Former Tech CEO: 'AI Is Still Underhyped' - But Regulation Is Catastrophically Behind

AI regulation is behind because governance frameworks were built for static, predictable software, while AI capabilities such as planning and self-improvement are advancing far faster than policy can adapt. Despite unprecedented media attention and investment, several prominent technology leaders argue that artificial intelligence remains underhyped relative to its likely impact. Recent advances in reinforcement learning have unlocked planning capabilities that were previously impossible, and some industry estimates point to substantial annual productivity gains from AI adoption, at a pace economists have limited historical precedent for understanding.
But whilst AI capabilities accelerate quickly, regulatory frameworks remain rooted in assumptions about static, predictable systems. This isn't just a policy lag - it's a serious mismatch that threatens to derail the most significant technological transformation in a generation.
The scale of what's coming is significant. Advanced AI development is expected to require a substantial expansion of power infrastructure in the coming years. The progression from language models to planning and strategy systems is creating agent networks that will coordinate business processes using considerably more computation than today's systems.
Yet our governance frameworks are designed for the AI of several years ago, not the AI that's emerging today - and certainly not the AI that will exist tomorrow.
The Planning Revolution Regulators Missed
The most significant recent development isn't in language capabilities - it's in planning and strategic reasoning. AI systems are moving beyond pattern matching and text generation to genuine strategic thinking, capable of multi-step reasoning, goal-oriented behaviour, and adaptive problem-solving.
This transition fundamentally changes the regulatory challenge. Traditional AI governance assumes systems that respond to inputs with predictable outputs. Planning-based AI systems make autonomous decisions, adapt strategies based on changing circumstances, and pursue complex objectives across extended time horizons.
Consider the implications: when an AI system can plan and strategise, it's no longer just a sophisticated tool - it's an autonomous agent making consequential decisions. Current regulatory frameworks don't distinguish between reactive AI and planning AI, yet the governance requirements are entirely different.
Planning AI systems require frameworks that can assess goal alignment, strategic reasoning quality, and long-term consequence evaluation. None of these capabilities exist in current compliance approaches, creating a governance gap that widens daily as planning capabilities advance.
The Infrastructure Compliance Crisis
The energy requirements for advanced AI create unprecedented regulatory challenges that current frameworks can't address. Large-scale additional power infrastructure doesn't just appear - it requires environmental impact assessments, grid integration planning, local community consultations, and safety certifications across multiple jurisdictions.
Each data centre must navigate complex webs of environmental regulations, planning permissions, grid connection requirements, and increasingly stringent carbon emission standards. The compliance timeline for energy infrastructure typically spans decades, whilst AI development cycles are measured in months.
This infrastructure compliance crisis extends beyond power generation. Advanced AI systems require specialised cooling, connectivity, and security infrastructure, each with distinct regulatory requirements. The accumulated compliance burden threatens to become a bottleneck that constrains AI development regardless of technical capabilities or capital availability.
The geopolitical implications multiply these challenges. US-China AI competition creates winner-takes-all dynamics where small leads become insurmountable advantages. This pressure encourages regulatory shortcuts and compliance deferrals that store up enormous risks for later reckoning.
The Surveillance State Paradox
Perhaps the most concerning regulatory blind spot involves the intersection of AI moderation and surveillance capabilities. Efforts to ensure AI systems behave appropriately often require monitoring, logging, and analysis of AI interactions at unprecedented scale.
This creates what experts call the surveillance state paradox: the infrastructure required to govern AI safely could inadvertently create surveillance capabilities that threaten fundamental privacy rights. Every interaction with an AI system potentially becomes part of a vast monitoring and analysis system designed to ensure compliance.
Current regulatory approaches fail to address this paradox adequately. Privacy regulations assume surveillance is intentional and targeted, not an unavoidable byproduct of AI governance requirements. Data protection frameworks struggle with scenarios where privacy invasion is a necessary component of safety assurance rather than commercial exploitation.
