In August 2025, AMCID gave me the privilege of sharing my lecture, “Artificial Intelligence: Regulatory Constellations,” with more than 200 colleagues and experts. The title is not arbitrary: the zodiac serves as a mnemonic tool to describe the different approaches to AI regulation around the world, from the most prescriptive to the most principle-based, and what they reveal about each region’s legal philosophy. But by the end of the session, with questions that went well beyond the allotted time, it became clear that the topic extends far beyond comparative taxonomy. What concerns legal practitioners is more fundamental: in which direction should we push?
The conference revolved around three ideas worth putting into writing.
The “new” legal problems of AI are, for the most part, old
Whenever a technology that generates a buzz emerges, there is a temptation to create a regulatory framework from scratch. The reflex kicks in: “This problem is new; current law isn’t enough.” But when one examines closely exactly what the concerns are: civil liability for algorithmic harm, transparency in automated decisions, and the protection of personal data in the context of language models; there is almost always a preexisting legal framework. Strict liability, disclosure obligations, fundamental rights: the system already has answers for a considerable portion of these scenarios.
Legislating as if there were no precedent is regulatory panic disguised as modernity. And regulatory panic produces bad laws.
Three pitfalls legislators should avoid
At the conference, I described three risks that any country seeking to regulate AI judiciously should avoid.
The first is legislative panic. Political pressure to “do something visible” leads to laws drafted in haste that create more uncertainty than certainty. A law passed in response to the news cycle rarely solves the problem it aims to address; more often than not, it creates new gray areas.
The second is regulatory inflation: multiplying sector-specific laws, one for facial recognition systems, another for chatbots in public services, another for high-risk models, fragments the legal system without strengthening it. The law works better when based on principles rather than on catalogues of technologies that become obsolete in two years.
The third is regulatory colonialism. Transplanting the European AI Act or U.S. executive orders without adapting them to the Mexican context is equivalent to importing a solution without understanding the local problem. The standardization of regulatory frameworks on a global scale comes at a cost: it erodes legal and digital sovereignty, which is not a luxury but the foundation upon which any legitimate regulation is built.
Can institutions enforce what already exists?
The central argument of the conference was not “don’t regulate AI.” It was something more precise: before drafting new regulations, we must ask whether existing institutions have the resources, training, and independence to enforce those already in place.
A judge who cannot describe the basic functioning of a recommendation system cannot properly apply the principle of strict liability, even if the law provides for it. A regulator without a budget or technical staff cannot oversee high-risk models, even if the regulations require it. In that scenario, more legislation is simply more text that no one can enforce.
Thinking about and making decisions regarding AI requires less complacent rhetoric and more grounding in legal principles. Less reliance on technological narratives that are effective from a marketing standpoint, and more critical thinking about what the law can do, and what no regulation can do if the institutions that back it lack the actual capacity to act.
That does not end the debate. But it does establish a more honest starting point than the race to pass the subcontinent’s first AI law.