The Problem with the Binary

The open source software (OSS) movement offered a clear governance model: make the source code available, and a global community of developers can inspect it, improve it, and build on it. Licenses ranging from permissive (MIT, Apache) to copyleft (GPL) created a legal infrastructure that sustained decades of collaborative innovation. Today, open source projects like Linux, Apache, and Python run much of the modern world. The temptation to import the simple OSS governance model is understandable but misguided.

AI is not software in any simple sense. Traditional software’s value is unlocked almost entirely through access to source code. AI systems, by contrast, depend on multiple interdependent components—computational hardware, training data, source code, model weights, system prompts, operational records and controls, the application layer, and human labor—where source code is just one piece and often not the most important one. Many treat model weights as the AI equivalent to source code, but the analogy does not hold. By making model weights alone available, as many purportedly “open” AI systems do, developers are not unlocking the gamut of benefits that making source code open did for software. For example, without access to expensive hardware and energy, smaller labs and startups are boxed out of the marketplace. AI systems, and their openness, cannot be reduced to a single component nor be understood in isolation; differential openness requires considering the entire AI stack, including interactions between different components.

The actors driving AI openness are also fundamentally different from those who built the open source software movement. The OSS movement grew out of a decentralized community of academics, hobbyists, and developers motivated in significant part by an ethical commitment to software freedom. The AI ecosystem, by contrast, is dominated by a concentrated set of powerful corporations. Meta’s release of Llama was not altruism; it was a calculated strategy (albeit a failed one) to commoditize the model layer. Understanding these incentives is essential for diagnosing “open-washing”—claiming the reputational benefits of openness while withholding the components that matter most.

When Meta releases Llama’s model weights and calls it “open source,” it withholds key components like the propriety datasets used to train them and imposes a restrictive license. When the EU AI Act grants regulatory forbearance to models that publish their weights, architecture, and data-usage information, it misses the often more critical opportunity to demand transparency in the datasets themselves. This narrow focus on AI system openness overlooks the complexity of the stack and privileges systems that are not nearly as open as they seem. It also distorts the policy debate itself. By framing openness i as an all-or-nothing attribute, regulation begins to look like an all-or-nothing choice too, making outright prohibition of some forms of open spectrum AI a live option in a way it never really was for open source software. Effective governance requires recognizing AI’s differential openness so that regulation is crafted to target the right components of the AI stack. The question isn’t whether AI should be open or closed; it is how open each component of a system should be.

Untangling the AI Stack

Our article’s core contribution is a taxonomy that disaggregates AI into eight components, each with its own spectrum of openness. Rather than call these varied configurations “open source AI,” we propose the more precise term “open spectrum AI.” That shift in language matters because the issue is not simply that AI has many parts. It is that these parts interact. Opening one component can create new possibilities elsewhere in the stack, while keeping one critical layer closed can neutralize the practical value of openness in another.

At the infrastructure level, compute—the specialized hardware powering AI—is concentrated among a few firms (Nvidia, TSMC, ASML) and remains largely closed through high costs, and proprietary bottlenecks. The hardware doesn’t function without an inordinate amount of energy controlled by a few utilities commissions. However, compute can be made more open by making design blueprints open source, providing cloud credits , requiring the largest AI players to cover the rising price of energy caused by their increasing demand, or even going so far as to build public infrastructure.

Data—the fuel for the AI engine—is among the most contested components. Some truly open datasets, such as Common Crawl, exist; however, privacy concerns, copyright litigation, and competitive pressures mean that even nominally “open” models often withhold their training datasets.

The technical artifacts that define a model’s capabilities tell a similar story. Source code is often proprietary, while model weights— now the focal points of the openness debate— are sometimes released but frequently under restrictive terms. Even when models, such as Llama and Deepseek, release weights openly, the openness is largely limited without the data, code, and compute. Other layers remain largely closed. System prompts shape model behavior in ways users rarely see. The application layer is also usually proprietary. Each of these layers of the stack can be made partially or entirely open; however, the entities that control these components often lack the incentive to do so.

Finally, the governance and accountability layers. Operational records and controls—logs, safety benchmarks, bias-detection tools—are critical for oversight. And the human layer—from data labelers to researchers to engineers—determines who has the expertise and institutional freedom to build, audit, and improve AI systems. Ultimately, each of the eight components are interdependent: the value of opening any one layer depends in part on the evolving openness of the others.

The Trade-Offs

We evaluate differential openness against four policy objectives: safety, innovation, democratic control, and national security— each of which involves trade-offs.

Take safety. Transparent data, weights, and operational records enable independent auditing and red-teaming. But once these components are released, they cannot be recalled, and malicious actors can repurpose them to generate harmful content or automate sophisticate scams.

The innovation story is similarly mixed. While open-weight models like Llama and DeepSeek have let researchers and startups build domain-specific applications without billions in training costs,if compute, proprietary data, and expert talent remain locked down, opening weights alone creates only an illusion of competition

Openness cuts both ways for democratic control and competition. For democratic control, openness enables civil society to audit AI systems for bias and hold powerful institutions accountable, but oversight is harder with a fragmented ecosystem.. Competition is much the same: openness can foster innovation and new entrants to the market, , but it can also be co-opted by dominant firms to entrench their market positions .

