Overview 

Federal regulations—legally binding rules that Congress has authorized federal agencies to create—touch nearly all aspects of life. More than 100 US federal agencies regulate hundreds of thousands of activities and products, from aviation and vehicles to food labeling, drugs and medical devices, and financial markets and banking.

Regulations can profoundly shape emerging technologies by directing their development and determining if and how they reach the world. Regulations around nuclear power and gene-editing technologies have guided and in many cases slowed developments in those fields, limiting both their potential applications and risks. The Food and Drug Administration’s drug approval process can help prevent harmful medicines from reaching patients, but also delays access to new treatments.

This guide covers the fundamentals of US regulatory policy at the federal level and its role in shaping emerging technologies. It walks through the regulatory process and key players, then discusses career opportunities in regulatory policy.

Why does the government regulate?

Regulation often aims to correct or mitigate market failures—situations where markets don’t distribute goods and services efficiently. This includes:

1. Addressing spillover harms: Some market activities impose costs or risks on third parties who aren’t involved in the transaction (pollution is a classic example). Because those harmed by these externalities often can’t easily negotiate with or sue those creating them, producers aren’t incentivized to reduce them. Regulations can target these, e.g. by penalizing or restricting high-risk activities, or by mandating tools like emissions controls, liability insurance or other financial safeguards.
2. Preserving public resources: Some resources don’t have clearly defined property rights and may be over-used or under-produced in an unregulated market. For example, resources like fisheries or radio spectrum may be depleted or face coordination problems without rules around their use (a “tragedy of the commons”). Conversely, goods that are difficult to exclude others from using (like innovations) may never be produced if not for the patents granting their creators property rights. 
3. Maintaining competitive markets: ??Markets can trend toward concentration among several or one firm. Regulations can target monopolization, collusion between firms, predatory pricing, and other anticompetitive behaviors (e.g. by restricting certain mergers and acquisitions or reducing barriers to entry in a certain industry).
4. Reducing “asymmetric information”: Markets work poorly when buyers and sellers have very different information about the quality, safety, or risk of a service or product (e.g. with some complex financial products or medical services). Regulation can require third-party testing, labeling, disclosures, audits, licensing, and other forms of quality verification to narrow this information gap.

Not all regulations try to correct a market failure—some may, for example, aim to improve government processes or promote equality, freedom, or other values.

Regulatory policy basics 

Regulations formally refer to legally binding rules issued by executive branch agencies (federal or state-level) pursuant to laws passed by Congress or state legislatures. These rules spell out what individuals, firms, and other organizations can, can’t, or must do in a given circumstance. 

You might sometimes hear people say things like “Congress is regulating AI”, but more precisely, Congress is legislating—passing laws. In some cases, these laws set out specific rules, but often, they instead authorize agencies to set those rules within the wider bounds Congress has set—that is, to regulate. (We’ll use this precise definition of “regulation” in this guide, but people often use “regulation” more loosely in practice). 

Regulatory policy is broader: it refers to the complete process of how regulations are created and put into practice. This includes Congress passing laws that tell agencies what and how to regulate, the President issuing executive orders that shape what regulations are made, and agencies making and enforcing regulations. This guide covers the full regulatory policy landscape, but focuses especially on rulemaking—the formal process by which federal agencies create regulations.

To understand how regulation works, it helps to see how different legal authorities interact. American legal authorities interact in a rough hierarchy: the Constitution is supreme, followed by statutes (laws), then regulations issued under those statutes. Court decisions interpret all of these authorities and can strike down actions that conflict with higher law.

Executive orders (EOs) and other presidential directives are tools the President uses to manage the executive branch, but they don’t have independent legal authority. Through EOs, the President can direct agencies to act based on powers the President already has under the Constitution (such as commanding the military) or that Congress has delegated through statutes.¹

So in short, the major federal actors involved in regulatory policy are:

• Congress, which passes laws and may delegate authority to agencies to interpret them and carry them out. Some laws require agencies to develop specific regulations by certain deadlines; others give agencies broader discretion to develop regulations as needed or on an ongoing basis.
• The President, who issues executive orders and other directives to agencies that can both direct them to develop new regulations (in the bounds of existing law) or shape the regulatory process itself.
• Regulatory agencies, which write and enforce regulations (also called rules) using the authority Congress grants them. (Writing these rules is called “rulemaking”.)
• Courts, which review laws, regulations, and executive actions and can strike down rules that exceed their legal authority, violate the Constitution, or were adopted without following required procedures, or were “arbitrary and capricious.”

