Congress Cannot Wait for Other Legislatures To Lead on AI

Congress can rein in Big Tech, and specifically address one of our biggest threats, Artificial Intelligence (AI). 

The time has come to do something about it. In the rapidly evolving landscape of technology regulation, a familiar pattern emerges. This pattern of regulatory development—federal hesitation, international action, and state-level response—has become a predictable cycle in technology governance.

The scenario typically unfolds in four distinct phases. First, the federal government identifies issues with the technology sector, often centered in California's innovation hubs. Second, despite numerous hearings and discussions, federal legislation stalls in congressional committees and subcommittees. Third, international bodies—particularly the European Union and United Kingdom—move forward with comprehensive regulatory frameworks. Finally, stymied  by federal inaction, states like California step in with their own legislation to protect citizens and provide regulatory clarity for businesses. This pattern of regulatory development—federal hesitation, international action, and state-level response—has become a predictable cycle in technology governance.

Anyone in Congress can tell you - we’ve seen it over decades - with net neutrality (SB-822); with social media; with data protection/privacy (GDPR; CCPA); with competition policy with the Digital Markets Act.

This cycle has played out repeatedly with digital technologies. AI regulation appears to be following the same trajectory. 

Net Neutrality: California Takes the Lead - A Case Study

When the FCC repealed federal net neutrality protections in 2018, California responded decisively. The California Internet Consumer Protection and Net Neutrality Act (SB-822) established the nation's strongest net neutrality protections, prohibiting internet service providers from blocking content, throttling speeds, or creating paid fast lanes.

Despite facing immediate legal challenges from telecommunications companies and the federal government, California successfully defended its law. In 2021, after a federal judge upheld the state's authority to implement these protections, California became the de facto national standard-setter for net neutrality.

Consumer Privacy: From GDPR to CPPA

The European Union's General Data Protection Regulation (GDPR), implemented in 2018, revolutionized data privacy globally. While Congress held hearings and debated federal privacy legislation, California again filled the regulatory void with the California Consumer Privacy Act (CCPA) in 2018, later strengthened by the California Privacy Rights Act (CPRA).

The CCPA gives Californians the right to know what personal information is being collected about them, the right to delete that information, the right to opt-out of the sale of their personal information, and protection against discrimination for exercising these rights. The creation of the California Privacy Protection Agency (CPPA) established the first dedicated privacy regulatory body in the United States, further cementing California's leadership role.

AI Regulation: History Repeating?

We’ve heard this story before. Europe acts, the US federal government dithers, and California copies Europe.

The European Union has introduced its AI Act. The United Kingdom has published its AI regulatory framework. California State Senator Scott Weiner has resurrected his AI safety bill which passed last session (before being vetoed by Governor Newsom). And, yet again, where is Congress?

This is both a political and practical problem because it's an abdication of their elected duties, and ultimately leaves the state laws to fill in regulatory gaps (the so-called “patchwork” that companies like to complain about). And it suits the regulatees fine when Congress drags its heels, because they know that when they do get Congress to act, they’ll be able to negotiate weaker laws.

It’s true, after much studying, the U.S. Congress has written and introduced myriad bills incorporating many of the items we are concerned about. However, these remedies often come in the final hours, and Congress can’t reach a consensus on moving the ball. In total, we’ve simply writte two reports that we have no political will upon which to act.

We’re throwing away our shot! 

It’s time to break that cycle. The Center for AI Policy (CAIP) is working with our friends in Congress to rally support behind meaningful reforms and legislation. There are some pretty simple initiatives we can bipartisanly usher through. Safety preparedness, cybersecurity, and whistleblower protections, are at the top of the list (see, e.g., CAIP’s 2025 Action Plan). 

Now is the time to act, and CAIP is here ready, willing, and able to work with Congress to enact meaningful safety and security measures. We can’t allow Congress to ignore this issue and leave California and its state cohorts to do heavy lifting while Congress rest on their laurels, yet again.