Consensus Without Consequence
DEV Community

Consensus Without Consequence

Consensus Without Consequence

Everyone agrees that artificial intelligence should be fair, transparent, and accountable. That sentence could have been written in 2018, and it would have been just as true then as it is now. The difference is that in 2018, arriving at consensus on those principles felt like the hard part. In 2026, we know better. The hard part was never agreeing on what AI ethics should look like. The hard part is making anyone actually do it.

A growing body of research confirms what practitioners and regulators have been circling for years: the global AI ethics landscape has converged around a remarkably stable set of principles. Transparency. Fairness. Non-maleficence. Accountability. Privacy. These five values appear in the vast majority of the more than 200 ethics guidelines and governance documents that researchers have catalogued worldwide.

A landmark review by Anna Jobin, Marcello Ienca, and Effy Vayena, published through ETH Zurich and later expanded through broader global analysis, found that transparency appeared in 86 per cent of guidelines examined, justice and fairness in 81 per cent, and non-maleficence in 71 per cent. The world, it turns out, has been surprisingly good at articulating what responsible AI ought to involve. The world has been catastrophically bad at enforcing it.

That gap between articulation and enforcement defines the current moment in AI governance. And it is not an abstract policy debate. It is the difference between a hiring algorithm that discriminates against older workers and one that does not. It is the difference between a facial recognition system that operates with impunity and one that faces genuine consequences. It is the difference between a corporate ethics board that exists to absorb criticism and one that has the power to halt a product launch.

The question that matters now is deceptively simple: what does meaningful accountability actually look like in practice? And when enforcement mechanisms fail to materialise in time, who bears the cost?

The Principles Paradox

The proliferation of AI ethics guidelines over the past decade represents one of the most remarkable exercises in global norm-setting since the Universal Declaration of Human Rights. Governments, corporations, academic institutions, and civil society organisations have produced hundreds of frameworks, each articulating some version of the same core commitments.

The World Economic Forum has described the challenge as one of "scaling trustworthy AI" by turning ethical principles into tangible practices. The International Labour Organization has reviewed global ethics guidelines specifically for AI in the workplace, finding consistent themes around worker protection and human oversight.

Yet this apparent consensus masks a deeper dysfunction. As research published in Patterns journal noted, while the most advocated ethical principles show significant convergence, there remains "substantive divergence in how these principles are interpreted, why they are deemed important, what issue, domain or actors they pertain to, and how they should be implemented." In other words, everyone agrees on the words. Nobody agrees on what the words mean in practice.

This is the principles paradox. The more guidelines that exist, the easier it becomes for organisations to claim alignment with ethical AI while doing very little to change their behaviour. The phenomenon has a name: ethics washing. And in 2025 and 2026, it has become a defining feature of the corporate AI landscape.

The United States Securities and Exchange Commission has flagged "AI washing" as an enforcement priority, scrutinising whether company disclosures about artificial intelligence capabilities match actual practices. The SEC and the Department of Justice have already taken action against companies for exaggerating AI capabilities to attract investment. But the problem extends far beyond securities fraud.

When a company publishes a set of AI ethics principles, appoints a chief ethics officer, and then deploys systems that systematically discriminate, the principles themselves become a form of camouflage. They provide the appearance of responsibility without the substance of it, a shield against criticism rather than a genuine constraint on conduct.

The most notorious illustration of this dynamic played out at Google in late 2020 and early 2021. Timnit Gebru, co-lead of Google's Ethical AI team, was fired after the company demanded she retract a research paper examining the environmental costs and bias risks of large language models. Three months later, Margaret Mitchell, the team's founder, was also terminated. Roughly 2,700 Google employees and more than 4,300 academics and civil society supporters signed a letter condemning Gebru's departure. Nine members of the United States Congress sent a letter to Google seeking clarification.

The paper that triggered the conflict, "On the Dangers of Stochastic Parrots: Can Language Models Be Too Big?," was subsequently presented at the ACM FAccT conference in March 2021 and has since become one of the most cited works in the field.

The Google episode demonstrated something that has only become clearer with time: internal ethics teams, no matter how credentialed or well-intentioned, cannot function as accountability mechanisms when they exist at the pleasure of the organisations they are meant to constrain. The fox does not appoint its own gamekeeper.

Deployment at Speed, Governance at a Crawl

The numbers tell a stark story. According to ISACA's 2025 global survey of more than 3,200 business and IT professionals, nearly three out of four European IT and cybersecurity professionals reported that staff were already using generative AI at work, a figure that had risen ten percentage points in a single year. Yet only 31 per cent of organisations had a formal, comprehensive AI policy in place. The gap was not closing. It was widening.

The same survey found that:

  • 63 per cent of respondents were extremely or very concerned that generative AI could be weaponised against their organisations
  • 71 per cent expected deepfakes to grow sharper and more widespread
  • Only 18 per cent of organisations were investing in deepfake detection tools

The pattern is consistent: organisations recognise the risks, articulate concern, and then fail to allocate the resources necessary to address them.

A separate finding from the same research revealed that 42 per cent of professionals believed they would need to increase their AI-related skills within six months simply to retain their current position, a figure that had risen eight percentage points from the previous year. The workforce, in other words, is being transformed by AI faster than individuals or institutions can adapt.

Globally, the picture is even more fragmented. A separate analysis found that:

  • 94 per cent of global companies reported using or piloting some form of AI in IT operations
  • Only 44 per cent said their security architecture was fully equipped to support secure AI deployment
  • 57 per cent of organisations surveyed acknowledged that AI was advancing more quickly than they could secure it

The phrase "governance gap" has become a staple of policy discourse, but it undersells the scale of the problem. This is not a gap. It is a chasm.

