Govern AI in Use, Not in Theory

Assiduity AI

Govern AI in Use, Not in Theory

The first article in this series asked who shares in AI’s gains. The second asked whether AI systems can be trusted when they are used. This third article turns to the policy question: how should government govern AI without freezing it?

That question matters because AI policy is often framed as a choice between two bad options. On one side is permissionless deployment: move fast, adopt quickly, let the market sort out the winners, and correct failures later. On the other side is heavy preclearance: requiring government approval, testing, or licensing before powerful systems are released or used.

Can the government encourage AI adoption without accepting blind trust? Can it require accountability without freezing innovation? Can it protect citizens without forcing every important model through a slow, centralized, politicized approval regime?

That is the core policy problem.

The pro-innovation concern is legitimate because AI is a strategic technology. If the United States creates a slow, fragmented, or unpredictable approval regime, it may weaken its own firms, slow public-sector adoption, and cede advantage to competitors. The White House released Winning the Race: America’s AI Action Plan in July 2025, organized around three pillars: accelerating AI innovation, building American AI infrastructure, and leading in international AI diplomacy and security. [1]

The accountability concern is also legitimate. AI systems are increasingly capable of affecting rights, benefits, opportunities, financial decisions, health decisions, security decisions, and public administration. If institutions deploy them without records, controls, or reviewable evidence, public trust will erode. People will not accept consequential systems that are too opaque to challenge. The hard question is therefore not whether to move fast or govern. The hard question is where to place governance.

A model-centered regime tries to govern AI primarily before use. It asks whether the model is sufficiently safe, objective, secure, or capable before it reaches the market or enters an institution. That may be necessary for some national-security or frontier-model risks. Powerful models can pose cybersecurity, biological, fraud, or geopolitical risks that warrant pre-release scrutiny in specific contexts. But model-centered governance has limits.


A model is not a workflow. A benchmark is not a deployment. A pre-release test is not an audit trail.


A safety evaluation is not proof that an agency, bank, hospital, insurer, or contractor used the system correctly in a specific decision.

The same model can be low-risk in one context and high-risk in another. A system that drafts marketing copy is not the same as a system that drafts a denial letter. A model that summarizes public documents is not the same as one that triages a benefits appeal, flags a transaction for investigation, or recommends a compliance finding.


Risk emerges in use, which means governance has to follow use.


The better policy path is not to choose between blind deployment and centralized model approval. It is to require evidence at the point where AI enters consequential workflows.

Govern AI in use, not only in theory.

That would not be unusual. Mature regulated sectors already work this way. Finance offers one example. After Enron and WorldCom, the policy response was not to ban complex public companies or require the government to approve every business decision before it happened. Sarbanes-Oxley strengthened governance, certification, internal controls, auditability, and board-level accountability. The PCAOB’s auditing standard for internal control over financial reporting establishes requirements when an auditor is engaged to audit management’s assessment of internal controls. The logic was not that controls make misconduct impossible. The logic was that consequential systems require evidence that controls exist and can be tested. [2]

Medical regulation offers another example. The FDA does not rely on a device manufacturer’s promise that a product will be safe once released for clinical use. Medical-device regulation includes quality-system requirements, design controls, production controls, records, corrective action, and post-market responsibilities. The FDA’s Quality Management System Regulation became effective on February 2, 2026, and amended Part 820 to include device quality-system requirements. The point is not that every risk can be eliminated before use. The point is that high-impact systems need controlled processes and records when they affect people. [3]

Law offers the oldest analogy. Legal systems do not depend only on good intentions. They depend on records: pleadings, evidence, transcripts, findings, orders, standards of review, and appeals. A person affected by a decision needs some way to understand what happened and challenge it. That is contestability, and contestability requires a record. The lesson from finance, medicine, and law is not that AI should be governed by copying any one regime. The lesson is narrower: institutional trust depends on controls and records produced close to the action. AI governance should begin from that same principle.

