Since late 2022, North Atlantic governments have produced AI policy at remarkable speed. The Bletchley Declaration, the Seoul Declaration, the now-rescinded US Executive Order 14110, Canada’s Voluntary Code of Conduct, and the European Union AI Act differ in legal force and detail, but they point the same way. Each treats the powerful “frontier” model as the thing to watch, checked for catastrophic risk before release. This is usually described as a technical choice. This brief argues that the choice goes beyond technicality. Much of their vocabulary and many of their categories came from the companies they are meant to regulate, and one effect has been to leave a well documented set of present harms at the edge of the picture. Automated welfare denial, algorithmic immigration triage, predictive policing, and the removal of lawful political speech all sit far from the centre of this agenda.
My argument is that the gap is built into the structure of the regime, and not a problem of effort or goodwill. Three things happen at once across the alliance. Frontier laboratories write the definitions that governments later adopt. Contractors with roots in security and defence, Palantir most of all, sell the systems that agencies deploy. Inside platforms like Meta, the people who run the classification machinery often come out of intelligence services. Together they produce a regime that its own designers understand very well, yet which struggles to register the harms ordinary people meet. The rest of this brief sets out the evidence, then weighs four options for a transatlantic policymaker, each with its costs.
Analysis of Current Policy
The first thing to notice is the imbalance. Over the past few years, “AI safety” has narrowed to a single preoccupation: catastrophic capability-level risk in the near future. What AI already does receives far less attention and almost no enforcement. It decides who gets a benefit, screens a visa, ranks a neighbourhood for police attention, and sorts speech across a continent. The imbalance is visible in the founding documents. The Bletchley Declaration, signed by twenty-eight states and the European Union in November 2023, put frontier AI at the centre of international coordination (UK Government 2023). Executive Order 14110 organized US federal policy around capability thresholds and “dual-use foundation models” until its rescission in January 2025 (White House 2023, 2025). The Seoul Declaration of May 2024 carried the same vocabulary forward (Republic of Korea and United Kingdom 2024). Canada’s Voluntary Code (Innovation, Science and Economic Development Canada 2023) and the EU AI Act (European Parliament 2024) sit at very different levels of legal force, yet share the same frame.
None of this is a blind spot caused by a lack of research. The scholarship is large and well established. Eubanks (2018) documented automated welfare systems that deny benefits along lines of class and race. Benjamin (2019) showed how ostensibly neutral systems reproduce racial hierarchy, and Browne (2015) traced how biometric surveillance extends much older practices of tracking Black people. The same pattern turns up in search ranking (Noble 2018), in the minerals, energy, and labour that AI depends on (Crawford 2021), and in the hidden workforce that keeps supposedly automated systems running (Gray and Suri 2019). This is most of what AI does in use, and the governance documents give it very little room in their text, their institutions, or their enforcement.
So why does the imbalance persist despite its extensive documentation? The reason is structural. Three institutional lanes operate at once, and each makes the others harder to see around.
The first lane runs through definitions. Frontier laboratories publish their own safety frameworks, then sit across the table from the governments writing the rules. The Frontier Model Forum, founded by Anthropic, Google, Microsoft, and OpenAI in July 2023, is now a standing channel into policy (Frontier Model Forum 2023). Anthropic’s Responsible Scaling Policy (Anthropic 2023) and OpenAI’s Preparedness Framework (OpenAI 2023) set out capability thresholds whose shape reappears in government text. In 2024 the US AI Safety Institute formalized that closeness, signing testing and evaluation agreements with Anthropic and OpenAI (NIST 2024). The bodies meant to scrutinize frontier models are briefed, in part, by the firms that build them. The same terms travel. “Frontier model”, “capability threshold”, and “safety case” move from corporate publications into US and Canadian policy within about two years. The lobbying is well documented. Public Citizen counted 3,570 unique AI lobbyists at the US federal level in 2025, twenty-six percent of all federal lobbyists; eighty-two percent of recorded engagements worked for corporate clients, and the thirty entities hiring the most AI lobbyists were all corporations or trade groups (Tanglis and O’Grady 2026). None of this proves a rule was written to order. It shows the kind of room these rules get written in, and it matches what the capture literature calls cultural capture, where the regulator quietly takes on the industry’s framing (Carpenter and Moss 2014; Heims and Moxon 2024).
