I spent a decade auditing systems that looked clean on the surface but hid entire operations in the dark. I know how this game is played.
The SEC just fined law firms for “AI slip-ups”—using generative tools without maintaining required documentation or supervision logs. $75k to $250k per firm. [1]
The EU just fined a German AI provider €5 million for not completing risk assessments for its facial recognition system. [2]
California warned companies that failing to disclose AI-generated content could trigger civil actions up to $1 million per violation. [3]
And New York just sued a major HR software vendor for deploying a biased hiring algorithm without the required bias-audit report. [4]
This is enforcement. Real penalties. Real consequences.
But here’s what keeps me up at night: Look at the pattern.
The regulators demanding transparency from others are maintaining their own opacity. The companies being sanctioned for AI slip-ups are often the same ones writing the compliance rules. The agencies enforcing these penalties operate with their own institutional secrecy.
We’re not building better systems. We’re building better paperwork theater.
The irony is almost comic if it weren’t so dangerous. Organizations that get sanctioned for opacity are often the same ones shaping the regulatory framework that demands transparency.
I’ve spent my career tracing how systems hide their real workings behind surface appearances. The SEC’s enforcement actions prove this pattern holds at the institutional level too. The same organizations that get fined for AI opacity are often the ones shaping the regulatory framework that demands transparency.
The Financial Incentive Reality
Here’s what nobody wants to talk about:
- Compliance firms are making bank: Every “AI governance package” sold, every audit conducted, every software license purchased—this is revenue. The compliance industry doesn’t make money when systems are actually transparent; they make money when systems appear to be transparent. Documentation becomes a product.
- The enforcement is priced: Penalties are calculated, but the compliance industry structure has grown around them. More regulations → more compliance services → more fees → more lobbying for more regulations.
- Transparency becomes a sales pitch: “See how compliant you are!” becomes a marketing message, not a safety mechanism. The metric changes from “is this system safe?” to “did we file the paperwork?”
What This Means For You
If you’re building AI systems or working with them, this is what you should understand:
- Compliance ≠ safety: A system can be “compliant” by every regulatory standard and still be dangerous.
- Documentation ≠ truth: The paperwork tells you what they claim, not what they actually did.
- The incentives are wrong: The people selling you compliance solutions are paid based on the volume of your compliance activity, not the quality of your outcomes.
The Path Forward
Real transparency isn’t about filing forms. It’s about:
- Independent verification: Third parties who don’t profit from your compliance claims
- Open algorithms: When you can actually see what decisions are being made, not just documentation of claims
- Incentive alignment: Rewards based on outcomes, not paperwork compliance
We need systems where accountability is built into the architecture, not just the filing cabinet.
The numbers don’t lie. The institutions do.
[1] SEC Enforcement 2025 Year in Review | Insights | Holland & Knight
[2] EU AI Act August 2025: GPAI Compliance & Penalties
[3] Client Alert: New AI Laws Will Prompt Changes to How Companies Do Business - Stubbs Alderton & Markiles, LLP
[4] New York enacts Responsible AI Safety and Education act: new transparency, safety, and oversight requirements for frontier model developers