Radical Optionality Calls for Regulators to Prepare Now

Regulators must build capacity now; transformative AI could arrive within a decade.

A new line of thinking, laid out in a Lawfare conversation about the paper Radical Optionality: Governing Transformative AI Under Uncertainty, argues that governments should aggressively build the institutional capacity to regulate competently when needed. Instead of waiting for a perfect rulebook or surrendering to market forces, the authors suggest a deliberate, well-funded effort to prepare the state to regulate a technology that could outpace rules as quickly as it can improve. The piece frames governance as an ongoing capability problem, not a single policy decision.

Winter and Bullock press a point that runs through the piece: uncertainty about what transformative AI can do, how fast it will improve, and what risks it will pose. Those unknowns justify radical optionality, the idea that governments should prepare a menu of adaptable, ready to deploy governance tools rather than lock in static, premature rules. The discussion notes that the techno-economic curve of AI is exponential and poorly understood, which makes any attempt to predefine comprehensive rules risky or misleading. And it highlights the practical challenge of feeling the AGI before it arrives, how regulators recognize a capability once it passes from impressive performance to genuine systemic risk.

One central thread is that a pure permissionless-innovation stance breaks down when national-security implications loom. The authors argue that precautionary instincts cannot substitute for real regulatory muscle, but neither should they unleash a flood of inflexible, one-size-fits-all rules. The European approach, they warn, risks regulating without the enforcement expertise needed to implement it, leaving rules on a shelf rather than in practice. Instead, the paper advocates building a more capable U.S. regulatory counterpart to the UK AI Security Institute, with a concrete mandate to evaluate, set standards, and shape procurement requirements.

The proposed blueprint emphasizes three concrete activities. First, evaluations and standard-setting that give industry and researchers a dependable baseline for what constitutes safe, auditable AI development and deployment. Second, procurement-side cybersecurity requirements framed on the model of the Cybersecurity Maturity Model Certification, or CMMC, to anchor private-sector accountability through the way agencies buy and deploy AI. Third, internationally minded information-sharing channels among liberal democracies so future, urgent regulatory questions can be answered with shared data and experience rather than isolated experiments in policy.

Beyond these steps, the piece stresses keeping state and local experimentation alive and avoiding premature federal preemption. The authors argue for a federal framework that emerges from a staged process, not a sudden takeover, and for avoiding blanket overrides of state AI laws before there is a coherent national standard. In practice, that means regulators should prepare a credible, compartmentalized toolkit: evaluations, risk-based standards, and enforceable procurement practices that pressure companies to meet defined cybersecurity and governance criteria without stifling innovation.

From a practitioner’s lens, several implications stand out. First, the capacity problem is not cosmetic; it hinges on talent, funding, and institutions capable of rapid alignment across agencies, lawmakers, and the private sector. Second, enforcement is not merely punitive; it centers on procurement levers and security-by-design requirements that make compliance visible and verifiable. Third, the path to international coordination must start before a crisis, ensuring that information-sharing channels and trusted norms exist when urgency surges. Finally, there is a risk of misalignment if agencies chase a patchwork of national rules without clear, interoperable standards, one reason the authors advocate gradual, staged reforms anchored to concrete evaluations and procurement practices.

The core message is crisp: expect transformative AI, plan for the governance capability to respond, and coordinate across borders before the need becomes urgent. The paper argues that the most practical, scalable path is to build a well-resourced regulatory backbone focused on evaluations, standards, and procurement, while preserving space for innovation and avoiding premature, brittle rules.