Current AI regulation overrelies on benchmark testing, neglecting the inherent uncertainty of deep learning models and their lack of causal mechanisms—limiting generalizability to high-stakes real-world domains (e.g., healthcare, law) and compromising system safety. Method: This study systematically establishes causal theory as the scientific foundation for AI regulation and proposes a novel “human oversight–risk communication” two-tier adaptive regulatory framework. Through cross-domain case studies, causal reasoning modeling, and verifiability assessment of AI systems, it rigorously identifies the fundamental limitations of benchmarks in safety validation. Contribution/Results: The work delivers a theoretically rigorous yet practically implementable governance alternative for regulatory bodies (e.g., in the U.S. and EU), shifting AI oversight from empirical, benchmark-driven evaluation toward a causally grounded, trustworthy regulatory paradigm.

The rapid advancement of artificial intelligence (AI) systems in critical domains like healthcare, justice, and social services has sparked numerous regulatory initiatives aimed at ensuring their safe deployment. Current regulatory frameworks, exemplified by recent US and EU efforts, primarily focus on procedural guidelines while presuming that scientific benchmarking can effectively validate AI safety, similar to how crash tests verify vehicle safety or clinical trials validate drug efficacy. However, this approach fundamentally misunderstands the unique technical challenges posed by modern AI systems. Through systematic analysis of successful technology regulation case studies, we demonstrate that effective scientific regulation requires a causal theory linking observable test outcomes to future performance - for instance, how a vehicle's crash resistance at one speed predicts its safety at lower speeds. We show that deep learning models, which learn complex statistical patterns from training data without explicit causal mechanisms, preclude such guarantees. This limitation renders traditional regulatory approaches inadequate for ensuring AI safety. Moving forward, we call for regulators to reckon with this limitation, and propose a preliminary two-tiered regulatory framework that acknowledges these constraints: mandating human oversight for high-risk applications while developing appropriate risk communication strategies for lower-risk uses. Our findings highlight the urgent need to reconsider fundamental assumptions in AI regulation and suggest a concrete path forward for policymakers and researchers.