Flimsy and corrupt authoritarian populism is dedicated to pretending that the oligarchs and autocrats really care about the people. One way Trumpism has done this is by pretending they actually care about reining in corporate power. That’s included an elaborate, multi-year performance about how MAGA Republicans were going to curb abuses by “big tech” and bring back meaningful antitrust reform.
“Netflix’s years-long bait-and-switch has led the company right to where it promised never to be: addicting children and families to its platform, mining those users for data, and then converting that data into lucrative intelligence for global advertising juggernauts.”
Granted Netflix is not unique here. In a country too corrupt to pass meaningful privacy laws (because MAGA Republicans just like Ken routinely work to kill them), nearly every company you interact with on a daily basis now monetizes your every movement and online choices, “anonymizes” it (a meaningless term), sells access to dodgy international data brokers, then repeatedly lies about it.
They do this because Republicans, corporate lobbyists, and many “centrist” Democrats have, quite unsubtly, worked tirelessly to dismantle corporate oversight and regulatory autonomy. Most companies have been eager to take advantage, including Netflix CEO Reed Hastings, who, like countless other CEOs, used to at least pay empty lip service to never tracking or monetizing consumer data.
Paxton’s lawsuit insists Netflix has built a vast surveillance economy that includes peoples’ kids viewing habits, violating Texas consumer protection law:
“Netflix built this surveillance machinery to scrutinize how users and their children behave—what they click, how long they linger, what they avoid, when they pause, what draws them in, what they replay or skip, where they are, what devices they use, what other devices are in their home, what other apps they interact with, and much more. Each action is a data point revealing something about the user. This is not simply about deciding what show to queue up next.It is about learning who the users and their children are.”
Again: almost every single company you interact with does this now. Many in ways that are far worse than Netflix (see: the entire unregulated data broker economy). Paxton knows this. So why single out Netflix? And why now?
These sorts of lawsuits take a while to build momentum, so I suspect Paxton’s inquiry began during the mad conspiratorial heat of MAGA’s Netflix breakdown earlier this year, and is only culminating now. And I suspect Paxton will be eager to share any juicy and harmful tidbits found during trial prep to help frame the company (which in reality has been pretty amicable toward Republicans and trans bashing comedians) as a useful “woke” culture war prop.
That’s not to say Netflix doesn’t do anything wrong and isn’t (like every tech company) abysmal on surveillance and privacy, but it is to say that authoritarians don’t actually care about the public interest. And they certainly don’t actually care about mass commercialized surveillance, given they’ve played a starring role in cementing it and eliminating all accountability for it.
The American public’s broad and growing hatred of corporations and the extraction class has long been a fertile recruitment playground for autocratic zealots like Trump and Paxton, who love to put on adorable little stage plays where they pretend to be “reining in corporate power” and “embracing meaningful antitrust reform.” But it’s uniformly a performance always driven by ulterior motives.
If guys like Trump and Paxton actually cared about consumer privacy, they’d openly and loudly support a national privacy law that holds all companies (and executives, personally) accountable for privacy and security failures when it comes to consumer data. If they cared about consumer privacy, they’d relentlessly target data brokers that sell oceans of consumer data to any nitwit with a nickel (including foreign intelligence). They’d fund and staff U.S. regulators tasked with policing privacy abuses.
They don’t do that because that might impact them and their friends financially, and disrupt the U.S. government’s ability to spy on Americans without a warrant. So instead you get these highly selective and flimsy populist performances that single out administration “enemies” for failing to adequately bend the knee, while tricking rubes into thinking they’re being tough on corporate power.
A key takeaway of the Trump II admin is that they came in declaring a whole bunch of things to be stupid and worth ripping apart, only to later realize how important and structurally necessary those things were, and then rush to recreate them in a much sloppier, worse version. Now they’re doing it with AI policy.
As you may recall, under Biden, there was a push to get the frontier AI model companies to agree to do some voluntary testing in association with the government, to make sure that at least someone was looking over how some of the most powerful models might do bad things. Eventually, the administration worked out an agreement with OpenAI and Anthropic to give the newly established U.S. Artificial Intelligence Safety Institute (USAISI) (a part of NIST) early access to frontier models for some basic standardized testing. You can see an example of the testing results on Anthropic’s Claude Sonnet 3.5 released a few months after that model was already on the market.
Not really a huge deal, but there was some grumbling and concerns among some that the U.S. government really shouldn’t be in the business of reviewing AI models. But some folks completely lost their minds about this. Notably, some of the top VCs in Silicon Valley, such as Marc Andreessen and Ben Horowitz. Andreessen suggested that the Biden approach to regulating AI (which, again, was incredibly light touch and the product of many, many months of negotiations between AI supporters and skeptics) “would impose tyranny far beyond anything even imagined by the Communists and Fascists of the 20th Century.”
Around that time, both Andressen and Horowitz went all in for Donald Trump, citing Biden’s supposedly awful approach to AI (and cryptocurrency) as a key reason. To this day, if you hear either of them talk about this (as they seem to do on every podcast they can join), they repeatedly make extreme claims about how the Biden administration was out to destroy American AI innovation and (phew!) only Donald Trump has brought back sane policies.
Indeed, one of Trump’s first orders of business on Day 1 was to revoke Biden’s policy on AI safety reviews.
However, as we’ve been chronicling, it’s not as if the Trump administration has had any real coherent policy plan on AI. He sure claimed to have a plan, but much of it seemed to actually be focused on culture war bullshit about stopping “woke” AI from existing (which sure sounds like a suppression of speech, but alas). And then, when Pete Hegseth’s lackeys started throwing a shit fit that Anthropic wouldn’t let them use its tools to do mass surveillance on Americans, the admin declared Anthropic woke, and sought to destroy the company.
As we keep warning, the tech bros and VCs who embraced Trump’s version of MAGA fascism in the belief that through him they’d get the regulatory utopia they were hoping for were so obviously going to have the rug pulled out from under them.
And now we’re at that time for the latest rug pull. According to the NY Times, the Trump administration is planning to demand that they get to pre-vet all new AI models:
The administration is discussing an executive order to create an A.I. working group that would bring together tech executives and government officials to examine potential oversight procedures, according to U.S. officials, who declined to be identified in order to discuss deliberations over sensitive policies. Among the potential plans is a formal government review process for new A.I. models.
Oh. A formal government review process for new AI models? That seems more stringent and compliance-oriented than the voluntary setup that the Biden admin had created.
Also, with the Biden admin, the process involved a lot of careful deliberation and building out the capabilities within USAISI within NIST (a widely-trusted agency involved in setting technical standards). It appears the Trump admin version will be… a bit different and less well thought out:
Officials said that if the administration moved ahead with vetting A.I. models, the working group would help determine the agencies that would help with that effort. With no federal agency responsible for all government cybersecurity work, some officials said having the N.S.A., the White House Office of the National Cyber Director and the director of national intelligence oversee the model review was the best way to proceed.
So, we went from a voluntary, fairly light touch program under the Biden admin, where a bunch of tech standards nerds do a pretty straightforward safety review of models, with no further enforcement mechanisms… to one in which potentially the NSA and the intelligence community now gets early access to AI models with some sort of ability to approve or reject them.
What could possibly go wrong?
For starters: everything.
Meanwhile, just recently Marc Andreessen was going on podcasts talking about how happy he is that Biden’s “ruinous” federal attacks on AI are now gone and unlikely to return. Want to try again, Marc?
Look, this was always going to be the result. This is not to say that Biden’s AI policies were good. They weren’t. In typical Biden fashion there were too many competing voices in the room and so the eventually policy outcome was kinda meh. It would not have been my preferred approach. But it was hardly ruinous, let alone a kind of “tyranny far beyond anything even imagined by the Communists and Fascists of the 20th Century.”
But, as we’ve pointed out over and over again, even if you’re able to get on Trump’s good side, MAGA-style fascism is never good for you for very long. Sure you can try to cash out while the getting is good, but eventually that kind of fascism always fails. It’s simply unsustainable, and in the hands of a bunch of incompetent Trump courtiers, eventually it was always going to turn into some sort of effort to control and mold companies towards Trump and his cronies’ interests.
The end result here: we have a way worse version. Just as some of us have been warning about and predicting all along.