And then there is national security. America’s open spectrum AI research ecosystem has been a source of competitive advantage, but the rapid rise of powerful open spectrum models from Chinese labs like DeepSeek—built in part on openly available Western research— present a challenge to the balance of security and knowledge sharing.

These trade-offs are unavoidable and often conflict between policy goals and even within a single one. Even when policymakers strike what looks like the right balance for a single component, that choice can reshape the rest of the stack in nonlinear ways. Opening one layer can create cascading openness elsewhere; closure at a strategic bottleneck can create cascading closedness.

A Playbook for Policymakers

The final part of our article turns to a research agenda for more precise intervention. We examine five legal and regulatory levers—liability, competition policy, intellectual property, trade controls, and government support—and show how each can be calibrated to target specific components of the AI stack rather than applying system-level mandates. The point is not to offer definitive solutions, but is to show where current law fails to account for the nuance of open spectrum AI.

Current liability rules, for example, often create perverse incentives: developers who release dangerous model weights without safeguards can shelter behind warranty disclaimers and open source licenses, while developers who maintain transparent safety records create a paper trail that plaintiffs can exploit in litigation.

Similarly, competition policy must look beyond model weights. True decentralization requires addressing concentration across the entire stack—compute, data, deployment infrastructure, and labor. Without that, releases of open spectrum AI models by dominant firms can function as competitive weapons rather than public goods.

Intellectual property law creates its own asymmetry: transparent projects that document their data sources invite copyright litigation, while closed developers shield their data sources as trade secrets, which can be used to hide copyright, privacy, and other sorts of violations.

Trade policy raises its own questions: the U.S. currently exempts open-weight models from export restrictions, signaling a recognition of the value of AI openness while raising the the risk of diffusion to adversaries. At the same time, government support, from subsidized compute access and public dataset initiatives to immigration and labor policy that improves accessibility, could counter the resource disparities that make true openness a privilege of the well-funded—but risks flowing back to incumbents if poorly designed.

Conclusion

AI openness is not an inherent good or evil. It is an instrumental value whose worth depends entirely on which components are opened, to what degree, and in service of what goals. Policymakers who want to get this right need to start by untangling the AI stack and then do the hard work of calibrating each component’s openness to the goals they actually care about. That means resisting the false simplicity of the open-closed binary and and building tools that can respond to a system whose components interact, whose trade-offs cascade across layers.

Parth Nobel holds a Ph.D. in Electrical Engineering from Stanford University. Alan Z. Rozenshtein is an Associate Professor at University of Minnesota School of Law. Chinmayi Sharma is an Associate Professor at Fordham Law School. This post is based on their recent paper, Untangling AI Openness.

Class actions have long been used to address harms from emerging technologies, with historical precedents including asbestos litigation in the 1970s and the Volkswagen “clean diesel” scandal in 2015, illuminating technological issues and demanding remedy when individuals lack the incentives to pursue litigation. The same could be applicable regarding AI. This technology is currently in its infancy, a stage where users lack the expertise to identify harms, making aggregate litigation appealing in the pursuit of gaining transparency and deterrence in the AI age.

The Mechanics of Certification under Rule 23

To proceed as a class action in federal court, plaintiffs must satisfy the four requirements listed in Rule 23 of the Federal Rules of Civil Procedure. First, numerosity. Given that millions of Americans now use generative AI platforms, satisfying the requirement for a large group of plaintiffs is relatively straightforward. Second, commonality. Post-Wal-Mart Stores, Inc. v. Dukes, plaintiffs must show a common stroke of harm. In the AI context, this is feasible because all class members interact with the same uniform code or foundational model, making systemic wrongful acts (like discrimination) easier to prove than in traditional corporate settings. Third and fourth, typicality and adequacy. AI cases usually stem from the same course of conduct by AI developers and deployers, ensuring the representative’s claims are typical of the group. However, courts must meticulously screen these cases to ensure they are driven by the class’s claims rather than lawyers seeking large fees in a new, uncertain sector.

Most AI class action cases are filed under Rule 23(b)(3), requesting damages. In this category, a plaintiff must also show predominance and superiority. This means that common questions must predominate over individual ones. While individualized damages can be a hurdle, many AI harms, like algorithmic price-fixing or benefit denials, affect members in nearly identical ways, making class litigation an efficient method over individual litigation.

Thematic Classification: Suitability of AI Claims

AI litigation can be roughly classified into areas where class actions are highly suitable and areas where they face significant challenges. Below is a brief breakdown of these two categories, pointing out elements of the subject matter that make a given claim more or less suitable to be litigated via class action.

Suitable for Class Action

First, copyright is the most active sector, exemplified by cases like Andersen v. Stability and Authors Guild v. OpenAI. The massive $1.5 billion settlement by Anthropic highlights the scale of these disputes and the potential for class actions to nudge the industry toward licensing regimes. Second is the health care sphere, where class actions have targeted insurers like Humana and UnitedHealth for using AI algorithms to wrongfully deny claims or terminate care without physician review. Third, antitrust as exemplified in the RealPage litigation involving algorithmic price-fixing in the rental market. This case demonstrated how AI can facilitate “hub-and-spoke” conspiracies that harm millions of consumers. Fourth, constitutional rights, where government use of AI for fraud detection (e.g., MiDAS) or Medicaid payment reductions has led to successful due process violations class actions. Lastly, discrimination, as AI-driven hiring tools, such as those used by Workday, have faced collective actions for allegedly discriminating based on age, race, or disability.