The second lane is procurement. Here the same logic arrives through an ordinary purchase order, carried by contractors from the security world. Palantir Technologies is the clearest transatlantic example. It took in roughly one billion US dollars in federal contracts in 2025 (Tanglis and O’Grady 2026), with agreements on record at Immigration and Customs Enforcement, the Internal Revenue Service, and the Department of Defense. In January 2024 it signed a strategic partnership with the Israeli Defence Ministry (Newman 2024). Palantir also runs the £330 million Federated Data Platform for NHS England (Digital Health 2023) and holds a defence data-management contract in Canada (Hemmadi 2025). One company is therefore a battlefield supplier in an active war, a civilian vendor to several allied governments, and a registered lobbyist in two of them, all at once. The problem is what procurement review looks at. It confirms the contract terms were met, but never asks what the platform’s categories do, or how it sorts the people whose records pass through it.
The third lane runs through people and the categories they build. Within the platforms that now govern public speech, many senior policy and integrity-engineering roles are held by former intelligence staff. Meta is the obvious case. Its Dangerous Organizations and Individuals list is a textbook example of what Bowker and Star (1999) call infrastructural classification, a category system that fades from view because it runs quietly in the background. When the list leaked in 2021, its top tier was weighted heavily toward Muslim, Arab, and South Asian entities (Biddle 2021). After October 2023, Meta reportedly granted ninety-four percent of Israeli government takedown requests (Ahmed et al. 2025), while running an Arabic hostile-speech classifier with no Hebrew equivalent (Business for Social Responsibility 2022). Lawful speech ends up governed unevenly, for users across the alliance, Canadians and Americans included.
A single thread ties these lanes together. Categories built for security and intelligence work keep getting carried into civilian administration, carrying the assumptions of their origin with them. Loewenstein (2023) describes this as a laboratory, where tools are tested on populations with few rights, then sold to democracies for use at home. When Palantir signed with the Israeli Defence Ministry in January 2024 while holding civilian contracts in the United States, the United Kingdom, and Canada, that is not two businesses. It is one product crossing from one context into another. The alliance is not only buying frontier models. It is also importing security-bred judgments about who counts as a threat, assumptions it inherited rather than chose and that its governance was never designed to question.
Putting the three together produces what can be called structural illegibility. Feenberg’s (2017) idea of formal bias sharpens the point. The regime is not merely unfinished. Each instrument works inside a single lane, capability thresholds in one, configured deployments in another, inherited categories in the third, while the harms people actually suffer run sideways across all of them. Welfare harm arrives through the second lane’s contracts, classification bias through the third lane’s categories, and the labour and supply chains behind the models stay out of frame because the first lane governs the model, not the system around it. Coordinating AI governance around the frontier model means coordinating around almost the only object with little to do with how citizens, or those its systems touch overseas, actually meet this technology. Immigration screening is where the lanes meet. It is bought like the second, classifies like the third, and to the extent anyone governs it, they reach for tools written for the first. Most of the real accountability work happens elsewhere, in courtrooms, privacy commissioners’ offices, newsrooms, and civil-society groups, well outside the governance architecture.
Policy Recommendations
The evidence provided in this brief is firmer on the diagnosis than on any cure, so what follows is a set of options with their costs attached, not one fixed answer. They share a premise. Applying today’s instruments to more cases changes nothing structurally, because they were built to inspect frontier models, not the systems agencies run. For a reform to matter, it has to reach the formal properties of the regime itself.
1. Shifting the Focus From Frontier Models to Everyday AI Use
This change is the most direct and the hardest. Decision-makers should give up the frontier model as the unit of governance and instead governing the systems that are actually deployed, and how agencies wire them into operations. It would pull welfare, immigration, and policing tools inside frameworks that now stop at the model. Some of the scaffolding is already in place. Canada’s Directive on Automated Decision-Making requires many federal systems to file an Algorithmic Impact Assessment before they go live (Treasury Board of Canada Secretariat 2019), and allied governments could build on it with a shared register of high-impact systems and binding minimum standards. The costs show up in two places. Deployment-level oversight is much harder to standardize across borders than a tidy list of capability thresholds, and it draws opposition from agencies that prefer voluntary measures and vendors facing new scrutiny.
