The age of self-policing in AI is ending. Around the world, governments are beginning to insist that the most powerful models face scrutiny before they reach the public.
From voluntary promises to formal gatekeeping
For the past few years, frontier AI companies largely set their own safety standards. They published framework documents, described red-team exercises, and promised to test systems before broad deployment. That approach was never entirely lawless, but it was mostly voluntary, uneven, and shaped by the labs themselves. Now regulators are starting to replace that informal model with something closer to a pre-release checkpoint.
The clearest example is the European Union’s AI Act, which has moved beyond broad principle and into concrete compliance. According to the European Commission, obligations for general-purpose AI models became applicable on August 2, 2025, while the bloc’s enforcement powers over those obligations begin on August 2, 2026. Providers of the most powerful general-purpose models, especially those considered to create systemic risk, must notify authorities, perform risk assessment and mitigation, report serious incidents, and maintain cybersecurity protections. The Commission has also set up a formal submission process through its EU SEND platform for documents tied to these obligations.
That is not exactly the same as a regulator sitting in a lab and signing off on every launch. But functionally, it marks a profound shift. Companies are being told that evaluation evidence, technical documentation, and risk controls cannot remain internal artifacts. They must be prepared for official review, and in some cases they must be submitted to authorities before or as models are placed on the market.
This change did not appear overnight. The 2023 Bletchley Declaration, signed by major AI powers, established a shared international view that frontier AI developers have a special responsibility to test advanced systems and manage serious risks. By the 2024 Seoul AI Summit, governments were no longer speaking only in general terms about safety. They were building the diplomatic and institutional scaffolding for a world in which powerful models would be evaluated against recognized standards, not just company blog posts.
What “testing before release” actually means in practice
The phrase sounds simple, but pre-release testing in AI is much broader than checking whether a chatbot behaves politely. For advanced general-purpose models, regulators and safety institutes are interested in whether a system could enable cyberattacks, lower barriers to chemical or biological misuse, evade safeguards, leak dangerous capabilities to downstream users, or behave unpredictably when given autonomy. In other words, the core issue is not only bias or accuracy. It is whether a model can create large-scale, hard-to-control harm.
That is why modern testing increasingly blends several methods. One layer is internal evaluation, where the developer measures capabilities and known failure modes. Another is red teaming, in which expert testers probe for weaknesses and try to break safeguards. A third is independent assessment by outside specialists, sometimes including government-backed institutes. OpenAI has said its frontier testing process includes rigorous internal safety work, external red teaming, and collaborations with third-party testing organizations as well as the U.S. AI Safety Institute and the UK AI Safety Institute. Anthropic has similarly said its models have undergone pre-deployment testing by both the U.S. and UK safety institutes under voluntary arrangements.
These details matter because they show what governments are trying to institutionalize. A modern pre-release review is less like a single exam and more like a dossier. Regulators want documentation of evaluation methods, evidence of risk thresholds, records of mitigation steps, and proof that security protections around the model and its weights are strong enough. Under the EU system, technical documentation and evaluation-related information are part of what providers must be prepared to furnish, especially when a model falls into the systemic-risk category.
The practical effect is to slow down the old “ship first, patch later” mentality. Labs can still iterate quickly, but the biggest releases now carry a growing expectation that they will be benchmarked, stress-tested, and documented in advance. That may frustrate companies racing each other for market share. Yet it also reflects an uncomfortable truth: once a highly capable model is widely accessible, the chance to prevent foreseeable misuse may already be gone.
Why governments believe self-regulation is no longer enough
Regulators did not arrive at this point simply because AI became popular. They arrived here because frontier systems are becoming more capable, more widely integrated, and harder for outsiders to evaluate after the fact. When a model is embedded in search, software development, customer service, research workflows, and defense-adjacent environments, a failure is no longer a niche product bug. It can cascade through institutions, markets, and public systems.
There is also a credibility problem with relying on company assurances alone. AI labs have real incentives to be careful, but they also have strong incentives to launch early, impress investors, and claim leadership. Those incentives do not automatically align with public risk management. Even firms that take safety seriously can miss blind spots, underestimate emergent behavior, or define “acceptable risk” in ways that outsiders would reject. Independent testing is meant to reduce that conflict of interest, not because every company is reckless, but because no company should be the sole judge of its own most consequential products.