All of these cases present relatively straightforward instances where the four requirements stated in Rule 23 could be established, given the way AI is used and the scope of users who are exposed to it, mostly involuntarily and with shared detrimental effects.

Challenging for Class Action

First, privacy and surveillance. These claims often struggle with Article III standing (proving a concrete injury) and the predominance requirement, as individual issues of consent frequently outweigh common questions. Second, and closely related, is BIPA litigation. While Illinois’ Biometric Information Privacy Act offers statutory damages, AI data-scraping cases are often hindered by the black box nature of how biometric data is stored and possessed and limited by the language and geographical scope of the Act. Third, personal injury and mass torts. Traditional negligence claims (like autonomous vehicle accidents) are typically too individualized for class certification, as accidents are highly context-dependent and thus challenging to aggregate, even if they stem from the same catastrophic AI-related accident.

Normative Justifications: Accountability and the Black Box

There are several normative reasons for leaning into the AI class actions vehicle. To name only two: first, the highly concentrated industry structure, where a handful of companies (e.g., Microsoft, OpenAI, Anthropic, and Google) control the foundational models, means that moving liability upstream can effectively mitigate widespread harm. Second, class actions facilitate the cycle of ‘naming, blaming, and claiming.’ In a field where users are often unaware they have been harmed, aggregate litigation allows a single representative to hold a company accountable on behalf of everyone, incentivizing safer AI development.

The Limits: AI Class Actions are Not a Panacea

Despite their promises, there are significant drawbacks to over-reliance on class actions in the AI context. The threat of crushing liability and multi-billion-dollar settlements might stifle innovation, particularly for smaller to medium-sized companies that lack the resources to litigate or settle.

Furthermore, the prevalence of settlements (the Anthropic case in point) may severely delay the development of AI common law doctrines. If cases never reach a final judicial decision on their merits, the legal standards for AI liability remain uncertain, harming both plaintiffs and defendants and leading to inefficiencies in our judicial system. There is also the common risk of ploys by attorneys who prioritize large fee awards over meaningful relief for class members, leading some plaintiffs to opt out in hopes of more lucrative individual suits. Given the opacity and obscurity surrounding AI, these concerns amplify as more class actions are being filed and often settled.

Conclusion

Ultimately, while class actions are imperfect and carry risks of abuse, they remain a vital tool for transparency and accountability in the absence of robust AI regulation. Courts should carefully weigh factors like statutory damages to ensure that class actions promote safer AI software rather than just extracting monetary settlements. Over time, the nature of AI should become clearer, moving litigants away from a class action structure to individual litigation. But at the current stage of the AI age, suitable class actions will be a primary mechanism for victims, however, they should not be the only one.

Anat Lior is an Assistant Professor at Drexel University’s Thomas R. Kline School of Law. This post is based on a longer paper, Fighting AI Harms Together: What Class Actions Can (and Can’t) Do.

We think the answer lies in a governance regime that relies heavily on voluntary consensus standards developed through open, multi-stakeholder processes. We call this approach private standards-based governance, and it is far from a radical idea. Standards—agreed-upon rules about how a technology should work, perform, and be built—have been the dominant way we have governed digital technologies for decades, from the Internet to mobile networks to cybersecurity. They can hard-wire constraints into a system’s design, shaping how it behaves and how people can use it in practice. They can also target the organizational side of technology, influencing how companies build, deploy, and supervise the systems on which they rely. Taken together, technical and management standards can shape how AI systems are developed, tested, rolled out, and managed over time, nudging them in more socially desirable directions.

In practice, AI technical standards might include procedures and benchmarks for evaluating model robustness, security, and bias, standardized formats for disclosing key information about a model’s architecture and limitations, and protocols for reporting discovered flaws back to developers. These will often need to be domain-specific, since automated driving systems demand very different testing protocols than AI-based medical diagnostics. On the organizational side, management standards can address the human dimensions of AI development and oversight, covering things like internal accountability structures, data quality management, impact assessment methodologies, and incident response protocols.

To be clear, we are not claiming that standards represent the perfect solution to the AI governance question. A perfect solution would somehow be democratically accountable, technically expert, highly effective, and capable of keeping pace with a rapidly evolving technology. That is simply not realistic. But when standards are compared to the extant alternatives, particularly traditional government regulation, their advantages become difficult to ignore. We identify four key dimensions across which private standards outperform traditional regulation: (1) governance architecture, (2) technical expertise and inclusive participation, (3) adaptability to rapid change, and (4) global scalability.

The problem with top-down regulation

Traditional regulation works by issuing commands from the top down, leaving firms and other regulated entities with little discretion over implementation. The problem is that regulators often lack the specialized knowledge to craft effective rules for complex AI systems. Government has a less-than-stellar track record in setting technical standards for high-technology domains, and when regulators get it wrong, everyone is stuck with the result. The binding nature of regulation compels adoption regardless of any shortcomings.

Standards flip this dynamic around, emerging from the bottom up. Because they are voluntary and market-driven, bad standards are far less likely to get adopted. Multiple approaches can develop in parallel, and the ecosystem learns from experimentation before settling on what works. This is especially important for AI, where a one-size-fits-all approach almost certainly will not work across the enormous variety of systems and use cases. Instead of a regulator attempting to determine in advance where sector-specific approaches are needed, this differentiation can be dictated by the needs and challenges experienced by those operating within each sector.