Amusingly, the author of Trump’s original AI policy, Dean Ball, wrote in his newsletter just before the NY Times released their article that:
the current trajectory of federal frontier AI governance is worse than the direction of AI policy under the Biden administration…
Gosh. Who could have possibly predicted that an administration full of incompetents, hangers-on, and power-hungry, mediocre, ignorant bros who want to pretend they’re the masters of the universe would fuck this one up?
Yeah, look, maybe next time, instead of embracing obvious fascism, just deal with the fact that sometimes within normal democratic structures you get bad policies you disagree with, rather than deciding we need to set fire to the constitutional order and the institutions that made American innovation so successful.
Hopefully, we can bring some of that back before it’s too late, so that next time, people like Marc Andreessen don’t set American innovation on fire just because the Biden admin hoped that people would check to make sure AI models were a bit safe.
I cut my teeth as a telecom reporter, so I spent a lot of time writing about how broadband monopolies and cable TV giants rip off consumers with sleazy, misleading fees. I also spent a lot of that time writing about how lobbying and regulatory capture have ensured that big companies see no meaningful penalties should they falsely advertise one price, then sock you with a bunch of spurious surcharges.
The Trump administration (and its courts) has taken an absolute hatchet to U.S. consumer protection on regulatory autonomy, ensuring that the problem of predatory fees is much worse across every sector you interface with. So it was funny to see Wall Street Journal reporters recently openly wondering why there are so many shitty fees all of a sudden (non-paywalled alternative):
“An extra 3% for paying with a credit card. A 5% involuntary contribution to a restaurant’s employee wellness fund. $25 a month in addition to rent for trash collection.
Consumers already weary of rising inflation are now contending with a new crop of costs that are hidden in plain sight. New fees or surcharges are popping up everywhere as companies search for ways to recoup their own rising costs while blaming outside pressures.”
The WSJ reporters and editors decided to cover soaring sleazy fees, but at no point in the article do they mention (even in passing) that Trump has dismantled most of the (already fleeting) efforts to rein in such predation. Or that the Trump Supreme Court has issued numerous rulings effectively making it almost impossible for regulators to fine corporations or hold them accountable for bad behavior.
The article mentions that the Trump FTC did grudgingly implement the Biden-era plan to ban junk fees, but they don’t think it’s worth mentioning that the Trump administration refuses to enforce it:
“The Federal Trade Commission banned drip pricing in short-term lodging and live-event ticketing in 2025, citing research showing that consumers were manipulated by low initial prices even when the full cost was eventually disclosed.”
They also don’t think it’s worth mentioning that the worst offenders of this kind of stuff, like Ticketmaster, were recently let off the hook by the Trump FTC via a piddly settlement (that left states, which had partnered with the FTC legally, high and dry). They’ve chosen to cover consumer protection, but not really. Not with any sort of interest in full, contextual reality.
While this particular instance is the Wall Street Journal, you’ll notice this same habit across most of corporate media. They’re dedicated to an alternate reality where Trump isn’t historically corrupt, and the regulators you’ve historically trusted to be at least semi-present to police the worst offenses are still dutifully on the beat protecting the public interest.
It’s of course a reflection of ownership bias seeping into editorial (most media owners are affluent Conservatives or Libertarians who like tax cuts, rubber stamped merger approvals, and mindless deregulation). But it’s also a form of weird normalization bias, where the reporters assume that because regulators have always been there (with natural partisan ebb and flow) they’ll always be there.
But they’re not there anymore. The damage will likely be deadly and permanent, impacting far more than just shitty, sneaky fees. And the press is doing a terrible job informing the public of that fact.
This is particularly amusing because the Wall Street Journal’s own reporting recently highlighted how even the semi-consistent folks within MAGA who sometimes supported things like functional antitrust reform have been easily ousted by lobbyists, but the reporters exploring “why are we getting ripped off more than ever by predatory corporations” aren’t willing to make the obvious connection.
Last summer, a group of officials from the Department of Energy gathered at the Idaho National Laboratory, a sprawling 890-square-mile complex in the eastern desert of Idaho where the U.S. government built its first rudimentary nuclear power plant in 1951 and continues to test cutting-edge technology.
On the agenda that day: the future of nuclear energy in the Trump era. The meeting was convened by 31-year-old lawyer Seth Cohen. Just five years out of law school, Cohen brought no significant experience in nuclear law or policy; he had just entered government through Elon Musk’s Department of Government Efficiency team.
As Cohen led the group through a technical conversation about licensing nuclear reactor designs, he repeatedly downplayed health and safety concerns. When staff brought up the topic of radiation exposure from nuclear test sites, Cohen broke in.
“They are testing in Utah. … I don’t know, like 70 people live there,” he said.
“But … there’s lots of babies,” one staffer pushed back. Babies, pregnant women and other vulnerable groups are thought to be potentially more susceptible to cancers brought on by low-level radiation exposure, and they are usually afforded greater protections.
“They’ve been downwind before,” another staffer joked.
“This is why we don’t use AI transcription in meetings,” another added.
ProPublica reviewed records of that meeting, providing a rare look at a dramatic shift underway in one of the most sensitive domains of public policy. The Trump administration is upending the way nuclear energy is regulated, driven by a desire to dramatically increase the amount of energy available to power artificial intelligence.
Career experts have been forced out and thousands of pages of regulations are being rewritten at a sprint. A new generation of nuclear energy companies — flush with Silicon Valley cash and boasting strong political connections — wield increasing influence over policy. Figures like Cohen are forcing a “move fast and break things” Silicon Valley ethos on one of the country’s most important regulators.
The Trump administration has been particularly aggressive in its attacks on the Nuclear Regulatory Commission, the bipartisan independent regulator that approves commercial nuclear power plants and monitors their safety. The agency is not a household name. But it’s considered the international gold standard, often influencing safety rules around the world.
The NRC has critics, especially in Silicon Valley, where the often-cautious commission is portrayed as an impediment to innovation. In an early salvo, President Donald Trump fired NRC Commissioner Christopher Hanson last June after Hanson spoke out about the importance of agency independence. It was the first time an NRC commissioner had been fired.
During that Idaho meeting, Cohen shot down any notion of NRC independence in the new era.
“Assume the NRC is going to do whatever we tell the NRC to do,” he said, records reviewed by ProPublica show. In November, Cohen was made chief counsel for nuclear policy at the Department of Energy, where he oversees a broad nuclear portfolio.
The aggressive moves have sent shock waves through the nuclear energy world. Many longtime promoters of the industry say they worry recklessness from the Trump administration could discredit responsible nuclear energy initiatives.
“The regulator is no longer an independent regulator — we do not know whose interests it is serving,” warned Allison Macfarlane, who served as NRC chair during the Obama administration. “The safety culture is under threat.”
A ProPublica analysis of staffing data from the NRC and the Office of Personnel Management shows a rush to the exits: Over 400 people have left the agency since Trump took office. The losses are particularly pronounced in the teams that handle reactor and nuclear materials safety and among veteran staffers with 10 or more years of experience. Meanwhile, hiring of new staff has proceeded at a snail’s pace, with nearly 60 new arrivals in the first year of the Trump administration compared with nearly 350 in the last year of the Biden administration.
Some nuclear power supporters say the administration is providing a needed level of urgency given the energy demands of AI. They also contend the sweeping changes underway aren’t as dangerous or dire as some experts suggest.
“I think the NRC has been frozen in time,” said Brett Rampal, the senior director of nuclear and power strategy at the investment and strategy consultancy Veriten. “It’s a great time to get unfrozen and aim to work quickly.”
The White House referred most of ProPublica’s questions to the Department of Energy, where spokesperson Olivia Tinari said the agency is committed to helping build more safe, high-quality nuclear energy facilities.
“Thanks to President Trump’s leadership, America’s nuclear industry is entering a new era that will provide reliable, abundant power for generations to come,” she wrote. The DOE is “committed to the highest standards of safety for American workers and communities.”
Cohen did not respond to multiple requests for comment. The NRC declined to comment.
Blindsided by DOGE
The U.S. has not had a serious nuclear incident since the Three Mile Island partial meltdown in 1979, a track record many experts attribute to a rigorous regulatory environment and an intense safety culture.
