investigation under the AI Act: Some insights from aviation’, International Journal of Law and Information Technology 34: eaaf019, available at https://doi.org/10.1093/ijlit/eaaf019
Clark, A. (2025) ‘The ability of AI therapy bots to set limits with distressed adolescents: simulation-based comparison study’, JMIR Mental Health 12: e78414, available at https://doi.org/10.2196/78414
Crawford, K. (2021) Atlas of AI: Power, Politics, and the Planetary Costs of Artificial Intelligence, Yale University Press
European Commission (2021) ‘Impact assessment accompanying the proposal for an AI Act’, SWD(2021) 84 final, available at https://ec.europa.eu/newsroom/dae/redirection/document/75792
European Commission (2025) ‘Proposal for a Digital Omnibus on AI Regulation’, COM(2025) 836 final, available at: https://digital-strategy.ec.europa.eu/en/library/digital-omnibus-ai-regulation-proposal
European Commission (2026) ‘Draft Commission Guidelines on the classification of high-risk AI systems’, https://digital-strategy.ec.europa.eu/en/library/draft-commission-guidelines-classification-high-risk-ai-systems
Gans, J.S. (2025) ‘How learning about harms impacts the optimal rate of artificial intelligence adoption’, Economic Policy 40(121): 199-219, available at https://doi.org/10.1093/epolic/eiae053
Gentile, G. and O. Lynskey (2022) ‘Deficient by design? The transnational enforcement of the GDPR’, International & Comparative Law Quarterly 71(4): 799-830, available at https://doi.org/10.1017/S0020589322000355
Graux, H., K. Garstka, N. Murali, J. Cave and M. Botterman (2025) Interplay between the AI Act and the EU digital legislative framework, study requested by the ITRE Committee, European Parliament, available at https://www.europarl.europa.eu/thinktank/en/document/ECTI_STU(2025)778575
Haataja, M. and J.J. Bryson (2021) ‘What Costs Should We Expect from the EU’s AI Act?’ mimeo, Center for Open Science, available at https://ideas.repec.org/p/osf/socarx/8nzb4.html
Hacker, P. (2023) ‘The European AI liability directives – Critique of a half-hearted approach and lessons for the future’, Computer Law & Security Review 51: 105871, available at https://doi.org/10.1016/j.clsr.2023.105871
Hadfield, G.K. and J. Clark (2023) ‘Regulatory markets: The future of AI governance’, mimeo, available at https://doi.org/10.48550/arXiv.2304.04914
Hancock, J. and A. Moores (2026) Electoral Hallucinations: Safeguarding UK elections in the world of LLMs and AI chatbots, Demos, available at https://demos.co.uk/research/electoral-hallucinations-safeguarding-uk-elections-in-the-world-of-llms-and-ai-chatbots/
Innes, R. (2004) ‘Enforcement costs, optimal sanctions, and the choice between ex-post liability and ex-ante regulation’, International Review of Law and Economics 24(1): 29-48, available at https://doi.org/10.1016/j.irle.2004.03.003
Johnson, G.A., S.K. Shriver and S.G. Goldberg (2023) ‘Privacy and market concentration: Intended and unintended consequences of the GDPR’, Management Science 69(10): 5695-5721, available at https://doi.org/10.1287/mnsc.2023.4709
Kaminski, M.E. (2023) ‘Regulating the risks of AI’, Boston University Law Review 103: 1347, available at https://dx.doi.org/10.2139/ssrn.4195066
Kolstad, C.D., T.S. Ulen and G.V. Johnson (1990) ‘Ex post liability for harm vs. ex ante safety regulation: Substitutes or complements?’ American Economic Review 80(4): 888-901, available at https://www.jstor.org/stable/2006714
Lenhart, A. and S. Myers West (2024) Lessons from the FDA for AI, AI Now Institute, available at https://ainowinstitute.org/publications/research/lessons-from-the-fda-for-ai
Makridis, C.A. (2021) ‘Do data breaches damage reputation? Evidence from 45 companies between 2002 and 2018’, Journal of Cybersecurity 7(1), available at https://doi.org/10.1093/cybsec/tyab022
Marchant, G.E. (2011) ‘The growing gap between emerging technologies and the law’, in G.E. Marchant, B.R. Allenby and J.R. Herkert (eds) The Growing Gap Between Emerging Technologies and Legal-Ethical Oversight: The Pacing Problem, Springer
