EU AI regulation should trade lower ex-ante burden for robust ex-post monitoring, judicial review and liability to curb harms without stifling markets.
The European Union’s Artificial Intelligence Act was conceived as a traditional ex-ante product safety regulation: AI systems must comply with a set of requirements before deployment. Yet AI escapes the narrow product definition. It operates in unknown environments and takes actions that were unforeseen at the time of coding. Given that inherent unpredictability, an ex-ante regime cannot effectively safeguard against unforeseeable harm. The AI Act is unlikely to protect against AI harm while minimising market distortion. It risks replicating the outcomes of the 2016 EU General Data Protection Regulation, which has contributed to market concentration by disproportionately burdening smaller firms.
To rebalance EU AI regulation, the AI Act should be revised, moving away from a predominantly ex-ante approach to a balanced mix of ex-ante and ex-post measures. Ex-post regulation relies on monitoring and enforcement after deployment, typically through fines after incidents materialise. A reduction in the AI Act ex-ante compliance burden for most AI suppliers should be traded for a solid ex-post judicial review based on an ad-hoc AI liability framework, together with new ex-post learning, monitoring and enforcement tools. Because the net effect on compliance costs for AI companies would be negative, the package should garner the political support needed in the EU legislative process.
This Policy Brief benefitted from discussions within Bruegel. Many thanks in particular to Stephen Gardner, Fiona Scott Morton and Jeromin Zettelmeyer for their helpful comments.
The main focus of the European Union-level public policy debate on artificial intelligence is reducing the compliance burden for tech companies while stimulating innovation. A regulatory simplification plan, known as the Digital Omnibus and AI Omnibus, agreed in principle at EU level in May 2026, illustrates this orientation – it relaxes deadlines on rules for high-risk AI systems, for example. Work on limiting harms from AI is happening in parallel through implementation of the EU’s 2024 AI Act (Regulation (EU) 2024/1689), draft guidelines from the European Commission (2026) on classification of high-risk AI systems and work on liability, but it is deregulation that has the policy momentum (Mariniello, 2025).
This shows that the harm problem (how to defuse AI risk) and the market problem (how to avoid distorting developers’ incentives) are often addressed in isolation, resulting in a preference-driven public debate between champions of risk minimisation and champions of AI development. Such polarisation threatens to crowd out efficient solutions that address both together.
However, it is possible to improve the design and enforcement of the EU AI regulatory framework while reducing compliance costs. The EU regulatory framework based on the AI Act should be seen as a strength, not a weakness, for stimulating AI development. It can dispel uncertainty, reduce adverse AI effects, stabilise demand and foster tech adoption, ultimately raising investment. The United States, for example, still lacks AI supervision tools at federal level and, although it currently attracts far more AI investment than the EU in absolute terms, may face greater regulatory uncertainty and demand fluctuations over time, with unfavourable effects at the margin, particularly for smaller and more risk-averse firms (Musquera and Brennen, 2026).
Yet the AI Act has serious flaws, making it uncertain whether it can efficiently tackle AI harms (Box 1). The AI Act was largely conceived as a traditional ex-ante product-safety regulation, under which AI systems should, in principle, conform to a set of requirements before being deployed in markets. In many ways, though, AI escapes the narrow product definition. Manufactured products, such as toys, pose risks that are relatively easy to predict (for example, a toy should have no small parts that could cause suffocation if ingested). Conversely, a most compelling feature of AI systems is their unpredictability (Anderljung et al, 2023).
AI systems can, by definition, operate in dynamic environments, taking actions that were not necessarily pre-coded. There are thus significant limits to what product-safety requirements targeting the design of AI systems can achieve. The ex-ante approach contrasts with the ex-post approach, which relies on monitoring and enforcement after deployment, typically through fines after incidents materialise.
To improve the EU framework, it should be recalibrated from a predominantly ex-ante approach to a balanced mix of ex-ante and ex-post measures. A reduction in the ex-ante compliance burden for most AI suppliers should be traded for a solid ex-post judicial review, based on an ad-hoc AI liability framework and the introduction of new ex-post learning, monitoring and enforcement tools. The recalibration would more effectively prevent AI-related harm while reducing market distortion. The net effect on AI companies’ compliance costs is expected to be negative.