Major nuclear incidents around the world have only strengthened the resolve of past regulators to stay independent from industry and from political winds. A chief cause of Japan’s Fukushima accident, investigators found, was the cozy relationship between the country’s industry and oversight body, which opened the door for thin safety assessments and inaccurate projections overlooking the possible impact of a major tsunami.
“We knew regulatory capture led directly to Fukushima and to Chernobyl,” said Kathryn Huff, who was assistant secretary for the Office of Nuclear Energy during the Biden administration.
The U.S. has barely built any nuclear power plants in recent decades. Only three new reactors have been completed in the last 25 years, and since 1990 the U.S has barely added any net new nuclear electricity to its grid. Though about 20% of U.S. energy is supplied by nuclear power plants, the fleet is aging. Some experts blame the slow build-out on the challenging economics of financing a multibillion-dollar project and the uncertainty of accessing and disposing of nuclear fuels.
But an increasingly vocal group of industry voices and deregulation advocates have blamed the slow build-out on overly cautious and inefficient regulators. Among the most powerful exponents of this view are billionaires Peter Thiel and Marc Andreessen; both venture capitalists have their own investments in the nuclear energy sector and are influential Trump supporters.
Andreessen camped out at Mar-a-Lago, Trump’s private club in Florida, after Trump won the 2024 election, helping pick staff for the new administration. In late 2024, Thiel personally vetted at least one candidate for the Office of Nuclear Energy, according to people familiar with the conversations. Neither responded to requests for comment.
Four months into his second term, Trump signed a series of executive orders designed to supercharge nuclear power build-out. “It’s a hot industry, it’s a brilliant industry,” said Trump, flanked by nuclear energy CEOs in the Oval Office. He added: “And it’s become very safe.”
Under those orders, the NRC was directed to reduce its workforce, speed up the timeline for approving nuclear reactors and rewrite many of its safety rules. The DOE — which has a vast nuclear portfolio, including waste cleanup sites and government research labs — was tasked with creating a pathway for so-called advanced nuclear companies to test their designs.
The goal, Trump said, was to quadruple nuclear energy output and provide new power to the data centers behind the AI boom.
As DOGE gutted agencies, departures mounted in the nuclear sector. Career experts in nuclear regulations and safety departed or were forced out. When Trump fired Hanson, a Democratic NRC commissioner, the president’s team explained the move by saying, “All organizations are more effective when leaders are rowing in the same direction.”
In an unsigned email to ProPublica, the White House press office wrote: “All commissioners are presidential appointees and can be fired just like any other appointee.”
In August, the NRC’s top attorney resigned and was replaced by oil and gas lawyer David Taggart, who had been working on DOGE cuts at the DOE. In all, the nuclear office at the DOE had lost about a third of its staff, according to a January 2026 count by the Federation of American Scientists, a nonprofit focused on science and technology policy.
That summer, Cohen and a team of DOGE operatives touched down at the NRC offices, a series of nondescript towers across from a Dunkin’ in suburban Maryland. He was joined by Adam Blake, an investor who had recently founded an AI medical startup and has a background in real estate and solar energy, and Ankur Bansal, president of a company that created software for real estate agents. Neither would comment for this story.
Many career officials who spoke with ProPublica were blindsided: The new Trump officials at the NRC seemed to have no experience with the intricacies of nuclear energy policy or law, they said. One NRC lawyer who briefed some of the new arrivals decided to resign. “They were talking about quickly approving all these new reactors, and they didn’t seem to care that much about the rules — they wanted to carry out the wishes of the White House,” the official said.
At one point, Cohen began passing out hats from nuclear energy startup Valar Atomics, one of the companies vying to build a new reactor, according to sources familiar with the matter and records seen by ProPublica. NRC staffers balked; they were supposed to monitor companies like Valar for safety violations, not wear its swag.
NRC ethics officials warned Cohen that the hat handout was a likely violation of conflict rules. It betrayed a misunderstanding of the safety regulator’s role, said a former official familiar with the exchange. “Imagine you live near a nuclear power plant, and you find out a supposedly independent safety regulator — the watchdog — is going around wearing the power plant’s branded hats,” the official said. “Would that make you feel safe?” The NRC and Cohen did not respond to requests for comment about the hat incident.
Valar counts Trump’s Silicon Valley allies as angel investors. They include Palmer Luckey, a technology executive and founder of the defense contractor Anduril, and Shyam Sankar, chief technology officer of Palantir, the software company helping power Immigration and Customs Enforcement’s deportation raids.
It was among three nuclear reactor companies that sued the NRC last year in an attempt to strip it of its authority to regulate its reactors and replace it with a state-level regulator. Before the Trump administration came into office, lawyers watching the case were confident the courts would quickly dismiss the suit, as the NRC’s authority to regulate reactors is widely acknowledged. But new Trump appointees pushed for a compromise settlement — which is still being negotiated. The career NRC lawyer working on the case quietly left the agency.
Valar and its executives did not reply to requests for comment.
“Going So Fast”
The deregulatory push is the culmination of mounting pressure — both political and economic — to make it easier to build nuclear power in the U.S. Over the years, a bipartisan coalition supporting nuclear expansion brought together environmentalists who favor zero-carbon power and defense hawks focused on abundant domestic energy production.
Anti-nuclear activists still argue that renewable energy like wind and solar are safer and more economical. But streamlining the NRC has been a bipartisan priority as well. The latest major reform came in 2024, when President Joe Biden signed into law the ADVANCE Act, which went as far as changing the mission statement of the NRC to ensure it “does not unnecessarily limit” nuclear energy development.
Some nuclear power supporters say the Trump administration is merely accelerating these changes. They cite instances in which the current regulations appear out of sync with the times. The NRC’s byzantine rules are designed for so-called large light-water reactors — massive facilities that can power entire cities — and not the increasingly in vogue smaller advanced reactor designs popular among Silicon Valley-backed firms.
Rules that require fences of certain heights might make little sense for new reactors buried in the earth; and rules that require a certain number of operators per reactor could be a bad fit for a cluster of smaller reactors with modern controls. Advances in sensors, modeling and safety technologies, they say, should be taken into account across the board.
The NRC has said it expects over two dozen new license requests from small modular and advanced reactor companies in coming years. Many of those requests are likely to come from new, Silicon Valley-based nuclear firms.
“There was a missing link in the innovation cycle, and it was very difficult to build something and test it in the U.S. because of mostly licensing and site availability constraints in the past,” said Adam Stein of the pro-nuclear nonprofit Breakthrough Institute.
The regulatory changes are in flux: This spring, the NRC is starting to release thousands of pages of new rules governing everything from the safety and emergency preparedness plans reactor companies are required to submit to the procedures for objecting to a reactor license.
“It’s hard to know if they are getting rid of unnecessary processes or if it’s actually reducing public safety,” said one official working on reactor licensing, who, like others, spoke on the condition of anonymity for fear of retaliation from the Trump administration. “And that’s just the problem with going so fast — everything just kind of gets lost in a mush.”
Lawyers from the Executive Office of the President have been sent to the NRC to keep an eye on the new rules, a move that further raised alarms about the agency’s independence.
Nicholas Gallagher — a relatively recent New York University law school graduate and conservative writer whom ProPublica previously identified as a DOGE operative at the General Services Administration — has been involved in conversations about overhauling environmental rules.
He’s working alongside Sydney Volanski, a 30-year-old recent law school graduate who rose to national attention while she was in high school for her campaign against the Girl Scouts of America, which she accused of promoting “Marxists, socialists and advocates of same-sex lifestyle.”
NRC lawyers working on the rules were told last October that Gallagher and Volanski would be joining them, and they both appear on the regular NRC rulemaking calendar invite.
The White House maintains, however, that “zero lawyers from the Executive Office of the President have been dispatched to work on rulemaking.” Neither Gallagher nor Volanski replied to requests for comment.
The administration is routing the new rules through an office overseen by Trump’s cost-cutting guru Russell Vought, a move that was previously unheard of for an independent regulator like the NRC. The White House spokesperson noted that, under a recent executive order, this process is now required for all agencies.
Political operatives have been “inserted into the senior leadership team to the point where they could significantly influence decision-making,” said Scott Morris, who worked at the NRC for more than 32 years, most recently as the No. 2 career operations official. “I just think that would be a dangerous proposition.”
