AI Regulation Seems to be on an "Ex Ante" Track, Not Ex Post Facto

The current rush to regulate AI appears to differ from prior efforts to regulate computing technology and especially the internet. 

As always is the case, regulators seek to balance consumer protection and innovation. With regard to the internet, however, regulators took a “wait and see” approach. This ex post facto approach allowed the internet to develop, with regulation happening only when issues were deemed to have arisen. 

Most major internet regulations took a decade to a few decades to develop.

Regulation	Date Passed	Years After Internet Commercialization
Communications Decency Act (CDA)	1996	10 years
Children's Online Privacy Protection Act (COPPA)	1998	12 years
Digital Millennium Copyright Act (DMCA)	1998	12 years
CAN-SPAM Act	2003	17 years
Do Not Track (DNT)	2011	25 years
General Data Protection Regulation (GDPR)	2016	30 years
California Consumer Privacy Act (CCPA)	2018	32 years

AI seems to be drawing scrutiny quite early in its development. Already, issues such as misinformation, malware and cybercrime have been raised about AI use. 

Issue	Earlier form of internet or computing governance	AI governance/regulation
Privacy	The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to protect the privacy of their customers' financial information.	AI systems can collect, store, and process vast amounts of personal data, which raises concerns about privacy.
Misuse	The Digital Millennium Copyright Act (DMCA) prohibits the circumvention of digital rights management (DRM) technologies.	AI systems can be used to create deep fakes and other forms of synthetic media, which could be used for malicious purposes.
Privacy and security	General Data Protection Regulation, California Consumer Privacy Act	These regulations were developed to protect user privacy and security on the internet.
Loss of control	ICANN	This organization is responsible for overseeing the global DNS.

Many observers would suggest there is a much-higher level of unease about AI, compared to the internet, which might raise the specter of ex ante regulation that inadvertently slows development, which might be precisely what its backers want. 

Ex ante regulation is regulation that takes place before an event or activity occurs. It is designed to prevent problems from happening in the first place. 

Others might caution that ex post facto has traditionally been the case for internet regulation. 

Ex post facto regulation is regulation that takes place after an event or activity has already occurred. It is designed to punish or compensate for harm that has already been done.

One might say the difference in approach comes from fears that the harm or damage is too potentially too great to rely on ex post facto regulation.