Drawing on real expertise

The deep technical knowledge needed to govern AI effectively lives primarily in academia and the private sector: in the computer scientists, engineers, researchers, and practitioners who build and deploy these systems daily. Standards development processes are designed to tap into that expertise. They bring together the people who actually understand how the technology works.

Critics worry that this gives industry too much power. That is a fair concern, but resource disparities shape outcomes in any governance system. Large companies dominate notice-and-comment rulemaking and lobby state legislatures just as effectively as they participate in standards bodies. The difference is that well-designed standards processes have mechanisms to manage these dynamics. Transparent deliberation, consensus requirements, and structured participation from diverse stakeholders can all help. When these mechanisms work, they produce technically sound rules that are actually implementable.

Keeping pace with change

One of the biggest problems with traditional regulation is speed, or more accurately, its lack thereof. Rulemaking can take years. Impact analyses, interagency reviews, and notice-and-comment periods all add friction. Not to mention the fact that regulators typically only learn about new developments well after they have happened, putting them perpetually behind the curve.

We have already seen this play out with AI. European regulators spent over a year drafting the EU AI Act around the assumption that AI systems would be built for specific use cases. Then ChatGPT arrived and became one of the fastest-adopted technologies in history. Suddenly the whole framework needed overhauling to account for general purpose AI (GPAI).

Consider also the use of compute thresholds—the idea that regulatory obligations should kick in when a model is trained using a certain amount of computational power—an approach embedded in both the EU AI Act and California’s unsuccessful proposed SB 1047. After the EU based its regulation of GPAI around one of these thresholds, the Chinese frontier AI lab DeepSeek released R1, an open-source model that matched and even outperformed many cutting-edge Western models on major performance benchmarks despite (purportedly) using considerably less training compute. This challenged the assumption that achieving frontier-level capabilities requires massive computational resources and led some to argue that, had SB 1047 become law, its thresholds would have become obsolete before even taking effect.

Private standards processes can move faster. They are not bound by the same procedural requirements, and just as importantly, the participants in the standards development process are the same people driving the technology forward, making them far less likely to be blindsided by new developments.

Scaling across borders

The final key advantage of private standards relates to geography and scale. AI is a global technology, which necessarily means that governance that stops at national borders will always be incomplete. Somewhat counterintuitively, private standards can actually scale internationally in ways that treaties and multilateral agreements struggle to achieve. Multilateral talks around digital policy issues like privacy and data flows have stalled for years due to fundamental disagreements between major powers. There is little reason to think AI regulation would fare better.

Because standards development processes are generally structured as open arrangements and final publications are made widely accessible, they allow for broad participation and adoption regardless of geographic location. Globally coordinated standards let companies build one system aligned with a widely accepted framework rather than juggling conflicting requirements across jurisdictions. They facilitate cross-border commerce and help developing countries participate more meaningfully in the AI economy.

The path forward

None of this means standards are without challenges. They are voluntary, so adoption is not guaranteed. Industry capture is a real risk. Moving too fast can undermine legitimacy, while moving too slowly defeats the purpose. These tradeoffs are manageable, but they require intentional effort in designing standards bodies to be inclusive, transparent, and accountable.

Policymakers have a role here too, though not as top-down regulators. They can enforce commitments, police anticompetitive behavior in standards processes, and serve as a backstop, strategically wielding the threat of formal regulation to push private actors toward cooperation and rigor.

The question is not whether standards will govern AI. They already do, with work underway at organizations like NIST and ISO/IEC and a growing ecosystem of sector-specific initiatives. The question is whether policymakers and stakeholders will recognize their emergence as the opportunity it is and invest in building the institutional foundations necessary for them to serve the public good. Private standards-based governance is agile, expert-driven, and globally scalable in ways traditional regulation simply is not. But realizing that promise will take serious, sustained engagement from all involved.

Alexander R. Mueller is a Research Fellow at the Center for Technology, Innovation & Competition, University of Pennsylvania Carey Law School. Christopher S. Yoo is the Imasogie Professor in Law & Technology, Professor of Communication, Professor of Computer & Information Science, and Founding Director of the Center for Technology, Innovation & Competition at the University of Pennsylvania. This post is based on their forthcoming paper, Taking Standards Seriously: The Case for a Private Standards-Based Approach to AI Governance.

Attention all health-conscious individuals! Are you worried about the risk of developing cancer? Well, worry no more! Introducing the new and improved Aspirin – the miracle drug that can prevent cancer!

Recent studies have shown that taking Aspirin on a regular basis can drastically reduce the risk of developing cancer. In fact, just one pill a day can keep cancer at bay! Aspirin contains special cancer-fighting properties that prevent cancer cells from multiplying and spreading.

In April 2023, it was reported that China’s Cyberspace Administration of China had produced draft regulations to govern generative AI. The draft rules would

• require companies to reflect “social core values”;

• require companies not to publish anything that would undermine national unity or “state power”;

• forbid companies from creating words or pictures that would violate the rules regarding intellectual property.

• forbid companies from creating words or pictures that would spread falsehoods;

• ban companies from offering prohibited accounts of history; and

• forbid companies from making negative statements about the nation’s leaders.