Morris voted for Trump twice and broadly supports the goals of deregulating and expanding nuclear energy, but he has begun speaking out against the administration’s interference at the NRC. He retired in May 2025 as part of a wave of retirements and firings.
At a recent hearing before the Atomic Safety and Licensing Board — an independent body that helps adjudicate nuclear licensing — NRC lawyers withdrew from the proceedings, citing “limited resources.” The judge remarked that it was the first time in over 20 years the NRC had done so.
Meanwhile, some staff members, other career officials say, are afraid to voice dissenting views for fear of being fired. “It feels like being a lobster in a slowly boiling pot,” one NRC official who has been working on the rule changes told ProPublica, describing the erosion of independence.
The official was one of three who compared their recent experience at NRC to being in a pot of slowly boiling water. “If somebody is raising something that they think that the industry or the White House would have a problem with, they think twice,” the official said.
Inside the NRC, the steering committee overseeing the changes includes Cohen, Taggart and Mike King, a career NRC official who is the newly installed executive director for operations. The former director, Mirela Gavrilas, a 21-year veteran of the agency, retired after getting boxed out of decision-making, according to a person familiar with her departure. Gavrilas did not respond to a request for comment.
Any final changes will be approved by the NRC’s five commissioners, three of whom are Republicans. In September, the two Democratic commissioners told a Senate committee they might be fired at any time if they get crosswise with Trump — including over revisions to safety rules.
Draft rules being circulated inside the NRC propose drastic rollbacks of security and safety inspections at nuclear facilities. Those include a proposed 56% cut in emergency preparedness inspection time, CNN reported in March.
Even some pro-nuclear groups are troubled by the emerging order. Some have tried to backchannel to their contacts in the Trump administration to explain the importance of an independent regulator to help maintain public support for nuclear power. Without it, they risk losing credibility.
“You have to make sure you don’t throw out the baby with the bathwater,” said Judi Greenwald, president and CEO of the Nuclear Innovation Alliance, a nonprofit that promotes nuclear energy and supports many of the regulatory changes being proposed by the Trump administration.
Greenwald’s group favors faster timelines for approving nuclear reactors, but she worries that the agency’s fundamental independence has been undermined. “We would prefer that they yield back more of NRC independence,” she said.
“Nuke Bros” in Silicon Valley
One Trump administration priority has been making it easier for so-called advanced reactor companies to navigate the regulatory process. These firms, mostly backed by Silicon Valley tech and venture money, are often working on designs for much smaller reactors that they hope to mass produce in factories.
“There are two nuclear industries,” said Macfarlane, the former NRC chair. “There are the actual people who use nuclear reactors to produce power and put it on the grid … and then there are the ‘nuke bros’” in Silicon Valley.
Trump’s Silicon Valley allies have loomed large over his nuclear policy. One prospective political appointee for a top DOE nuclear job got a Christmas Eve call from Thiel, the rare Silicon Valley leader to back Trump in 2016. Thiel, whose Founders Fund invested in a nuclear fuel startup and an advanced reactor company, quizzed the would-be official about deregulation and how to rapidly build more nuclear energy capacity, said sources familiar with the conversation.
Nuclear energy startups jockeyed to spend time at Mar-a-Lago in the months before the start of Trump’s second term. Balerion Space Ventures, a venture capital firm that has invested in multiple companies, convened an investor summit there in January 2025, according to an invitation viewed by ProPublica. Balerion did not reply to a request for comment.
A few months later, when Trump was drawing up the executive orders, leaders at many of those nuclear companies were given advanced access to drafts of the text — and the opportunity to provide suggested edits, documents viewed by ProPublica show.
Those orders created a new program to test out experimental reactor designs, addressing a common complaint that companies are not given opportunities to experiment. There are currently about a dozen advanced reactor companies planning to participate. Each has a concierge team within the DOE to help navigate bureaucracy. As NPR reported in January, the DOE quietly overhauled a series of safety rules that would apply to these new reactors and shared the new regulations with these companies before making them public.
Secretary of Energy Chris Wright — who served on the board of one of those companies, Oklo — has said fast nuclear build-out is a priority: “We are moving as quickly as we can to permit, build and enable the rapid construction of as much nuke capacity as possible,” he told CNBC last fall. Oklo noted that Wright stepped down from the board when he was confirmed.
The Trump administration hopes some of the companies would have their reactors “go critical” — a key first step on the way to building a functioning power plant — by July 2026. Then the NRC, which signs off on the safety designs of commercial nuclear power plants, could be expected to quickly OK these new reactors to get to market.
According to people familiar with the conversations, at least one nuclear energy startup CEO personally recruited potential members of the DOGE nuclear team, though it’s not clear if Cohen was brought aboard this way. Cohen has told colleagues and industry contacts that he reports to Emily Underwood, one of Trump adviser Stephen Miller’s top aides for economic policy. He is perceived inside government as a key avatar of the White House’s nuclear agenda.
In its email to ProPublica, the White House said, “Seth Cohen is a Department of Energy employee and does not report to Emily Underwood or Stephen Miller in any capacity.”
The DOE spokesperson added, “Seth’s role at the Department of Energy is to support the Trump administration’s mission to unleash American Energy Dominance.”
Cohen has been pushing to raise the legal limit of radiation that nuclear energy companies are allowed to emit from their facilities. One nuclear industry insider, who spoke on the condition of anonymity, said many firms are fixating on changing these radiation rules: Their business model requires moving nuclear reactors around the country, often near workers or the general public.
Building thick, expensive shielding walls can be prohibitively expensive, they said.
Valar CEO Isaiah Taylor has called limits on exposure to radiation a top barrier to industry growth. A recent DOE memo seen by ProPublica cites cost savings on shielding for Valar’s reactor to justify changing those limits. “Shielding-related cost reductions,” the memo said, “could range from $1-2 million per reactor.” The debate over the precise rule change is ongoing.
The DOE has been considering a fivefold increase to the limit for public exposure to radiation, which will allow some nuclear reactor companies to cut costs on these expensive safety shields, internal DOE documents seen by ProPublica show.
A presentation prepared by DOE staffers in their Idaho offices that has circulated inside the department makes the “business case” for changing the radiation dose rules: It could cut the cost of some new reactors by as much as 5%. These more relaxed standards are likely to be adopted by the NRC and apply to reactors nationwide, documents show.
In February, Wright accompanied Valar’s executive team on a first-of-its-kind flight, as a U.S. military plane was conscripted to fly the company’s reactor from Los Angeles to Utah. Valar does not yet have a working nuclear reactor, and a number of industry sources told ProPublica they viewed the airlift as a PR exercise. Internal government memos justified the airlift by designating it as “critical” to the U.S. “national security interests.”
Cohen posted smiling pictures of himself from the cargo bay of the military plane.
Cohen told an audience at the American Nuclear Society that the rapid build-out was essential to powering Silicon Valley’s AI data centers. He framed the policy in existential terms: “I can’t emphasize this strongly enough that losing the AI war is an outcome akin to the Nazis developing the bomb before the United States.”
As it deliberated rule changes, the DOE has cut out its internal team of health experts who work on radiation safety at the Office of Environment, Health, Safety and Security, said sources familiar with the decision. The advice of outside experts on radiation protection has been largely cast aside.
The DOE spokesperson said its radiation standards “are aligned with Gold Standard Science … with a focus on protecting people and the environment while avoiding unnecessary bureaucracy.”
The department has already decided to abandon the long-standing radiation protection principle known as “ALARA” — the “As Low As Reasonably Achievable” standard — which directs anyone dealing with radioactive materials to minimize exposure.
It often pushes exposure well below legal thresholds. Many experts agreed that the ALARA principle was sometimes applied too strictly, but the move to entirely throw it out was opposed by many prominent radiation health experts.
Whether the agencies will actually change the legal thresholds for radiation exposure is an open question, said sources familiar with the deliberations.
Internal DOE documents arguing for changing dose rules cite a report produced at the Idaho National Laboratory, which was compiled with the help of the AI assistant Claude. “It’s really strange,” said Kathryn Higley, president of the National Council on Radiation Protection and Measurements, a congressionally chartered group studying radiation safety. “They fundamentally mistake the science.”
