Overview
Federal regulations—legally binding rules that Congress has authorized federal agencies to create—touch nearly all aspects of life. More than 100 US federal agencies regulate hundreds of thousands of activities and products, from aviation and vehicles to food labeling, drugs and medical devices, and financial markets and banking.
Regulations can profoundly shape emerging technologies by directing their development and determining if and how they reach the world. Regulations around nuclear power and gene-editing technologies have guided and in many cases slowed developments in those fields, limiting both their potential applications and risks. The Food and Drug Administration’s drug approval process can help prevent harmful medicines from reaching patients, but also delays access to new treatments.
This guide covers the fundamentals of US regulatory policy at the federal level and its role in shaping emerging technologies. It walks through the regulatory process and key players, then discusses career opportunities in regulatory policy.
Why does the government regulate?
Regulation often aims to correct or mitigate market failures—situations where markets don’t distribute goods and services efficiently. This includes:
- Addressing spillover harms: Some market activities impose costs or risks on third parties who aren’t involved in the transaction (pollution is a classic example). Because those harmed by these externalities often can’t easily negotiate with or sue those creating them, producers aren’t incentivized to reduce them. Regulations can target these, e.g. by penalizing or restricting high-risk activities, or by mandating tools like emissions controls, liability insurance or other financial safeguards.
- Preserving public resources: Some resources don’t have clearly defined property rights and may be over-used or under-produced in an unregulated market. For example, resources like fisheries or radio spectrum may be depleted or face coordination problems without rules around their use (a “tragedy of the commons”). Conversely, goods that are difficult to exclude others from using (like innovations) may never be produced if not for the patents granting their creators property rights.
- Maintaining competitive markets: ??Markets can trend toward concentration among several or one firm. Regulations can target monopolization, collusion between firms, predatory pricing, and other anticompetitive behaviors (e.g. by restricting certain mergers and acquisitions or reducing barriers to entry in a certain industry).
- Reducing “asymmetric information”: Markets work poorly when buyers and sellers have very different information about the quality, safety, or risk of a service or product (e.g. with some complex financial products or medical services). Regulation can require third-party testing, labeling, disclosures, audits, licensing, and other forms of quality verification to narrow this information gap.
Not all regulations try to correct a market failure—some may, for example, aim to improve government processes or promote equality, freedom, or other values.
Regulatory policy basics
Regulations formally refer to legally binding rules issued by executive branch agencies (federal or state-level) pursuant to laws passed by Congress or state legislatures. These rules spell out what individuals, firms, and other organizations can, can’t, or must do in a given circumstance.
You might sometimes hear people say things like “Congress is regulating AI”, but more precisely, Congress is legislating—passing laws. In some cases, these laws set out specific rules, but often, they instead authorize agencies to set those rules within the wider bounds Congress has set—that is, to regulate. (We’ll use this precise definition of “regulation” in this guide, but people often use “regulation” more loosely in practice).

Regulatory policy is broader: it refers to the complete process of how regulations are created and put into practice. This includes Congress passing laws that tell agencies what and how to regulate, the President issuing executive orders that shape what regulations are made, and agencies making and enforcing regulations. This guide covers the full regulatory policy landscape, but focuses especially on rulemaking—the formal process by which federal agencies create regulations.
To understand how regulation works, it helps to see how different legal authorities interact. American legal authorities interact in a rough hierarchy: the Constitution is supreme, followed by statutes (laws), then regulations issued under those statutes. Court decisions interpret all of these authorities and can strike down actions that conflict with higher law.
| Legal authority | Who creates it | What it does | Where it lives |
| Constitution | Ratified by the states | Establishes basic structure and powers of government; highest law of the land | US Constitution |
| Statutes (“laws”) | Congress + President (who signs or vetoes the law) | Set broad goals, programs, and authorities; may delegate power to agencies to interpret and implement | US Code (USC) |
| Regulations (“rules”) | Federal agencies and independent commissions | Interpret and implement laws with specific, enforceable requirements | Code of Federal Regulations (CFR); published in the Federal Register first |
| Court decisions | Federal and state courts | Interpret the Constitution, statutes, and regulations; can invalidate unlawful actions | Judicial opinions/court cases (e.g. for Supreme Court) |
Executive orders (EOs) and other presidential directives are tools the President uses to manage the executive branch, but they don’t have independent legal authority. Through EOs, the President can direct agencies to act based on powers the President already has under the Constitution (such as commanding the military) or that Congress has delegated through statutes.1
So in short, the major federal actors involved in regulatory policy are:
- Congress, which passes laws and may delegate authority to agencies to interpret them and carry them out. Some laws require agencies to develop specific regulations by certain deadlines; others give agencies broader discretion to develop regulations as needed or on an ongoing basis.
- The President, who issues executive orders and other directives to agencies that can both direct them to develop new regulations (in the bounds of existing law) or shape the regulatory process itself.
- Regulatory agencies, which write and enforce regulations (also called rules) using the authority Congress grants them. (Writing these rules is called “rulemaking”.)
- Courts, which review laws, regulations, and executive actions and can strike down rules that exceed their legal authority, violate the Constitution, or were adopted without following required procedures, or were “arbitrary and capricious.”
While this guide focuses on federal regulation, states are also major regulators—see Federal vs. state regulation below.
Types of regulation
This section breaks down regulations by policy area and by their mechanisms to achieve their goals.
Policy areas and their regulators
The drop-downs below cover some of the major regulatory policy areas, key federal agencies operating in each, and common regulatory tools used. These categories aren’t exhaustive, and can overlap in practice.
Consumer protection
Policy goal: Safeguard individuals from harmful, deceptive, or abusive practices in the marketplace.
Key federal agencies:Federal Trade Commission (FTC), Consumer Financial Protection Bureau (CFPB), Food and Drug Administration (FDA), Consumer Product Safety Commission (CPSC)
Typical tools: Disclosure mandates, licensing, recalls, bans on unfair or deceptive acts or practices
Examples:
- FTC enforcement against dark patterns in subscription cancellation flows (e.g. JustAnswer lawsuit) and illegal collection of user data (e.g. Disney lawsuit)
- CFPB oversight of buy-now-pay-later lending
Antitrust and competition policy
Policy goal: Promote competitive markets by preventing monopolization, other anticompetitive conduct, and by reviewing acquisitions or mergers that would substantially lessen competition.
Key federal agencies: Department of Justice (DOJ) Antitrust Division, Federal Trade Commission (FTC)
Typical tools: Civil actions against unfair competition, criminal antitrust law, merger review
Examples:
- FTC’s monopolization case against Meta for “buying the significant competitive threats it identified in Instagram and WhatsApp”
- FTC’s lawsuit against the three largest prescription drug benefit managers for “anticompetitive and unfair rebating practices that have artificially inflated the list price of insulin drugs”
Health, safety, and environment
Policy goal: Protect people from risks in workplaces, homes and buildings, transportation, consumer products, and the environment.