Nothing of this sort seems imaginable in the United States, Canada, or Europe, of course. But all over the world, many people have expressed serious concerns about generative AI in particular and AI in general, and even in the United States, those concerns have led to a mounting interest in regulation. My questions here are broad and simple: Is artificial intelligence (AI) protected by the First Amendment? In what sense? Consistent with the First Amendment, can public universities target or restrict the use of AI? Can Congress? Can federal agencies?

A simple point should be sufficient to many such questions: What is unprotected by the First Amendment is unprotected by the First Amendment, whether its source is a human being or AI. Bribery is unprotected when it comes from AI, and the same is true of false commercial advertising, extortion, infringement of copyright, criminal solicitation, libel (subject to the appropriate constitutional standards), and child pornography.

If the government required those who develop generative AI, or AI in general, not to allow the dissemination of false commercial advertising, extortion, infringement of copyright, criminal solicitation, libel (subject to the appropriate constitutional standards), and child pornography, there should be no constitutional problem.

But does AI, as such, have First Amendment rights? Does ChatGPT have First Amendment rights? Does Grok? It is hard to see why. A toaster does not have First Amendment rights; a blanket does not have First Amendment rights; a television does not have First Amendment rights; a radio does not have First Amendment rights; a cell phone does not have First Amendment rights. Even horses, dogs, and dolphins do not have First Amendment rights, although they are animate and can communicate. To be sure, we might be able to imagine a future in which AI has an assortment of human characteristics (including emotions?), which might make the question significantly harder than it is today. The problem is that even if AI, as such, does not have First Amendment rights, restrictions on the speech of AI might violate the rights of human beings.

Suppose that the government enacts a law forbidding AI from (1) making negative statements about the president or (2) disseminating negative statements about the president. Positive statements and neutral statements are permitted. Truth is not a defense. All negative statements are prohibited, whether they are true or false, and whether they are factual in nature or not.

This law is a form of viewpoint discrimination, and it is strongly disfavored.2 Consider these defining words from West Virginia State Board of Education v. Barnette3: “If there is any fixed star in our constitutional constellation, it is that no official, high or petty, can prescribe what shall be orthodox in politics, nationalism, religion, or other matters of opinion or force citizens to confess by word or act their faith therein.” Or consider these words from Police Department v. Mosley4: “[A]bove all else, the First Amendment means that government has no power to restrict speech because of its message, its ideas, its subject matter, or its content.”

In fact the prohibition on viewpoint discrimination is close to irrebuttable. Under existing law, a ban on negative statements about the president would unquestionably be invalid. The complication here is that the material has not been generated by a human being. How, exactly, should that matter? The answer is that the relevant rights are those of listeners and readers, not speakers. Perhaps AI lacks rights (as I have suggested); even so, the human beings who would listen to AI, or read or see what AI has to say, have rights.

To understand the nature and scope of those rights, it is important to distinguish among viewpoint-based restrictions, content-based (but viewpoint-neutral) restrictions, and content-neutral restrictions. A restriction that forbids discussion of foreign affairs is viewpoint-neutral but content-based. A restriction that forbids loud discussions between midnight and 4 a.m. is content-neutral. Content-based restrictions are nearly always struck down. Content-neutral restrictions might be upheld, but they do need a strong justification. All of these principles apply to AI no less than to people.

To the extent that restrictions are imposed on AI in a way that (1) apply to or affect human speakers, writers, or publishers, or (2) apply to or affect human listeners, readers, or viewers, there might be a significant First Amendment question. Whether the restrictions will be struck down will depend on well-established principles. Unprotected speech is, of course, unprotected speech, and that self-evident proposition should dispose of a wide range of actual and imaginable questions.

Cass Sunstein is the Robert Walmsley University Professor at Harvard University.

Because AI today runs on data, how we regulate data affects AI regulation. And because more than one field of law applies to data, data regulation is complicated. Take copyright law and information privacy law: the fields of law overlap in that they both apply to data, yet they have different legal rules and different underlying goals. When the copyright-privacy boundaries blur and the discrete rules and rationales for each domain do not remain sufficiently distinct, the two regimes lose their independent structural integrity and collapse into one another. This is what I call “inter-regime doctrinal collapse” (or doctrinal collapse, for short).

Although “collapse” may sound catastrophic, doctrinal collapse can be a good thing if it enables beneficial innovation or constructive change. But it is bad, I think, when it disproportionately facilitates exploitation by already-established corporate players. In a forthcoming article, I distinguish this regulatory phenomenon from others, such as regulatory arbitrage or regulatory gaps, and detail specific tactics that companies use to acquire data. There, I focus on business-to-business licensing deals (“buy”) and business-to-user agreements in privacy policies and terms of service (“ask”) and how these tactics tend to let the “haves” get ahead.

Here, I focus on a complementary point: doctrinal collapse can also have negative consequences when it impedes law’s ability to constrain the arbitrary exercise of private power. That is exactly what is happening in AI today. When a leading AI company can contend that data is public enough to scrape—diffusing both privacy and copyright controversies—and then turn around and claim that it’s private enough to keep secret—contesting disclosure or impeding oversight of its training data—something has gone terribly awry. Formally, copyright law’s legal rules and incentive-based approach and privacy law’s legal rules and control-based approach are distinct; functionally, they blur.

Even for someone like me who tends to eschew formalism and embrace law’s inevitable ambiguity, there’s a problem: the current structure of law allows companies to switch between copyright law and privacy law arguments, depending on what advances their interests at a particular moment. Corporate opportunism like this of course isn’t new, particularly in the age of informational capitalism. But this sort of doctrinal switching is more than gamesmanship. Analyzing only the result (opportunistic behavior) overlooks the relationship between legal regimes (the inter-regime doctrinal collapse) that enables that result.

