Logo
FrontierNews.ai

Europe's AI Rulebook Is Being Quietly Dismantled. Here's What Could Replace It.

Europe's approach to AI regulation is shifting dramatically, with governments rolling back statutory rules in favor of letting private companies, insurers, and courts handle oversight. This trend reflects broader anti-regulatory sentiment among European and American lawmakers, but researchers warn that private governance mechanisms, while useful, have significant blind spots that could leave the public vulnerable to AI harms.

What Exactly Is Private Governance, and Why Are Policymakers Turning to It?

Private governance refers to non-statutory mechanisms that guide behavior toward responsible outcomes without direct government enforcement. Unlike company self-regulation, these systems typically involve third parties, industry associations, and legal frameworks that already exist in safety-critical industries like aviation and healthcare. The appeal is clear: private governance can operate across borders more easily than national laws, potentially helping pace AI development at a global scale.

However, the Ada Lovelace Institute, a research organization focused on emerging technology, has identified three main private governance mechanisms that policymakers are banking on: civil liability, AI assurance, and insurance. Each has promise, but each also carries significant limitations that experts say deserve serious attention.

Can Lawsuits Really Hold AI Companies Accountable?

Civil liability, the legal accountability imposed through private law rather than criminal prosecution, has already shown some teeth in the tech industry. A recent Los Angeles case found Google and Meta liable for intentionally embedding addictive design features in their social media platforms, causing mental health harms to users. Thousands of similar cases are now making their way through U.S. courts, and the legal precedent could incentivize companies to rethink their product designs to avoid costly lawsuits.

The same logic could theoretically apply to AI. If an AI chatbot causes demonstrable harm, individuals could sue for damages, creating an economic incentive for companies to build safer systems. In the European Union, private citizens are already filing cases to enforce the General Data Protection Regulation (GDPR), complementing the work of overburdened data protection authorities.

But here's the catch: AI liability cases face formidable obstacles. Some AI harms are immediate and obvious, like an autonomous vehicle causing a crash. Many others are pernicious and systemic, accumulating over time in ways that are hard to trace back to a single company decision. Biased AI recruitment systems, misinformation spread by large language models (LLMs), or mental health effects from prolonged interaction with AI companions may not be visible to affected individuals or may not meet the legal bar for a lawsuit.

Plaintiffs also face steep financial and legal risks. Lawsuits can span years, cost hundreds of thousands of dollars, and in some jurisdictions, a losing claimant may have to pay the defendant's legal costs. Collective redress mechanisms, which allow groups of people who suffered minor harms to seek compensation together, are well-established in the United States but are only beginning to gain traction in Europe and remain severely limited in countries like the United Kingdom.

How to Strengthen AI Accountability Through Multiple Mechanisms

  • Establish Clear Standards: Develop precise, internationally recognized standards for AI safety and performance that assurance providers can reliably verify against, rather than the current flexible and brittle frameworks that often hinder rather than guide verification efforts.
  • Expand Collective Redress: Create pathways for groups of people harmed by AI systems to seek compensation together, reducing the financial and legal burden on individual plaintiffs and making it economically viable to address systemic harms.
  • Combine Liability, Assurance, and Insurance: Ensure these three mechanisms work interdependently, with insurance requirements driving companies toward third-party audits and liability exposure incentivizing safer design practices from the outset.

What Role Can AI Audits and Assurance Play?

AI assurance, the practice of measuring, evaluating, and communicating the trustworthiness of AI systems, is a rapidly growing field. The UK Department for Science, Innovation and Technology identified over 80 specialized assurance companies operating in the country as of 2024, offering services ranging from bias audits to red-teaming (simulated attacks on AI systems) to compliance testing.

These assurance activities draw from established traditions in pharmaceuticals and cybersecurity, where accountability and transparency are paramount. A functioning private governance ecosystem will likely depend heavily on assurance providers' ability to reliably verify AI systems against agreed-upon standards.

Yet assurance faces its own credibility crisis. Research from the Ada Lovelace Institute and the Center for Democracy and Technology shows that companies and assurance providers find existing standards imprecise, too flexible, and too brittle. In practice, these standards often hinder rather than guide verification work. The unpredictability of AI system outputs, combined with the large degree of discretion given to individual auditors, makes standardized verification difficult.

Why Insurance Alone Won't Solve the Problem

Insurance is the third pillar of private governance, but it too has limitations. For insurance to work as a governance mechanism, it must create financial incentives for companies to adopt safer practices. However, if insurers cannot reliably assess AI risk, or if they simply pass costs on to consumers, insurance becomes a cost of doing business rather than a genuine safety driver.

The interconnection between these three mechanisms is critical. Liability cases require clear evidence of harm; assurance provides that evidence through audits and testing; insurance companies use assurance reports to set premiums and coverage terms. But if any one link in this chain breaks, the entire system weakens.

What Happens If Private Governance Fails?

The Ada Lovelace Institute emphasizes that the current emphasis on private governance risks overestimating its capacity to protect the public. While these mechanisms can operate at an international level and may help pace AI development, they are not designed to catch all harms, especially those that are diffuse, systemic, or difficult to attribute to a single company decision.

Researchers and policymakers are grappling with open questions about how to make private governance work. Can standards be made precise enough to guide assurance without being so rigid they stifle innovation? Can collective redress mechanisms be expanded to cover AI harms without overwhelming courts? Can insurance companies develop pricing models that genuinely incentivize safety, rather than simply transferring risk ?

As Europe's formal AI regulations face rollback, these questions become increasingly urgent. The shift toward private governance reflects a real desire to avoid heavy-handed regulation, but it also places enormous responsibility on courts, auditors, and insurers to fill gaps that statutory law once covered. Whether that patchwork of private mechanisms can adequately protect the public remains an open question.