Key federal agencies: Food and Drug Administration (FDA), Department of Energy (DOE), Centers for Disease Control and Prevention (CDC), Environmental Protection Agency (EPA), Occupational Safety and Health Administration (OSHA)
Typical tools: Technology or performance standards, licensing and permitting, product approval and recall authority, disclosures
Examples:
- National Highway Traffic Safety Administration crash-reporting order for vehicles with advanced driver assistance or automated driving features
- FDA recall of an implantable medical marker device due to reported complications
- Federal Select Agent Regulations for labs that handle certain high-risk pathogens or toxins
Financial systems
Policy goal: Safeguard the stability of the financial system and protect investors, depositors, and the broader economy from excessive risk-taking and misconduct.
Key federal agencies: Federal Reserve (Fed), Federal Deposit Insurance Corporation (FDIC), Securities and Exchange Commission (SEC), Consumer Financial Protection Bureau (CFPB) for consumer-facing finance, plus state banking and insurance regulators
Typical tools: Capital and liquidity standards (minimum financial “buffers” banks must hold), stress tests (where regulators test whether institutions can withstand bad scenarios), registration and licensing requirements, disclosure and reporting rules, trading and risk-management rules (required safeguards for automated or complex trading systems), anti-money laundering rules (to detect and report suspicious transactions)
Examples:
- SEC rules on cybersecurity incident disclosure and cyber risk governance for public companies
- SEC charges on Coinbase for operating its crypto asset trading platform as an unregistered national securities exchange
- CFPB Personal Financial Data Rights rule (often described as “open banking” in the US; requires covered firms to make consumer financial data available on request to consumers and authorized third parties, with safeguards)
National security and critical systems
Policy goal: Protect critical infrastructure, supply chains, and sensitive technologies that could threaten US defense, economic stability, or public safety if compromised.
Key federal agencies: Department of Commerce (DOC), Department of Defense (DOD), Department of Homeland Security (DHS), Department of Energy (DOE), Nuclear Regulatory Commission (NRC), Department of the Treasury (Treasury)
Typical tools:Licensing and permit regimes, foreign investment screening, security standards and audits, export controls, sanctions
Examples:
- Commerce’s Bureau of Industry and Security (BIS) export controls on advanced computing and semiconductor manufacturing items
- Treasury’s Committee on Foreign Investment in the US (CFIUS) review of certain foreign acquisitions and investments in sensitive technology sectors
- NRC licensing for nuclear facilities; security requirements for critical infrastructure like the electric grid
Information integrity and online harms
Policy goal: Address illegal content and harmful online practices such as fraud and deception.
Key federal agencies: Department of Justice (DOJ), Federal Trade Commission (FTC), Federal Communications Commission (FCC)
Typical tools: Investigations, civil and criminal enforcement actions, transparency or disclosure rules, conditions on platform behavior in specific regulated sectors (e.g. financial advertising)
Examples:
- DOJ prosecution of a large-scale online fraud operation targeting seniors
- FTC rule banning fake reviews and testimonials (and allowing civil penalties for knowing violations)
Regulatory tools
Regulators use a mix of tools to achieve intended policy outcomes. The table below covers some of the most common tools and the types of situations they’re generally used for.
| Regulatory tool | How it works | Best suited for | Limitations | Examples |
| Licensing & permits | Requires approval before engaging in certain activities or offering products or services | Screening high-risk activities ex-ante; limiting market entry to vetted actors; coordinating a scarce resource | Can delay deployment of new technologies; add case-by-case administrative costs; inspire false confidence; create high barriers to entry for new or small companies | Premarket drug approval, pilot licensing, radio spectrum licensing, export licenses for sensitive technologies |
| Design standards | Mandates specific technologies, methods, safety features, or technical requirements that must be used | Prescribing proven solutions where monitoring outcomes is costly; ensuring baseline safety when innovation is limited; coordinating technical compatibility across systems | Can be slow to adapt to technological change; can constrain innovation by locking in specific approaches; may be particularly vulnerable to regulatory capture; often more costly than performance standards for same goal | Building accessibility requirements, motor vehicle equipment |
| Performance standards | Mandates specific outcome targets or performance levels that products, services, or operations must meet2 | Setting outcome targets while enabling compliance flexibility; situations where innovation can reduce costs; when multiple pathways to compliance exist; preventing competitive disadvantage for firms that would voluntarily adopt higher standards | Requires robust monitoring and verification capacity; may be challenging to set appropriate performance levels; compliance verification can be costly or technically difficult | Vehicle fuel efficiency standards, emissions limits (parts per million) |
| Disclosure mandates | Requires companies to share information with regulators or the public | Addressing information asymmetries; enabling more informed consumer choice | Assumes users will process and act on the disclosed information; relies on user reaction to influence potentially harmful outcomes | Nutrition labeling; privacy policies and terms of service, app permission disclosures, data breach notifications, prescription drug ad warnings |
| Bans & prohibitions | Prohibits certain products, activities, uses, or transactions outright (sometimes with carve-outs) | Preventing activities where risk can’t be acceptably mitigated; when no safe threshold exists; when monitoring partial compliance is infeasible; clear values-based rejection of an activity | Blunt, inflexible tool; may eliminate beneficial applications along with harms; may drive activities underground or to less regulated jurisdictions | Schedule I drugs, DDT (insecticide), asbestos, TikTok on government devices, petroleum-based food dyes, sale of human organs |
| Market structure rules | Determines how markets can be organized, who can compete, and how entities can interact | Addressing concentrated market power and anticompetitive conduct; preserving competition in markets with network effects3 or high switching costs | Complex to design and enforce; difficult to predict optimal market structure ex-ante; enforcement requires extensive litigation; can disadvantage domestic firms internationally | Blocking companies from acquiring or merging with potential competitors, rules that prevent platform owners from pre-loading their own apps and services on devices, market share caps |
| Liability frameworks | Defines who is legally responsible for harms and under what conditions; can include safe harbors that limit liability | Encouraging safety-by-design; situations where flexible, case-by-case adjudication is preferable to rigid rules | Reactive rather than preventive; requires victims to bring claims; can lead to excessive caution if liability is too broad; insufficient for large-scale harms that exceed any company’s ability to pay; asymmetric resources generally favor defendants | Liability for autonomous vehicle crashes |
Regulators similarly have a range of monitoring tools (e.g. inspections, audits, testing) and enforcement mechanisms (e.g. fines, criminal liability, license revocation) available to motivate compliance.
Federal vs. state regulation
This guide focuses on federal regulation, but states are also major regulators. In short, the federal government regulates issues of national concern or that impact interstate commerce (e.g. defense, financial markets, foreign policy). States regulate in areas that aren’t delegated to the federal government, including public utilities, professional licensing, insurance, land use, and many aspects of consumer protection.