2. Auditing AI Products in Public Procurement
A second lever sits at the moment of purchase. Before an agency buys one of these configurable analytical platforms, someone ought to examine the data model it imposes and the categories it carves the world into, not simply check whether the paperwork is in order. Two obstacles stand in the way. Procurement offices rarely employ anyone who can audit a platform’s underlying ontology, and vendors invoke commercial confidentiality over precisely the design decisions that most need a second look.
3. Asking For More Transparency From the Main Public Speech Private Actors
The classification machinery could also be required to show its provenance. A platform operating at the scale of public speech would have to disclose which of its senior policy and integrity staff came out of intelligence or government, and document the channels states use to take content down. None of this is easy to do well. Disclosure rules raise real questions about privacy and labour mobility, they can drift into singling out individuals when the point is to examine structures, and they are hard to enforce against a company headquartered in another country.
4. Engage Thoroughly in Consultations
The last option has less to do with a rule and more to do with who is in the room. The idea is to widen the consultation and set up a present-harms track alongside the frontier track, not beneath it. The Bletchley-to-Seoul process and the AI Safety Institute network could host a standing stream that evaluates the harms of deployed systems, with genuine seats for the populations those systems act on, not just the usual institutional voices. The catch is familiar. Wider consultation slows down processes that are already slow, and unless the participation counts for something, it curdles into theatre.
None of these is free, and none rules out the others. What the evidence settles is the throughline. A regime that cannot see a harm cannot govern it, and no amount of extra frontier-model testing will change what the regime was built to notice. For an alliance that keeps describing AI as a question of collective security, the more useful question is not whether the frontier is dangerous. It is whether the governance now being assembled across the North Atlantic can even register the harm its own systems are already doing.
References
Ahmed, Waqas, Nicholas Rodelo, Ryan Grim, and Murtaza Hussain. 2025. “Leaked Data Reveals Massive Israeli Campaign to Remove Pro-Palestine Posts on Facebook and Instagram.” Drop Site News. April 11. https://www.dropsitenews.com/p/leaked-data-israeli-censorship-meta
Anthropic. 2023. “Anthropic’s Responsible Scaling Policy (Version 1.0).” Accessed September 19. https://www.anthropic.com/responsible-scaling-policy.
Benjamin, Ruha. 2019. Race after Technology: Abolitionist Tools for the New Jim Code. Cambridge: Polity Press.
Biddle, Sam. 2021. “Revealed: Facebook’s Secret Blacklist of ‘Dangerous Individuals and Organizations.’” The Intercept, October 12. https://theintercept.com/2021/10/12/facebook-secret-blacklist-dangerous/.
Bowker, Geoffrey C., and Susan Leigh Star. 1999. Sorting Things Out: Classification and Its Consequences. Cambridge, MA: MIT Press. https://doi.org/10.7551/mitpress/6352.001.0001.
Browne, Simone. 2015. Dark Matters: On the Surveillance of Blackness. Durham, NC: Duke University Press. https://doi.org/10.2307/j.ctv11cw89p.
Business for Social Responsibility. 2022. Human Rights Due Diligence of Meta’s Impacts in Israel and Palestine in May 2021. San Francisco: BSR.
Carpenter, Daniel P., and David A. Moss, eds. 2014. Preventing Regulatory Capture: Special Interest Influence and How to Limit It. New York: Cambridge University Press. https://doi.org/10.1017/CBO9781139565875.
Crawford, Kate. 2021. Atlas of AI: Power, Politics, and the Planetary Costs of Artificial Intelligence. New Haven, CT: Yale University Press. https://doi.org/10.2307/j.ctv1ghv45t.
Digital Health. 2023. “NHS England Awards £330m Federated Data Platform Contract to Palantir.” November 21. https://www.digitalhealth.net/2023/11/nhs-england-awards-330m-federated-data-platform-contract-to-palantir/
Eubanks, Virginia. 2018. Automating Inequality: How High-Tech Tools Profile, Police, and Punish the Poor. New York: St. Martin’s Press.