Doctrinal collapse comes with rule of law consequences. When sophisticated actors exploit collapse, they manipulate the instability of the two partially overlapping domains. In public rhetoric about AI development as well as generative AI litigation and regulation nationwide and worldwide, it’s increasingly difficult to trace which arguments are being advanced or to assess the legitimacy of those claims. This outcome poses a rule of law problem, because a rule-of-law system requires the rules to be publicly understandable and applied in a consistent, justifiable manner. To be sure, rule of law concerns traditionally focus on state actors and binding legal pronouncements. But when private companies strategically leverage overlapping legal regimes—even through litigation briefs and public rhetoric—law loses its capacity to constrain the arbitrary exercise of power. That’s a rule of law problem.

Pending generative AI litigation reveals how copyright law and privacy law lines become unclear and unpredictable as privacy is strategically minimized, then maximized, in ways that do not cohere over time. Recall that, at the data acquisition stage, AI developers emphasize that data they have scraped to train AI models is public. The public availability of the data is used to make copyright arguments, to maintain that there is no privacy interest in the data used to train an AI model, or both. The common refrain is that the data was voluntarily shared with the company, by making it publicly available online. Later, if the company is one of the dozens sued for alleged copyright infringement, it might again double down on these same arguments about the public nature of data. A developer might also highlight a user’s choice to accept the platform’s terms of service and privacy policy, seeking to rebut any privacy objections on the grounds that data was voluntarily provided and licensed to the company.

But the same company may simultaneously refuse to disclose the training data and claim that the dataset is proprietary, or even advance arguments about privacy to shield that data. Notably, although information privacy arguments don’t feature prominently in the company’s initial public statements or legal briefs, as soon as the plaintiffs demand access to that training data, the very same company may, in the context of mounting a copyright defense, suddenly claim that sharing data would compromise user privacy interests. Privacy didn’t matter before, when the company was training the model, during the deployment of the AI system, or in earlier court filings and public statements—but when it can be strategically invoked to resist discovery, it suddenly becomes a leading argument and even a PR opportunity.

There may well be valid privacy interests here, but my point is more basic: when private actors can choose which doctrines apply, at which times, depending on what serves them, controlling legal regimes lose their consistency and coherence. This outcome makes legal rules less publicly accessible and less easily understandable by members of the public. Put simply, private actors’ toggling makes the law increasingly illegible. If we blink that reality, we will let private actors manipulate copyright law and privacy law to acquire data, and we will miss how power flows in AI development. If we instead recognize these dynamics, then we can confront how doctrinal collapse is happening in AI and turn to the real question: not how to stop doctrinal collapse, but instead how to temper its pernicious consequences.

One auspicious possibility, drawn from conflict of laws, is to look to the courts as front-line managers of collapse. For instance, in a generative AI lawsuit that involves competing copyright and privacy interests and arguments, the adjudicating court might insist on a rebuttable “anti-switching” presumption. As a rough cut, the idea is that a party in litigation cannot assert mutually incompatible claims at different points in the lawsuit, absent a sufficiently compelling reason to defeat the presumption. Because it is a rebuttable presumption, this intervention would require the court to engage in case-by-case, fact specific analysis. This nuanced analysis may be a feature, because it doesn’t lock in any assumption that copyright law or privacy law should always take priority and requires evaluation of the interests as they are presented in a particular legal dispute. An open question, though, is whether it places too many demands on the court, by straining judicial resources or by encouraging improper judicial policymaking.

Whatever the answer, notice how the frame has shifted. That is the key. AI accountability must be an institutional design question that considers which actors matter, and which also accounts for multiple legal domains and the interactions between them—or else AI really will break the law.

Alicia Solow-Niederman is an Associate Professor of Law at The George Washington University Law School. This post is based on her forthcoming paper, AI and Doctrinal Collapse, 78 Stanford Law Review __ (forthcoming 2026).

In our paper, Auditing Large Language Models for Race and Gender Disparities: Implications for Artificial Intelligence-Based Hiring, we propose and evaluate correspondence experiments as a practical method for auditing LLM-based hiring tools.

The new challenges posed by LLM audits

Much of the existing literature on algorithmic bias focuses on supervised learning systems trained on labeled historical data. In those settings, disparities often reflect biased training labels or statistical tradeoffs among competing definitions of fairness. LLMs differ in important respects. They are pretrained on massive, largely unlabeled text corpora and then post-trained through alignment processes designed to improve safety and compliance with social norms. These stages are opaque, making it difficult to anticipate how sensitive attributes like race and gender might affect downstream outputs.

Regulatory approaches reflect this uncertainty. For example, New York City’s Local Law 144 requires employers using automated employment decision tools to report adverse impact ratios across demographic groups. Although such ratios are widely used, they cannot distinguish disparities driven by differences in applicant qualifications from those caused by discriminatory decision-making. This limitation is particularly acute for LLMs, whose outputs often resemble human judgments rather than simple classifications.

Using correspondence experiments to audit LLMs

To address this gap, we adapt correspondence experiments, a method with a long tradition in labor economics and sociology, to the context of auditing LLMs. In classic correspondence studies, researchers send fictitious but otherwise identical résumés to employers, varying signals of race or gender (often names), and interpret differential treatment as evidence of discrimination. We extend this logic to LLMs acting as evaluators.