Depending on the policy area, regulation may only happen federally, may happen at both levels, or be almost entirely state-led.
| Who regulates | How it works | Examples |
| Only federal (preemption or constitutional limits) | Congress preempts (blocks) state regulation under the Constitution’s Supremacy Clause4 either expressly in statute, or because federal rules “occupy the field” | Federal Aviation Administration preempts state aircraft safety standards (i.e. states cannot add their own stricter aircraft safety requirements); Atomic Energy Act preempts state nuclear safety rules; dormant Commerce Clause blocks state laws that unduly burden interstate trade |
| Both (federal floor) | Federal law sets minimum national standards; states can add stricter requirements beyond this baseline but cannot weaken federal protections | Federal privacy and consumer protection laws and the Clean Air Act set floors that states can add onto |
| Mainly state-level | States remain lead regulators; federal law may still touch the space | Public utility commissions regulate electricity and gas distribution; feds cover interstate transmission and wholesale markets. Similar divisions exist in health, insurance, and critical infrastructure. |
Federal-state dynamics for AI regulation remain unsettled. In December 2025, President Trump issued an Executive Order directing the DOJ to challenge certain state AI laws and calling for preemptive federal legislation (with proposed exemptions for child safety, state government use of AI, and other topics). The relevance of state regulation for AI will significantly depend on the ultimate outcome of federal preemption efforts like this.
Regulation and emerging technology
Regulation and emerging technology continuously influence each other: regulation can both enable technological growth by creating legal certainty and reducing risk, and constrain it by restricting its development or use. New technologies in turn expose issues with existing rules, prompting policymakers to update, remove, or add new ones. In practice, regulators often struggle to keep pace, as laws proposed to address one technological landscape may need revision before they’re even enacted.
Note that many of these developments are upstream of regulation, rather than regulations themselves. For example, the AI Action Plan is a federal strategy signaling forthcoming agency actions, not a binding rule. Executive orders similarly may direct agencies to develop regulations but don’t create enforceable rules on their own.
Major recent regulatory developments in AI
- January 2026: New York Governor Kathy Hochul signs the RAISE ACT, requiring large frontier AI developers to publish safety protocols and report qualifying safety incidents to the state within 72 hours, establish an oversight office, and grant enforcement authority to the attorney general.
- December 2025: President Trump’s Executive Order on Ensuring a National Policy Framework for AI aims to “check the most onerous and excessive laws emerging from the States” by creating a DOJ task force to litigate against certain state AI laws, directing Commerce to identify problematic state requirements, conditioning some federal broadband funding on state non-enforcement of targeted AI laws, and instructing the FCC and FTC to consider preemption-related proceedings.
- September 2025: Governor Gavin Newsom signs SB 53, making California the first state to impose specific transparency, safety incident reporting, and whistleblower protections requirements on frontier AI developers.
- September 2025: The White House Office of Science and Technology Policy (OSTP) issues a Request for Information (RFI) to identify laws and regulations that may hinder the development or deployment of AI technologies in the US.
- July 2025: The Trump administration releases the AI Action Plan, a federal strategy that—while not itself regulation—signals forthcoming executive and agency actions affecting AI infrastructure permitting, export controls, federal procurement, and other parts of the AI regulatory environment.
- May 2025: President Trump signs the TAKE IT DOWN Act, establishing new federal criminal prohibitions and platform obligations related to the nonconsensual distribution of intimate imagery, including AI-generated deepfakes.
- September 2024: California Governor Gavin Newsom signs 18 AI-related bills into law, covering issues including AI training data disclosures, protections for individuals’ digital likenesses, and guardrails for generative AI use in government.
- May 2024: Colorado Governor Jared Polis signs the Colorado AI Act, requiring developers and deployers of high-risk AI systems to take reasonable steps to prevent algorithmic discrimination and provide impact disclosures.
- May 2024: The Bipartisan Senate AI Working Group released a Roadmap for AI Policy in the US Senate, outlining priority areas for congressional action, including innovation, elections, national security, AI explainability, and workforce impacts.
Major recent regulatory developments in bio
- June 2025: NIH directs federally funded grantees to identify and suspend projects that meet the definition of “dangerous gain-of-function research” and notify NIH of any previously uncovered work.
- May 2025: President Trump’s Executive Order on Improving the Safety and Security of Biological Research directs the Office of Science and Technology Policy (OSTP) and the Department of Health and Human Services (HHS) to revise oversight of gain-of-function research, suspend federal funding for such research in countries of concern, and establish a strategy to govern non-federally funded risky life-science research.
- January 2025: BIS expands export controls to cover certain biotechnology-related laboratory equipment, aiming to reduce the risk that advanced biological data generation supports military capabilities of countries of concern and accelerates AI-enabled bio-design.
- November 2024: FDA announces “plausible mechanism” pathway to accelerate approval of bespoke gene therapies for ultra-rare conditions affecting individuals or small patient populations where traditional clinical trials are infeasible.
- April 2024: OSTP releases the Framework for Nucleic Acid Synthesis Screening, establishing requirements for federally funded researchers to purchase synthetic nucleic acids only from providers adhering to screening best practices, effective April 2025. The framework expands screening to cover RNA, single-stranded DNA, and sequences as short as 50 nucleotides.
- May 2024: OSTP releases updated government-wide policy for oversight of dual use research of concern and pathogens with enhanced pandemic potential, expanding the scope of covered research and strengthening required institutional review and federal oversight.
- May 2024: EPA, FDA, and USDA release a joint regulatory plan to implement President Biden’s Executive Order on the Bioeconomy, including streamlining oversight of genetically engineered plants, animals, and microorganisms and expanding coordination on modified microbes.
- September 2022: President Biden’s Executive Order on the Bioeconomy requires federal agencies to update biosafety guidance, streamline regulatory pathways, and promote bio-based manufacturing under shared biosecurity principles.
Why (not) work on regulatory policy?
The case for impact
Regulatory policy is broad, incorporating a huge range of mechanisms—from market-based tools5 to command-and-control approaches that mandate specific technologies or practices. Given this, it’s difficult to generalize its case for impact. But regulation offers several strengths as a tool for shaping emerging technologies:
- Binding, market-wide change: Regulations can shift entire industries rapidly and comprehensively in ways that voluntary standards, individual company commitments, or more gradual market forces generally cannot. For example, the FDA’s 1962 drug efficacy requirements (following the thalidomide birth defects crisis) meant thousands of existing drugs had to be pulled from market or undergo new testing. This fundamentally changed pharmaceutical development processes and timelines.
- Addresses market failures: Regulations can be well-positioned to address market failures like externalities, information gaps for consumers, or market power concentration. For example, in cases where consumers can’t meaningfully assess cybersecurity or privacy risks when purchasing connected devices, developers may underinvest in security features.