While this guide focuses on federal regulation, states are also major regulators—see Federal vs. state regulation below.

Types of regulation

This section breaks down regulations by policy area and by their mechanisms to achieve their goals.

Policy areas and their regulators

The drop-downs below cover some of the major regulatory policy areas, key federal agencies operating in each, and common regulatory tools used. These categories aren’t exhaustive, and can overlap in practice.

Regulatory tools 

Regulators use a mix of tools to achieve intended policy outcomes. The table below covers some of the most common tools and the types of situations they’re generally used for.

Regulators similarly have a range of monitoring tools (e.g. inspections, audits, testing) and enforcement mechanisms (e.g. fines, criminal liability, license revocation) available to motivate compliance.

Federal vs. state regulation 

This guide focuses on federal regulation, but states are also major regulators. In short, the federal government regulates issues of national concern or that impact interstate commerce (e.g. defense, financial markets, foreign policy). States regulate in areas that aren’t delegated to the federal government, including public utilities, professional licensing, insurance, land use, and many aspects of consumer protection.

Depending on the policy area, regulation may only happen federally, may happen at both levels, or be almost entirely state-led.

Federal-state dynamics for AI regulation remain unsettled. In December 2025, President Trump issued an Executive Order directing the DOJ to challenge certain state AI laws and calling for preemptive federal legislation (with proposed exemptions for child safety, state government use of AI, and other topics). The relevance of state regulation for AI will significantly depend on the ultimate outcome of federal preemption efforts like this.

Regulation and emerging technology

Regulation and emerging technology continuously influence each other: regulation can both enable technological growth by creating legal certainty and reducing risk, and constrain it by restricting its development or use. New technologies in turn expose issues with existing rules, prompting policymakers to update, remove, or add new ones. In practice, regulators often struggle to keep pace, as laws proposed to address one technological landscape may need revision before they’re even enacted.

Note that many of these developments are upstream of regulation, rather than regulations themselves. For example, the AI Action Plan is a federal strategy signaling forthcoming agency actions, not a binding rule. Executive orders similarly may direct agencies to develop regulations but don’t create enforceable rules on their own.

Why (not) work on regulatory policy?

The case for impact

Regulatory policy is broad, incorporating a huge range of mechanisms—from market-based tools⁵ to command-and-control approaches that mandate specific technologies or practices. Given this, it’s difficult to generalize its case for impact. But regulation offers several strengths as a tool for shaping emerging technologies:

• Binding, market-wide change: Regulations can shift entire industries rapidly and comprehensively in ways that voluntary standards, individual company commitments, or more gradual market forces generally cannot. For example, the FDA’s 1962 drug efficacy requirements (following the thalidomide birth defects crisis) meant thousands of existing drugs had to be pulled from market or undergo new testing. This fundamentally changed pharmaceutical development processes and timelines.
• Addresses market failures: Regulations can be well-positioned to address market failures like externalities, information gaps for consumers, or market power concentration. For example, in cases where consumers can’t meaningfully assess cybersecurity or privacy risks when purchasing connected devices, developers may underinvest in security features.
• Ex-ante prevention of severe, large-scale risks: For products or activities that pose irreversible or extremely high-consequence risks, regulation can help preempt major harms rather than waiting until damage has been done. For example, nuclear reactor design certification prevents potentially catastrophic meltdowns, and bank stress tests aim to protect individual bank failures from triggering financial system collapse.
• More specific and often more agile than legislation: Agencies can issue regulations without new legislation when Congress has already provided relevant authority, making regulation often a faster path to policy change. Regulations also give specificity to broad statutory goals: since laws are often deliberately underspecified, implementation through regulation matters significantly for a policy’s effectiveness.