The technical solutions exist - zero-knowledge proofs and similar cryptographic approaches can verify AI behaviour without compromising user privacy. But regulatory frameworks don't mandate these privacy-preserving approaches, nor do they prohibit surveillance-enabling alternatives.
Open Source vs. Control: The Regulation Dilemma
The US approach favours closed, controlled AI models that enable easier governance and oversight. China may lead in open-source AI development, creating proliferation risks that current regulatory frameworks can't manage effectively.
This creates a fundamental regulatory dilemma. Closed models are easier to govern but may lose competitive advantages to open-source alternatives. Open-source models drive innovation and prevent monopolisation but make governance exponentially more difficult.
The self-improving AI systems already emerging make this dilemma acute. Open-source self-improving AI could rapidly evolve beyond the control of any regulatory framework, whilst closed alternatives might concentrate unprecedented power in the hands of a few organisations.
Current regulatory approaches assume governments can control AI development through licensing and oversight of major developers. But open-source AI undermines these assumptions, potentially making advanced AI capabilities available to any actor regardless of regulatory compliance.
The Productivity Shock Regulators Ignore
AI systems driving substantial annual productivity increases represent an economic transformation with limited historical precedent. Yet regulatory frameworks continue operating under assumptions of gradual, manageable change rather than rapid transformation.
This productivity acceleration creates compliance challenges that compound rapidly. When AI systems can automate regulatory compliance tasks, generate documentation, and handle oversight procedures, the traditional relationship between regulated entities and regulatory bodies fundamentally changes.
Regulatory frameworks assume human decision-makers who process information slowly, make deliberate choices, and can be held accountable for specific decisions. AI-driven productivity gains mean these assumptions no longer hold, yet compliance requirements haven't adapted accordingly.
The healthcare revolution potential illustrates this clearly. AI could identify all druggable targets, dramatically reduce clinical trial costs, and provide universal access to advanced medical guidance. But regulatory frameworks for medical AI remain focused on individual device approvals rather than systemic healthcare transformation.
Education: The Regulatory Vacuum
Every person having personalised AI tutors optimised for their learning style represents a complete transformation of educational systems. Yet educational AI regulation remains virtually non-existent compared to other sectors.
This regulatory vacuum creates enormous risks. AI tutors that exhibit bias, provide misinformation, or develop inappropriate relationships with learners could affect entire generations. The scale and intimacy of AI-human interaction in education make the stakes extraordinarily high.
Unlike other AI applications, educational AI shapes human development during critical formative periods. Regulatory frameworks that might be adequate for adult-facing AI systems are insufficient for AI that influences children's cognitive and social development.
The personalisation capabilities that make AI tutors powerful also create privacy and manipulation risks that current educational regulations don't address. AI systems that adapt to individual learning patterns necessarily collect intimate data about cognitive capabilities, learning challenges, and personal interests.
Geopolitical Regulatory Fragmentation
US-China AI competition creates dangerous incentives for regulatory shortcuts and compliance deferrals. The winner-takes-all dynamics mean that regulatory delays could determine global technological leadership for decades.
This geopolitical pressure encourages regulatory fragmentation where different regions adopt incompatible governance approaches. AI systems compliant in one jurisdiction may violate requirements in others, creating a complex matrix of regulatory requirements that stifles innovation and increases compliance costs.
The trillion-dollar transformation currently underway requires global coordination on AI governance principles. Instead, we're seeing regulatory nationalism where each major power attempts to create competitive advantages through governance frameworks that disadvantage foreign competitors.
The Relevance Imperative vs. Regulatory Compliance
The adoption imperative creates tension with regulatory caution. As noted by industry leaders, organisations not using AI technology won't remain relevant compared to competitors. This pressure encourages rapid deployment that may bypass careful compliance consideration.
The relevance imperative affects regulatory bodies themselves. Agencies that don't incorporate AI into their oversight capabilities may find themselves regulating industries they no longer understand, using processes that AI-enhanced entities can easily circumvent.