- Ex-ante prevention of severe, large-scale risks: For products or activities that pose irreversible or extremely high-consequence risks, regulation can help preempt major harms rather than waiting until damage has been done. For example, nuclear reactor design certification prevents potentially catastrophic meltdowns, and bank stress tests aim to protect individual bank failures from triggering financial system collapse.
- More specific and often more agile than legislation: Agencies can issue regulations without new legislation when Congress has already provided relevant authority, making regulation often a faster path to policy change. Regulations also give specificity to broad statutory goals: since laws are often deliberately underspecified, implementation through regulation matters significantly for a policy’s effectiveness.
The case for professional growth
- Technical depth in complex systems: Regulators often become among the most knowledgeable people on highly technical domains (e.g. spectrum allocation, pharmaceutical development, technology export controls). Regulatory policy work requires both understanding technical specifics and projecting out the system-wide effects of regulatory interventions. This mix of skills is broadly valued in policy work.
- Legal and procedural expertise: Regulatory policy work develops deep fluency in administrative law, such as understanding rulemaking, statutory interpretation, and judicial review. These skills translate well across policy, including to roles in law, compliance, or policy advisory positions.
- Navigating trade-offs and multiple stakeholders: Regulatory work fundamentally involves making trade-off decisions in complex systems with significant uncertainty. Regulators simultaneously answer to and work with Congress, the White House, courts, industry, and the public, giving them both broad professional exposure and experience navigating complex political environments.
- Understanding how policy is implemented: Because a great deal of policy impact depends on agency implementation, it’s broadly valuable to understand how agencies translate laws into enforceable rules.
Some tradeoffs
- Bureaucratic and slow to adapt: The rulemaking process typically takes 2-3+ years from proposal to final rule, during which a technological landscape might significantly evolve. Agencies can be nimbler than Congress in updating regulations, but still often lag behind technological change. Regulatory work notoriously involves navigating many bureaucratic hurdles.6
- Risk of regulatory capture: Industries often have more resources, technical expertise, and vested interest in regulations than the public, and sometimes gain disproportionate influence over regulatory decisions. In severe cases, an agency intended to serve the public interest may end up primarily working to advance the interests of the industry it regulates (“regulatory capture”).7 Capture isn’t exclusive to industry—small but highly organized advocacy groups can also exert disproportionate influence, particularly when broader public attention is low or uncoordinated. This can lead to (for example) overly restrictive regulations that reflect narrow advocacy goals rather than broader public preferences or cost-benefit considerations.
- Impacts are difficult to fully predict and quantify: Regulation generates costs that can be difficult to measure or quantify, including time diverted from productive activities and opportunity costs from foregone innovation (e.g. the value of drugs delayed, products never developed, or companies never founded). The same uncertainty applies to benefits—for instance, emerging literature suggests larger potential public health benefits from air pollution regulations than original estimates. Regulations interact with large-scale, complex systems in not-fully-predictable ways, creating potentially vast second-order effects and unintended consequences in both directions.
- Risk-averse culture: Federal agencies often face asymmetric political consequences: visible failures (e.g. approving a harmful product, not regulating a risk) can generate intense scrutiny, while missed opportunities from over-caution generally don’t. Many have criticized this dynamic as incentivizing excessive risk aversion.
The regulatory process: Who’s involved?
The following sections describe the typical stages of regulatory policymaking and the key actors in each. In short:
- Setting the agenda: Congress, the President, and Presidential appointees determine regulatory priorities primarily through legislation and executive orders. Agencies may also set their own regulatory agendas in the bounds of their statutory mandates (what Congress has authorized them to do), with varying degrees of autonomy.8
- Drafting regulations: Agencies translate policy goals into draft regulatory text with support from program offices, lawyers, economists, and technical experts.
- Interagency review and clearance: The White House Office of Information and Regulatory Affairs (OIRA) reviews significant rules before they’re publicly proposed and coordinates feedback across agencies to ensure that they’re minimally burdensome, analytically sound, and responsive to presidential priorities. This includes getting feedback from agencies that have expertise or a stake in the topic.
- Public comment and consultation: Agencies publish proposed rules in the Federal Register and collect public feedback (typically for 30-60 days), often supplemented by hearings or stakeholder meetings. Individuals, companies, think tanks, and other organizations can submit comments.
- Finalization and publication: Agencies revise rules based on public comments, complete final OIRA review (for significant rules), and publish the final rule, along with a rationale and responses to major comments. Congress can override via the Congressional Review Act; courts can review for legal compliance.
- Implementation and enforcement: Once finalized, agencies implement and enforce regulations through mechanisms like inspections, licensing systems, audits, or penalties, including referring cases for civil or criminal prosecution by DOJ and sometimes state regulators.
- Oversight: Congress, courts, the Office of Management and Budget (OMB), and watchdog bodies like the Government Accountability Office (GAO) monitor how agencies implement regulations, evaluate their effectiveness and prompt updates, and ensure that rules stay within legal bounds.

Setting the agenda
At this stage, key actors decide what will get regulated and how. The regulatory agenda emerges from many institutions, including Congress, the President, external groups, and agencies themselves, whose priorities often conflict. Public opinion and nationally significant events can also rapidly shift regulatory priorities.
Congress
Congress grants agencies their authority to regulate through laws—sometimes mandating specific rules with deadlines, other times granting agencies more discretion to regulate as needed to fulfill a broader policy goal. For example, Congress broadly requires the Federal Communications Commission (FCC) to grant broadcast licenses in the public interest. In contrast, Congress specifically required that the FCC complete the switch from analog to digital TV broadcasting by a certain date.
Nearly every congressional committee oversees laws requiring regulation (see committees relevant for AI and bio-related regulatory policy here).
Beyond legislation, Congress also signals its regulatory preferences through hearings, letters, and reports. Congress can also overturn final rules through the Congressional Review Act, though this requires majority votes in both chambers and presidential approval, or a veto override (making it relatively rare).9
The White House
The President, supported by the EEOP, directs and influences regulatory priorities through executive orders, budget proposals, agency appointments, and legislative recommendations to Congress.
Executive orders can direct agencies to exercise their existing statutory authority in specific ways, or set broader policy goals that give agencies greater discretion.10 For example, President Biden’s 2023 Executive Order on AI directed Commerce to use its existing authorities to establish reporting requirements for companies developing large AI models.11 EOs may also shape the regulatory process itself—for example, President Clinton’s EO 12866 established White House review of significant regulations. More recently, President Trump’s EO on Deregulation required agencies to eliminate 10 existing regulations for each new one they make.
In the White House, the Office of Information and Regulatory policy (OIRA) coordinates government-wide regulatory planning through the Unified Agenda (released twice a year), where agencies list their major planned regulations for the coming year.12 OIRA gives significant input into this process, enabling the President to align the agenda with their priorities.
Other White House councils, including the Office of Science and Technology Policy (OSTP), the National Security Council (NSC), and the National Economic Council (NEC) and Domestic Policy Council (DPC) help develop the President’s regulatory agenda on emerging technologies and draft memoranda and national strategies to direct agencies accordingly.
