From Paper to Policy: How AI Safety Research Influences EU AI Act Standards

Most AI safety research never reaches the people writing the regulations.

That's not because policymakers don't care. It's because the translation process between academic research and regulatory text is slow, indirect, and depends heavily on researchers who've navigated it before. The EU AI Act was shaped by a relatively small group of researchers, policy translators, and civil society organisations who had both the technical knowledge and the political access to move ideas from papers to provisions.

For researchers who've spent years working on problems the EU AI Act is now trying to address, understanding how that translation process works, and where it breaks down, is the difference between research that shapes governance and research that gets cited in footnotes.

How Research Reached the EU AI Act

The EU AI Act was formally proposed by the European Commission in April 2021, but its intellectual foundations were built over the preceding decade. Several research streams directly shaped specific provisions.

Algorithmic fairness and non-discrimination. Research on bias in automated decision-making systems, particularly in credit scoring, hiring, and criminal justice applications, directly informed Annex III's high-risk classification for AI systems in those domains. The Article 10 provisions on training data quality, including the requirement to examine data for biases, draw directly from academic work on bias sources and mitigation methods.

Explainability requirements. The Act's human oversight provisions (Article 14) and the broader push toward interpretable AI systems reflect research on explainable AI that built a policy-legible argument for why black-box systems in high-stakes domains create accountability gaps. The argument wasn't just "black boxes are technically risky." It was "black boxes make meaningful human oversight impossible, and meaningful human oversight is a fundamental principle in regulated domains." That framing, developed in research settings, translated into legislative language.

Risk-based categorisation. The Act's tiered risk framework, its most architecturally distinctive feature, draws on risk-based regulatory thinking developed in AI safety and policy research. The idea that regulatory requirements should scale with potential harm rather than applying uniformly was present in academic work before it was present in regulatory proposals.

Foundation model provisions. The GPAI (General Purpose AI) provisions added in 2023 reflect direct engagement between researchers working on large language model capabilities and harms and the legislative process. The final GPAI framework is substantially different from what researchers initially proposed, but the research community's engagement did shape the final text, particularly around systemic risk thresholds and evaluation requirements.

Where the Translation Breaks Down

Despite these successes, the research-to-policy translation fails far more often than it succeeds. Understanding the failure modes helps researchers who want their work to reach policymakers.

The legibility problem. Academic research optimises for precision and defensibility within a specific research community. Policy language optimises for clarity across a much wider range of readers, operational specificity, and legal defensibility. Research that makes precise technical claims often can't be directly translated into regulatory text without losing either precision or legibility. The researchers who bridge this gap successfully are usually the ones who've developed a second skill set: translating technical arguments into policy-legible language that retains enough specificity to be operationally meaningful.

The timing problem. The EU AI Act was under development for years before it was passed. The period when research inputs were most influential was during the Commission's initial consultation phases and the Parliamentary committee process, both of which occurred before most researchers even knew the Act was coming. By the time a paper is published, peer-reviewed, replicated, and synthesised into a policy recommendation, the legislative window it was relevant to has often already closed.

The access problem. Research influences policy through people. Specifically, it reaches legislative drafters through the policy translators and civil society organisations who have ongoing relationships with those drafters. A paper posted to arXiv doesn't reach a policy staffer unless someone who knows that staffer has read the paper, understood its relevance, and made the connection. Most researchers don't have those networks. Most policy translators don't have time to monitor the research literature at the level researchers do.

The uncertainty problem. Policy requires confident prescriptions. Research often produces qualified findings with acknowledged uncertainties. "We found X in this specific experimental context with these limitations" doesn't translate easily into "the regulation should require Y." Policymakers and their advisors often prefer the confident claims of industry consultants over the appropriately hedged findings of academic researchers, even when the research is more reliable.

The Standards Process: The More Durable Channel

The place where AI safety research has its most direct, durable, and underappreciated influence is in the technical standards that operationalise the Act's requirements.

The EU AI Act sets out high-level obligations. Technical standards, developed primarily by CEN-CENELEC and ISO/IEC, translate those obligations into specific technical requirements that conformity assessors and AI system developers can actually implement.

The standards process is slower and less visible than legislative debates, but it's where the technical content actually gets determined. A provision in the Act that says AI systems must have "appropriate" testing procedures means very little until a standard says what appropriate means in measurable terms. That determination gets made in standards working groups, where the people with deep technical expertise have the most influence.

AI safety researchers who engage with this process are in a position to shape what EU AI Act compliance actually requires in operational terms. The standards being developed now for risk management systems, performance evaluation, and data quality are going to define compliance practice for the next decade.

Practical Pathways for Research Influence

For researchers who want their work to reach policymakers and standards bodies, here's what works.

Identify the policy-relevant implication before writing. If your research has a regulatory implication, that implication should be clearly stated in the paper, not implicit. Policymakers and policy translators don't have time to extract implications from technical papers. The researchers who influence policy are usually the ones who've written at least one paragraph in accessible language explaining what their findings mean for governance, even if the rest of the paper is highly technical.

Engage the standards process directly. CEN-CENELEC and ISO/IEC both have mechanisms for researchers to contribute to technical standards development, including through national standards bodies and direct participation in working groups. This is slower and less visible than publishing papers, but it produces regulatory text that reflects the research.

Build relationships with policy translators. Organisations like the AI Now Institute, the Ada Lovelace Institute, and various national AI policy institutes exist partly to translate research into policy recommendations. Researchers who engage with these organisations, even informally, dramatically increase the likelihood that their work reaches the right audiences at the right time.

Respond to regulatory consultations. The European Commission, the European Parliament's committees, and national competent authorities publish consultations on AI governance questions regularly. These consultations are explicitly designed to receive input from technical experts. A well-structured response from researchers with relevant expertise is more likely to influence specific provisions than a published paper, because it arrives in the format and at the time when policymakers are actually making decisions.

Write for policymakers, not just peers. Policy briefs, parliamentary submissions, and accessible summaries of technical research are not second-tier academic outputs. They are direct inputs into the governance process. Researchers who write them are doing something that researchers who only write for academic audiences don't: putting their expertise where it can be used.

The Accountability Loop That's Missing

There's a deeper structural problem in the research-to-policy translation worth naming directly.

Research that shapes regulation is rarely evaluated against how the regulation actually performs. If algorithmic fairness research shaped Article 10's data quality requirements, we should eventually know whether those requirements actually reduced discriminatory outcomes in credit decisions. If XAI research shaped human oversight requirements, we should know whether the oversight mechanisms that resulted actually give humans meaningful understanding of AI outputs in practice.

That feedback loop doesn't currently exist in any systematic way. Researchers rarely track what happens to their ideas once they enter the legislative process. Policymakers rarely evaluate whether the technical requirements they adopted were the right ones. Enforcement agencies have almost no mechanism to feed their experiences back to the research community.

Building that feedback loop is one of the most useful things the AI safety research community could do for the long-term quality of AI governance. The EU AI Act is going to generate an enormous amount of observable data about how different compliance requirements work in practice. That data should be systematically feeding back into research, which should be feeding back into standards, which should be feeding back into enforcement guidance.

That's the model for how technical governance improves over time. It requires researchers who see their role as extending beyond the publication of their findings.