The case for professional growth

• Technical depth in complex systems: Regulators often become among the most knowledgeable people on highly technical domains (e.g. spectrum allocation, pharmaceutical development, technology export controls). Regulatory policy work requires both understanding technical specifics and projecting out the system-wide effects of regulatory interventions. This mix of skills is broadly valued in policy work.
• Legal and procedural expertise: Regulatory policy work develops deep fluency in administrative law, such as understanding rulemaking, statutory interpretation, and judicial review. These skills translate well across policy, including to roles in law, compliance, or policy advisory positions.
• Navigating trade-offs and multiple stakeholders: Regulatory work fundamentally involves making trade-off decisions in complex systems with significant uncertainty. Regulators simultaneously answer to and work with Congress, the White House, courts, industry, and the public, giving them both broad professional exposure and experience navigating complex political environments.
• Understanding how policy is implemented: Because a great deal of policy impact depends on agency implementation, it’s broadly valuable to understand how agencies translate laws into enforceable rules.

Some tradeoffs 

• Bureaucratic and slow to adapt: The rulemaking process typically takes 2-3+ years from proposal to final rule, during which a technological landscape might significantly evolve. Agencies can be nimbler than Congress in updating regulations, but still often lag behind technological change. Regulatory work notoriously involves navigating many bureaucratic hurdles.⁶ 
• Risk of regulatory capture: Industries often have more resources, technical expertise, and vested interest in regulations than the public, and sometimes gain disproportionate influence over regulatory decisions. In severe cases, an agency intended to serve the public interest may end up primarily working to advance the interests of the industry it regulates (“regulatory capture”).⁷ Capture isn’t exclusive to industry—small but highly organized advocacy groups can also exert disproportionate influence, particularly when broader public attention is low or uncoordinated. This can lead to (for example) overly restrictive regulations that reflect narrow advocacy goals rather than broader public preferences or cost-benefit considerations. 
• Impacts are difficult to fully predict and quantify: Regulation generates costs that can be difficult to measure or quantify, including time diverted from productive activities and opportunity costs from foregone innovation (e.g. the value of drugs delayed, products never developed, or companies never founded). The same uncertainty applies to benefits—for instance, emerging literature suggests larger potential public health benefits from air pollution regulations than original estimates. Regulations interact with large-scale, complex systems in not-fully-predictable ways, creating potentially vast second-order effects and unintended consequences in both directions.
• Risk-averse culture: Federal agencies often face asymmetric political consequences: visible failures (e.g. approving a harmful product, not regulating a risk) can generate intense scrutiny, while missed opportunities from over-caution generally don’t. Many have criticized this dynamic as incentivizing excessive risk aversion.

The regulatory process: Who’s involved? 

The following sections describe the typical stages of regulatory policymaking and the key actors in each. In short:

1. Setting the agenda: Congress, the President, and Presidential appointees determine regulatory priorities primarily through legislation and executive orders. Agencies may also set their own regulatory agendas in the bounds of their statutory mandates (what Congress has authorized them to do), with varying degrees of autonomy.⁸ 
2. Drafting regulations: Agencies translate policy goals into draft regulatory text with support from program offices, lawyers, economists, and technical experts. 
3. Interagency review and clearance: The White House Office of Information and Regulatory Affairs (OIRA) reviews significant rules before they’re publicly proposed and coordinates feedback across agencies to ensure that they’re minimally burdensome, analytically sound, and responsive to presidential priorities. This includes getting feedback from agencies that have expertise or a stake in the topic.
4. Public comment and consultation: Agencies publish proposed rules in the Federal Register and collect public feedback (typically for 30-60 days), often supplemented by hearings or stakeholder meetings. Individuals, companies, think tanks, and other organizations can submit comments.
5. Finalization and publication: Agencies revise rules based on public comments, complete final OIRA review (for significant rules), and publish the final rule, along with a rationale and responses to major comments. Congress can override via the Congressional Review Act; courts can review for legal compliance.
6. Implementation and enforcement: Once finalized, agencies implement and enforce regulations through mechanisms like inspections, licensing systems, audits, or penalties, including referring cases for civil or criminal prosecution by DOJ and sometimes state regulators.
7. Oversight: Congress, courts, the Office of Management and Budget (OMB), and watchdog bodies like the Government Accountability Office (GAO) monitor how agencies implement regulations, evaluate their effectiveness and prompt updates, and ensure that rules stay within legal bounds.

Setting the agenda

At this stage, key actors decide what will get regulated and how. The regulatory agenda emerges from many institutions, including Congress, the President, external groups, and agencies themselves, whose priorities often conflict. Public opinion and nationally significant events can also rapidly shift regulatory priorities. 

