Saved in:
Bibliographic Details
Main Authors: Kwon, Joe, Casper, Stephen
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2601.08005
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911447290740736
author Kwon, Joe
Casper, Stephen
author_facet Kwon, Joe
Casper, Stephen
contents Frontier AI regulations primarily focus on systems deployed to external users, where deployment is more visible and subject to outside scrutiny. However, high-stakes applications can occur internally when companies deploy highly capable systems within their own organizations, such as for automating R&D, accelerating critical business processes, and handling sensitive proprietary data. This paper examines how frontier AI regulations in the United States and European Union in 2025 handle internal deployment. We identify three gaps that could cause internally-deployed systems to evade intended oversight: (1) scope ambiguity that allows internal systems to evade regulatory obligations, (2) point-in-time compliance assessments that fail to capture the continuous evolution of internal systems, and (3) information asymmetries that subvert regulatory awareness and oversight. We then analyze why these gaps persist, examining tensions around measurability, incentives, and information access. Finally, we map potential approaches to address them and their associated tradeoffs. By understanding these patterns, we hope that policy choices around internally deployed AI systems can be made deliberately rather than incidentally.
format Preprint
id arxiv_https___arxiv_org_abs_2601_08005
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Internal Deployment Gaps in AI Regulation
Kwon, Joe
Casper, Stephen
Artificial Intelligence
Frontier AI regulations primarily focus on systems deployed to external users, where deployment is more visible and subject to outside scrutiny. However, high-stakes applications can occur internally when companies deploy highly capable systems within their own organizations, such as for automating R&D, accelerating critical business processes, and handling sensitive proprietary data. This paper examines how frontier AI regulations in the United States and European Union in 2025 handle internal deployment. We identify three gaps that could cause internally-deployed systems to evade intended oversight: (1) scope ambiguity that allows internal systems to evade regulatory obligations, (2) point-in-time compliance assessments that fail to capture the continuous evolution of internal systems, and (3) information asymmetries that subvert regulatory awareness and oversight. We then analyze why these gaps persist, examining tensions around measurability, incentives, and information access. Finally, we map potential approaches to address them and their associated tradeoffs. By understanding these patterns, we hope that policy choices around internally deployed AI systems can be made deliberately rather than incidentally.
title Internal Deployment Gaps in AI Regulation
topic Artificial Intelligence
url https://arxiv.org/abs/2601.08005