The rest of the paper is organised as follows. Section 2 introduces the AI Act and discusses its blind spots. Section 3 analyses the trade-off between ex-ante and ex-post AI regulation. Based on this, section 4 proposes measures to recalibrate the AI Act.
Box 1: The studied risks of AI
The need for supranational ad-hoc AI regulation, such as the EU AI Act, is grounded in economic theory. AI is set to generate great value (Trammell and Korinek, 2023), but equally poised to generate great harm (Bengio et al, 2024). AI can, for example, lead to discrimination, cognitive manipulation, surveillance and disinformation (Whittaker et al, 2018). It can foster exploitation, generate systemic safety risks – for example, by helping to fabricate bioweapons – and dramatically increase energy consumption (Crawford, 2021).
AI companies, if unconstrained, cannot be expected to curb the risk of harm. AI markets are prone to failure. Developers have little reason to worry about potential social harm if it is not reflected in reduced profits. Reputational fears are unlikely to constrain behaviour: big-tech firms have weathered high-profile scandals without major effects on sales (Acquisti et al, 2006; Makridis, 2021). It is thus no coincidence that the gap between AI capability and AI safety is rising sharply (Sajadieh et al, 2026).
AI systems are opaque (Burrell, 2016). Developers may not fully understand why their model behaves as it does (Pasquale, 2015), but they still know more about its architecture and training data than regulators, downstream integrators or end users. After an incident, they can exploit that asymmetry to shift blame along the value chain. Regulation helps mitigate the effects of negative externalities, asymmetric information and moral hazard, and, preferably, it should be deployed at the supranational level, given AI systems’ economies of scale and network effects (Mariniello, 2022). EU countries, for example, are ill-suited to regulate AI with national legislation (ideally, AI harm should be addressed at the global level).
Regulating AI faces three main hurdles. First, the highly dynamic nature of AI markets makes it difficult to anticipate the harms that might emerge, even in the near future (Taeihagh et al, 2021). Because the EU lawmaking process is slow, by the time a regulation is enforced, it may already have been superseded by market developments: the problem of ‘regulatory pacing’, which is particularly acute in AI markets (Marchant, 2011).
Second, there is very limited experience of enforcement of AI regulation (Busuioc, 2021; Martens, 2024). Because of the complexity and opacity of AI systems (Box 1), it is reasonable to expect regulators to struggle when enforcing detailed rules. Third, the global race for AI dominance is driving countries towards suboptimal AI regulation. Jurisdictions fear that strict regulation will drive innovation elsewhere, creating a global race to the bottom and potentially leading to excessive pressure to reduce regulatory constraints – what has been called global “mutually assured deregulation” (Abiri, 2025).
In response to these challenges, the EU AI Act treats AI systems as products that can only be deployed in the market if presumed safe (for example, Art. 48 of the AI Act regulates the use of safety conformity (CE) marking that high-risk AI systems must have to be sold in the single market).
The AI Act approach is risk-based. It bans AI applications considered excessively risky (such as systems that use subliminal techniques to exploit vulnerabilities; Art. 5 AI Act) and sets requirements for ‘high-risk’ AI (for example in medical devices, toys, transport) and applications in sensitive sectors (for example in education, employment and access to essential services). All remaining systems are non-high-risk and subject to no or light requirements. A consumer chatbot, for example, needs only to warn users that they are interacting with an AI system and not a human (Art. 50, AI Act).
The AI Act deals with the pacing challenge by remaining high-level: it sets principles for ex-ante requirements (eg minimising training-data bias, guaranteeing human oversight) and delegates the work of technical specification to European standard-setting organisations (SSOs) such as CEN-CENELEC and the European Telecommunication Standards Institute. Principles are seen as more durable than detailed obligations: should the market evolve unexpectedly, compliance standards adjust faster than laws.
The enforcement challenge is tackled by relying heavily on self-assessment by developers: for most high-risk AI systems, developers can obtain CE marking (and therefore market them in the EU) by assessing whether their systems comply with the AI Act. Developers can assume their system is compliant if it meets the SSO’s technical specifications.