Mariniello, M. (2022) Digital Economic Policy: The Economics of Digital Markets from a European Union Perspective, Oxford University Press
Mariniello, M. (2025) ‘Efficiency and distribution in the European Union’s digital deregulation push’, Policy Brief 31/2025, Bruegel, available at https://www.bruegel.org/sites/default/files/2025-11/PB%2031%202025_0.pdf
Martens, B. (2024) ‘The European Union AI Act: premature or precocious regulation?’ Analysis 07/2024, Bruegel, available at https://www.bruegel.org/analysis/european-union-ai-act-premature-or-precocious-regulation
Musquera, A.V. and S.B. Brennen (2026) ‘Regulatory uncertainty is what actually holds back innovation’, Commentary, 20 April, Brookings, available at https://www.brookings.edu/articles/regulatory-uncertainty-is-what-actually-holds-back-innovation/
OECD (2025) ‘Towards a common reporting framework for AI incidents’, OECD Artificial Intelligence Papers 34, Organisation for Economic Co-operation and Development, available at https://doi.org/10.1787/f326d4ac-en
Pasquale, F. (2015) The Black Box Society: The Secret Algorithms That Control Money and Information, Harvard University Press
Raji, I.D., P. Xu, C. Honigsberg and D. Ho (2022) ‘Outsider oversight: Designing a third party audit ecosystem for AI governance’, Proceedings of the 2022 AAAI/ACM Conference on AI, Ethics, and Society: 557-571, available at https://doi.org/10.48550/arXiv.2206.04737
Sajadieh, S., L. Fattorini, R. Perrault, Y. Gil, V. Parli, L. Santarlasc … D. Weld (2026) The AI Index 2026 Annual Report, Institute for Human-Centered AI, Stanford University, available at https://hai.stanford.edu/assets/files/ai_index_report_2026.pdf
Selbst, A.D. (2021) ‘An institutional view of algorithmic impact assessments’, Harvard Journal of Law & Technology 35: 117, available at https://ssrn.com/abstract=3867634
Shavell, S. (1984) ‘Liability for harm versus regulation of safety’, Journal of Legal Studies 13(2): 357-374, available at https://www.jstor.org/stable/724240
Smuha, N.A. and K. Yeung (2025) ‘The European Union’s AI Act: Beyond motherhood and apple pie?’ in N.A. Smuha (ed) The Cambridge Handbook of the Law, Ethics and Policy of Artificial Intelligence, Cambridge University Press, available at https://doi.org/10.1017/9781009367783
Taeihagh, A., M. Ramesh and M. Howlett (2021) ‘Assessing the regulatory challenges of emerging disruptive technologies’, Regulation & Governance 15(4): 1009-1019, available at https://doi.org/10.1111/rego.12392
Trammell, P. and A. Korinek (2023) ‘Economic growth under transformative AI’, NBER Working Paper 31815, National Bureau of Economic Research, available at https://www.nber.org/papers/w31815
Tutt, A. (2017) ‘An FDA for algorithms’, Administrative Law Review 69: 83, available at https://dx.doi.org/10.2139/ssrn.2747994
Veale, M. and F. Zuiderveen Borgesius (2021) ‘Demystifying the Draft EU Artificial Intelligence Act’, Computer Law Review International 22(4): 97-112, available at https://ssrn.com/abstract=3896852
Whittaker, M., K. Crawford, R. Dobbe, G. Fried, E. Kaziunas, V. Mathur, S. Myers West, R. Richardson, J. Schultz and O. Schwartz (2018) AI Now Report 2018, AI Now Institute, New York University, available at https://ainowinstitute.org/publications/ai-now-2018-report-2
Bruegel Non-resident Fellow
European plans to weaken AI users’ rights are unlikely to help achieve convergence in performance between the EU and US tech markets
Europe can gain most from AI not through development but through sound regulation and adoption of the best the world has to offer
In its bid to compete with the US on AI, Europe could learn from both China and from the classic Airbus industrial policy case
See Council of the EU press release of 7 May 2026, ‘Artificial Intelligence: Council and Parliament agree to simplify and streamline rules’, https://www.consilium.europa.eu/en/press/press-releases/2026/05/07/artificial-intelligence-council-and-parliament-agree-to-simplify-and-streamline-rules/.
