Chapter 13 Quiz: Governing AI — Policy, Regulation, and Global Approaches

Multiple Choice

1. The "pacing problem" in AI governance refers to:

a) The difficulty of making AI systems run faster b) The tendency of regulators to work too quickly, passing laws before they understand the technology c) The structural challenge that technology evolves faster than the regulations designed to govern it d) The problem of AI systems making decisions too quickly for humans to oversee

2. Under the EU AI Act's risk-based framework, which of the following would be classified as "unacceptable risk" (banned)?

a) An AI system that recommends movies based on viewing history b) A government social scoring system that ranks citizens based on their behavior c) An AI chatbot used for customer service d) An AI system that predicts equipment maintenance needs in a factory

3. The EU AI Act requires "conformity assessments" for high-risk AI systems. What does this mean?

a) AI systems must be approved by a panel of consumers before deployment b) Providers must demonstrate that their AI systems meet the regulation's requirements for safety, transparency, and human oversight before placing them on the market c) All AI systems must use the same technical architecture to ensure consistency d) AI developers must conform to a single programming language

4. How does the U.S. approach to AI governance differ from the EU approach?

a) The U.S. has stricter regulations than the EU across all sectors b) The U.S. has no AI governance activity at any level of government c) The U.S. relies primarily on existing sector-specific laws and voluntary frameworks rather than comprehensive AI-specific legislation d) The U.S. and EU approaches are essentially identical

5. "Regulatory capture" in the context of AI governance refers to:

a) The government seizing control of AI companies b) A situation where the regulated industry gains undue influence over regulators, shaping rules to serve industry interests rather than public interests c) When AI systems capture and store regulatory documents d) When regulations become so strict that they capture all innovation

6. Which of the following best describes China's approach to AI governance?

a) Minimal regulation to maximize innovation b) Comprehensive rights-based regulation similar to the EU AI Act c) A combination of aggressive AI promotion as a national priority with targeted regulation of specific applications that threaten social stability d) Complete government control of all AI research and development

7. What is the main limitation of industry self-regulation as an AI governance mechanism?

a) Companies do not have the technical expertise to regulate AI b) Self-regulation is always more expensive than government regulation c) Voluntary commitments lack binding enforcement mechanisms, face structural conflicts of interest, and can be abandoned at will d) Self-regulation always leads to stricter rules than government regulation

8. An "algorithmic impact assessment" is:

a) A measure of how fast an algorithm runs b) A structured evaluation of an AI system's potential effects on individuals and communities, conducted before deployment c) A financial analysis of the cost of developing an AI system d) A survey asking users whether they like an algorithm

9. The chapter describes the "definition problem" in AI governance. Why is defining "AI" difficult for regulators?

a) Because there is only one type of AI, making additional definitions unnecessary b) Because a narrow definition misses systems that can cause harm, while a broad definition may sweep in simple software tools, creating disproportionate regulatory burdens c) Because AI does not actually exist d) Because all software programs are equally intelligent

10. Under the EU AI Act, "general-purpose AI models" (like GPT-4 or Claude) are required to:

a) Be banned from commercial use b) Provide training data transparency and comply with copyright law, with additional obligations for models posing "systemic risk" c) Only operate within the European Union d) Be retrained using only European data


Short Answer

11. The chapter discusses three "pillars" of the U.S. approach to AI governance. Identify and briefly describe each pillar, and explain one gap or limitation of this approach.

12. Explain why the chapter argues that AI governance is "not just a technical or legal question" but "a question of values." Provide one specific example of how different values lead to different governance approaches.

13. What is the difference between "hard law" (like the EU AI Act) and "soft law" (like industry ethical principles)? In your view, which is more important for effective AI governance, and why?


Critical Thinking

14. A startup develops an AI system that analyzes job applicants' social media profiles to assess their "cultural fit" for a company. The system is deployed in multiple countries. Using what you learned in this chapter, analyze: - How would this system be classified under the EU AI Act? - What U.S. regulations, if any, might apply? - What governance mechanisms would you recommend to ensure the system is used fairly and transparently? - What are the most significant risks of this system, and how should they be addressed?

15. A group of major AI companies announces a voluntary "AI Safety Compact" with commitments to safety testing, bias auditing, and transparency reporting. A civil liberties organization responds that voluntary commitments are "PR exercises that substitute for real regulation." Evaluate both positions. Under what conditions might voluntary commitments be effective? Under what conditions are they likely to fail? What would a complementary approach — combining voluntary and mandatory elements — look like?


Answer Key

  1. c — The pacing problem is the structural challenge that technology evolves faster than the regulations designed to govern it. By the time a regulation is drafted, debated, and implemented, the technology may have changed dramatically.

  2. b — Government social scoring systems are classified as unacceptable risk and banned under the EU AI Act. These are systems that assign citizens scores based on behavior patterns, used to determine access to services or privileges.