Drafting regulations

Once the agenda is set, the rulemaking process begins with an agency drafting a regulation (a “rule”). Before drafting, agencies often gather data, public input, and technical expertise through:

• Requests for Information (RFI): A public notice asking “what do you know about this problem?” to collect data, research, and perspectives before deciding whether regulation is needed or what form it should take. (See two example RFI responses here and here).
• Petitions for rulemaking: Individuals, companies, advocacy groups, or other organizations can formally request that an agency initiate rulemaking on a specific issue. Agencies must respond to petitions, though they’re not required to grant them.
• Informal consultations: Agencies often meet with industry groups, researchers, state regulators, and other stakeholders to understand technical feasibility and practical challenges before drafting formal proposals.
• Advance Notice of Proposed Rulemaking (ANPRM): A more formal step indicating the agency is seriously considering regulation. An ANPRM outlines the issue and possible regulatory approaches, then asks for public feedback on whether and how the agency should proceed.

Agencies then draft a proposed regulation, supported by:

• program offices with subject-matter expertise who lead the drafting, 
• general counsel, who ensure the rule fits within the agency’s statutory authority and follows required procedures,
• economists and policy analysts who assess costs, benefits, and potential market effects, and
• political leadership, who ensure alignment with agency priorities.

For significant rules (having $100+ million in annual economic impact or other major impacts¹⁴), agencies also must prepare extensive supporting analysis, including:

• Regulatory Impact Analysis (RIA): Estimates the rule’s costs and benefits to society. This includes quantifying compliance costs for industry, potential benefits to public health or safety, and comparing alternative approaches. 
• Regulatory Flexibility Analysis: Examines how the rule affects small businesses, small organizations, and small government jurisdictions. Agencies must consider less burdensome alternatives for small entities.

Agencies can also use expedited pathways when they have good reason to bypass standard notice-and-comment procedures, including: 

Interagency review and clearance

? See our profile on OMB and subsection on OIRA

The White House’s Office of Information and Regulatory Affairs (OIRA), part of the Office of Management and Budget, must review significant rules before the agency¹⁵ can publicly propose them. It’s staffed by ~50 economists, statisticians, and policy analysts (many of them former regulators) and led by a small group of political appointees. 

OIRA generally has 90 days to review a rule, during which they conduct their own analysis and circulate the draft to White House policy councils and other federal agencies for feedback (this is called interagency review). For example, OIRA might ask the Department of Energy to weigh in on an EPA climate rule with potential effects on energy markets, or the Department of Defense to comment on an export control regulation that could affect defense technology supply chains. Based on the interagency feedback and their own analysis, OIRA can:

• Approve without change: Agency can publicly propose the rule on the Federal Register
• Approve with changes: Most common outcome; OIRA recommends modifications that the agency typically incorporates or provides rationale for not incorporating
• Return for reconsideration: OIRA has serious concerns and sends the rule back to the agency with a return letter explaining the issues (this is rare but signals fundamental problems with the rule’s legal authority, analysis, or policy approach, and typically “kills” the rule in its current form)

Public comment and consultation 

Once OIRA clears a significant rule, the agency publishes a Notice of Proposed Rulemaking (NPRM) in the Federal Register, opening a public comment period where anyone—members of the public, companies, researchers, advocacy groups, and other government entities—can submit written input. Comment periods are often 30–60 days, though complex or high-impact rules may stay open longer.¹⁶

Agencies sometimes supplement written comments with public meetings, hearings, workshops, or webinars. Comments are usually organized by docket on Regulations.gov, but not every submission becomes publicly visible. Disclosure rules vary by agency and docket; posting can be delayed, and some comments may be withheld or redacted. Partly for this reason, many organizations (e.g. think tanks and advocacy groups) also publish their submissions on their own platforms.

External groups can play an outsized role in the public comment process by tracking comment windows, translating technical rules for wider audiences, and submitting detailed legal or empirical analyses that materially influence how agencies revise rules. 

Finalization and publication

After the comment period closes, agencies revise the proposed rule based on public feedback and their own analysis. Agency staff review and categorize comments, identify major themes and substantive concerns, and determine which modifications to make. Not all comments result in changes: agencies must explain their reasoning but aren’t required to adopt every suggestion.

