The machines are coming for us. Not with terminator robots or sentient toasters, but with something far more insidious: the quiet, humming efficiency of software that actually works.

Cue the panic.

In Washington and state capitals across the country, legislatures have spent the past two years in a mad sprint to “regulate” artificial intelligence — which, in practice, means wrapping emerging technology in so many compliance blankets that only the largest incumbents can afford to keep the lights on.

Colorado passed the nation’s first broad AI law, imposing an “affirmative duty of care” on developers of “high-risk” systems to prevent algorithmic discrimination. It was supposed to take effect this year. It has now been postponed until June 2026, after the legislature failed to sort out the details in special session. Meanwhile, California’s Civil Rights Council finalized regulations in late 2024 that make bias testing — or the conspicuous lack thereof — an explicit factor in employment discrimination claims, with recordkeeping requirements that would make a tax accountant weep.

This is what passes for governance in the laptop class: legislating by vibe, postponing by incompetence.

The Expertise Gap

Here’s what most people who actually build things will tell you, usually in hushed tones over a too-expensive sandwich: the people writing these laws don’t understand the technology they’re regulating. Not really.

A senior engineer at a Denver-based machine learning firm — let’s call him “Greg,” because that’s the kind of name engineers have — put it to me this way over coffee last month: “We’re being asked to prove a negative. ‘Reasonable care’ against algorithmic bias sounds noble, but nobody can define what reasonable means in a rapidly evolving system trained on human-generated data. Do they want perfection? Because perfection is a standard they don’t apply to human decision-making.”

He’s not wrong. Human hiring managers discriminate constantly, often unconsciously, and we’ve built entire industries — HR departments, diversity consultants, sensitivity trainers — around managing that reality without banning people from making decisions. But let a computer assist in screening resumes, and suddenly we’re drafting legislation as if Skynet has achieved consciousness.

Federal Retreat, State Confusion

The Trump administration’s January 2025 executive order — revoking Biden’s 2023 AI safety framework and reorienting federal policy away from preemptive oversight — was treated in the press as reckless deregulation. Perhaps. But it also created a vacuum, and into that vacuum rushed two dozen state legislatures, each eager to be first, to be toughest, to be seen Doing Something.

The result is a patchwork. Texas tried and failed to pass a framework for AI in “critical decision-making.” Virginia’s AI Developer Act died in committee. Colorado’s law lives but limps, delayed by the very complexity its authors underestimated.

This is not coherent governance. It’s jurisdictional tourism.

What Gets Lost

Every compliance hour spent documenting bias testing protocols is an hour not spent improving the underlying product. Every legal review of “high-risk” system definitions — a category so broad it could encompass everything from credit scoring to hospital scheduling — is a delay in deploying tools that might actually reduce human error.

The irony is thick enough to spread on toast. AI systems, trained on large datasets and audited systematically, can often be more transparent about their decision criteria than the average middle manager relying on gut instinct. You can interrogate an algorithm. Try interrogating “culture fit.”

But transparency only matters if regulators understand what they’re looking at. And increasingly, they don’t.

The Incentive Problem

There’s a quieter story here about market structure. Large technology firms — the ones with dedicated policy teams, in-house counsel, and Washington office parks — can absorb compliance costs that crush smaller competitors. When Colorado demands detailed risk management frameworks and disclosure obligations, they’re not sticking it to Big Tech. They’re handing Big Tech a moat.

A venture capitalist I spoke with in Palo Alto, who asked not to be named because she still has bills to pay, put it bluntly: “We’re advising portfolio companies to avoid any application that could trigger state AI laws. That’s a huge swath of useful tools — hiring, lending, medical triage — that startups simply won’t touch. The incumbents will fill that space. Is that the outcome policymakers wanted?”

Probably not. But it’s the outcome they’re getting.

A Better Path

None of this is an argument against all oversight. Fraud is fraud, whether committed by spreadsheet or python script. Discrimination laws already exist, and they apply to decisions made with or without algorithmic assistance. The question is whether we need an entirely parallel regulatory architecture for automated tools — one written by people who learned what a neural network is from a TED talk.

We don’t. What we need is what we have always needed: clear rules against demonstrable harms, enforced by courts that weigh evidence rather than headlines.

The machines aren’t the threat. The threat is our own reflexive anxiety — and the laws we pass in its grip.

Sources: Cimplifi, Rochester Business Journal, Seyfarth Shaw, Stinson LLP, National Conference of State Legislatures

Sources