Finally, the AI Act takes a risk-based approach. According to the European Commission (2021), between 5 percent and 15 percent of AI applications on the EU market are high risk. Aggregate compliance costs were therefore deemed unlikely to be excessive.
Meeting the goals of the AI Act is likely to prove difficult for five main reasons. Some of these, such as disproportionate compliance costs, fragmented enforcement and a democratic deficit in standard-setting, are common to other EU digital legislation. The first reason, by contrast, is specific to AI.
The AI Act classifies systems into risk tiers (unacceptable, high, limited and minimal) based on their intended purpose at the time of deployment in the market. A system’s tier depends on whether its intended purpose appears on a list drawn up in advance by the legislator (for high-risk systems, Annex III of the AI Act), not on any measurement of the probability or severity of the harm it actually poses. Compliance is then demonstrated largely through procedural conformity steps rather than a substantive, ongoing assessment of risk (Veale and Zuiderveen Borgesius, 2021).
This approach is based on the assumption that the risk of harm after deployment can be largely predicted. This assumption may hold true generally for products that do not change significantly over time, such as child safety equipment or pharmaceuticals. However, in relation to AI systems, it is fallacious.
Most importantly, AI systems, particularly those built on general-purpose models, are not static products. Their behaviour changes with model updates, fine-tuning, prompt engineering and deployment context. A system classified as minimal risk at deployment may become high risk because of a change in use case that the developer neither intended nor controls (Anderljung et al, 2023). AI systems are unpredictable, since pre-training data does not contemplate all the uses that the system might be put to; most AI capabilities are discovered after deployment (Bengio et al, 2024). It could be objected that no rule can foresee the future, and that many products are subject to dual use. However, a chemical’s hazards, for example, are fixed by its molecular structure; fertiliser, if used to make a bomb, becomes dangerous when deliberately repurposed by a third party. With AI, instead, risk changes during ordinary use, with no new product and often no deliberate act. Reclassifying systems one by one, after the fact, is exactly what an ex-ante regime does too slowly to keep pace with AI markets (Marchant, 2011).
An entertainment chatbot, for example, is not classified as high risk under the AI Act and is therefore subject to the minimum transparency requirements. Yet, interactions with chatbots have raised concerns about them leading teenagers to self-harm (Clark, 2025). Chatbots that provide voting information are not high risk either. Yet AI chatbots tested in the 2024 US elections gave systematically incorrect voting information. The UK Electoral Commission has urged new regulations to control AI chatbots, following a report that these systems made significant errors during the May 2026 Scottish election. These examples are not an argument for simply moving chatbots into the high-risk list. The harm arises in uses unanticipated by the ex-ante classification. An AI system can cross tier boundaries as its behaviour changes after deployment, so the flaw is structural rather than a misclassification that re-listing could address.
Even if at the aggregate level, compliance costs may be low, at the company level, costs may be disproportionately high. Haataja and Bryson (2021) estimated that, for an average AI system (with a development cost of €170,000), compliance costs for developers range from €14,623 to €29,277. This represents roughly 9 percent to 17 percent of total development costs. Since requirements do not scale with developer size, the AI Act risks favouring large firms that can absorb compliance costs and entrenching incumbent dominance. A notable precedent of a similar distortive effect caused by the introduction of the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) is well documented (Johnson et al, 2023).
Reliance on self-assessment by companies may be dangerous. Smuha and Yeung (2025), for example, drew a parallel between the AI Act and shortcomings in the EU’s medical device regime, under which breast implant manufacturers could choose different inspection methods to certify their implants as CE compliant. In the ‘PIP scandal’, inspection failings meant a failure to spot substandard, industrial-grade silicone used in thousands of implants, leading to widespread health hazards.
Under the AI Act, developers who wrongly assert safety face fines of up to 3 percent of turnover. But enforcement is unlikely to be effective or symmetric across the single market. The European Commission lists more than 2,000 sectoral national market surveillance authorities across EU countries. Most of these authorities were originally designed for physical product safety, such as checking whether toys meet fire-resistance standards, not for evaluating whether AI systems exhibit discriminatory patterns in dynamic deployment contexts. Authorities in smaller countries may be particularly exposed to a shortage of technical staff to conduct conformity assessments of complex AI systems (Graux et al, 2025). Because AI is embedded in products and services across the economy, the number of authorities drawn into assessing AI systems would be far larger than for any conventional product category. Once again, the risk is of replicating a scenario in which regulatory enforcement is highly ineffective because of single-market fragmentation, as observed, for example, in GDPR enforcement (Gentile and Lynskey, 2022). The additional AI-specific risk is the dispersal of AI oversight across many different authorities, each operating beyond its technical competence.