For significant rules, the revised rule goes back to OIRA for a second review (typically faster than the first). OIRA ensures the agency adequately addressed major comments and that changes don’t create new problems or conflicts with other policies.

Once OIRA clears the rule, the agency promulgates (formally publishes) the final rule in the Federal Register, which includes:

• The final regulatory text
• An effective date (typically at least 30-60 days after publication to give regulated entities time to prepare)
• A preamble explaining the rule’s purpose, legal authority, and changes from the proposed version
• Responses to significant comments, including why the agency adopted or rejected major suggestions
• Supporting analyses (cost-benefit analysis, regulatory flexibility analysis, etc.)

Congressional Review Act: Congress has 60 legislative days (days when Congress is in session) to pass a resolution blocking the rule. If Congress passes this resolution and the President signs it (or Congress overrides a veto), the rule is overturned and the agency cannot issue a substantially similar rule without new authorization from Congress. This is relatively rare: since 1996, Congress has only overturned ~20 rules.

Judicial review: After publication, regulated entities, advocacy groups, states, or other affected parties can challenge the rule in federal court. Common arguments include that the agency exceeded its legal authority, violated the Constitution, or failed to follow required procedures (such as inadequately responding to comments or not conducting sufficient cost-benefit analysis). Courts can strike down or send back rules they find unlawful, sometimes requiring agencies to restart the rulemaking process.

Implementation and enforcement

Once a rule is published, agencies build the systems and procedures needed to operationalize it. This may involve building new licensing systems, plans for inspections or auditing, or data reporting tools and often requires new funding, interagency coordination, and communication with the regulated community. For example, to implement…

• disclosure requirements for cybersecurity incidents, the SEC develops filing systems, builds staff expertise to review disclosures, issues guidance on what constitutes a “material” incident, and coordinates with other financial regulators.
• new regulatory pathways for cell and gene therapies, the FDA trains reviewers on novel assessment methods, develops guidance on manufacturing standards and clinical trial design, and builds post-market surveillance systems to monitor long-term safety.
• AI chip export controls, BIS develops classification systems to determine which chips require licenses, creates review procedures for applications, trains compliance officers, and coordinates with customs officials to monitor shipments.

Agency enforcement offices (and other actors) then monitor compliance and address violations through a range of tools, including:

• administrative actions, e.g. warning letters documenting violations and requiring corrective, actions, compliance agreements for minor violations
• civil penalties, e.g. monetary fines, license suspension or revocation
• criminal prosecution, e.g. federal prosecution potentially resulting in imprisonment and criminal fines

The regulating agency typically leads enforcement, but other actors may also be involved, including:

• Department of Justice (DOJ): Represents agencies in court (most agencies can’t litigate independently) and prosecutes criminal violations involving fraud, knowing endangerment, or significant public harm.
• State enforcement: States can enforce their own regulations through state courts and agencies. State courts also have concurrent jurisdiction to hear cases arising under federal law. State attorneys general can enforce certain federal laws when explicitly authorized by Congress, primarily in antitrust and consumer protection.¹⁷
• Private enforcement: Some laws allow individuals or organizations harmed by violations to sue directly, such as securities fraud cases, employment discrimination claims, and citizen suits under environmental laws. Private enforcement can supplement or exceed government action.
• Self-regulatory organizations: In some sectors, industry bodies handle day-to-day enforcement (e.g. professional licensing boards regulate doctors, lawyers, and engineers).
• “Qui tam” relators (whistleblowers): Under the False Claims Act, private citizens can sue on the government’s behalf when entities defraud federal programs, receiving a share of any recovery. 
• International coordination: For regulations with international effects (e.g. export controls, antitrust, or financial rules) US agencies coordinate enforcement with foreign counterparts through international agreements and partnerships.

Oversight

Multiple institutions monitor agencies to ensure the regulatory system functions as intended.