European Parliament. 2024. Regulation (EU) 2024/1689 Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act). Official Journal of the European Union. https://eur-lex.europa.eu/eli/reg/2024/1689/oj.
Feenberg, Andrew. 2017. “A Critical Theory of Technology.” In The Handbook of Science and Technology Studies, 4th ed., edited by Ulrike Felt, Rayvon Fouché, Clark A. Miller, and Laurel Smith-Doerr, 635–663. Cambridge, MA: MIT Press.
Frontier Model Forum. 2023. “Announcing the Frontier Model Forum.” July 26. https://www.frontiermodelforum.org/updates/announcing-the-frontier-model-forum/.
Gray, Mary L., and Siddharth Suri. 2019. Ghost Work: How to Stop Silicon Valley from Building a New Global Underclass. Boston: Houghton Mifflin Harcourt.
Heims, Eva, and Sophie Moxon. 2024. “Mechanisms of Regulatory Capture: Testing Claims of Industry Influence in the Case of Vioxx.” Regulation & Governance 18 (1): 139–157. https://doi.org/10.1111/rego.12531.
Hemmadi, Murad. 2025. “The Defence Department Had a $14M Contract with Palantir for Data Management Software.” The Logic. September 18. https://thelogic.co/news/palantir-department-of-national-defence-contract-canada/.
Innovation, Science and Economic Development Canada. 2023. “Voluntary Code of Conduct on the Responsible Development and Management of Advanced Generative AI Systems.” September. https://ised-isde.canada.ca/site/ised/en/voluntary-code-conduct-responsible-development-and-management-advanced-generative-ai-systems.
Loewenstein, Antony. 2023. The Palestine Laboratory: How Israel Exports the Technology of Occupation around the World. London: Verso.
Newman, Marissa. 2024. “Palantir, Israel Agree to Strategic Partnership for Battle Tech.” Bloomberg. January 12. https://www.bloomberg.com/news/articles/2024-01-12/palantir-israel-agree-to-strategic-partnership-for-battle-tech.
NIST (National Institute of Standards and Technology). 2024. “U.S. AI Safety Institute Signs Agreements regarding AI Safety Research, Testing and Evaluation with Anthropic and OpenAI.” August 29. https://www.nist.gov/news-events/news/2024/08/us-ai-safety-institute-signs-agreements-regarding-ai-safety-research.
Noble, Safiya Umoja. 2018. Algorithms of Oppression: How Search Engines Reinforce Racism. New York: NYU Press.
OpenAI. 2023. “Preparedness Framework (Beta).” Accessed December 18, 2023.
Republic of Korea, and United Kingdom. 2024. “Seoul Declaration for Safe, Innovative and Inclusive AI.” AI Seoul Summit, May 21–22, 2024. Published May 21, 2024. https://www.gov.uk/government/publications/seoul-declaration-for-safe-innovative-and-inclusive-ai-ai-seoul-summit-2024.
Tanglis, Mike, and Eileen O'Grady. 2026. Generative Influence: The Scale and Scope of AI Lobbying in 2025. Washington, DC: Public Citizen, February 24.
Treasury Board of Canada Secretariat. 2019. Directive on Automated Decision-Making. Government of Canada. https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32592.
UK Government. 2023. “The Bletchley Declaration by Countries Attending the AI Safety Summit, 1–2 November 2023.” Published November 1, 2023. https://www.gov.uk/government/publications/ai-safety-summit-2023-the-bletchley-declaration.
White House. 2023. “Executive Order 14110: Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” October 30, 2023. https://bidenwhitehouse.archives.gov/briefing-room/presidential-actions/2023/10/30/.
White House. 2025. “Executive Order 14148: Initial Rescissions of Harmful Executive Orders and Actions.” January 20, 2025. https://www.federalregister.gov/executive-order/14148.
Jad Seaidoun is a PhD candidate in Science and Technology Studies (STS) at York University in Toronto, Canada, holding an MA in STS, also from York University. His research examines how security, intelligence, and corporate-engineering logics shape artificial intelligence governance in Canada and the United States. Jad also works as an artificial intelligence developer at Immigration, Refugees and Citizenship Canada (IRCC), building applied AI applications and machine-learning systems. He can be reached at jseaidoun@gmail.com.