According to the AI Act, developers can demonstrate compliance by adhering to standards developed by SSOs (most notably CEN-CENELEC’s Joint Technical Committee 21). These standards are mostly written by industry experts behind closed doors, with civil society groups, consumer organisations and academics playing marginal roles. Yet the drafting process is not merely technical; the decisions SSOs must make are often value-laden (Kaminski, 2023). SSOs take political choices disguised as technical (Hadfield and Clark, 2023). For example, they need to decide what can be considered ‘unfair’, ‘safe’ or ‘unbiased’, a highly subjective exercise (Selbst, 2021). The process is often captured by larger firms with incentives to steer it (Smuha and Yeung, 2025). It can lack transparency and democratic accountability and be inadequate for defining requirements that affect fundamental rights. It is therefore unlikely to meaningfully constrain developers, with potentially high detrimental welfare effects.
The AI Act is not complemented by an ad-hoc AI liability framework, nor does it envisage any redress mechanism for victims of AI harm. This means that if an AI system causes harm, victims must navigate existing product-liability and tort law frameworks that were not designed for algorithmic decision-making. Proving causation, identifying the responsible party in a value chain and overcoming information asymmetries could prove difficult (Hacker, 2023). This is particularly concerning for immaterial damages, for which the EU product-liability framework does not apply.
For example, if a bank relying on an AI-powered screening application incorrectly denies a mortgage application, the applicant would face very high hurdles in compelling the bank to pay compensation under national tort law. She would need to first identify the responsible party (the bank, the AI application developer, the developer of the underlying LLM, the training data provider). She would then need to prove that the algorithm caused the harm, despite having no access to the model or the training data. Finally, she would need to prove that the AI application violated a specific law or contract.
These conditions make the task daunting for victims of AI harm, especially given the opacity of AI systems. Successful litigation wouldn’t be impossible under existing law, but the set of victims who can credibly obtain redress would be far smaller than the set who suffer compensable harm, with plaintiffs without institutional support facing particular difficulties (Hacker, 2023). Combined with weak regulatory enforcement, violators face limited practical consequences for non-compliance.
Most of the weaknesses in the EU AI regulatory framework could be mitigated by reducing its dependence on ex-ante requirements in favour of ex-post measures. A large legal and economic literature suggests that the choice between ex-ante and ex-post regimes is not straightforward (for example, Shavell, 1984; Kolstad et al, 1990; Innes, 2004). Ex-ante regimes tend to be preferred when harms are very high or irreversible and regulators have an ex-ante information advantage (ie harm dynamics can be predicted accurately).
Conversely, ex-post regimes are better suited to preserving the dynamic efficiency of markets. They tend to entail lower compliance costs and distort innovation less – in ex-ante regimes, developers have a reduced incentive to produce a risky product because of higher compliance costs. Moreover, in ex-post regimes, products are observed in real-world use, conveying valuable information to regulators that can improve their market knowledge through continuous learning (Gans, 2025). Ex-post regimes, however, critically hinge on their ability to induce producers to anticipate the costs for them that an incident caused by their product may entail (for example, a fine imposed by the regulator, or the prospect of liability costs). Often, even that may not be enough because producers are insufficiently cautious or expect not to be caught by regulators if something goes wrong. With AI, this may happen often: a voter who received incorrect information from a chatbot may never realise it was wrong.
Thus, ex-post regimes may not be entirely suitable to prevent harm: enforcement often occurs only after someone has already been hurt. If fines or potential liability are not sufficiently dissuasive, ex-post regulatory regimes can allow very high levels of potentially irreversible harm to materialise. Acemoglu and Lensman (2024) argued forcefully for ex-ante restraint when harm is potentially transformative. We take this as binding: the recalibration we propose in section 4 preserves a strict ex-ante regime for large or irreversible damage and shifts regulatory weight to ex-post tools only for the lower-damage segment.