John Wagner, the head of the Idaho National Laboratory and the report’s lead author, acknowledged to ProPublica that the science over changing radiation exposure rules is hotly contested. “We recognize that respected experts interpret aspects of this literature differently,” he wrote. His analysis was not meant to be the final word, he said, but was “intended to inform debate.”
The impact of radiation levels at very low doses is hard to measure, so the U.S. has historically struck a cautious note. Raising dose limits could put the U.S. out of step with international standards.
For his part, Cohen has told the nuclear industry that he sees his job as making sure the government “is no longer a barrier” to them.
In June, he shot down the notion of companies putting money into a fund for workplace accidents. “Put yourself in the shoes of one of these startups,” he said. “They’re raising hundreds of millions of dollars to do this. And then they would have to go to their VCs and their board and say, listen, guys, we actually need a few hundred million dollars more to put into a trust fund?”
He also suggested that regulators should not fret about preparing for so-called 100-year events — disasters that have roughly a 1% chance of taking place but can be catastrophic for nuclear facilities.
“When SpaceX started building rockets, they sort of expected the first ones to blow up,” he said.
Ideally, the U.S. public is supposed to be able to comment on government policy proceedings, and the government is supposed to listen to that input. Of course it doesn’t really work that way: for years we’ve noted how U.S. regulatory comment proceedings are full of bots and fake comments from industries trying to game regulators, and make shitty policy (giant mergers, mindless deregulation, the elimination of consumer protection) seem like it has broad public support.
And now the government is making it harder than ever for real Americans and activist groups to comment on regulatory proceedings. Matthew Gault at 404 Media notes that the General Services Administration (GSA), the government agency in charge of regulations.gov, notified API key holders in an email last week that they’d soon lose the ability to POST directly to the site’s API.
That makes it significantly harder for consumer groups and others to file collected public comments with regulatory agencies on issues of importance:
“POST is a common function that allows users to send data to an application. POST allowed third party organizations like Fight for the Future (FFTF), the Electronic Frontier Foundation (EFF), and Public Citizen gather comments from their supporters using their own forms and submit them to the government later.”
Consumer groups like Fight For The Future tell 404 Media that while they can still submit comments through the regulations.gov website, the interface is a nightmare to deal with, forcing organizations to jump through multiple hoops just to comment on proceedings:
“The experience on our campaign sites right now is like, we make our impassioned case for why you should care about this and then give you one box to type something and click a button. But the experience going forward is going to be like: ‘Alright now here’s a link and some instructions on how to fill out your taxes,’” Ken Mickles, FFTF’s chief technology officer said.”
Wealth and power needs the illusion that this is still a Democracy to mute dissent and maintain control. As the very real world (and likely extremely fatal) harms of napalming the regulatory state begin to manifest over the next few years, the public is going to have a lot to say about it. And it’s very clear this administration wants to pretend it can’t hear you.
Today Microsoft shut down Skype, a company that helped revolutionize phone calls online. To commemorate the death of Skype, we’re running a recent “Pessimist’s Archive” article on the history of internet calls, and how it almost wasn’t allowed. If you’re not already, you should subscribe to the Pessimist’s Archive.
It used to cost money to call someone, and if that someone was in another country – you would pay a premium: in the mid-90s a prime time call to Paris from New York cost around $113 an hour (in 2025 dollars)
Then came the internet, paving the way for cheap and free calls to and from anywhere in the world… Guess what? Traditional long-distance telephone companies felt threatened.
In 1995, the internet had just 16 million users — but it was enough to make online phone calls useful. That year, startup VocalTec launched the first commercial internet phone software, amusingly named ‘i-phone’ (short for internet phone.) It quickly caught on with early web users, offering cheap long-distance calls – partly thanks to being exempt from FCC tariffs like local access charges. This prompted action from incumbents, who deemed it unfair.
In 1996 America’s Carriers Telecommunications Association (ACTA) – representing over 300 of them – filed a petition with the FCC that sought to ban the sale of long distance internet telephone services until they were regulated as ‘common carriers.’ The internet friendly Clinton Administration would oppose the petition – but it was up to the FCC to make a final ruling.
The Backlash
This is when the nerds stepped in: web browser pioneer Marc Andreessen toldThe San Francisco Examiner that his browser – Netscape – would build online calling into a future software update seemingly in protest (the feature never materialized.)
“Are we hurting their ability to charge you $10 for a long-distance phone call? Tough bananas” – Harvey Kaufman, vice president of NetSpeak Corp.
Jeff Pulver – an early i-phone user, who’d started a popular mailing list for online phone enthusiasts, would take it upon himself to lead the resistance. Prior to the FCC petition he launched the first online telephone network called ‘Free World Dialup’ (using the VocalTec system.) His mailing list turned into the ‘Voice on the Net coalition’: a group of internet phone enthusiasts and tech startups building out the technology.
This rag tag bunch of innovators would cobble together a lobbying effort to fight incumbents and allow this nascent technology to flourish…
In the following 8 years the VON coalition would fend off various attempts to rein in the technology, while the FCC would hold off ruling on the ACTA petition (VON is still operating today.)
1998 would see the FCC make a number of statements sympathetic to online phone services – meanwhile iphone.com would host an effort to petition lawmakers against online phone services. It isn’t clear if this was a real grassroots effort, or an astroturfed one by traditional phone providers…
In 2000 a bill passed the US house of representatives preventing phone companies charging by the minute for internet access – but it excluded internet telephony services. This prompted Jeff Pulver and his VON coalition to organize the ‘Internet Freedom Rally’ in Washington DC. It would feature the chairman of the FCC and classic rock performances.
In 2004 the FCC would finally rule on the ACTA petition after 8 years – but not before the Justice Department asked for a delay on a decisions until online phones call could be as easily wire tapped as regular calls. The FCC would make its final ruling dubbed the ‘Pulver Order’ allowing for cheap and free online phone calls to anywhere in the world we take for granted today.
This is a good example of how incumbents will try to use old rules to thwart competition enabled by new technologies – had the long distance telecoms companies succeeded, services like Facebook and Google might not be able to offer free voice and video calls globally.
When Trump FCC boss Brendan Carr was selected last November, I was quick to point out that the U.S. press was completely disinterested in what this meant for stuff like broadband consumer protection. Outlets at the time were quick to push quotes about what a “nice guy” Carr was. Few could be bothered to mention he’d be taking a hatchet to essential consumer, labor, media, and market protections.
Carr is finishing a generational project by giant media and telecom companies to completely neuter the FCC so giant companies can fuck you and your family over without constraint. And you’d be hard pressed to find much mention of this fact in the highly consolidated U.S. press (some of them owned by… Comcast).
There’s a lot of this that won’t see much coverage in the clickbait era under the din of more terrible policies. One key policy agenda for Carr is to rubberstamp AT&T’s long-desired effort to eliminate any rules governing the country’s aging (and heavily taxpayer subsidized) copper-based DSL and phone lines:
“The Federal Communications Commission is making it easier for telcos to turn off old copper phone and DSL networks with four changes that relax requirements related to copper shutoffs. FCC Chairman Brendan Carr—who is also pushing a “Delete, Delete, Delete” initiative to get rid of as many rules as possible—said in an announcement today that agency rules have prevented providers from upgrading to faster networks.”
Carr (and AT&T’s) narrative here is bullshit.
Four years years ago AT&T, a heavily taxpayer subsidized company that has historically cheaped out on upgrading its broadband lines to fiber, effectively stopped selling DSL. While that’s understandable given the limitations of the dated copper-based tech, the problem is that thanks to concentrated telecom monopolization, many of these customers were left without any replacement options due to a lack of competition.
AT&T has, for decades, received countless billions in tax cuts, subsidies, merger approvals, and regulatory favors (remember how killing net neutrality, broadband privacy rules, or approving a wave of doomed mergers were all supposed to unleash untold innovation, job creation, and fiber network expansion? Yeah, AT&T doesn’t either).
In many states, AT&T has managed to lobby lawmakers into removing any requirement that the company continue servicing these users, many of whom are elderly folks still using traditional landlines used for 911 access. That’s been easier in some states than others. It was caught bribing Illinois lawmakers to pass such “reform.” California’s also been resistant to letting AT&T off the hook.