The Partnership on AI, a multi-stakeholder organisation that includes major technology companies, academic institutions, and civil society groups, identified six governance priorities for 2026:

  1. Responsible adoption of agentic AI systems
  2. Improved documentation and transparency standards
  3. Governance convergence across jurisdictions
  4. Protections for authentic human voice in an era of synthetic content

The priorities are sensible. They are also an implicit admission that none of these foundations are yet in place, despite years of discussion.

Meanwhile, the technology itself continues to accelerate. Agentic AI systems, which can take autonomous actions in the real world rather than simply generating text or images, introduce what the Partnership on AI describes as "non-reversibility of actions, open-ended decision-making pathways, and privacy vulnerabilities from expanded data access." These are not theoretical risks. They are features of systems already being deployed in customer service, software development, and financial trading. The governance frameworks meant to constrain these systems are, in many cases, still being drafted. The speed of silicon, as one commentator put it, outpaces the speed of statute.

Regulation Arrives, Eventually

The European Union's AI Act represents the most ambitious attempt to date to translate ethical principles into enforceable law. The legislation entered into force on 1 August 2024, with a phased implementation timeline extending through 2027.

Key milestones:

  • 2 February 2025: Prohibitions on AI systems posing unacceptable risk took effect
  • 2 August 2025: Obligations for general-purpose AI models became applicable
  • 2 August 2026: Bulk of requirements for high-risk systems take effect, with authorities gaining power to enforce compliance through administrative fines reaching up to 35 million euros or seven per cent of global annual turnover

The EU AI Act adopts a tiered, risk-based approach, classifying AI applications from minimal to unacceptable risk. High-risk systems are subject to strict oversight, including conformity assessments, technical documentation, CE marking, transparency requirements, and post-market monitoring. The European AI Office became operational on 2 August 2025, taking on responsibility for supervising and enforcing the Act alongside Member State authorities.

This is, by any measure, a significant regulatory achievement. But it also illustrates the temporal mismatch that defines AI governance. The Act was first proposed by the European Commission in April 2021. It was adopted in March 2024. Full enforcement does not arrive until August 2026 at the earliest, with some provisions extending to 2027. During that five-year legislative journey, the AI landscape transformed beyond recognition. When the Commission drafted its proposal, ChatGPT did not exist. Nor did the current generation of multimodal models, autonomous agents, or AI-powered code generation tools. The regulation is, by design, chasing a target that moved while lawmakers were still aiming.

The situation in the United States presents a different set of challenges entirely. Rather than pursuing comprehensive federal legislation, the US has relied on a decentralised approach combining agency-specific enforcement, voluntary frameworks, and sector-level regulation.

Key US developments:

  • The National Institute of Standards and Technology published its AI Risk Management Framework, with a February 2025 revision adding testable controls for continuous monitoring
  • The Federal Trade Commission and Department of Justice have used existing consumer protection and anti-discrimination statutes to pursue AI-related enforcement actions
  • In December 2025, President Donald Trump signed an executive order titled "Ensuring a National Policy Framework for Artificial Intelligence," which sought to advance what the administration called "a minimally burdensome national policy framework"

The executive order directed the Attorney General to establish an AI Litigation Task Force to challenge state AI laws deemed inconsistent with federal policy. It instructed the Secretary of Commerce to evaluate existing state AI legislation and identify laws considered "onerous." It even tied broadband infrastructure funding to compliance, specifying that states with AI laws identified as problematic would be ineligible for certain federal grants. The order was, in effect, an attempt to pre-empt the patchwork of state-level regulations that had been emerging across the country.

Meanwhile, state-level regulation continued to advance:

  • Colorado's SB 205, effective February 2026, requires developers and deployers of high-risk AI systems to use reasonable care to protect consumers from algorithmic discrimination, implement risk management policies, and conduct impact assessments
  • New York City's Local Law 144 had already established bias audit requirements for automated employment decision tools
  • More than a hundred state AI laws were enacted across the United States in 2025 alone

Governors in California, Colorado, and New York issued statements indicating the executive order would not stop them from enforcing their existing AI statutes. Legal scholars noted that the administration's ability to restrict state regulation without Congressional action was constitutionally questionable. The result is a governance landscape that is not merely fragmented but actively contested, with federal and state authorities pulling in opposing directions while companies navigate overlapping and sometimes contradictory obligations.

When Enforcement Fails, the Vulnerable Pay

The consequences of the enforcement gap do not fall equally. They concentrate, with brutal predictability, on those with the least power to resist.

In employment, the case of Mobley v. Workday, Inc. illustrates the human cost. Five individuals over the age of forty applied for hundreds of jobs through Workday's automated hiring platform and were rejected in nearly every instance without receiving a single interview. The plaintiffs alleged that Workday's AI recommendation system discriminated on the basis of age. In 2024, a court allowed the disparate impact claim to proceed under the Age Discrimination in Employment Act and the Americans with Disabilities Act, holding that Workday bore liability as an agent of the employers using its product. The case remains one of the most significant tests of whether existing anti-discrimination law can reach the companies that build, rather than merely deploy, algorithmic decision-making tools.

In housing, the SafeRent algorithm case exposed how automated tenant screening can systematically disadvantage Black and Hispanic applicants.

Comments

No comments yet. Start the discussion.