  3. b — Conformity assessments require providers of high-risk AI systems to demonstrate compliance with the regulation's requirements for risk management, data quality, transparency, human oversight, accuracy, and cybersecurity before placing them on the market.

  4. c — The U.S. relies primarily on existing sector-specific laws (FTC for consumer protection, EEOC for employment discrimination, FDA for medical devices) and voluntary frameworks, rather than comprehensive AI-specific legislation like the EU AI Act.

  5. b — Regulatory capture occurs when the regulated industry gains undue influence over the regulators, shaping rules to serve industry interests. This is a particular risk in AI governance because of the knowledge gap between industry and regulators.

  6. c — China combines aggressive AI promotion (the "New Generation AI Development Plan" aims for global leadership by 2030) with targeted regulation of specific applications — particularly algorithmic recommendations, deepfakes, and generative AI — that could threaten social stability or state authority.

  7. c — The main limitation is that voluntary commitments lack binding enforcement mechanisms. Additionally, companies face structural conflicts of interest (the practices that need restricting are often the most profitable) and can abandon their commitments at will, as demonstrated by cases where companies have overridden internal ethics commitments.

  8. b — An algorithmic impact assessment is a structured evaluation of an AI system's potential effects — examining what decisions it makes, what data it uses, who is affected, what harms could result, and what safeguards are in place — conducted before the system is deployed.

  9. b — A narrow definition of AI (e.g., only deep learning systems) misses simpler automated systems that can still cause significant harm. A broad definition (any system that processes data and makes decisions) could sweep in everything from spreadsheets to spam filters, creating regulatory obligations disproportionate to the risks.

  10. b — General-purpose AI models must provide training data summaries, comply with copyright law, and provide technical documentation. Models posing "systemic risk" face additional obligations including adversarial testing, incident monitoring, and cybersecurity requirements.

  11. Sample answer: The three pillars are: (1) Existing laws applied to AI — federal agencies like the FTC, EEOC, and FDA use existing regulatory authority to address AI issues within their domains; (2) Executive orders and guidance — presidential directives that establish principles and direct agencies to develop standards, though these can be rescinded by subsequent presidents; (3) State-level regulation — states like California (CCPA), Colorado (AI discrimination law), and Illinois (BIPA) pass their own laws. A key limitation is the resulting patchwork: different rules in different states, significant gaps where no agency has clear authority, and inconsistent protection depending on where you live or what sector the AI operates in.

  12. Sample answer: Different societies prioritize different values, which leads to fundamentally different governance approaches. For example, the EU prioritizes individual rights and safety (hence the comprehensive, rights-based AI Act with its focus on protecting fundamental rights). The U.S. prioritizes innovation and market competition (hence the lighter-touch approach that avoids potentially burdensome regulation). China prioritizes social stability and state authority (hence regulations targeting AI applications that could undermine government narratives). The same AI system — a content moderation algorithm — would face very different rules under each approach, reflecting these underlying value differences.

  13. Sample answer: "Hard law" refers to legally binding regulations with enforcement mechanisms and penalties for violations (like the EU AI Act or the GDPR). "Soft law" refers to non-binding guidelines, principles, and voluntary commitments (like corporate AI ethics principles or industry codes of conduct). Hard law is more important because it applies to all actors, includes enforcement, and cannot be abandoned when inconvenient. However, soft law has value as a complement — industry-developed technical standards can inform hard law, and ethical principles can guide behavior in areas not yet covered by legislation. The most effective approach combines both: hard law for the floor of acceptable behavior, soft law for aspirational standards above that floor.

  14. Sample answer should address: EU AI Act classification — AI in hiring is "high risk," requiring risk management, data quality, transparency, human oversight, and conformity assessment; social media analysis for hiring raises additional concerns about using data from a non-employment context. U.S. regulations — EEOC anti-discrimination law applies if the system has disparate impact on protected groups; some states (Illinois BIPA, NYC Local Law 144) have specific requirements. Recommended governance — mandatory bias audits before deployment, transparency to applicants that AI is being used, right to human review, restrictions on inferring protected characteristics from social media data. Key risks — inferring protected characteristics (race, religion, disability, pregnancy) from social media, reinforcing cultural biases about "fit," penalizing applicants for exercising free speech rights.

  15. Sample answer should address both positions: Voluntary commitments can be effective when there is strong market pressure (customers demanding responsible AI), when commitments include specific, measurable obligations (not just vague principles), and when there is meaningful external oversight (independent auditors, public reporting). They are likely to fail when compliance is costly and competitors do not comply, when the company faces financial pressure to cut corners, and when there is no external accountability. A complementary approach might include: government sets minimum legal requirements (hard floor), industry develops technical standards for implementation (how to comply), independent auditors verify compliance (external oversight), and civil society monitors outcomes (public accountability). The key insight is that voluntary commitments work best when they are layered on top of — not instead of — legally binding obligations.