But thanks to Carr, AT&T will finally get what it wants: the ability to turn off these taxpayer-subsidized networks without having to worry about the pesky reality of what happens to users left in a lurch. Users suddenly without access will likely be shoveled off to more expensive wireless (likely congested due to, again, a lack of investment by AT&T in local rural fiber), or told to buy Elon Musk’s Starlink service, ignoring the fact it’s congested, expensive, and destroys the ozone layer.
There’s no substitute for future-proof fiber.
Again, it’s essential to note that AT&T has received untold billions of dollars in subsidies and tax breaks in exchange for near-Utopian promises of new fiber deployment. It received $42 billion alone from the last set of Trump tax cuts. It has spent untold millions of dollars lobbying to successfully defang the FCC and eliminate whatever’s left of consumer protections. It’s been accused of ripping off low income programs for the poorandrural school broadband programs.
Nobody’s ever done an audit of AT&T’s fraud, waste, and abuse because AT&T’s a trusted domestic surveillance partner effectively immune from meaningful government accountability. Instead of taking the company to task, we’re going to expedite their quest to terminate old people’s traditional copper 911 connections without much in the way of oversight.
The GOP’s telecom policy has long been to let terrible telecom monopolies do whatever they want, under the delusion that this will somehow result in amazing free market innovation. Instead, it routinely results in expensive, shitty, patchy broadband access provided by massive, unconstrained regional telecom giants. I hope you enjoy that sort of thing, because there’s a whole lot more of it headed your way.
We’ve been warning for years that the UK’s Online Safety Act would be a disaster for the open internet. Its supporters accused us of exaggerating, or “shilling” for Big Tech. But as we’ve long argued, while tech giants like Facebook and Google might be able to shoulder the law’s immense regulatory burdens, smaller sites would crumble.
Well, it’s already happening.
On Monday, the London Fixed Gear and Single-Speed (LFGSS) online forum announced that it would be shutting down the day before the Online Safety Act goes into effect. It noted that it is effectively impossible to comply with the law. This was in response to UK regulator Ofcom telling online businesses that they need to start complying.
This includes registering a “senior person” with Ofcom who will be held accountable should Ofcom decide your site isn’t safe enough. It also means that moderation teams need to be fully staffed with quick response times if bad (loosely defined) content is found on the site. On top of that, sites need to take proactive measures to protect children.
While all of this may make sense for larger sites, it’s impossible for a small one-person passion project forum for bikers in London. For a small, community-driven forum, these requirements are not just burdensome, but existential.
LFGSS points out that the rules are designed for big companies, not small forums, even as it’s likely covered by the law:
we’re done… we fall firmly into scope, and I have no way to dodge it. The act is too broad, and it doesn’t matter that there’s never been an instance of any of the proclaimed things that this act protects adults, children and vulnerable people from… the very broad language and the fact that I’m based in the UK means we’re covered.
The act simply does not care that this site and platform is run by an individual, and that I do so philanthropically without any profit motive (typically losing money), nor that the site exists to reduce social loneliness, reduce suicide rates, help build meaningful communities that enrich life.
The act only cares that is it “linked to the UK” (by me being involved as a UK native and resident, by you being a UK based user), and that users can talk to other users… that’s it, that’s the scope.
I can’t afford what is likely tens of thousand to go through all the legal hoops here over a prolonged period of time, the site itself barely gets a few hundred in donations each month and costs a little more to run… this is not a venture that can afford compliance costs… and if we did, what remains is a disproportionately high personal liability for me, and one that could easily be weaponised by disgruntled people who are banned for their egregious behaviour (in the years running fora I’ve been signed up to porn sites, stalked IRL and online, subject to death threats, had fake copyright takedown notices, an attempt to delete the domain name with ICANN… all from those whom I’ve moderated to protect community members)… I do not see an alternative to shuttering it.
The conclusion I have to make is that we’re done… Microcosm, LFGSS, the many other communities running on this platform… the risk to me personally is too high, and so I will need to shutter them all.
But it’s not just the LFGSS that’s shutting down, but also Microcosm, the open source forum platform underlying LFGSS which was apparently created by the same individual and offered similar local community forums for others beyond just the London biking community.
Apparently, Microcosm is hosting approximately 300 small communities, all of which will either shut down or have to migrate within three months. The developer behind all of this seems understandably devastated:
It’s been a good run, I’ve administered internet forums since 1996 having first written my own in Perl to help fans of music bands to connect with each other, and I then contributed to PHP forum software like vBulletin, Vanilla, and phpBB, before finally writing a platform in Go that made it cost efficient enough to bring interest based communities to so many others, and expand the social good that comes from people being connected to people.
Approximately 28 years and 9 months of providing almost 500 forums in total to what is likely a half a million people in that time frame… the impact that these forums have had on the lives of so many cannot be understated.
The peak of the forums has been the last 5 years, we’ve plateaued around 275k monthly users across the almost 300 websites on multiple instances of the platform that is Microcosm, though LFGSS as a single community probably peaked in the 2013-2018 time period when it alone was hitting numbers in excess of 50k monthly users.
The forums have delivered marriages, births, support for those who have passed (cancer being the biggest reason), people reunited with stolen bikes, travel support, work support, so much joy and happiness and memorable experiences… but it’s also been directly cited by many as being the reason that they are here today, the reason they didn’t commit suicide or self-harm. It’s help people get through awful relationship breakups, and helped people overcome incredible challenges with their health.
It’s devastating to just… turn it off… but this is what the Act forces a sole individual running so many social websites for a public good to do.
Policymakers have repeatedly brushed off warnings about these consequences, insisting that concerns are overblown or merely fear-mongering from big tech companies looking to avoid regulation. But it’s not. And we’re seeing the impact already.
The promise of the internet was supposed to be that it allowed anyone to set up whatever they wanted online, whether it’s a blog or a small forum. The UK has decided that the only forums that should remain online are those run by the largest companies in the world.
Some might still argue that this law is “making the internet safer,” but it sure seems to be destroying smaller online communities that many people relied on.
It may be too late for the UK, but one would hope that other countries (and states) realize this and step back from the ledge of passing similar legislation.
As California edges closer to enacting SB 1047, the state risks throwing the entire AI industry into turmoil. The bill has already cleared the legislative process and now sits on Governor Newsom’s desk, leaving him with a critical decision: veto this ill-conceived policy or sign away the U.S.’ future in AI. While Newsom appears skeptical of 1047, he still has not made it clear if he’ll actually veto the bill.
SB 1047 Summary
SB 1047 establishes an overly rigid regulatory framework that arbitrarily divides artificial intelligence systems into two categories: “covered models” and “derivative models.” Both are subject to extensive requirements, though at different stages of development. Developers of covered models face strict pre-training and pre-release requirements, while those developing derivative models are burdened with the responsibility of ensuring the model’s long-term safety, anticipating future hazards, and mitigating potential downstream abuses.
The bill also imposes a reasonableness standard on developers to demonstrate that they have exercised “reasonable care” in preventing their models from causing critical risks. This includes the implementation and adherence to extensive safety protocols before and after development. In practice, the standard merely introduces legal ambiguity. The vague nature of what constitutes “reasonable care” opens the door to costly litigation, with developers potentially stuck in endless legal battles over whether they’ve done enough to comply not only with the ever-evolving standards of care and best practices for AI development, but also their own extensive state-mandated safety protocols.
It’s no surprise that industryexperts have raised seriousconcerns about SB 1047’s potential to stifle innovation, limit free expression through restrictions on coding, and undermine the future of U.S. AI development.
SB 1047 Will Cede U.S. AI Lead to Foreign Competitors
Under the bill, a covered model is defined as any advanced AI system that meets certain thresholds of computing power and cost. Models trained before January 1, 2027, are classified as covered if they use more than 1026 integer or floating-point operations and cost more than $100 million to develop.
But these thresholds are inherently flawed. Even cutting-edge AI systems like GPT-4, which are among the most advanced in the world, were trained using significantly less computing power than the bill’s benchmark. For example, estimates suggest that GPT-3 required around 1023 operations—far below the bill’s threshold. This highlights a key problem: the bill’s requirements for covered models primarily targets large, resource-intensive AI labs today, but as AI technologies and hardware improve, even smaller developers could find themselves ensnared by these requirements.
