Chapter 28 Exercises: AI Regulation --- Global Landscape

Section A: Recall and Comprehension

Exercise 28.1 Define the following terms in your own words, using no more than two sentences each: (a) negative externality as applied to AI, (b) high-risk AI system under the EU AI Act, (c) general-purpose AI model (GPAI), (d) conformity assessment, (e) regulatory sandbox.

Exercise 28.2 List the four risk tiers of the EU AI Act. For each tier, provide one specific example of an AI system that would fall into that category and describe the regulatory requirements that apply.

Exercise 28.3 Identify three arguments in favor of AI regulation and three arguments against comprehensive AI regulation. For each argument, provide one piece of supporting evidence or a real-world example from the chapter.

Exercise 28.4 Compare the regulatory approaches of the EU, the US, and China across the following dimensions: (a) framework type (comprehensive, sectoral, application-specific), (b) primary regulatory objective, (c) enforcement mechanisms, and (d) approach to general-purpose AI models.

Exercise 28.5 Describe the UK's "pro-innovation" approach to AI regulation. List the five cross-cutting principles and identify one strength and one weakness of the principles-based approach compared to the EU's prescriptive approach.

Exercise 28.6 Explain why the US lacks comprehensive federal AI legislation as of early 2026. Identify at least three specific factors that have contributed to the legislative gridlock.

Exercise 28.7 What is the NIST AI Risk Management Framework? Describe its four core functions (Govern, Map, Measure, Manage) and explain why it has become influential despite being voluntary.

Section B: Application

Exercise 28.8: Risk Classification Exercise You are the AI product manager at a mid-sized insurance company. Your company uses the following AI systems. Classify each under the EU AI Act's four risk tiers and justify your classification: - (a) An AI system that prices auto insurance premiums based on driving behavior data from telematics devices - (b) A chatbot that answers policyholder questions about coverage and claims procedures - (c) An AI system that detects potentially fraudulent insurance claims by analyzing claim text, images, and historical patterns - (d) An AI system that determines which claims adjusters are assigned to which cases based on workload and expertise - (e) An internal email summarization tool that helps employees process large volumes of correspondence

For each system classified as high-risk, list the specific requirements the company would need to meet.

Exercise 28.9: Multi-Jurisdictional Compliance Mapping A UK-based fintech company is expanding into the EU (Germany and France), the US (New York and California), and Singapore. The company's primary AI product is a credit scoring model that uses alternative data (social media activity, mobile phone usage patterns, and transaction data) to assess creditworthiness for individuals underserved by traditional credit scoring.

  • (a) Classify this AI system under the EU AI Act, identify relevant US regulations (federal and state), and describe the UK regulatory framework that applies.
  • (b) Identify the three most significant compliance challenges the company will face in operating across all four jurisdictions.
  • (c) Propose a compliance strategy that allows the company to serve all four markets efficiently.
  • (d) Estimate relative compliance costs (not absolute numbers, but which components will be most expensive and why).

Exercise 28.10: NYC Local Law 144 Compliance Your company, a large retailer headquartered in New York City, uses an AI system to screen resumes for all open positions. Under NYC Local Law 144: - (a) What specific obligations does your company have? - (b) What must the independent bias audit cover? - (c) Where and how must audit results be published? - (d) What notice must be provided to candidates? - (e) Your CEO asks: "Can't we just stop using the AI for NYC positions and screen those manually?" Evaluate this suggestion. What are the business implications?

Exercise 28.11: Compliance Cost-Benefit Analysis Using Athena Retail Group's compliance cost estimates from the chapter ($800K Year 1, $200K-$300K ongoing) as a reference point, construct a cost-benefit analysis for a different company:

Scenario: A SaaS company with $50 million in annual revenue uses AI for three functions: (1) lead scoring for sales teams, (2) automated customer support chatbot, and (3) an AI-powered feature that generates marketing copy for customers. The company serves customers in the US, UK, and EU.

  • (a) Classify each AI system under the EU AI Act risk framework.
  • (b) Estimate the compliance costs as a percentage of revenue, using Athena's per-system costs as a guide.
  • (c) Identify at least three potential benefits of compliance beyond avoiding penalties.
  • (d) Make a recommendation to the CEO: invest in full compliance now, take a phased approach, or accept the risk of non-compliance? Justify your recommendation.

Exercise 28.12: Regulatory Navigation Framework Apply Lena Park's six-step Regulatory Navigation Framework to one of the following scenarios: - (a) A US-based healthcare AI company planning to launch a diagnostic imaging tool in the EU and Japan - (b) A Chinese social media company expanding its recommendation algorithm to the EU market - (c) A European autonomous vehicle company planning to operate in the US, UK, and Singapore - (d) A Canadian startup developing an AI-powered hiring platform for global enterprises

For your chosen scenario, work through all six steps: map exposure, classify systems, identify the highest standard, build compliance into development, establish a monitoring function, and plan for constructive regulatory engagement.