Our empirical setting relies on a novel dataset of applications to K–12 teaching positions in a large U.S. public school district. Using public records requests, we obtained 1,373 applications, ultimately focusing on 801 applicants who submitted both résumés and video-based interview responses. These materials resemble the inputs employers might plausibly provide to LLM-based screening systems.

We evaluated 11 prominent LLMs from OpenAI, Anthropic, and Mistral. Each model was prompted to review an applicant’s materials, summarize their qualifications, and provide numerical ratings, including an overall hiring recommendation on a five-point scale. For every applicant, we created eight synthetic dossiers that differed only in implied race (Asian, Black, Hispanic, or White) and gender (male or female), using names, pronouns, and related cues, while holding qualifications constant.

Before analyzing outcomes, we verified that these manipulations were effective: the models correctly inferred the intended race and gender of the synthetic applicants more than 90% of the time, a rate comparable to human perception in traditional audit studies.

What do adverse impact ratios reveal?

As a baseline, we examined adverse impact ratios using the unmanipulated applicant pool. At higher score thresholds, some models appeared to favor women and non-White applicants, while at lower score thresholds disparities attenuated or reversed. However, these estimates were often statistically imprecise, and most were not significant. More importantly, adverse impact ratios alone cannot tell us whether observed disparities reflect differences in applicant quality or bias in the model’s evaluations.

Evidence from correspondence experiments

Correspondence experiments allow us to overcome this limitation by holding applicant qualifications fixed. Across nearly all models we tested, we found modest but consistent disparities: LLMs rated synthetic female applicants slightly higher than male applicants, and they tended to rate Black, Hispanic, and Asian applicants slightly higher than White applicants.

These effects were not large, but they were systematic. Measured in standard deviation units or percentage-point differences at common hiring thresholds, the disparities were typically a few points--smaller than, but comparable to, those documented in studies of human recruiters.

We conducted extensive robustness checks. We varied prompts, restricted inputs to résumés only, and altered contextual cues such as the school district’s demographic composition. Across these variations, the same qualitative pattern persisted, suggesting that our observations were not artifacts of a particular prompt or dataset.

Interpreting the direction of disparities

A striking feature of our findings is that the direction of disparity runs counter to much of the historical literature on discrimination: the models modestly favored women and racial minorities rather than men and White applicants. However, we caution against overinterpreting this result. We hypothesize that these patterns may stem from post-training and alignment processes intended to mitigate discriminatory associations in the training data. In attempting to correct for historical bias, models may overshoot, producing distortions in the opposite direction.

At the same time, we emphasize that the direction and magnitude of disparities are unlikely to generalize across contexts. Other studies have found opposite patterns, and the behavior of any given LLM may vary substantially depending on the task, the prompt, and the applicant pool.

Limitations of correspondence experiments

Although correspondence experiments are a powerful auditing tool, they have important limitations. Race and gender are not easy attributes to isolate. Names signal more than demographic categories; they may also indicate age, socioeconomic status, or cultural background. As a result, we cannot be certain that we have isolated the effect of race or gender alone.

Moreover, correspondence experiments only test sensitivity to the manipulated attributes. An LLM might exhibit little bias with respect to race and gender while still disadvantaging applicants on other dimensions--such as educational pedigree--that indirectly affect protected groups. Finally, audits are inherently context-specific: conclusions drawn in one domain, such as K–12 teaching, may not extend to others.

Implications for research and policy

Despite these limitations, we believe correspondence experiments make a meaningful contribution to advancing audit practices for an AI-assisted decision environment. They provide an interpretable way to assess whether sensitive attributes influence LLM outputs, aligning well with regulatory goals while avoiding the pitfalls of purely descriptive metrics like adverse impact ratios. More broadly, our work illustrates how established social-science methods can be adapted to evaluate modern AI systems.

Prasanna (Sonny) Tambe is a Professor of Operations, Information and Decisions at the Wharton School at the University of Pennsylvania. Johann D. Gaebler is a Ph.D. Student in Statistics at Harvard University. Sharad Goel is a Professor of Public Policy at Harvard Kennedy School. Aziz Huq is the Frank and Bernice J. Greenberg Professor of Law at the University of Chicago Law School. This post is based on their recent paper, Auditing Large Language Models for Race & Gender Disparities: Implications for Artificial Intelligence-Based Hiring.

This dynamic is well documented in laboratory experiments. In the standard dictator game, one player (the Allocator) receives an endowment (e.g., $10) and unilaterally decides how much, if any, to give to a passive Recipient. Although self-interest predicts zero transfers, Allocators typically give around 30 percent, reflecting a strong fairness norm that windfalls should be shared. However, when an agent is introduced to implement the transfer, Allocators give less. Prior work shows that agents are used precisely to diffuse responsibility for unfair outcomes, thereby lowering the moral costs of norm violation.

Delegation is usually costly, which limits the extent to which individuals can offload responsibility. Advances in artificial intelligence, however, dramatically reduce these costs. Widely available artificial intelligence (AI) systems—particularly so-called agentive AI—may function as inexpensive intermediaries, raising a novel question: will people treat AI agents as morally responsible actors and use them to offload responsibility in the same way they do with human agents?