Different jurisdictions are already approaching this problem in different ways, but the common direction is evidence. The European Union has chosen a more comprehensive, prospective, risk-based structure. The EU AI Act classifies certain systems as high-risk and imposes obligations around risk management, record-keeping, transparency, human oversight, accuracy, robustness, cybersecurity, and quality management. Its record-keeping and human-oversight provisions matter because they treat traceability as part of the system, not an afterthought. [4] [5]

The United States is taking a more sectoral and decentralized path. For federal agencies, OMB M-24-10 is the most important signal. It requires agencies to establish AI governance structures and risk-management practices, with minimum practices for uses that affect rights and safety. That is not a comprehensive AI statute, but it points toward the same institutional requirement: consequential AI use needs controls, records, and accountable review. [6]

The 2026 House draft bill reported by Reuters reflects the tension in the American approach. It would limit state regulation of AI model development while preserving room to regulate AI use. That distinction is central. Regulating model development is different from regulating deployment. The United States can support innovation in model development while still requiring evidence in high-risk use. NIST, GAO, and emerging state laws reinforce the same direction, but the policy lesson does not require a full regulatory catalog. Across regimes, the useful convergence is this: governance is moving away from abstract principles and toward records, oversight, and evidence. [7] [8] [9]

This is where procurement becomes policy. Federal procurement is one of the most powerful tools the government has. It can shape markets without banning technologies. It can set expectations without dictating one model architecture. It can require controls without deciding that one vendor, lab, or platform should become the default national solution. The government already does this in other domains. It does not merely ask financial systems to promise accuracy, medical products to promise safety, or cybersecurity vendors to promise security. It requires controls, records, incident response, validation, escalation, and accountability.

AI procurement should follow the same logic. An agency buying an AI system for consequential use should not ask only which model is best. It should ask what evidence the system will produce when it is used. That question changes everything because it shifts the buyer’s attention from model branding to institutional accountability. It does not ask whether AI is impressive in a demo. It asks whether the agency can demonstrate what happened when the system interacted with a real workflow.

Imagine a federal agency wants to use AI to help summarize benefits appeals. The policy goal is understandable: reduce backlogs, improve consistency, help caseworkers review long files, and make public administration more responsive. The risk is equally clear: a system could omit a qualifying condition, misstate the standard, over-weight one record, ignore an exception, or produce a fluent summary that nudges the reviewer toward the wrong result. A model benchmark will not solve that. A vendor demo will not solve that. A human reviewer looking only at the final summary may not solve that either.

The procurement requirement should be different. Before use, the agency should require the system to define the authorized task. Is the AI summarizing facts, recommending an outcome, drafting language, or initiating action? Those are different uses and should not be blurred. During use, the system should preserve the sources, constraints, and rules that matter. It should record which documents were considered, which objective was declared, which limits applied, whether the output drifted from those limits, and whether an exception required human review. After use, the agency should retain an auditable, challengeable, and improvable record.

The point is not to make every AI output perfect. That is not realistic. The point is to prevent consequential AI from becoming unreviewable. A startup should not need to ask Washington for permission to build every model. An agency should not need to freeze adoption until a perfect regulatory regime exists. But when AI is used in a workflow that affects rights, benefits, obligations, opportunities, safety, or public trust, the institution should be able to produce evidence of what happened.


The requirement only works if the absence of evidence has consequences.


If an agency cannot show what objective was authorized, what constraints applied, whether drift occurred, or who reviewed the exception, that should not be treated as a harmless documentation gap. It should be treated as a governance failure. Likewise, if a vendor claims all runtime evidence is proprietary, the buyer should ask whether the system is fit for consequential public use at all. Trade secrets may protect model internals, but they should not erase the institution’s obligation to produce a reviewable record of conduct.

That is a practical standard and model-agnostic. A runtime-evidence requirement does not require an agency to use a single foundation model. It does not require government to dictate architecture. It does not require every vendor to expose proprietary weights. It does not decide in advance that open, closed, frontier, or private models are inherently acceptable or unacceptable. It asks a narrower question: when the system was used, did it stay within bounds, and can the institution show that?

That is the middle path. It addresses the pro-innovation concern because it does not require a universal model-approval regime. It addresses the accountability concern by not permitting blind trust in consequential workflows. It gives innovators a path to deployment, institutions a path to accountability, policymakers a standard that can be tested and improved, and the public a basis for contestability.

This is especially important as AI moves from generation to action. A chatbot produces text. An agentic system may plan steps, call tools, search databases, draft recommendations, update records, trigger workflows, and route decisions across systems. The governance problem is no longer limited to whether the final answer is correct. It includes whether each step in a chain stayed within the authorized purpose.

A procurement agent might search vendor records, compare bids, draft a recommendation, and flag a contract for approval. A benefits agent might review a file, query a database, summarize evidence, and route a case to a human reviewer. A compliance agent might scan transactions, identify anomalies, draft escalation notes, and update a risk system. In those settings, final-answer review is structurally inadequate. There may be no single answer to review. The risk may occur during the tool call, source selection, omitted exception, escalation decision, or downstream record update.