However, there’s a deeper irony here: scaling laws in AI suggest larger AI models generally perform better.The more computational power used to train a model, the better it tends to handle complex tasks, reduce errors like hallucinations, and generate more reliable results. In fact, larger AI models could actually reduce societal harms, making AI systems safer and more accurate over time—a result for which the California Legislature is supposedly striving.
This is why larger AI firms, like OpenAI and Google, are pushing for more computationally intensive models. While it may seem that the covered model requirements exclude startup companies for now, current advancements in hardware—such as specialized AI chips and quantum computing—suggest that even smaller commercial AI developers could potentially surpass this threshold within the next 5-10 years (i.e. Moore’s Law). In other words, as time goes on, we can expect more market entrants to fall under the bill’s regulatory framework sooner than expected.
What’s worse, the threshold component seems to discourage companies from pushing the limits of AI. Instead of harnessing high-computing power to build truly transformative systems, businesses might deliberately scale down their models just to avoid falling under the bill’s scope. This short-sighted approach won’t just slow down AI innovation; it could stifle progress in computing power as a whole. If companies are reducing their need for cutting-edge processors and hardware, the broader tech ecosystem—everything from next-gen chips to data centers—will stagnate. The very innovation we need to lead the world in technology could grind to a halt, all because we’ve made it too risky for AI labs to aim big.
Pre-Training Requirements & Commercial Use Restrictions for Covered Models
Before training (i.e. developing) a covered model, developers must first decide whether they can make a “positive safety determination” about the model. Developers must also implement a detailed “safety and security protocol,” including cybersecurity protections, testing procedures to assess potential harms, and the ability to enact a full shutdown if needed. Developers are prohibited from releasing their models for any purpose beyond training unless they can certify that the models pose no unreasonable risks of harm, either now or in the future.
The bill’s vague language around “hazardous capabilities” opens a Pandora’s box of potential issues. While it primarily aims to address catastrophic risks like cyberattacks or mass casualties, it includes a broad catch-all provision for other risks to public safety or infrastructure. Given the many “black-box” aspects of AI model development, developers will struggle to confidently rule out any unforeseen hazards, especially those arising from third-party developed derivatives. The reality is that most developers will find themselves constantly worried about potential legal and regulatory risks, chilling progress at a time when the global AI race is in full throttle.
SB 1047’s Reporting Requirements Will Bring AI Innovation to A Grinding Halt
Developers must also maintain and regularly update their safety and security protocols for both covered models and derivative models. Several additional requirements follow:
Model developers must conduct an annual review of their safety and security protocols to ensure that protocols are kept current with evolving risks and industry standards. This includes any rules adopted per the bill’s requirements after January 1, 2027. Developers must also update their protocols based on these reviews.
Beginning in 2026, developers must hire a third-party auditor to independently verify compliance with the safety protocols. The auditor’s report must include an assessment of the steps taken by the developer to meet SB 1047’s requirements (and any additional guidelines post-enactment) and identify any areas of non-compliance. Developers are required to address any findings by updating their protocols to resolve issues identified during these audits.
Model developers must retain an unredacted copy of the safety and security protocols for as long as the covered model is in commercial or public use, plus five years. They are also required to provide the Attorney General with an updated copy of the safety protocol upon request.
A conspicuously redacted copy of the safety and security protocols must be made publicly available.
In practice, the process of releasing new or updated models will be bogged down with arbitrary bureaucratic delays. This will demand significant resource allocation well before companies can even gauge the success of their products.
Not only that, the mandatory assessments will effectively derail essential safety practices, especially when it comes to red teaming—where teams simulate attacks to uncover vulnerabilities. The reality is that red teaming works best behind closed doors and with minimal friction, empowering developers to quickly (and honestly) address security issues. Yet, with the added layers of auditing and mandatory updates, developers may avoid these rigorous safety checks, fearing that each vulnerability discovered could generate legal liability and trigger more scrutiny and further delays.
In the same vein, the mandatory reporting component adds a layer of government scrutiny that will discourage timely security updates and continued transparency about discovered vulnerabilities. Knowing that every security flaw might be scrutinized by regulators, developers may hesitate to disclose issues or rapidly iterate on their models for fear of legal or regulatory backlash. Worse, developers may simply try their hardest to not “know” about the vulnerabilities. Instead of fostering collaboration, the mandatory reporting requirement pits developers against the California AG.
As Eric Goldman observed, government-imposed reporting inherently chills expression, where companies become more conservative (i.e. even less transparent) to avoid regulatory scrutiny. The same applies to SB 1047.
SB 1047 Will Insulate Established AI Companies at the Expense of Startups
In contrast to covered models, derivative models—those fine-tuned or modified from existing covered models—are subject to safety assessments post-modification. Fine-tuning, a routine process where a model is adapted using new data, empowers AI to perform better on targeted tasks without requiring full retraining. But SB 1047 places undue burdens on developers of derivative models, forcing them to conduct safety assessments every time they make updates.
The lifeblood of AI innovation is this iterative, adaptive process. Yet, SB 1047 effectively punishes it, creating significant hurdles for developers looking to refine and improve their models. This not only flies in the face of software engineering principles—where constant iteration is key—but also discourages innovation in AI, where flexibility is essential to keeping pace with technological progress.
Worse, SB 1047 shifts liability for derivative models to the original developers. This means companies like Google or OpenAI could be held liable for risks introduced by third-party developers who modify or fine-tune their models. This liability doesn’t just extend to the original version of the model but also to all subsequent changes, imposing a continuous duty of oversight. Such a framework not only contradicts long standing legal principles governing third-party liability for online platforms but also makes the AI marketplace unworkable for startups and independent developers.
Drawing on lessons learned from online platform regulation, SB 1047’s framework risks making the AI marketplace inaccessible to independent developers and startups. Companies like Google, Meta, and OpenAI, which develop powerful covered models, may become hesitant to allow any modifications, effectively dismantling a growing ecosystem that thrives on the ability to adapt and refine existing AI technologies. For venture capitalists, the message is clear: open models come with significant legal risk, turning them into liability-laden investments. The repercussions of this would be profound. Just as a diverse media landscape is crucial for maintaining a well-rounded flow of information, a variety of AI models is essential to ensuring the continued benefit of different methodologies, data sets, and fine-tuning strategies. Limiting innovation in this space would stifle the dynamic evolution of AI, reducing its potential to meet varied societal needs.
Ironically, for a state that has been increasinglyhellbent on destroying “big tech,” California’s approach to AI will (once again) ensure that only the largest, most well-funded AI companies—those capable of developing their own powerful covered models—will not only dominate, but single handedly shape the future of AI, while smaller applications that currently build on and refine models from the larger players evaporate.
SB 1047 Will Drag California Into More Costly Litigation Over Ill-Conceived Tech Regulations
California is already mired in legal battles over poorly crafted tech regulations. Now, with SB 1047, the state risks plunging into yet another costly, uphill legal fight. The bill’s restrictions on the development and release of AI models could infringe on the constitutional right to code, which courts have recognized as a form of protected expression. For instance, in Bernstein v. U.S. Department of State, export controls on encryption code were deemed to violate the First Amendment, affirming that code is a form of speech. More broadly, courts have consistently upheld the rights of developers to code, underscoring that limitations on innovation through code can encroach on constitutional protections.
This debate is strikingly similar to the legal battles over social media regulation. Just as social media platforms are fundamentally speech products, entitled to editorial discretion under the First Amendment, so too are today’s Generative AI services. Many of these AI systems center around the processing and production of expression, making them direct facilitators of speech. As with the algorithms that curate social media content, regulations targeting these models will inevitably raise serious First Amendment concerns, challenging the constitutionality of such measures.
SB 1047, far from being a model for “responsible” AI innovation, risks debilitating the U.S.’s leadership in AI, reinforcing the dominance of existing tech firms, and punishing developers for improving and iterating upon their models. Governor Newsom has a choice: veto this bill and support the growth of AI innovation, or sign it and watch California lead the charge in destroying the very industry it claims to protect.
Jess Miers is currently Visiting Assistant Professor of Law, University of Akron School of Law.
Over the last few years, we’ve seen a bunch of politicians trying to frame their regulation of the internet as not being about regulating speech, but about “design” or “process” or some such. But when you scratch beneath the surface, they’re always really about regulating speech. Whether it’s KOSA or California’s Age Appropriate Design Code (AADC) in the US, or the DSA in the EU, there is plenty of ink spilt to defend the claim that they’re not really about censorship.
