Regulating Multifunctionality

TL;DR

This paper argues that foundation models and generative AI create extreme use heterogeneity and problem heterogeneity, making one-size-fits-all regulation ineffective. It advocates a multifaceted governance framework that pairs flexible regulatory tools—performance standards, information disclosure, ex post liability, and especially management-based regulation—with ongoing vigilance and strong regulatory capacity. The authors contend that prescriptive regulation is infeasible for multifunctional AI due to rapid change and diverse uses, and they propose leveraging private risk management alongside public oversight. The practical implication is a regulatory regime that emphasizes adaptive governance, cross-sector collaboration, and continuous iteration to safely harness AI’s broad range of applications.

Abstract

Foundation models and generative artificial intelligence (AI) exacerbate a core regulatory challenge associated with AI: its heterogeneity. By their very nature, foundation models and generative AI can perform multiple functions for their users, thus presenting a vast array of different risks. This multifunctionality means that prescriptive, one-size-fits-all regulation will not be a viable option. Even performance standards and ex post liability - regulatory approaches that usually afford flexibility - are unlikely to be strong candidates for responding to multifunctional AI's risks, given challenges in monitoring and enforcement. Regulators will do well instead to promote proactive risk management on the part of developers and users by using management-based regulation, an approach that has proven effective in other contexts of heterogeneity. Regulators will also need to maintain ongoing vigilance and agility. More than in other contexts, regulators of multifunctional AI will need sufficient resources, top human talent and leadership, and organizational cultures committed to regulatory excellence.