For agentic AI, governance has to move into the execution path. Recent research on runtime guardrails for agentic AI makes the same point: agentic systems plan, use tools, maintain state, and produce multi-step trajectories with external effects, so important risks emerge during execution, not only at model development or deployment time. Governance standards can identify objectives, but runtime controls and assurance evidence are needed to translate those objectives into enforceable behavior. [10]

That is the category Assiduity is building for. Equilibrium-Constrained Decoding is not a foundation model. It is not an approval regime. It is not a replacement for law, procurement judgment, or human oversight. It is runtime control infrastructure. The institution defines what the system is supposed to preserve. The runtime maintains a representation of those task requirements and measures whether the generation deviates from them as the output develops. When the system begins to drift, that loss of coherence can be detected, corrected, or preserved as evidence. The result is not just a final answer. It is a record of objective pursuit.

That record is what policy should increasingly require. Not because every workflow needs the same tool. Not because one company can solve AI governance. Not because runtime control answers every public concern. But because policy without runtime evidence will remain abstract. A government can publish principles. An agency can adopt guidance. A vendor can describe safety practices. A model can pass benchmarks. None of that proves that an AI system stayed within bounds during consequential use.

Evidence has to be generated where the risk occurs.

This suggests a concrete policy direction. For consequential AI use, public agencies should require deployers to produce runtime evidence. That evidence should show the authorized objective, the applicable constraints, the sources or records used, whether the system drifted from the objective, what exceptions were flagged, what human review occurred, and what audit trail remains. The requirement should apply to use, not ideology. It should be model-agnostic, vendor-neutral, and risk-based. It should not require government to own the model, certify every architecture, or approve every release. It should require institutions to show their work when AI affects people.

That standard would help government buyers by giving procurement officers criteria beyond price, model branding, and demonstration quality. It would help oversight bodies by giving inspectors general, auditors, and congressional staff a record to review. It would help vendors by rewarding companies that build control and evidence into deployment rather than only selling capability. It would help the public by creating a basis for contestability when AI systems affect real decisions. It would also help innovation because vendors that can produce runtime evidence will be better positioned to win the procurement competitions that matter most.


Evidence is not a brake on adoption. It is how adoption survives contact with institutions.


The wrong lesson from AI risk is that government must approve everything before anything can move. The right lesson is that powerful systems need evidence when they act. A policy regime built only around model approval will be too slow for innovation and too abstract for accountability. A policy regime built around runtime evidence can be more practical: model-agnostic, vendor-neutral, risk-based, and tied to the workflow where harm or value actually occurs.


Govern AI where it enters the workflow. Require records where it affects people. Let innovation move, but make institutions show their work.




This article is part of AI’s Public Trust Problem, a short series on the legitimacy questions now surrounding AI. The series moves from economic legitimacy, to operational trust, to policy legitimacy: who shares in AI’s gains, whether systems can be trusted in use, and how evidence can govern adoption without freezing innovation.


Sources:

[1] The White House released Winning the Race: America’s AI Action Plan in July 2025. The plan is organized around three pillars: accelerating AI innovation, building American AI infrastructure, and leading in international AI diplomacy and security.

[2] PCAOB Auditing Standard AS 2201 establishes requirements for audits of management’s assessment of internal control over financial reporting. (pcaobus.org)

[3] The FDA states that the Quality Management System Regulation became effective February 2, 2026, and amended device quality-system requirements under Part 820. (fda.gov)

[4] EU AI Act Article 12 requires high-risk AI systems to technically allow automatic recording of events over the system’s lifetime.

[5] EU AI Act Article 14 requires human oversight aimed at preventing or minimizing risks to health, safety, or fundamental rights when high-risk AI systems are used.

[6] OMB Memorandum M-24-10 establishes requirements and guidance for federal agency AI governance, innovation, and risk management.

[7] Reuters reported on June 4, 2026, that a bipartisan U.S. House draft bill would prohibit states from regulating AI model development while still allowing regulation of AI use.

[8] NIST’s AI Risk Management Framework Core organizes AI risk-management activities around Govern, Map, Measure, and Manage. (airc.nist.gov)

[9] GAO’s AI Accountability Framework is organized around governance, data, performance, and monitoring. (gao.gov)

[10] A 2025 paper on runtime guardrails for agentic AI argues that agentic risks often emerge during execution and that runtime controls and assurance evidence are needed to translate governance objectives into enforceable behavior. (arxiv.org)

Assiduity AI

Move Fast. Build Reliable.

Assiduity is building runtime control infrastructure for enterprise AI systems that need to stay aligned, auditable, and reliable during generation.