What is informal AI governance, and why does it create compliance risk?

When a government claims to have no AI policy, it usually still has one — it just isn't written down anywhere you can find it.

Why this matters now

The current U.S. AI governance environment has produced a situation compliance professionals sometimes call a navigational vacuum: builders know the government holds strong opinions about AI development, but those opinions are exercised through ad hoc interventions rather than published rules. That gap between official posture and operational reality is one of the most practically important dynamics in AI governance today — and understanding the underlying mechanics helps you navigate it regardless of which administration or jurisdiction you're working under.

How it works

Formal AI governance operates through a defined lifecycle: a proposed rule is published, open to public comment, codified into regulation, and legally challengeable by affected parties. Informal governance short-circuits that cycle. Instead of durable written standards, policy gets made through case-by-case interventions — a deal here, a phone call there, a quiet signal to an industry player — that function as de facto precedent without ever becoming citable law.

@title How informal governance displaces formal rules
  Formal rule ···················
     │
     ├─ Published standard ·····
     │
     ├─ Public comment ·········
     │
     ├─ Codified regulation ····
     │
     └─ Legal challenge path ··

  Informal intervention ·········
     │
     ├─ Ad hoc decision ········
     │
     ├─ No public record ······
     │
     └─ Navigational vacuum ···
@caption Formal rules produce citable, challengeable standards; informal interventions produce uncertainty.

The compliance challenge compounds when federal preemption is added to the picture. If the federal level discourages state-level AI rules but has not yet enacted a replacement federal framework, builders face a structural void: the layer that used to constrain them is under pressure, the layer that was supposed to replace it doesn't exist yet, and the actual signals of what's permissible arrive only through inference — reading outcomes of individual cases rather than consulting published guidance.

This is meaningfully different from deregulation. True deregulation reduces constraints and clarifies what's allowed. Informal governance replaces transparent constraints with opaque ones. The regulatory burden doesn't disappear — it shifts from compliance research (reading published rules) to intelligence gathering (figuring out what the government seems to want based on who got called in and why).

Real-world applications

For product and engineering teams, informal governance creates concrete decision friction. You cannot point a legal counterparty, a board, or an enterprise customer to a regulation that explains why a feature is constrained. You cannot use prior interventions as stable guidance because they were never codified. And you cannot reliably predict what the next intervention will target, which tends to chill product decisions even when nothing is technically prohibited.

For teams with international reach, the asymmetry becomes sharper. Other jurisdictions with published frameworks — even ones that are being revised or scaled back — at least provide known timelines and explicit scope definitions. Builders serving multiple markets end up operating under a patchwork where one layer is formally documented and another must be inferred, and those two layers do not always point in the same direction.

For compliance and governance professionals specifically, this environment argues for building internal monitoring practices that go beyond regulatory tracking: watching enforcement patterns, industry association signals, and government statements as leading indicators of where informal policy pressure is heading next.

Where to go deeper

To build durable fluency here, focus on three adjacent concepts. Administrative law basics — how rules are proposed, commented on, and codified — gives you the formal baseline that informal governance departs from. Regulatory risk frameworks used in financial services and healthcare show how mature industries have learned to operate under enforcement-driven rather than rule-driven governance. And comparative AI regulation (contrasting published frameworks with enforcement-led approaches across jurisdictions) is increasingly core knowledge for anyone building products that cross borders. Each of these shows up across EducationPals courses in AI governance, product compliance, and industry verticals.