Regulatory agencies
Federal regulatory agencies add, change, and remove regulations based on their statutory mandates (the laws granting them authority to regulate). Under broad statutory mandates, agencies can develop and change regulations without new legislation in response to public petitions, research findings, or changing technological or market landscapes in their jurisdiction. (Though notably, the Supreme Court’s 2024 overturning of the Chevron doctrine means that when a statute is ambiguous, courts will now judge for themselves what it means rather than deferring to the agency’s reading, making agency interpretations more vulnerable to legal challenge.)13
Federal agencies must also report their planned regulations in the biannual Unified Agenda, coordinated by OIRA.
Note that some agencies are explicitly non-regulatory, like the National Institute of Standards and Technology (NIST), which develops voluntary technical standards and guidelines that agencies and industry may adopt but that don’t carry regulatory force on their own.
External groups
Industry groups, think tanks, the public, and other external actors shape the regulatory agenda through formal petitions, comment letters, research publications, public mobilization, and other forms of advocacy of lobbying. External groups engage at multiple levels: lobbying Congress on regulatory legislation, engaging with regulatory agencies, and advocating to the White House on agency direction.
Drafting regulations
Once the agenda is set, the rulemaking process begins with an agency drafting a regulation (a “rule”). Before drafting, agencies often gather data, public input, and technical expertise through:
- Requests for Information (RFI): A public notice asking “what do you know about this problem?” to collect data, research, and perspectives before deciding whether regulation is needed or what form it should take. (See two example RFI responses here and here).
- Petitions for rulemaking: Individuals, companies, advocacy groups, or other organizations can formally request that an agency initiate rulemaking on a specific issue. Agencies must respond to petitions, though they’re not required to grant them.
- Informal consultations: Agencies often meet with industry groups, researchers, state regulators, and other stakeholders to understand technical feasibility and practical challenges before drafting formal proposals.
- Advance Notice of Proposed Rulemaking (ANPRM): A more formal step indicating the agency is seriously considering regulation. An ANPRM outlines the issue and possible regulatory approaches, then asks for public feedback on whether and how the agency should proceed.
Agencies then draft a proposed regulation, supported by:
- program offices with subject-matter expertise who lead the drafting,
- general counsel, who ensure the rule fits within the agency’s statutory authority and follows required procedures,
- economists and policy analysts who assess costs, benefits, and potential market effects, and
- political leadership, who ensure alignment with agency priorities.
For significant rules (having $100+ million in annual economic impact or other major impacts14), agencies also must prepare extensive supporting analysis, including:
- Regulatory Impact Analysis (RIA): Estimates the rule’s costs and benefits to society. This includes quantifying compliance costs for industry, potential benefits to public health or safety, and comparing alternative approaches.
- Regulatory Flexibility Analysis: Examines how the rule affects small businesses, small organizations, and small government jurisdictions. Agencies must consider less burdensome alternatives for small entities.
Agencies can also use expedited pathways when they have good reason to bypass standard notice-and-comment procedures, including:
| What it is | When it’s used | What happens next | |
| Interim final rule | Rule takes effect immediately but still accepts public comments | Agency has “good cause” to act quickly (e.g. implementing new statute with tight deadline, responding to emerging threat) but wants feedback for potential modifications | After reviewing comments, agency either confirms the rule as-is or revises it in a final rule |
| Direct Final Rule | Published directly as final with a statement that it will become effective unless adverse comments are received | Noncontroversial, technical, or routine updates where agency expects no significant objection | If no adverse comments, rule takes effect as written. If adverse comments received, agency withdraws it and may proceed via standard NPRM process |
| Emergency Temporary Standard | Immediate rule without any prior public comment | Rare; urgent health or safety threats requiring immediate action (primarily used by OSHA) | Temporary rule takes effect immediately; agency typically follows with standard rulemaking for permanent version |
Interagency review and clearance
? See our profile on OMB and subsection on OIRA
The White House’s Office of Information and Regulatory Affairs (OIRA), part of the Office of Management and Budget, must review significant rules before the agency15 can publicly propose them. It’s staffed by ~50 economists, statisticians, and policy analysts (many of them former regulators) and led by a small group of political appointees.

OIRA generally has 90 days to review a rule, during which they conduct their own analysis and circulate the draft to White House policy councils and other federal agencies for feedback (this is called interagency review). For example, OIRA might ask the Department of Energy to weigh in on an EPA climate rule with potential effects on energy markets, or the Department of Defense to comment on an export control regulation that could affect defense technology supply chains. Based on the interagency feedback and their own analysis, OIRA can:
- Approve without change: Agency can publicly propose the rule on the Federal Register
- Approve with changes: Most common outcome; OIRA recommends modifications that the agency typically incorporates or provides rationale for not incorporating
- Return for reconsideration: OIRA has serious concerns and sends the rule back to the agency with a return letter explaining the issues (this is rare but signals fundamental problems with the rule’s legal authority, analysis, or policy approach, and typically “kills” the rule in its current form)
How to do a regulatory impact analysis
Agencies must create regulatory impact analyses for economically significant regulatory actions, which are then reviewed by OIRA. Here are the (simplified) steps:
- Describe the problem. Start by explaining what problem the regulation is trying to solve. Is it a market failure? Is it required by statute? A clearer problem statement strengthens everything that follows.
- Define the baseline. What would the world look like without this regulation? Forecast the status quo, accounting for (for example) population growth, economic trends, and how the relevant market is likely to evolve on its own. This baseline is what every alternative gets measured against.
- Set the time horizon. Decide how far into the future to project benefits and costs. A rule requiring extensive infrastructure might need a longer horizon to capture the full payoff; a rule addressing a fast-changing technology might warrant a shorter one. The key constraint is how far you can reasonably forecast.
- Identify alternatives. Evaluate a range of regulatory options, including not regulating at all, deferring to state or local regulation, using market-based tools (like fees or tradable permits) instead of direct mandates, setting performance standards rather than prescribing specific technologies, or simply requiring better disclosure. At minimum, compare your preferred option against both a more stringent and a less stringent alternative.
- Identify consequences. Map the costs and benefits for each alternative. Consider also who bears the costs and who receives the benefits, since these are often different groups.
- Quantify and monetize. Put numbers and, where possible, dollar values on benefits and costs. This can involve estimating compliance costs for businesses, health benefits from reduced pollution (calculating based on value of a statistical life for regulations that reduce fatality risks), time saved or lost, and effects on consumer well-being. Benefits and costs that can’t be monetized should still be quantified in physical terms where possible (e.g. “12,000 acres of wetlands protected”).
- Discount future benefits and costs. A dollar of benefit ten years from now is worth less than a dollar today. Apply discount rates (typically 3% and 7%) to convert future benefits and costs into present-day values, making it possible to compare alternatives with different time profiles. This step can be especially consequential for regulations with large upfront costs but benefits that accrue over decades, like climate or infrastructure rules.