This creates a regulatory arms race where oversight bodies must adopt AI to maintain regulatory effectiveness, whilst the entities they regulate use AI to find compliance shortcuts and regulatory arbitrage opportunities.
Building Adaptive Regulatory Frameworks
The exponential pace of AI advancement requires regulatory frameworks that can evolve alongside the technology they govern. Traditional regulatory approaches - lengthy consultation periods, rigid rule-making processes, static compliance requirements - cannot keep pace with AI development cycles.
Adaptive regulation must address several critical requirements:
Capability-Based Governance: Rather than regulating specific AI technologies, frameworks must govern AI capabilities regardless of how they're implemented. Planning-capable AI requires governance approaches that work whether the planning emerges from large language models, reinforcement learning, or novel architectures not yet invented.
Continuous Assessment: AI systems that improve continuously require ongoing compliance monitoring, not periodic assessments. Regulatory frameworks must shift from snapshot evaluations to continuous oversight that adapts as AI capabilities evolve.
Cross-Jurisdictional Coordination: Global AI development requires internationally coordinated governance approaches. Regulatory fragmentation that creates compliance arbitrage opportunities undermines everyone's security and safety objectives.
Privacy-Preserving Oversight: Surveillance-free governance approaches must become the standard, not the exception. AI oversight systems must use privacy-preserving technologies to maintain public trust whilst ensuring safety and compliance.
The Urgency of Regulatory Evolution
The gap between AI capabilities and regulatory readiness isn't just widening - it's accelerating. Every month that passes without adaptive governance frameworks increases the likelihood of catastrophic failures that could derail the entire AI transformation.
The window for proactive regulatory development is closing rapidly. Once AI systems achieve planning capabilities that exceed human oversight abilities, reactive regulation becomes nearly impossible. The systems will be too complex, too fast, and too capable for traditional governance approaches to maintain effectiveness.
This isn't a distant concern - it's an immediate challenge that requires urgent attention from regulators, industry leaders, and anyone serious about capturing AI's benefits whilst avoiding its risks. The choice isn't between innovation and safety - it's between proactive governance and reactive crisis management.
The AI revolution may be underhyped, but the regulatory crisis is catastrophically under-addressed. Organizations that build adaptive compliance capabilities now will thrive in the AI-driven economy. Those that wait for regulatory clarity may find themselves choosing between relevance and responsibility in a landscape where both are essential for survival.
More on how we approach it: AI risk and compliance advisory.
Frequently asked questions
What does it mean that AI regulation is "behind"?
It means governance frameworks were designed around assumptions of static, predictable software, while AI systems now plan, adapt, and in some cases improve themselves after deployment. The gap between what regulators can assess and what systems can actually do keeps widening rather than closing.
Why is planning AI harder to regulate than earlier AI systems?
Planning AI makes autonomous, multi-step decisions and adapts its strategy as circumstances change, rather than simply responding to an input with a fixed output. Existing rules were written for reactive systems, so they don't have a clear way to assess goal alignment or long-term consequences in planning systems.
How does the open source versus closed model debate affect AI governance?
Closed models are easier for regulators to oversee because a single organisation controls deployment and updates. Open-source models spread capability more widely and drive innovation, but make it much harder for any single regulatory body to track how the technology is being used or modified.
What would an adaptive AI regulatory framework look like?
An adaptive framework would govern AI by capability rather than by specific technology, monitor systems continuously rather than through one-off assessments, and coordinate across jurisdictions rather than leaving each region to regulate in isolation. It would also favour privacy-preserving oversight methods over blanket surveillance.

Sotiris Spyrou
Sotiris Spyrou is the founder of VerityAI, a Responsible AI advisory for boards and AI-deploying businesses. With 27 years across agencies, global in-house roles, and the C-suite, he advises leaders on AI governance and risk, and on answer-engine visibility engineered without the dark patterns the rest of the industry is getting penalised for. He is the author of TRANSFORM, AI Moats, and Ethical AI.
Founder at VerityAI