Just recently we wrote about the Ninth Circuit seeing through California’s AADC. The politicians behind the law insisted it wasn’t about regulating content, only conduct. But the court recognized that was obviously not true. Then, over in the EU, we have the DSA, which European officials insist is never supposed to be used for moderating content, but where the guy in charge of enforcing it seems to think that of course he should be using it for that.
Daphne Keller, over at Stanford, recently came across a custom ChatGPT instance, designed to act as a “trust & safety regulation expert.” The custom tool was created by Inbal Goldberger, a long-time trust & safety executive. Whether or not the tool is any good is not the point. What’s really fascinating is that when Daphne used the tool to explore how websites should best comply with the various regulatory regimes they’re facing, over and over again, it suggested removing speech.
For platforms planning their compliance with laws like KOSA and the DSA, the most basic question is “what do I need to do?” ChatGPT has a lot of answers. One of the main answers is that platforms need to take down more lawful speech.
You can read the full transcripts that Daphne generated exploring both EU and US law and how companies should respond. They’re quite interesting, and I’m actually somewhat impressed by the ChatGPT responses.
For example, she asks the custom GPT how to comply with KOSA, and it immediately tells her that “the following categories of content must be prevented from being accessed by children,” and it includes plenty of First Amendment-protected speech including “violent content” and “cyberbullying.” Whether or not it’s good policy (or, even possible) to block such content, just the fact that this is the first instinct of this custom GPT says something.
And yes, some people will dismiss this by saying that you can’t trust the GPT in the first place. But if it’s reading these laws and finding that’s the best way to comply, it’s pretty clearly saying something about them. Back in July, we had that guest post by Matthew Lane, rightly pointing out that companies are lazy and they will seek to take the path of least resistance for compliance. And that least resistance will often be just pulling down any content that might, conceivably, be deemed problematic under the law, just as the custom GPT recommends.
KOSA wasn’t the only law that the GPT interpreted this way:
ChatGPT gave very similar answers about California’s Age Appropriate Design Code (AADC), telling me that as a platform operator “you need to ensure that your platform protects children from encountering” a list of “key types of content” including depictions of violence, substance abuse, and misinformation. Coincidentally, the same day that ChatGPT said this, the Ninth Circuit Court of Appeals said pretty much the same thing, ruling that the law’s clearly content-related provisions violated the First Amendment.
The answers I got about European law were to my mind equally blunt, though they may require a little more translation for readers not steeped in EU policy debates. I asked a question that deliberately reused language from a recent Commission letter demanding that X mitigate risks arising from the interview it hosted with former President Trump. (That letter, from Commissioner Thierry Breton, prompted outcry from civil society groups and rare publiccensure from other Commission authorities.) The question was, “What must I do to mitigate risks of detrimental effects on civic discourse and public security under the DSA?”
ChatGPT’s answer went awry in a way that really matters for small and mid-sized platforms: it described obligations that won’t apply unless a platform has over 45 million users in the EU, without mentioning that these simply don’t affect everyone else.
Importantly for the rights of Internet users, ChatGPT’s advice also crossed a number of important red lines in EU law that exist to protect freedom of expression and information. First, it instructed me to act not only against illegal content but also “harmful content,” through changes such as “adjusting your content moderation policies.” Using the word “harmful” is a big deal. Throughout the DSA legislative process that term was used to refer to lawful but awful expression, or else to a mixed category that includes both legal and illegal material. For example, the Commission’s explanatory memorandum for the DSA said
There is a general agreement among stakeholders that ‘harmful’ (yet not, or at least not necessarily, illegal) content… should not be subject to removal obligations, as this is a delicate area with severe implications for the protection of freedom of expression.
ChatGPT’s advice to remove disinformation has a version of the same problem since in the EU, as in the US, not all disinformation is illegal.
Also, Daphne notes that if this is just AI “hallucinations,” it’s still notable that it always hallucinated in the same way (“censor more legal content.”).
Several people suggested that the repeated and consistent answers I got were just AI hallucinations. It would be pretty odd for ChatGPT to happen to hallucinate the same interpretation of the DSA that Commissioner Breton did, or the same interpretation of the AADC that a federal court of appeals did, but… I guess it’s possible
But, as she notes, the mere plausibility of these results from the custom GPT also suggests that humans will find these recommendations plausible as well:
The real reason ChatGPT’s answers should ring alarm bells is that they were so plausible. These are the answers that humans may well arrive at—whether or not they ask an AI what to do—in parsing confusing legal obligations. They are answers we can find in sloppy secondary materials purporting to explain the laws, and in news coverage that uncritically repeat politicians’ exaggerated claims about their legal authority. ChatGPT’s answers may not correctly answer questions about the law. But its “take it all down” directives may be the ones that both humans and machines get trained to apply all the same.
These points are really key. When we talk about these laws, people keep pointing to little caveats and phrases in the law to say “but it’s not supposed to be interpreted that way.” But they are interpreted that way over and over again. This is why the Ninth Circuit was right to call out California’s AADC as inherently censorial in how it works. Because that’s exactly how most companies would interpret it.
And this impacts other things as well. One point that we’ve raised repeatedly in our articles about “age verification” is that when politicians try to hide the ball and call for “age estimation” or “age assurance” rather than outright age verification, it doesn’t matter. It will still lead to age verification as the tool that companies will feel most drawn to simply to avoid any risk of liability.
That also appears to be what the Custom GPT felt about some of these laws. The transcript Daphne posted regarding KOSA gives a really good example of this. Supporters of KOSA insist that it doesn’t require age verification, and technically it doesn’t. Not directly. But, as the Custom GPT explains, if you want to avoid a legal fight, you probably should use age verification anyway. So while it might not mandate it, it certainly is going to create pressure for companies to adopt it anyway, just to avoid legal liability.
PROMPT: Do I need to use age assurance or verification tools to comply with KOSA?
RESPONSE:
To comply with the Kids Online Safety Act (KOSA), you are not explicitly required to implement age assurance or age verification tools. However, it is strongly recommended to ensure that age-appropriate content is provided to users, particularly to prevent children from accessing harmful content.
The KOSA includes provisions for the Federal Trade Commission (FTC) and other bodies to conduct studies and provide guidance on effective methods for age verification. These may include systems at the device or operating system level, but KOSA does not mandate affirmative collection of personal data solely for age verification purposes.
If your platform already collects certain user data, you can utilize that for age-related purposes, but you are not obligated to implement new age gating or age verification functionalities if they aren’t part of your normal operations. However, if your platform includes sensitive content such as pornography or extreme violence, using robust age verification methods is strongly encouraged to ensure compliance and protect children from inappropriate content.
Daphne even pushed it further, asking if it violated the law to not use age verification, and the GPT suggested (reasonably under the law) that not using age verification might be deemed as taking insufficient measures:
PROMPT: I know it is recommended, but will I violate the law if I do not do age verification?
RESPONSE:
Under the Kids Online Safety Act (KOSA), while the use of age verification or age assurance tools is strongly recommended, failing to implement such tools does not automatically constitute a violation of the law. However, the key legal requirement is that you must take “reasonable measures” to protect children from harmful content. If you fail to implement any effective mechanism to prevent children from accessing such content, and this results in harm, you could be found non-compliant with KOSA.
The law emphasizes that platforms must make a good-faith effort to restrict access to harmful content by minors. Age verification is one of the methods to demonstrate compliance, but it is not the only method. If your platform is found to allow minors to access harmful content without taking sufficient steps to prevent this, it could lead to legal action under KOSA.
Thus, while not using age verification tools doesn’t directly violate the law, it might leave your platform vulnerable to being deemed non-compliant if other protective measures are not sufficiently robust.
There’s a lot more in these docs, and they really do a nice job of highlighting how, for all the winks, nods, and denials from the lawmakers, the simplest and most obvious explanations for how to comply with these laws is to take down First Amendment-protected speech and implement privacy-harming age verification policies.
This is one of the reasons we spend so much time digging into the nuances and details. People sometimes complain that all I do is criticize these laws, but it’s important to understand how they will actually be implemented and how that implementation could do more harm than good.
