Why the EU's AI rules are already outdated the day they take effect

Started by Daz92, Yesterday at 06:15 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Topic: Why the EU's AI rules are already outdated the day they take effect   Views(Read 19 times)
Active members in this topic:
Daz92(1)

Daz92

A single number carrying a lot of regulatory weight

Most current AI regulation, the EU AI Act and the framework that briefly existed under the 2023 US executive order before it was later revoked, both draw their core dividing line using the exact same tool, a raw count of floating point operations, or FLOPs, used to train a given model. Cross a threshold, currently 10 to the 25th power FLOPs in the EU and originally 10 to the 26th power in the US, and your model gets formally classified as posing systemic risk, triggering mandatory adversarial testing, incident reporting to regulators, and formal cybersecurity assessments. Stay under that number, and none of those obligations apply to you at all

The appeal of this approach is obvious, it gives regulators one clean, quantifiable, genuinely hard to fake number to point to, rather than forcing them into a subjective, contestable judgment call about how dangerous any particular model actually is in practice. The problem is that the number and the actual underlying danger are already coming apart from each other, and the gap appears to be widening rather than closing

The DeepSeek problem

DeepSeek's R1 model became the clearest public proof of concept for why this entire framework is shakier than it first appears. Through more efficient architecture and smarter training techniques, R1 achieved performance broadly comparable to models from leading Western labs while using dramatically less raw compute in the process, directly undermining the core underlying assumption that FLOPs reliably predict capability in the first place. If a sufficiently clever team can get a genuinely frontier level model to sit safely under the regulatory threshold purely through better engineering rather than through any actual reduction in real world capability, the threshold stops functioning as a meaningful dividing line between dangerous and safe models entirely

The problem cuts in the opposite direction too, and arguably just as severely. Research into inference scaling has shown that a model trained with only modest compute can have its effective real world capability amplified enormously simply by throwing more computing power at it during deployment rather than during the original training run, meaning a model that looks safely compliant and under the threshold on paper could still be scaled up in practice to perform like a model several orders of magnitude above it, purely by changing how it gets used after release rather than how it was originally built. That breaks the entire underlying premise of regulating the object, the trained model itself, rather than the use, since the exact same underlying model could end up compliant or non compliant depending entirely on how much inference compute someone chooses to throw at it after the fact, well outside the original developer's control

The static threshold problem

Even setting efficiency gains aside entirely, frontier training compute has been roughly doubling every six months, a genuinely staggering 350 million fold increase over about 13 years, while the regulatory thresholds themselves remain static numbers written directly into law, only changeable through a formal legislative or European Commission review process. The EU AI Act does technically allow the Commission to adjust its own threshold over time to reflect ongoing technological change, but it notably does not specify any automatic formula for actually doing so, meaning the number sits at permanent risk of quietly drifting out of step with the technology it claims to regulate, unless someone actively intervenes at the political level to update it

Researchers have proposed several patches to this design flaw, replacing fixed numerical thresholds with adaptive ones defined relative to the current capability frontier rather than pinned to an absolute static number, or layering direct capability based evaluations on top of the existing compute threshold as a second, considerably harder to game check, rather than relying on FLOPs as the sole gatekeeping metric. Other researchers argue the entire approach is fundamentally misconceived from the start, and that governance should shift decisively toward evaluating actual demonstrated capabilities and genuine real world harms directly, rather than continuing to lean on a training time proxy that was always going to be, at best, an imperfect stand in for the thing regulators actually care about

Why this matters well beyond wonky policy debates

This connects directly back to the software only singularity question discussed elsewhere on this board. If algorithmic efficiency keeps improving fast enough, and if a meaningful fraction of genuinely dangerous capability gains can come from smarter software and better use of existing compute rather than from bigger, more expensive training runs, then compute thresholds are attempting to regulate exactly the wrong underlying variable from the very start. The EU AI Act becomes fully enforceable in August 2026, making this a live, immediate governance question rather than an abstract academic one, and it is genuinely plausible that the flagship regulatory framework built specifically to govern frontier AI is already measuring the wrong thing on the very day it takes full legal effect across the entire bloc




arXiv, inference scaling and governance implications
First post best post

Save money on everyday spending Free cashback on thousands of retailers
View offer