To address this question, we build on a research agenda on Behavioral Self-Management (BSM), which studies how individuals strategically redesign their decision environment to more effectively pursue their self-interest, including, as in this case, by muting the self-image and social-image costs of self-interested behavior. We investigate whether AI agents can facilitate BSM by absorbing moral responsibility for norm violations.

We test this idea experimentally in a laboratory study conducted at the NYU Stern Behavioral Lab. Participants played two dictator games with a $10 endowment: a Self-Image Game, in which decisions were private, and a Social-Image Game, in which an Observer could reward fair behavior. Participants were randomly assigned either to an AI Treatment, in which they could delegate part of the transfer process to ChatGPT, or to a Control, in which the same task was implemented using deterministic (i.e., conventional, non-AI) software (in this case, the browser-based LimeSurvey statistical survey application).

In the AI Treatment, Allocators could either execute the transfer themselves or delegate the final step to ChatGPT. To ensure that delegation reflected responsibility offloading rather than advice-seeking, ChatGPT followed a fully scripted protocol. The AI sequentially presented each possible transfer amount ($0–$10) and asked Allocators to confirm their preferred amount before executing the transfer. The protocol was explicitly explained to participants to clarify that the AI provided no evaluative or normative guidance. The Control condition used an identical protocol implemented by LimeSurvey, and participants were informed that the software was non-agentive.

The design placed AI in a role analogous to a human intermediary who merely carries out a principal’s instructions. Importantly, responsibility attribution tends to concentrate on the final actor in a causal chain. In our experiment, only the entity executing the final step—the release of a code enabling the Recipient to collect earnings—could complete the transfer. When Allocators delegated to ChatGPT, the AI revealed the code to the Recipient. When they did not, Allocators had to do so themselves. In the Control, LimeSurvey always executed the final step.

Four main results emerge. First, delegation to AI was common. In the AI Treatment, 38 percent of Allocators delegated in the Self-Image Game and 32 percent in the Social-Image Game. Delegation was substantially less frequent in the Control, indicating that participants preferred delegating to an AI agent over delegating to non-agentive software.

Second, transfers were lower in the AI Treatment than in the Control. Within the AI Treatment, Allocators who delegated gave significantly less than those who did not. This pattern is consistent with the use of AI as a responsibility buffer that facilitates norm violations.

Third, participants attributed significantly more responsibility to AI than to the deterministic software, and correspondingly less responsibility to themselves. Allocators in the AI Treatment delegated at similar rates and transferred similar amounts in both the Self-Image and Social-Image Games, suggesting that they believed AI delegation would reduce not only their own sense of responsibility, but also the responsibility attributed to them by others. This belief was objectively correct: Observers assigned responsibility to AI at levels similar to Allocators’ own attributions.

Fourth, delegation behavior followed the predictions of BSM theory. Allocators who attributed greater responsibility to AI were more likely to delegate, and higher responsibility attribution predicted lower transfers. Prosocial Allocators—who face higher moral costs when violating fairness norms—were especially likely to delegate and reduced their transfers more sharply than proself types. Participants who exhibited no other-regarding concerns did not delegate, consistent with the idea that delegation is motivated by moral, not material, considerations.

These findings have important implications for law and policy. They suggest that AI delegation can enable individuals—including otherwise prosocial ones—to engage in unethical or irresponsible behavior under the socially accepted cover of AI mediation. Organizations may strategically design or market AI systems to encourage such delegation, thereby facilitating risk-taking, norm violations, or even legal noncompliance.

More broadly, the results highlight a form of AI-induced behavioral risk that is largely absent from current regulatory frameworks. Existing regulations, such as the EU AI Act, focus on risks inherent to AI systems themselves—bias, accuracy, safety—but pay little attention to how AI reshapes human responsibility attribution and moral decision-making. Closing formal accountability gaps between developers, deployers, and users may not suffice to address these social accountability gaps. Constraining the strategic use of AI to offload responsibility may therefore require new forms of legal and institutional intervention.

Stephan Tontrup is the Lawrence Jacobson Fellow of Law and Business, New York University School of Law. Christopher Jon Sprigman is the Murray and Kathleen Bring Professor of Law, and Co-Director of the Engelberg Center on Innovation Law and Policy at New York University School of Law. This post is based on their forthcoming paper, Strategic Delegation of Moral Decisions to AI.

The Forum focuses on questions at the intersection of AI systems and institutional decision-making, including—but not limited to— bias, privacy, legal responsibility, intellectual property, misinformation, job displacement, and manipulation.. Contributions are grounded in rigorous scholarship and are intended to clarify emerging issues, highlight novel arguments, and surface open questions in the governance of AI.

The Wharton Accountable AI Forum is an initiative of the Wharton Accountable AI Lab, which brings together faculty and researchers across disciplines to study how AI systems can be developed, deployed, and governed responsibly. The Forum serves as a complement to traditional academic publishing by creating space for timely engagement with ongoing research and policy debates.

Submissions

The Forum welcomes contributions from scholars working on AI governance and related topics. Essays typically range from 800–1,000 words and are intended to summarize or extend existing academic work, including published articles, forthcoming papers, or works in progress.

Submission guidelines and inquiries may be directed to aiforumeditors@wharton.upenn.edu.

Disclaimer

The views expressed in Forum essays are those of the individual authors and do not necessarily reflect the views of the Wharton School, the University of Pennsylvania, or the Wharton Accountable AI Lab.