The AI Act also contains ex-post enforcement measures, including incident reporting obligations and post-market surveillance (Arts. 72-73). It however relies heavily on ex-ante measures and can therefore be categorised as ex-ante regulation.
In practice, the contrast is never stark, and regulatory systems rarely exist in pure ex-ante or ex-post form. However, they may be broadly regarded as ‘ex ante’ or ‘ex post’ depending on the role and relevance of their respective elements. A regime with strict pre-deployment requirements and light ex-post monitoring can be characterised as ex ante, for example. For a discussion of the meaning of ex-ante approaches, see Kaminski (2023).
Timid attempts at global AI governance have been made, such as at the G20 meeting in South Africa in November 2025. See G20 South Africa Summit, ‘Leaders’ Declaration’, https://www.g20.org.za/wp-content/uploads/2025/11/2025-G20-Summit-Declaration.pdf.
The AI Act is based on the 2008 EU new legislative framework for product safety. See European Commission, ‘New legislative framework’, https://single-market-economy.ec.europa.eu/single-market/goods/new-legislative-framework_en.
As listed in Annex III of the AI Act.
Regulated product safety components and AI systems for biometric identification are generally subject to third-party auditing.
That the Commission must issue extensive interpretive guidelines on classifying high-risk systems (European Commission, 2026) shows that the categories rest on legal construction rather than self-evident empirical content.
In Raine v. OpenAI (2025), filed in San Francisco, parents are suing OpenAI for wrongful death and product liability after their teenage son’s suicide. The lawsuit claims the chatbot directly contributed to his death by providing specific self-harm methods and actively deterring him from seeking professional help. See Nadine Yousif, ‘Parents of teenager who took his own life sue OpenAI’, BBC News, 27 August 2025, https://www.bbc.com/news/articles/cgerwp7rdlvo.
In Nevada, four out of five chatbots incorrectly told voters they could not register close to election day, even though same-day registration had been legal since 2019 (Angwin et al, 2024).
Severin Carrell, ‘ChatGPT and other AI bots made huge errors before Scottish election, study finds’, The Guardian, 20 May 2026, https://www.theguardian.com/technology/2026/may/20/ai-chatbots-chatgpt-replika-grok-gemini-misinformation-scottish-election-demos. Researchers found that over a third (34.1 percent) of their responses contained factual errors, with overall reliability varying significantly across the different services. These inaccuracies ranged from providing incorrect election dates and false voter ID requirements to hallucinating non-existent political candidates and entirely fabricating controversies, including expenses and nepotism scandals (Hancock and Moores, 2026).
CMS, ‘There are around 2,000 AI market surveillance authorities in the EU’, 3 December 2025, https://cms.law/en/bel/legal-updates/there-are-around-2-000-ai-market-surveillance-authorities-in-the-eu.
See CEN-CENELEC, ‘Shaping the Future of Artificial Intelligence: CEN-CENELEC JTC 21’, https://jtc21.eu/.
See European Ombudsman news of 30 September 2025, ‘Ombudswoman opens inquiry concerning the development of EU standards for artificial intelligence’, https://www.ombudsman.europa.eu/en/news-document/en/212272.
Acemoglu (2021) listed a set of AI harms that are violations of fundamental rights and showed that each of them maps onto an economically quantifiable welfare loss.