To inform our analysis of how the EU AI framework could be improved by adopting both ex-ante and ex-post elements, we develop a simple theoretical model that formalises the trade-offs in the AI context (see the appendix for details). Figures 1 to 3 show the results from this model. Each figure shows the social costs under the ex-ante regime (dashed blue line) and the ex-post regime (solid red line) as one parameter varies; other parameters are held constant at realistic values. Social cost rises with expected harm and with compliance costs; compliance costs proxy innovation costs (the higher the burden, the lower the investment). A welfare-optimising regulator chooses the regime with the lower social cost. Figure 1 plots social costs as the damage from an AI incident rises (imagine a low d as a delayed train, and a high d as a user’s death after deceitful chatbot information). Figure 2 plots social costs as non-high-risk applications become progressively riskier. Figure 3 plots the costs as developers become less able to estimate their own risk.
Figure 1: Social costs from damage caused by an AI application
Source: Bruegel. See the appendix.
Figure 2: Social costs as true risks of an AI application are revealed
Source: Bruegel. See the appendix.
Figure 3: Social costs and developer’s own risk perception
Source: Bruegel. See the appendix.
Figure 1 shows that, for a given enforcement capacity, there is a damage threshold below which an ex-post regime would, in principle, be preferable. Above the threshold, the expected damage is so high that the cost imposed on a negligent developer does not compensate for it. In such a case, ex-post enforcement would fail to prevent AI harm, because the incentive given to developers to invest in risk mitigation is less than what would be desirable from a social viewpoint. The ex-ante regime forces maximum risk mitigation for high-risk systems regardless of developer choice. When damage is large, ex ante therefore implies lower social costs.
Figure 2 indicates that the ex-ante regime entails lower social costs if the regulator can accurately predict risk and accurately categorise AI systems based on the probability that they will cause harm. This is the case on the left of the figure, where the latent risk of safe applications is close to zero. If applications that are considered safe instead prove unexpectedly to be likely to cause an incident (right side of the figure), social costs under the ex-ante regime skyrocket because it offers no protection against harm generated by applications considered safe: they are subject to no ex-ante requirements. Under an ex-post regime, by contrast, developers have an incentive to invest in mitigation regardless of category; what matters is the expected ex-post cost, represented by the fine.
Figure 3 shows that if developers are unable to estimate the true risks of their AI applications, the case for ex-ante requirements is stronger. As misperception and overconfidence grow, developers fail to account for the consequences of weak internal risk management. Their expected ex-post cost is lower than it would be with accurate risk perception.
Consistent with the broader literature, no regime always dominates in AI markets; outcomes depend on parameters. For the EU, this argues for a recalibration of the AI Act from a mostly ex-ante approach to a hybrid model that blends ex-ante and ex-post features.
This recalibration should take into account three main factors:
Note that the theoretical model is an abstraction based on simplifying assumptions that ensure its tractability. For example, the model treats the two regimes as at either end of a spectrum (the ex-ante regulator forces maximum effort for risky systems and imposes no requirements for safe systems; the ex-post regulator relies solely on the expected fine; see the appendix) and assumes that damage is uniform across applications. The model should therefore be treated as a tool for identifying the direction of the effects of changes in the relevant parameters. Conversely, the model does not aim to accurately replicate the complexity of reality.
Section 4 translates these results into policy.
Based on the analysis in section 3, we recommend three sets of measures: (1) recalibrate the ex-ante requirements of the AI Act based on expected deployment scale; (2) introduce an AI ad-hoc ex-post liability system and an effective ex-post monitoring and supervision structure; (3) increase ex-post universal transparency for high and low-risk AI systems.
The AI Act is largely agnostic about firm size. For example, LinkedIn Recruiter, an AI-powered hiring tool used by thousands of firms and affecting millions of hiring decisions a year, and an experimental resumé-screening tool from a small start-up sit in the same high-risk category (employment, AI Act Annex III). The optimal approach, however, should depend on expected harm (section 3). Harm depends on both risk (the probability of an incident) and total social damage, which correlates with the number of users affected. Limited deployment of an AI tool affects few people; widespread deployment affects many. Small-scale applications are therefore better handled ex post, which avoids overburdening small firms with excessive ex-ante costs. Ex-ante requirements remain essential for large-scale deployment, because expected ex-post fines or liability costs are less effective when expected damage is large.
