As is often the case, some of the most important issues get put off until they can no longer be ignored. I have a nasty habit of doing this in my personal life, and over the last couple of months, I have found it bubbling over into the professional realm as I have consistently thought about the politics and regulation (especially those coming) of AI as I collected thoughts in notebooks and post-its around my desk, but have neglected writing about it out because of the task and complexity of making it simple. Complexity made simple, mine and I wager any communicator’s golden formula.
But sometimes the news gets ahead of us, whether we are ready or not, it is time to explore this important issue that will impact all of us.
This week, OpenAI’s Chief Global Affairs Officer Chris Lehane told Axios that AI companies “could get crushed by bad politics” if they fail to distribute the wealth they generate. He drew a comparison to Alaska, which shares oil and gas revenue with its citizens. Separately, OpenAI endorsed Illinois SB 315 and the Kids Online Safety Act, floated the idea of a global AI governance body modeled on the IAEA, and positioned itself as the company that regulators come to before regulators come to it.
The message from the most powerful AI company on earth stated plainly: governance is not optional. They can not afford to wait around to become the broken-up railways of yesteryear.
Indeed, in sixty-three days, one part of that plainly stated, hardly veiled request becomes enforceable law.
What is happening this week is not a coincidence of timing. OpenAI is doing what sophisticated organizations do when they sense that the regulatory tide has already turned: they get ahead of it and try to shape it. By the way, the AI lobby is the biggest in Washington or perhaps anywhere now. The IAEA analogy is revealing. The International Atomic Energy Agency exists because the consequences of nuclear energy not being governed were too large for any single jurisdiction to absorb. Lehane’s framing suggests OpenAI has reached the same conclusion about AI.
Meanwhile, on the other side of the Atlantic, the EU is not waiting for a voluntary framework. August 2, 2026, is the date high-risk AI obligations under the EU AI Act become binding. The penalty regime for non-compliance can reach up to €35 million or 7% of global annual turnover for the most serious violations, and €15 million or 3% for high-risk failures. The framework does not ask whether you intended to govern your AI system well. It asks whether you can demonstrate, in writing, that you did.
These two signals, Washington and Brussels, converging in the same week, are the market for AI governance declaring itself open. But there is a bigger philosophical problem embedded in the regulation that most compliance teams have yet to clarify, and we at Intradiegetic have been working towards for months.
Articles 9 through 17 do not audit the accuracy of your AI system. They ask whether your organization has a functioning, continuously running risk management system; whether your training data is governed; whether your technical documentation reflects the system you actually deployed; and whether the humans you say are overseeing the system have the competence, authority, and time to actually do so.
Article 26 goes further still. It does not address the AI system at all. It addresses the deployer. It requires named human oversight, monitoring, log retention of at least six months, worker notification, and incident reporting. There is some confusion because most people I speak to think the regulation asks what your system does. Not at all. The regulation is asking who decided it could do that, who is watching it now, and who picks up the phone when something goes wrong. In very concrete words, they are asking about how the architecture protects.
Lehane’s Alaska metaphor is more interesting than it first appears. He is not really talking about dividends, although many wish he were. He is talking about legitimacy. A technology that generates wealth without distributing participation loses its social license. The same logic applies inside organizations. An AI system that makes consequential decisions without distributed accountability loses its operational legitimacy, first with employees, then with regulators, eventually with the market.
The Greeks had a concept for the specific kind of judgment this requires: phronesis, practical wisdom. Not the application of rules, but the capacity to deliberate well in a specific situation, under time pressure, with incomplete information. Aristotle drew a sharp line between techne, the knowledge of how to make things, and phronesis, the knowledge of when and whether to act on that making.
What OpenAI is acknowledging this week, and what the EU AI Act is legislating, is that techne is not enough. That building capable AI systems without designing where human judgment lives inside them is the original form of AI governance debt. Again, an architectural problem, and so much more complicated than a legal one ultimately. Furthermore, it seems that most people approach this as sequential work, when it should be run in parallel.
In the first three weeks, the priority is inventory and ownership. Every high-risk AI system in production needs to be named, its Annex III category confirmed, and its decision rights mapped: who approved deployment, who monitors it today, and who can suspend it. If that map does not exist in writing, it needs to be built now. The right reason to do so is not because of regulators, although this is going to become very important, but because it also protects and de-risks the business.
In the middle three weeks, the priority is the human oversight gap. Article 26 is unforgiving on one point: the person assigned oversight must have competence, training, and authority. Authority is the word most organizations underestimate. It means the standing to stop the system if it misbehaves, as well as the responsibility to notice when it does. That distinction is the difference between governance and liability.
In the final two weeks, the priority is the incident response layer. Who reviews logs? What constitutes an anomaly? When does an anomaly become a reportable incident? Who notifies the provider? They are the questions the regulator will ask after something goes wrong.
What OpenAI’s repositioning reveals, and what the EU Act confirms, is that AI governance is becoming a market signal. Organizations that demonstrate structured accountability for their AI systems are differentiating from competitors who are still treating governance as overhead.
Lehane said this week that “you can’t talk beyond people or above people. You need to talk with them and involve them in the conversation.” This principle applies equally to citizens receiving AI-generated government services, employees working alongside AI systems, and clients whose data flows through AI-enabled processes.
Every decision right that the regulator forces you to document is a decision right you were already paying for implicitly, in ambiguity, in friction, in duplicated effort, in the time spent relitigating. The EU AI Act is not creating new work; rather, it is surfacing latent organizational debt that has been accumulating since the first AI system went into production without a written answer to the question: Who decides what this agent may do?
The global conversation OpenAI is trying to shape this week will take years to resolve. The architecture conversation your organization needs to have about Articles 9 through 17 and Article 26 is due. Sixty-three days.
Leave a Reply
You must be logged in to post a comment.