• Congress tracks agency performance through committee hearings, oversight letters, and required agency reports. Congress can also use funding decisions to influence enforcement priorities and can overturn recently finalized rules through the Congressional Review Act.
• Government Accountability Office (GAO) conducts independent audits of regulatory programs, evaluating whether agencies are meeting their goals, spending appropriately, and following procedures. GAO reports often identify gaps and recommend improvements.
  • For example, a 2025 GAO report found that financial regulators were using outdated risk-management frameworks to oversee AI in banking, creating inconsistent oversight. A 2017 GAO review of the Federal Select Agent Program (which regulates labs handling pathogens like anthrax and Ebola) found conflicts of interest because agencies oversaw their own labs, and lacked systematic inspection planning to focus resources on the highest-risk facilities.
• Inspectors General operate within each agency to investigate waste, fraud, abuse, or mismanagement. Their audits can uncover problems with how agencies implement or enforce their own rules.
• Federal courts review legal challenges to regulations brought by regulated entities, advocacy groups, or states. Courts can strike down rules that exceed an agency’s statutory authority, violate the Constitution, or weren’t adopted following required procedures (sometimes restarting the full rulemaking process).

Working on regulatory policy: types of roles and career opportunities 

The table below outlines the core types of regulatory policy roles, including common backgrounds, day-to-day responsibilities, and resources for finding early-career opportunities and full-time positions.

Preparing for regulatory policy roles 

While requisite skills and experience vary widely across regulatory policy roles (e.g. in Congress vs. at an agency vs. at a think tank), several qualifications stand out as broadly valuable: understanding of regulatory processes, cost-benefit analysis skills, and subject-matter expertise in a regulated domain. To prepare for regulatory policy roles, consider:

• Participating in public comment periods: Submitting comments on proposed regulations helps you gain exposure to the rulemaking process, provide public analysis in your topic of interest, and potentially have direct influence on regulation. You can find open comment periods on Regulations.gov. You may also find it valuable to read through other comments on a regulation in your topic of interest, particularly those by influential institutions or individuals.
• Attending regulatory proceedings and hearings: Watch congressional hearings on regulatory legislation, agency open meetings (e.g. FCC, BIS) or public workshops where agencies gather stakeholder input. Many agencies post recordings and transcripts on their websites.
• Completing a regulatory internship or fellowship: Pursue internships or fellowships at regulatory agencies, the Office of Information and Regulatory Affairs (OIRA), congressional committees with regulatory oversight, think tanks focused on regulation, or advocacy organizations. 
• Understanding the rulemaking process: Learn the basics of rulemaking, regulatory review, and administrative law (many resources below). Many nonprofits and other groups provide public resources on these topics, including the Administrative Conference of the United States and the Society of Benefit-Cost Analysis. If you’re a policy or government student, consider taking an administrative law course (if offered).
• Networking with regulatory professionals: Reach out to current and former agency staff, Hill staffers, or think tank researchers with regulatory experience for informational interviews. 
• Publishing regulatory analysis: Demonstrate analytical skills by publishing regulatory analysis, either independently (e.g. on Substack) or by submitting your piece to an outlet. If you’re a student, consider writing for your university’s policy journal or contributing to faculty research on regulatory topics.
• Gaining relevant credentials and subject-matter expertise: Many regulatory roles require graduate degrees, including policy degrees (MPP, MPA) or technical degrees in the regulated domain, or JDs (for legal review). 
• Following regulatory developments and analysis: Subscribe to newsletters tracking regulatory activity in your area of interest, and read diverse analyses of regulatory policy issues. Commercial law firms often provide comprehensive, apolitical breakdowns of regulation and their implications for regulated industries (see examples here and here).

Appendix: Day-in-the-life

Further reading 

• The Federal Register
• Regulations.gov
• The Regulatory Review, University of Pennsylvania Law School newspaper
• On regulation
  • 2025 Regulatory Year in Review, GW Regulatory Studies Center (2026)
  • Regulation: A Primer, GW Regulatory Studies Center (2012)
  • Regulation, Econlib
• On the rulemaking process
  • US Government Rulemaking, US Trade Representative (2025)
  • An Overview of Federal Regulations and the Rulemaking Process, Congressional Research Service (2021)
  • Overview of Federal Agency Rulemaking, Office of Information and Regulatory Affairs (2015)
  • The Reg Map, Office of Information and Regulatory Affairs
  • A Guide to the Rulemaking Process, Office of the Federal Register
  • The Basics of the Regulatory Process, Environmental Protection Agency
• On regulatory analysis
  • Regulatory Impact Analysis: A Primer

Related articles

Footnotes