Section C: Analysis and Evaluation

Exercise 28.13: The Innovation Debate Write a 500-word position paper on the following question: "Does the EU AI Act help or harm European AI innovation?" Your paper should: - (a) Present at least two arguments on each side, supported by evidence from the chapter and your own research - (b) Distinguish between short-term costs and long-term competitive effects - (c) Consider the impact on different types of companies (startups, SMEs, large enterprises, foreign companies entering the EU market) - (d) Take a clear position and defend it - (e) Identify one specific provision of the EU AI Act that you would change to improve the balance between innovation and protection, and explain why

Exercise 28.14: Regulatory Capture Analysis The chapter mentions the risk of "regulatory capture" --- the phenomenon where large companies welcome regulation because it creates barriers for competitors.

  • (a) Identify two specific provisions of the EU AI Act that could disproportionately benefit large, well-resourced companies over startups.
  • (b) What mechanisms does the EU AI Act include to mitigate the risk of regulatory capture? Are they sufficient?
  • (c) The Act includes provisions for SME-friendly regulatory sandboxes and proportionate compliance requirements. Evaluate whether these provisions adequately address the competitive balance concern.
  • (d) Can you identify any historical examples from other industries (pharmaceuticals, financial services, telecommunications) where regulation created barriers that entrenched incumbents? What lessons do those examples offer for AI regulation?

Exercise 28.15: China's Approach --- Analysis China's AI regulations require that generative AI output reflect "socialist core values" and require pre-launch content review for public-facing services.

  • (a) How do these requirements differ fundamentally from EU and US approaches to AI content regulation?
  • (b) What are the implications for multinational AI companies that want to operate in both China and Western markets?
  • (c) Is it possible for a single AI model to comply with both Chinese content requirements and EU/US standards for freedom of expression? What technical and organizational approaches might companies take?
  • (d) Some critics argue that China's approach is simply authoritarian censorship wrapped in regulatory language. Others argue that every jurisdiction regulates content in some way and that China's approach is a matter of degree, not kind. Evaluate both perspectives.

Exercise 28.16: Designing a National AI Framework You have been appointed to a task force advising a mid-sized country (population 30 million, GDP comparable to Chile or Romania, growing but not frontier AI industry, strong rule of law, democratic governance) on its AI regulatory strategy.

  • (a) Which existing regulatory model (EU, US, UK, Singapore, or a hybrid) would you recommend as a starting point? Why?
  • (b) What modifications would you make to adapt the chosen model to a country with limited regulatory capacity and a developing AI ecosystem?
  • (c) How would you balance the desire to attract AI investment with the need to protect citizens' rights?
  • (d) Propose five specific regulatory provisions, explaining the rationale for each.
  • (e) How would you address the challenge of enforcing AI regulation with limited technical expertise in the regulatory agency?

Exercise 28.17: Self-Regulation Audit Select one of the voluntary AI commitments described in the chapter (White House Voluntary Commitments, Frontier Model Forum, or Partnership on AI).

  • (a) Research the current status of the commitment. Have the participating companies followed through on their pledges? Cite specific evidence.
  • (b) Identify one specific commitment that has been demonstrably fulfilled and one that has not been adequately addressed.
  • (c) Propose three mechanisms that could strengthen the commitment's effectiveness without converting it into binding regulation.
  • (d) Write a one-paragraph assessment: on a scale from "pure PR" to "meaningful governance," where does this initiative fall? Justify your assessment.

Section D: Athena Integration

Exercise 28.18: Athena's Regulatory Roadmap Based on the compliance analysis in the chapter, create a 12-month regulatory compliance roadmap for Athena Retail Group. Your roadmap should: - (a) Prioritize the four AI systems (churn model, recommendation engine, chatbot, HR screening model) by regulatory urgency - (b) Identify specific milestones for each quarter (Q1-Q4) - (c) Assign estimated costs to each milestone - (d) Identify dependencies between tasks (e.g., documentation must be completed before conformity assessment) - (e) Include a risk register: what could go wrong, and what are the contingency plans?

Exercise 28.19: Compliance as Competitive Advantage Ravi argues that compliance is a "competitive moat." NK is skeptical.

  • (a) Construct Ravi's argument in detail. What specific competitive advantages does early compliance create?
  • (b) Construct NK's counterargument. Under what conditions could early compliance be a competitive disadvantage?
  • (c) Identify three specific scenarios where Athena's compliance investment would pay for itself.
  • (d) Identify one scenario where a competitor's decision to not invest in compliance could be strategically rational.
  • (e) Write a one-page memo from Ravi to Athena's CEO making the business case for the $800K compliance investment.

Exercise 28.20: Future-Proofing Athena The AI regulatory landscape is evolving rapidly. Identify three regulatory developments that could occur within the next 18 months that would significantly affect Athena's compliance strategy. For each: - (a) Describe the potential development and its probability - (b) Assess the impact on Athena's existing compliance program - (c) Propose a specific preparatory action Athena could take now to reduce the cost of compliance if the development occurs

Exercises 28.8, 28.9, and 28.12 are recommended for group work. Exercise 28.16 is suitable for a written assignment (1,500-2,000 words). Exercises 28.18 and 28.19 connect directly to the Athena case and should be completed before Chapter 30.