To address this inconsistency, we recommend introducing a multitiered ex-ante requirements system based on expected deployment scale. The new framework would mimic the structure of the Digital Services Act (DSA, Regulation (EU) 2022/2065), which subjects online platforms to progressively tighter constraints the larger they are.
We propose three tiers for providers of high-risk AI systems:
The cost a developer might face under an ex-post regime when their AI system causes an incident is a powerful incentive for investment in risk mitigation. Two complementary measures should be introduced.
First, the EU needs a comprehensive ad-hoc AI liability framework. But under pressure to cut red tape, the European Commission withdrew in early 2025 a proposal for an AI Liability Directive. For material harm, victims of AI harm will be able to rely on the EU Product Liability Directive (Directive (EU) 2024/2853) as of 9 December 2026, when the Directive becomes applicable. For immaterial harm, victims can only rely on national tort law, facing prohibitive hurdles in the opaque AI environment: proving harm, fault and causation. For example, a job applicant rejected because an AI-powered CV scrutiny tool downgraded her based on her gender would have a very hard time claiming compensation. This is not just incompatible with human rights protection, it also leads developers to underinvest in risk mitigation, as they have no reason to fear additional liability costs in the event of an incident.
The Commission should revive its AI liability proposal, shifting the burden of proof from victims to AI developers. The framework should be tiered. For prohibited and high-risk systems, strict liability is justified: these systems pose risks of serious or irreversible harm and the operator is best placed to manage them, as the EU Product Liability Directive already does for defective products. For other AI systems, a rebuttable presumption of defectiveness and causation is the appropriate instrument (Hacker, 2023). Moreover, a harmonised EU AI liability regime would reduce legal uncertainty and likely support innovation: the current patchwork of national tort regimes is itself a significant compliance burden, falling disproportionately on smaller firms. Note that the liability framework’s effectiveness would depend on companies’ financial solvency. For Tier 1 firms, this concern would be offset by design: the tier would be restricted to applications causing reversible harm, with a capped expected deployment scale.
Second, ex-post regimes require investment in detection infrastructure to be credible. The US Food and Drug Administration offers a model (Tutt, 2017; Lenhart and Myers West, 2024). Its Sentinel Initiative actively queries electronic health records to detect adverse drug events in near real-time. An EU AI equivalent could draw on it. The practical design would hinge on API (application programming interface) traffic sampling and AI observability platforms and would require feasibility analysis beyond the scope of this paper. It would need to be calibrated to firm size and deployment context and reconciled with confidentiality and data-protection safeguards.
Detection infrastructure can serve two purposes. The narrower purpose is informational: monitoring reduces opacity and enables fines or liability to be triggered when harm has materialised. The broader purpose is supervisory: a public authority observes deviations from expected baselines and, on that basis, asks operators to change behaviour before harm ramps up, similarly to what happens with financial supervision, or pharmaceutical regulators issuing label changes and recalls. The two roles are complementary: the prospect of fines incentivises developers to invest in risk mitigation; supervision prevents imminent potential harm.
Two design choices follow. First, the supervisory role must be assigned to a specific institution. The European Commission’s AI Office, which already supervises general-purpose AI systems under the AI Act (Articles 88-89), is a natural candidate: its mandate should be extended to cover non-general-purpose systems flagged by the detection infrastructure. This would require significant additional staffing. National market surveillance authorities can complement that mandate for purely domestic cases, but they cannot serve as the primary supervisor, given the fragmentation problem identified in the AI Act (section 2). Second, supervisory powers must be calibrated to avoid de-facto ex-ante regulation. Interventions should be triggered by an observed deviation detected by the detection infrastructure, rather than by general regulatory discretion. Remedies should be proportionate and subject to judicial review.
When developers underestimate risk, ex-post regulation fails even with strong liability and fines: developers who genuinely believe their system is safe will not invest in safety. A third set of measures is therefore needed to change the information environment so developers become aware of the true risks and regulators get better information on hard-to-anticipate harms.