This thinking is visible in the language of current policy. The European Commission describes additional obligations for general-purpose AI models with systemic risk that include risk assessment, mitigation, incident reporting, and cybersecurity. That framework treats advanced models less like ordinary software and more like high-impact infrastructure. South Korea’s AI Basic Act, which took effect on January 22, 2026, reflects a similar push to create a national structure for trusted AI use, even though some transparency provisions are being phased in gradually to limit disruption.
The politics behind this are equally important. In the United States, attempts to create hard legal requirements for frontier models have been more fragmented. California’s high-profile SB 1047 would have imposed major safety obligations on large model developers, but Governor Gavin Newsom vetoed it in September 2024, arguing that the bill did not yet strike the right balance. Even so, the veto did not signal laissez-faire confidence. Newsom simultaneously announced new state initiatives focused on responsible AI, showing that the debate had shifted from whether oversight is needed to what form it should take.
Governments, in short, are reacting to a technology that is beginning to look strategically important and systemically risky at the same time. That combination almost always produces regulation.
The global divide over how hard the rules should be
Not every government is pursuing the same model of control. Europe has embraced a relatively formal, documentation-heavy framework with defined obligations, phased timelines, and penalties. That approach is designed to create legal clarity across a large internal market. It also reflects a European regulatory tradition that prefers ex ante safeguards, especially for technologies that can affect rights, security, and competition.
Elsewhere, the picture is more fluid. The United States still relies heavily on a patchwork of voluntary commitments, sector-specific rules, procurement pressure, and agency guidance. The White House’s 2023 voluntary commitments from major labs emphasized red teaming, cybersecurity, and government engagement, but they stopped short of a uniform mandatory pre-clearance regime. In practice, that means American frontier labs often face strong political pressure to test models before release without always facing the same kind of formal, universal legal checkpoint seen in the EU.
That difference creates real strategic tension. If one jurisdiction imposes heavy compliance burdens while another allows faster launches, companies may argue that strict rules will slow domestic innovation and push development elsewhere. On the other hand, governments worry that weak oversight creates a race to the bottom, where labs cut corners to avoid losing ground. This is one reason international summits have focused so heavily on alignment around frontier testing principles. Leaders increasingly understand that fragmented safety expectations can become a competitive liability as well as a regulatory one.
There is also a technical problem beneath the political disagreement: nobody has fully solved how to measure frontier risk. Evaluations are improving quickly, but they are still incomplete. Anthropic has said that pre-deployment testing should be complemented by deeper work on emerging risks, while OpenAI has expanded its use of external assessments and says it publishes preparedness findings with frontier model releases. Governments can require testing, but they cannot magically make the science of testing settled.
That means the current moment is less about a finalized global rulebook than about a new default assumption. The assumption is that sufficiently powerful models should not move from training run to public deployment based only on internal confidence. Different countries will operationalize that principle differently. But the direction of travel is unmistakable.
What this means for AI companies, consumers, and the next wave of innovation
For AI companies, mandatory or quasi-mandatory testing changes the product cycle. Safety work becomes a release requirement rather than a reputational add-on. Legal teams, policy teams, security engineers, and evaluators gain influence alongside model researchers and product managers. Documentation quality starts to matter more. So does the ability to explain not just what a model can do, but what its developers have done to understand and constrain its risks.
This will raise costs, especially for smaller firms trying to compete at the frontier. Large labs are better positioned to fund red teams, external audits, secure model-weight handling, and regulator-facing compliance operations. That may entrench incumbent players unless governments create proportionate rules or shared testing infrastructure. At the same time, the alternative is not truly cheap innovation. It is shifting the cost of failure onto the public after deployment, which is exactly what regulators are trying to avoid.
For consumers and business users, the upside is more subtle than dramatic. Pre-release testing does not guarantee that a model will be truthful, harmless, or free of abuse. But it does increase the chance that severe, foreseeable risks are identified before millions of people depend on the system. It also creates a paper trail. When incidents happen, regulators can ask what the company knew, what it tested, and what it chose to release anyway. That accountability may prove as important as the tests themselves.
The broader innovation question is whether this new regime will chill progress or mature it. History suggests both forces can operate at once. Regulation can slow reckless deployment while also making adoption more durable by building public trust. In AI, that tradeoff is now becoming unavoidable. The frontier is no longer a private lab matter. It is a public governance issue.
That is the real meaning of governments requiring testing before release. They are not merely asking for more paperwork. They are asserting that the most powerful AI systems are important enough, risky enough, and socially embedded enough to justify scrutiny before the fact. For an industry built on rapid iteration, that is a cultural turning point as much as a regulatory one.