The Possible Lead Role for the SEC in Governing Artificial Intelligence

by John Jenkins

June 26, 2026

By Guest Blogger Yan Ross JD, Editor-in-Chief, Cyber Defense Magazine

Note:  The author is writing in his individual capacity.

 

In all of the excitement of artificial intelligence developments, we see a confluence of chronic and acute cybersecurity challenges.

 

The acute ones, of course are represented by the fast-developing advances in the Artificial Intelligence industry.   The term” AI Governance” has come into everyday parlance, but at this stage there is not a single definition of what it means in practice.

 

On the government side, we are seeing interventions creating winners and losers, as well as attempts to protect the users from some of the more aggressive practices of the AI providers.

 

On the corporate and business side, we see more traditional types of responses, including enhanced policies and procedures for those employees who are the actual users of AI systems.  They tend to fall into 2 categories:

 

  • Regulated industries, such as public companies regulated by the SEC and sectors of critical infrastructure like defense contracting, financial institutions; and health care and finance under HIPAA, on one hand; and
  • Those organizations subject only to market forces on the other hand.

 

That is where the chronic cyber security practices are, as they should be, and continue to be the backbone of implementation and enforcement of preventive and protective practices.

 

Is AI governable?

 

It appears to us that, in any traditional sense, the answer is in the negative.

 

That leads us to inquire about traditional definitions of “governance” and what it means in this context.  Common definitions abound, but are difficult to apply to this phenomenon, especially in view of the difference between government and corporate functions.

 

The Key Difference

 

Governmental governance is concerned with authority over a population.

 

Corporate governance is concerned with stewardship of an organization.

 

A government asks:

 

“How should society be governed?”

 

A corporation asks:

 

“How should this enterprise be directed and managed?”

 

The first is a matter of public authority. The second is a matter of organizational effectiveness.

 

The Role of the SEC

 

As the federal regulator with responsibility to promulgate and enforce standards for the securities industry, among other duties the SEC provides standards of governance of public companies.

 

In this instance, the standards of governance include the ways in which the management and boards of regulated organizations must protect against adverse effects of irresponsible use of artificial intelligence resources by employees.

 

Safe policies and practices include such safeguards as training of those with access to the digital assets of the company to avoid the transmission of sensitive information, the compromise of personally identifiable information (“PII”) of clients and customers, and the confidentiality, accessibility, and integrity of all operational data.

 

By setting and enforcing these types of standards, the SEC can play a pivotal role in implementing governance and safe practices in the use of artificial intelligence in the private sector.

 

Challenges in AI Governance

 

Of course, the potential role of the SEC does not exist in a vacuum.  There are forces inimical to the imposition of government restrictions and requirements.  They are both political and economic in nature.  The following represent a few examples of these challenges.

 

Currently, there is a tension between the federal government and States as to which level of government will take the lead in governing AI.  The administration has stated that AI governance should be unified rather than set up a patchwork of State laws and regulations.  Several States, on the other hand, have already adopted legislation to impose standards on the providers and users of AI facilities.

 

The private sector owners of the AI platforms have shown no willingness to be subjected to unwieldy government regulation.  In fact, they have been given access to the deliberative process in both the executive and legislative branches of the federal government, with ample opportunity to influence the outcomes of governmental process.

 

Globalization in general tends to undercut national influences, resulting in the privately held AI systems being able to shop (or threaten to shop) for other jurisdictions with more favorable operational and financial flexibility.

 

The concentration of ownership of the top tier AI companies, financial wealth, and political power contributes to this tension between the government and the governed.  In other contexts, this pattern is referred to as “asymmetrical warfare,” with the sides unevenly matched.

 

Conclusion

 

This set of facts and circumstances is why it is so difficult for traditional governmental top-down regulation of AI to achieve workable “governance” of AI.  To be fair, however, there may still be some effective government regulation based on national security and critical infrastructure, as well as the SEC’s authority over public companies.

 

Otherwise, the only effective governance will be implemented by organizations willing to adopt and enforce policies, procedures. and practices for everyone with access to their digital resources.  We should note the current trend of larger organizations to utilize Local LLMs to obviate the need to utilize the services of the major AI providers which are in a position to reject government regulation.

 

But at this juncture, heads of state treating AI moguls as their equals doesn’t bode well for “governance” in the traditional sense.

 

You can reach the author for additional information by email at yan.ross@cyberdefensemagazine.com

 

Yan Ross is a “recovering attorney” and the Editor-in-Chief of the online monthly Cyber Defense Magazine.  In this capacity over the past 7 years, he has edited over 3000 articles by experts in the cybersecurity industry.  From this body of work and independent research, Yan is pleased to provide this monthly guest blog.

Yan is an accredited educator, providing CLE courses for several online providers.

He is also co-author of The vCISO Playbook: Virtual CISOs Deliver Enterprise-Grade Cybersecurity to Small and Medium Businesses (SMBs).