To increase universal (ie related to any type of AI system) ex-post transparency, we recommend three measures. First, external third-party auditing of deployed AI systems is crucial to improve awareness of AI risks (Raji et al, 2022; Casper et al, 2024). Using the Digital Services Act (section 4.1) again as a source of inspiration, the new AI regulatory framework could envisage structured access for vetted researchers and auditors (Art. 40, DSA). This requires a legal mechanism to give researchers access to API traffic, training data and model architectures, with effective trade-secret safeguards. It also requires safe-harbour rules for independent researchers who carry out unannounced adversarial testing (red teamin) that may breach developers’ terms of service. If trade-secret protections (confidentiality clauses, non-disclosure agreements, usage restrictions, data rooms) are sufficiently robust, developers would have a genuine interest in external auditing: external knowledge would flow back to them, exposing flaws they did not detect.
A second measure could take inspiration from the aviation industry, a recognised exemplar of safety excellence. Aviation safety rests on a solid safety culture deliberately nurtured over time by public agencies and regulators. In 1976, NASA and the US Federal Aviation Administration initiated the Aviation Safety Reporting System. Its key design feature is non-punitive near-miss reporting: pilots and controllers report safety incidents without fear of prosecution, generating data on failures that would otherwise go unreported. Chatzipanagiotis (2026) proposed a similar framework for AI, though the contexts differ (eg pilots have a direct self-interest in plane safety) and the framework would require a strong safety culture that AI markets currently lack. Developers should report confidential AI near-misses to an independent EU authority without enforcement powers. A developer who discovers, for example, that her system produces biased recommendations should be able to report swiftly without fear. Near-misses would be aggregated, analysed and fed back to developers, deployers and regulators.
Finally – and complementing the first two measures – a standardised AI incident taxonomy should be adopted and a systematic harm registry established. A good starting point is OECD (2025), which proposes a common framework for reporting AI incidents based on 29 criteria to gauge information, such as the type or severity of the harm caused, the affected demographic and the system’s deployment context. The OECD also runs the OECD AI Incidents and Hazards Monitor (AIM) tool, tracking global news in real time and categorising AI incidents according to criteria including the type of harm, their severity and affected stakeholders.
The EU should establish an EU AI public incident registry based on the OECD framework, requiring universal reporting when AI incidents occur. Currently only high-risk AI systems must report incidents (AI Act Arts. 72 and 73), and there is no common, publicly available EU incident registry. For companies, the cost of reporting is minimal, especially if standard reporting templates are developed. Similarly, the cost of maintaining such a public EU registry would be small. The registry would foster awareness of AI risks among stakeholders and significantly contribute to an AI safety culture. A side benefit would accrue to AI liability insurance markets, which currently price risk against limited data. A public harm registry and structured researcher access would reduce information asymmetry between insurers and developers, supporting more accurate insurance quotes and, all else being equal, lower premiums for firms with lower realised risk.
These three recommendations – multitiered ex-ante requirements, ex-post liability and supervision and ex-post transparency – should be treated as a package. Lighter ex-ante requirements for small firms work only if accompanied by higher expected liability costs and greater risk awareness; at the same time, an EU AI liability framework would gain political traction only as part of a broader reform that reduces compliance burdens for small firms.
The European Commission is required to start an evaluation of the AI Act’s effectiveness from August 2028. The Commission may propose amendments to improve the enforcement of the AI Act by August 2031 – in other words, far in the future, judged by the standard of AI markets. The EU does not have the luxury of experimenting only to find itself locked into a GDPR-like fallacy, with strong market distortions that favour concentration and inadequate enforcement. The Commission should therefore not wait until 2031 to propose amendments to the AI Act. It should start now to refine the EU AI regulatory framework instead of waiting for it to fail, with potentially dramatic social and economic consequences.
Source : Bruegel
The war in Iran has sent oil prices sharply higher, reviving the question of who…
Supplemental private health insurance is becoming more common in universal healthcare systems as a way…
Europe's Capital Markets Union debate is again centred on how to turn savings into productive…
Dementia affects an estimated 6 million Americans. This column uses data from the Health and…
With inflation still binding and fiscal space thin, the 2026 Iran shock revives the case…
More than 50 years ago, Nobel laureate Theodore Schultz, a pioneer of human capital theory,…