Expert Analysis · July 2026 · Valentine J. Gandhi

Fig. 01 · The pacing problem  AI capability accelerates while regulatory adaptation lags, opening a widening governance gap. For self-updating public-sector AI, the two curves diverge faster than in any prior technology.

THE CURVE

Governance is not a brake. It is a tuning dial.

For public institutions the stakes are higher than for a private firm. A government does not merely adopt AI; it is simultaneously the regulator, the buyer, the deployer, and the guardian of the rights of the people its decisions land on.13 That quadruple role is why setting the dial well matters so much, and why getting it wrong is so visible.

Fig. 02 · The governance maturity curve The dial has a sweet spot. Absence and excess of governance both suppress the same two things a public institution needs from AI: the willingness to deploy and the public’s trust that deployment is legitimate.

WHERE IT BITES

Three arenas where governments feel the paradox

Fig. 03 · The cross-border e-licensing stack Read bottom-up, each layer is a constraint that makes the next one possible. Shared identity enables trusted data exchange; trusted data enables an accountable decision; common rules let the whole service cross a border. The constraints are the enabler.

CALIBRATION

From control to partnership

If the dial has a sweet spot, the policy task is finding it deliberately rather than by accident or scandal. Three mechanisms, already visible in practice, do most of the work.

Regulatory sandboxes as a third way. Rather than choosing between blanket permission and blanket prohibition, sandboxes create supervised environments where an AI system can be tested against real conditions with a regulator watching. The model migrated from fintech into AI governance, and the EU AI Act now requires every member state to have at least one national AI regulatory sandbox operational by 2 August 2026, with explicit priority for SMEs and start-ups and the option to run them jointly across borders.5 The OECD frames sandboxes as adaptive-governance instruments that shine precisely where uncertainty and innovation potential both run high.17 For public-sector e-licensing, a sandbox is where you learn whether an automated decision is contestable before it is imposed on a citizen.

Differentiation by scale and context. A single compliance burden applied identically to a global platform and a two-person GovTech startup entrenches the incumbent and starves the challenger. Calibrated governance is tiered: proportionate to risk, and sensitive to the institutional capacity of the deploying body. This matters doubly in the Global South, where the answer is rarely to copy the EU machine wholesale, but to reach the same trust guarantees through lighter, locally sustainable means.

Evaluators and security experts as co-navigators. Responsibility cannot sit with the AI, which has no agency; it sits with the people who design, deploy, and assess these systems.15 The FRAME approach positions evaluation practitioners as ethical navigators across the AI lifecycle, from pre-deployment assessment through continuous monitoring.16 Paired with security practitioners, who bring threat modelling and the hard safeguards without which no ethical deployment is even possible, evaluation becomes the bridge between the soft principles of fairness and transparency and the hard requirements of robustness and integrity. Monitoring, evaluation, and learning is not paperwork after the fact; it is the instrument that reads the dial.

Fig. 04 · The dial across three arenas

Arena Dial too low Calibrated Dial too high
Administrative decisions & e-licensing Opaque automation, no redress. See toeslagenaffaire, Robodebt, SyRI. Explanation-centric accountability: human sign-off, audit trail, algorithm register, contestable decisions. Blanket bans on any automation; useful triage never leaves the pilot.
Cross-border e-licensing Administrative geo-blocking; documents unrecognised abroad; duplicated evidence. Interoperability as enabler: once-only exchange, mutual recognition of eID, user-controlled consent. Rigid harmonisation that outpaces local capacity and stalls adoption.
Cross-border trade in AI Fragmented rules; compliance cost falls hardest on SMEs and the Global South. Common baselines + sandboxes: DEPA / DEFA provisions, shared standards, joint testbeds. Data-localisation walls and protectionism disguised as safety.

FOR PRACTITIONERS

Setting the dial, deliberately

For those building or evaluating public-sector AI, especially in development contexts, the paradox resolves into a handful of working commitments:

  • Design for contestability first. Before an automated licensing or eligibility decision reaches a citizen, confirm there is a human accountable for it, an explanation a lawyer could defend, and a route to challenge it.
  • Treat interoperability as governance, not plumbing. Mutual recognition of identity and evidence is what lets services and licences move; invest in the common baseline early, when it is still cheap to steer.
  • Use sandboxes to learn, not to delay. A supervised testbed is the cheapest place to discover a system’s failure modes, and the honest way to say yes to innovation without saying yes to harm.
  • Tier the burden. Match oversight to risk and to the capacity of the deploying institution, so governance does not quietly become a moat for incumbents.
  • Put evaluation and security in the same room. Impact measurement and threat modelling are two readings of the same dial; neither alone tells you where it is set.

The framing that got us here, ethics versus innovation, was always a false binary. Absence of governance and excess of governance suppress the same things: the confidence to deploy and the trust that deployment is legitimate. The question a government should ask of any AI system, whether it screens a licence, recognises a foreign credential, or clears a cross-border transaction, is not how much control, but control placed where information and capacity are greatest, and accountability that a citizen can reach. That is the move from a control paradox to a control partnership. The dial is not something to fear. It is something to read, and to set on purpose.

REFERENCES