‘Cost’ could signify the fine imposed by the regulatory authority and/or the liability costs; by design the cost is capped, since companies’ financial resources are finite. See the appendix for details.
Note that the case for size-based tiering extends beyond AI: a parallel argument can be made for the GDPR, with calls for differentiated obligations based on company size and data-processing volume to avoid disproportionately burdening SMEs. See Axel Voss, ‘We should revise the GDPR to unlock Europe’s digital future’, CEPS Expert Commentary, 17 February 2025, https://www.ceps.eu/we-should-revise-the-gdpr-to-unlock-europes-digital-future/.
Reversibility of harm is not explicitly discussed in the model but could be represented by exceptionally high damage. In the tiered design, we treat irreversibility as a discrete property of the harm itself, eg whether monetary compensation can plausibly substitute for the damage suffered.
The €150m threshold corresponds to an EU definition of a small mid-cap enterprise. See Council of the EU press release of 24 September 2025, ‘Simplification: Council agrees positions on digitalisation and common specifications, as well as on small mid-caps, to boost EU competitiveness’, https://www.consilium.europa.eu/en/press/press-releases/2025/09/24/simplification-council-agrees-positions-on-digitalisation-and-common-specifications-as-well-as-on-small-mid-caps-to-boost-eu-competitiveness/.
Cynthia Kroet, ‘EU Tech Commissioner defends scrapping of AI Liability rules’, Euronews, 9 April 2025, https://www.euronews.com/next/2025/04/09/eu-tech-commissioner-defends-scrapping-of-ai-liability-rules.
The false high-low risk dichotomy discussed in section 2 is based on the observation that systems that are considered low risk may entail significant risk. However, for the purpose of the liability framework, it is reasonable to presume that classified high-risk systems certainly pose high risk of irreversible harm. That is the case, for example, if AI systems are used to perform surgery.
Kai Zenner, ‘An AI Liability Regulation would complete the EU’s AI strategy’, CEPS Expert Commentary, 25 February 2025, https://www.ceps.eu/an-ai-liability-regulation-would-complete-the-eus-ai-strategy/.
For the very small end of tier 1, a joint-and-several allocation across the AI value chain could be endorsed: insufficiency of resources of a tier 1 deployer does not extinguish the victim’s claim, which can reach upstream to integrators, model providers and training-data suppliers whose solvency is not typically a problem.
API traffic is the flow of data transmitted between software applications and servers over an application programming interface (API). Essentially, it measures the volume of digital interaction between different systems.
Observability is the ability to grasp the internal state of an AI system based purely on its external outputs (logs, metrics and traces). Because AI models are ‘black boxes’ that produce probabilistic outputs rather than deterministic outcomes, they cannot be only monitored: they need to be constantly observed.
The AI Office employs around 125 staff at time of writing. See European Commission, ‘European AI Office’, https://digital-strategy.ec.europa.eu/en/policies/ai-office.
The DSA envisages facilitating the access of vetted researchers only for very large online platforms and very large online search engines. In a similar fashion, only larger AI systems or general purpose AIs should be compelled to grant access to researchers to avoid overburdening smaller developers.
Red teaming refers to structured adversarial testing in which independent experts deliberately attempt to elicit harmful, biased or unsafe outputs from an AI system, or to bypass its safeguards, so that vulnerabilities can be identified before they are exploited at scale.
See the Aviation Safety Reporting System portal at https://asrs.arc.nasa.gov/.
Note, the near miss would not trigger any enforcement action. However, the developer could still be liable or subject to a fine if it does not address the source of incident and is caught by the monitoring authority. That is why it is important that near misses are communicated to an EU authority without enforcement powers.
OECD, ‘AIM: AI Incidents and Hazards Monitor’, https://oecd.ai/en/incidents.
Subscribe to The Why Axis
© BRUEGEL. All rights reserved. Design and development by Soapbox.
 Stock Buy in June: AMD vs. Nvidia (The Winner Might Surprise You) – The Motley Fool){kind=link}