- Evaluate what can’t be quantified. For benefits that resist quantification (like protecting privacy or human dignity), describe their effects carefully and explain how you weigh them. One useful technique is “breakeven analysis”: asking “how large would the value of the non-quantified benefits have to be for the rule to yield positive net benefits?”.
- Characterize uncertainty in costs and benefits. Regulatory analysis requires forecasts, which are inherently uncertain. At minimum, present a best estimate of the expected costs and benefits alongside a range of plausible values. For rules exceeding $1 billion in annual benefits or costs, conduct formal quantitative uncertainty analysis with probability distributions.
Public comment and consultation
Once OIRA clears a significant rule, the agency publishes a Notice of Proposed Rulemaking (NPRM) in the Federal Register, opening a public comment period where anyone—members of the public, companies, researchers, advocacy groups, and other government entities—can submit written input. Comment periods are often 30–60 days, though complex or high-impact rules may stay open longer.16
Agencies sometimes supplement written comments with public meetings, hearings, workshops, or webinars. Comments are usually organized by docket on Regulations.gov, but not every submission becomes publicly visible. Disclosure rules vary by agency and docket; posting can be delayed, and some comments may be withheld or redacted. Partly for this reason, many organizations (e.g. think tanks and advocacy groups) also publish their submissions on their own platforms.
External groups can play an outsized role in the public comment process by tracking comment windows, translating technical rules for wider audiences, and submitting detailed legal or empirical analyses that materially influence how agencies revise rules.
Finalization and publication
After the comment period closes, agencies revise the proposed rule based on public feedback and their own analysis. Agency staff review and categorize comments, identify major themes and substantive concerns, and determine which modifications to make. Not all comments result in changes: agencies must explain their reasoning but aren’t required to adopt every suggestion.
For significant rules, the revised rule goes back to OIRA for a second review (typically faster than the first). OIRA ensures the agency adequately addressed major comments and that changes don’t create new problems or conflicts with other policies.
Once OIRA clears the rule, the agency promulgates (formally publishes) the final rule in the Federal Register, which includes:
- The final regulatory text
- An effective date (typically at least 30-60 days after publication to give regulated entities time to prepare)
- A preamble explaining the rule’s purpose, legal authority, and changes from the proposed version
- Responses to significant comments, including why the agency adopted or rejected major suggestions
- Supporting analyses (cost-benefit analysis, regulatory flexibility analysis, etc.)
Congressional Review Act: Congress has 60 legislative days (days when Congress is in session) to pass a resolution blocking the rule. If Congress passes this resolution and the President signs it (or Congress overrides a veto), the rule is overturned and the agency cannot issue a substantially similar rule without new authorization from Congress. This is relatively rare: since 1996, Congress has only overturned ~20 rules.
Judicial review: After publication, regulated entities, advocacy groups, states, or other affected parties can challenge the rule in federal court. Common arguments include that the agency exceeded its legal authority, violated the Constitution, or failed to follow required procedures (such as inadequately responding to comments or not conducting sufficient cost-benefit analysis). Courts can strike down or send back rules they find unlawful, sometimes requiring agencies to restart the rulemaking process.
Implementation and enforcement
Once a rule is published, agencies build the systems and procedures needed to operationalize it. This may involve building new licensing systems, plans for inspections or auditing, or data reporting tools and often requires new funding, interagency coordination, and communication with the regulated community. For example, to implement…
- disclosure requirements for cybersecurity incidents, the SEC develops filing systems, builds staff expertise to review disclosures, issues guidance on what constitutes a “material” incident, and coordinates with other financial regulators.
- new regulatory pathways for cell and gene therapies, the FDA trains reviewers on novel assessment methods, develops guidance on manufacturing standards and clinical trial design, and builds post-market surveillance systems to monitor long-term safety.
- AI chip export controls, BIS develops classification systems to determine which chips require licenses, creates review procedures for applications, trains compliance officers, and coordinates with customs officials to monitor shipments.
Agency enforcement offices (and other actors) then monitor compliance and address violations through a range of tools, including:
- administrative actions, e.g. warning letters documenting violations and requiring corrective, actions, compliance agreements for minor violations
- civil penalties, e.g. monetary fines, license suspension or revocation
- criminal prosecution, e.g. federal prosecution potentially resulting in imprisonment and criminal fines
The regulating agency typically leads enforcement, but other actors may also be involved, including:
- Department of Justice (DOJ): Represents agencies in court (most agencies can’t litigate independently) and prosecutes criminal violations involving fraud, knowing endangerment, or significant public harm.
- State enforcement: States can enforce their own regulations through state courts and agencies. State courts also have concurrent jurisdiction to hear cases arising under federal law. State attorneys general can enforce certain federal laws when explicitly authorized by Congress, primarily in antitrust and consumer protection.17
- Private enforcement: Some laws allow individuals or organizations harmed by violations to sue directly, such as securities fraud cases, employment discrimination claims, and citizen suits under environmental laws. Private enforcement can supplement or exceed government action.
- Self-regulatory organizations: In some sectors, industry bodies handle day-to-day enforcement (e.g. professional licensing boards regulate doctors, lawyers, and engineers).
- “Qui tam” relators (whistleblowers): Under the False Claims Act, private citizens can sue on the government’s behalf when entities defraud federal programs, receiving a share of any recovery.
- International coordination: For regulations with international effects (e.g. export controls, antitrust, or financial rules) US agencies coordinate enforcement with foreign counterparts through international agreements and partnerships.
Oversight
Multiple institutions monitor agencies to ensure the regulatory system functions as intended.
- Congress tracks agency performance through committee hearings, oversight letters, and required agency reports. Congress can also use funding decisions to influence enforcement priorities and can overturn recently finalized rules through the Congressional Review Act.
- Government Accountability Office (GAO) conducts independent audits of regulatory programs, evaluating whether agencies are meeting their goals, spending appropriately, and following procedures. GAO reports often identify gaps and recommend improvements.
- For example, a 2025 GAO report found that financial regulators were using outdated risk-management frameworks to oversee AI in banking, creating inconsistent oversight. A 2017 GAO review of the Federal Select Agent Program (which regulates labs handling pathogens like anthrax and Ebola) found conflicts of interest because agencies oversaw their own labs, and lacked systematic inspection planning to focus resources on the highest-risk facilities.
- Inspectors General operate within each agency to investigate waste, fraud, abuse, or mismanagement. Their audits can uncover problems with how agencies implement or enforce their own rules.
- Federal courts review legal challenges to regulations brought by regulated entities, advocacy groups, or states. Courts can strike down rules that exceed an agency’s statutory authority, violate the Constitution, or weren’t adopted following required procedures (sometimes restarting the full rulemaking process).
Working on regulatory policy: types of roles and career opportunities
The table below outlines the core types of regulatory policy roles, including common backgrounds, day-to-day responsibilities, and resources for finding early-career opportunities and full-time positions.
| Type of role | Responsibilities | Typical background (for full-time roles) | Security clearance | Location | Career guides & opportunities |
| Congressional staff | Support members and committees in shaping or overseeing regulatory policy. Draft bills that give agencies authority to regulate; prepare hearings and letters overseeing how agencies use that authority; engage with think tanks, advocacy groups, agencies, and other stakeholders | BA for junior roles; BA/MA/JD for mid-career or senior roles; strong communication skills18 | Rarely required (e.g. some Armed Services/Intelligence committee staff). | Washington, DC | Working in Congress (+ internships, fellowships, & full-time roles) |
| Think tank researchers or advocates | Conduct research and analysis; track agency rulemaking and comment periods; submit public comments; brief congressional and agency staff; write analyses and propose regulatory options to shape debate | BA or MA for junior roles; MA/JD/PhD for mid-career/senior; subject matter expertise; experience in policy analysis or communications | Rarely required | Primarily Washington, DC; some in major cities or remote | Working in think tanks (+ fellowships, think tanks working on emerging tech policy, & resources) |
| Agency staff | Develop, propose, and implement regulations; address public comments; review compliance and enforcement actions; coordinate OIRA reviews and interagency discussion | BA or MA for junior roles; MA/JD/PhD for mid-career/senior; expertise in agency’s areas of focus | Sometimes required | Washington, DC | Working in the executive branch |
| White House staff | Draft executive orders directing agencies to make or change regulations; coordinate regulatory planning and priorities across agencies | MA/JD/PhD for most roles; prior government experience; many positions filled through political appointments (often requiring connections to the administration) | Almost always required | Washington, DC | Working in the Executive Office of the President |
| OIRA staff | Review significant regulations before agencies can propose or finalize them; coordinate feedback from other agencies and from across the White House | MA/PhD in economics, public policy, or related field; JD for some positions; strong analytical and quantitative skills; prior experience in regulatory analysis, economics, or policy evaluation | Almost always required | Washington, DC | Working in the Office of Management and Budget |
Preparing for regulatory policy roles
While requisite skills and experience vary widely across regulatory policy roles (e.g. in Congress vs. at an agency vs. at a think tank), several qualifications stand out as broadly valuable: understanding of regulatory processes, cost-benefit analysis skills, and subject-matter expertise in a regulated domain. To prepare for regulatory policy roles, consider:
- Participating in public comment periods: Submitting comments on proposed regulations helps you gain exposure to the rulemaking process, provide public analysis in your topic of interest, and potentially have direct influence on regulation. You can find open comment periods on Regulations.gov. You may also find it valuable to read through other comments on a regulation in your topic of interest, particularly those by influential institutions or individuals.
- Attending regulatory proceedings and hearings: Watch congressional hearings on regulatory legislation, agency open meetings (e.g. FCC, BIS) or public workshops where agencies gather stakeholder input. Many agencies post recordings and transcripts on their websites.
- Completing a regulatory internship or fellowship: Pursue internships or fellowships at regulatory agencies, the Office of Information and Regulatory Affairs (OIRA), congressional committees with regulatory oversight, think tanks focused on regulation, or advocacy organizations.
- Understanding the rulemaking process: Learn the basics of rulemaking, regulatory review, and administrative law (many resources below). Many nonprofits and other groups provide public resources on these topics, including the Administrative Conference of the United States and the Society of Benefit-Cost Analysis. If you’re a policy or government student, consider taking an administrative law course (if offered).
- Networking with regulatory professionals: Reach out to current and former agency staff, Hill staffers, or think tank researchers with regulatory experience for informational interviews.
- Publishing regulatory analysis: Demonstrate analytical skills by publishing regulatory analysis, either independently (e.g. on Substack) or by submitting your piece to an outlet. If you’re a student, consider writing for your university’s policy journal or contributing to faculty research on regulatory topics.
- Gaining relevant credentials and subject-matter expertise: Many regulatory roles require graduate degrees, including policy degrees (MPP, MPA) or technical degrees in the regulated domain, or JDs (for legal review).
- Following regulatory developments and analysis: Subscribe to newsletters tracking regulatory activity in your area of interest, and read diverse analyses of regulatory policy issues. Commercial law firms often provide comprehensive, apolitical breakdowns of regulation and their implications for regulated industries (see examples here and here).
Appendix: Day-in-the-life
Day in the life: Stories from people working on regulatory policy
Former OIRA administrator John D. Graham describes regulatory review at OIRA:
It feels like a big city hospital emergency room on a Saturday night, and a lot of patients are rolling in there, and you barely have enough doctors and nurses to deal with all these various problems. That’s its nature.
Remember, OIRA is not intended to be the primary way we get good regulation. It’s viewed as a back-end method to make sure that we don’t have terrible regulations, and to make each regulation maybe a little bit better at the margin.
Former FTC Chief Technology Officer Neil Chilson describes different relationships between regulators and the industries they regulate:
I spent some time as an attorney advisor to a commissioner at the FTC, and I had friends who were attorney advisors to commissioners at the FCC. And if you just put our calendars next to each other, the main difference you would see is that my friends at the FCC were constantly having meetings with industry groups and industry participants who were begging for their time to talk to them about how to shape the regulation or not to do the regulation. If you looked at my calendar at the FTC, nobody was asking to come in and talk to us about that. Pretty much the only time we met with industry people was when we were suing them.
So very different, just a sort of concrete example of the difference in the sort of conversation even between industry and the regulator in a generalized enforcement agency, like the FTC, versus a specialized regulatory agency like the FCC.
Further reading
- The Federal Register
- Regulations.gov
- The Regulatory Review, University of Pennsylvania Law School newspaper
- On regulation
- 2025 Regulatory Year in Review, GW Regulatory Studies Center (2026)
- Regulation: A Primer, GW Regulatory Studies Center (2012)
- Regulation, Econlib
- On the rulemaking process
- US Government Rulemaking, US Trade Representative (2025)
- An Overview of Federal Regulations and the Rulemaking Process, Congressional Research Service (2021)
- Overview of Federal Agency Rulemaking, Office of Information and Regulatory Affairs (2015)
- The Reg Map, Office of Information and Regulatory Affairs
- A Guide to the Rulemaking Process, Office of the Federal Register
- The Basics of the Regulatory Process, Environmental Protection Agency
- On regulatory analysis
Related articles
If you’re interested in pursuing a career in emerging technology policy, complete this form, and we may be able to match you with opportunities suited to your background and interests.
Footnotes
- The Constitution doesn’t explicitly mention executive orders, but they derive from Article II’s grant of “executive Power” to the President and the duty to “take Care that the Laws be faithfully executed.” The Supreme Court’s framework in Youngstown Sheet & Tube Co. v. Sawyer (1952) established that presidential power is strongest when Congress has authorized the action, weaker in areas of shared authority, and “at its lowest ebb” when contradicting congressional intent. EOs can be challenged in court, overridden by new legislation, or revoked by future presidents. ↩︎
- Many federal agencies have shifted toward performance-based regulation rather than prescriptive (or “command and control”) design standards. The EPA, for instance, has implemented emissions-trading programs for sulfur dioxide and other pollutants, allowing firms to meet standards through the most cost-effective methods available to them rather than mandating specific technologies. ↩︎
- Network effects occur when a product or service becomes more valuable as more users adopt it. For example, a social media platform, messaging app, or financial services like Venmo become more useful when your friends, family, and colleagues are also on it. This dynamic creates natural advantages for incumbents and high barriers to entry, as new entrants struggle to attract users away from platforms where “everyone already is.” ↩︎
- The Supremacy Clause (Article VI) makes federal law supreme over state law, but only when Congress is acting within its constitutional authority. Congress has both enumerated powers (explicitly listed in the Constitution, like regulating interstate commerce) and implied powers (like creating the Air Force, derived through the Necessary and Proper Clause even though only Army and Navy are mentioned). Federal laws preempt state laws either explicitly (when the statute says so) or implicitly (when federal regulation is so comprehensive it “occupies the field” or when state and federal law conflict). However, the Tenth Amendment reserves certain powers to the states—like local policing or zoning—where federal supremacy doesn’t apply unless there’s a clear constitutional basis for federal intervention. The boundary between state and federal authority is frequently contested, particularly in emerging policy areas where jurisdiction isn’t clearly established. ↩︎
- Market-based regulatory tools use prices and financial incentives to influence behavior (e.g. tradable emissions permits, taxes on pollutants, or subsidies for cleaner alternatives), while direct mandates prescribe specific requirements or prohibitions (sometimes called ‘command-and-control’ regulation). ↩︎
- Major procedural requirements include the Administrative Procedure Act (which mandates notice-and-comment periods, public hearings, and judicial review to prevent arbitrary regulation) and the Paperwork Reduction Act (which, despite its name, requires agencies to file paperwork for OMB approval before collecting information from the public). ↩︎
- A frequently cited historical example is the Interstate Commerce Commission (ICC), which was created in 1887 to regulate railroads but ultimately ended up protecting incumbent railroads and reinforcing cartel-like stability (e.g. limiting price competition). ↩︎
- Independent regulatory agencies (such as the FCC, SEC, FTC, and FERC) have greater autonomy in setting their regulatory agendas than executive branch agencies. Independent agencies are led by multi-member commissions or boards whose members serve fixed terms and cannot be removed by the President except for cause, insulating them from direct presidential control. In contrast, executive agencies (such as EPA, FDA, and DOT) are headed by cabinet secretaries or administrators who serve at the President’s pleasure, making them more responsive to White House priorities and executive orders. Many agencies receive broad statutory mandates to achieve high-level policy goals, giving them significant discretion in creating regulation toward that end. ↩︎
- Since 1996, Congress has successfully overturned only about 20 rules, with most occurring during the first months of new administrations when the incoming president supports congressional disapproval of the previous administration’s late-term regulations. ↩︎
- The final months of an outgoing presidential administration (the “midnight” period) typically generate an especially large amount of regulatory activity. ↩︎
- President Biden’s Executive Order 14110 invoked the Defense Production Act to require companies developing “dual-use foundation models”—AI models trained using computing power greater than 10^26 floating-point operations—to report to Commerce within 90 days on their training activities, cybersecurity protections for model weights, and results of safety testing (including red-team testing for biosecurity and cybersecurity risks). The order also required entities possessing large computing clusters (with theoretical capacity of 10^20 operations per second) to report their existence and location. ↩︎
- The binding nature of the Unified Agenda varies by administration. Generally, publication in the Unified Agenda is not a legal prerequisite for issuing a rule. However, President Trump issued EOs in both of his terms requiring OMB director approval before agencies could issue rules not included in the most recent Unified Agenda, unless otherwise required by law. ↩︎
- In Loper Bright Enterprises v. Raimondo (2024), the Supreme Court overturned Chevron deference—the doctrine that courts should defer to agencies’ interpretations of ambiguous statutes (if reasonable). This decision narrows agencies’ ability to expand regulatory authority through statutory interpretation and increases judicial scrutiny of agency rulemaking. ↩︎
- Executive Order 12866 defines significant regulatory action as any rule likely to: (1) have an annual economic effect of $100 million or more, or materially affect the economy, jobs, public health, safety, or governments; (2) create serious inconsistency with another agency’s actions; (3) materially alter the budgetary impact of federal programs; or (4) raise novel legal or policy issues related to the President’s priorities. Rules meeting the economic threshold are called “economically significant,” while those meeting other criteria are “other significant” rules. OIRA ultimately determines which rules qualify as significant and therefore require its review. ↩︎
- Historically, independent regulatory agencies (such as the FTC, SEC, FCC, Federal Reserve, CFTC, CPSC, and NLRB) were exempt from OIRA review and conducted their own internal analyses. However, Executive Order 14215, “Ensuring Accountability for All Agencies,” signed February 18, 2025, extended OIRA review to all independent regulatory agencies (with the exception of the Federal Reserve Board’s conduct of monetary policy, though its banking regulations are now subject to OIRA review). The extension of OIRA review to independent agencies is subject to ongoing legal challenges. ↩︎
- Comments are generally submitted through Regulations.gov (and agencies sometimes accept alternative methods such as mail or email, depending on the docket). The eRulemaking Program and GSA provide public guidance on submitting effective comments. Comment periods commonly run 30–60 days, but agencies can extend, reopen, or supplement the comment period (e.g. in response to new information or changes to the proposal). ↩︎
- State enforcement of federal law operates through two mechanisms. First, state courts have broad concurrent jurisdiction to hear federal law cases under the Supremacy Clause, unless Congress has granted federal courts exclusive jurisdiction. Second, state attorneys general can enforce federal law only when Congress has explicitly authorized it. Key examples include: federal antitrust laws (Clayton Act Section 4C allows state AGs to bring “parens patriae” suits on behalf of residents), the Consumer Financial Protection Act (Section 1042 empowers state AGs to enforce federal consumer financial protections), and the Children’s Online Privacy Protection Act (COPPA). Congress cannot compel state executive officers to enforce federal regulatory programs; states must voluntarily participate when authorized. ↩︎
- Congress is generally less credentialist than think tanks and the executive branch. While graduate degrees in public policy, law, or a technical field are valuable for mid- to senior roles, they’re rarely required. Prior congressional experience matters far more than formal credentials—senior roles rarely get filled by people without prior Hill experience. Fellowships can allow early- to mid-career professionals to bypass this typical requirement and move directly into substantive policy roles. ↩︎
