ThinkableWhat is this?

Governance of Emerging Tech

The Pacemaker Problem: Why No One Is Really in Charge of the Technologies Reshaping the World

The most consequential technologies of our time are governed by a patchwork of voluntary guidelines, self-interested industry bodies, and laws written before the internet existed.

The Idea

There is a persistent fantasy in democratic societies that powerful new technologies get assessed, debated, and then regulated — that somewhere, responsible adults are running the checks. The reality is almost the opposite. Governance of emerging technology is almost always retrospective: rules arrive years, sometimes decades, after the technology has already embedded itself into infrastructure, habit, and economic incentive. This lag isn't accidental. It reflects a genuine structural problem. Legislators move at the pace of consensus; technology moves at the pace of competition. By the time a regulatory framework is sophisticated enough to address a technology, the technology has already mutated into something the framework doesn't quite fit. Early social media regulation was designed for a world of static web pages. Early AI governance frameworks were written when large language models were still a research curiosity. What fills the vacuum in the meantime is a mix of corporate self-regulation, technical standards bodies, and ad hoc international agreements — each with real power, none with real accountability. The Institute of Electrical and Electronics Engineers sets technical standards that shape what billions of devices can and cannot do. A handful of private companies decide what speech is permissible across platforms used by billions. These are not obscure bureaucratic footnotes; they are the actual governance layer. The deeper challenge is that 'governance' assumes you can identify who is responsible for an outcome. Emergent technologies — where no single actor controls the full stack — resist that logic almost by design.

In the World

In 2017, researchers in Belgium demonstrated that cardiac pacemakers and insulin pumps from a major medical device manufacturer could be remotely hacked. An attacker within radio range could, in theory, drain a pacemaker's battery or deliver a fatal insulin dose. The vulnerability had existed for years. The manufacturer knew. Regulators had no mandatory disclosure requirement. Doctors had no way to know. Patients certainly didn't. The fix, when it eventually came, required a software update pushed to implanted devices — itself a novel act with its own risks. The US Food and Drug Administration issued guidance, not rules. The manufacturer patched what it could. Independent security researchers, who had no legal standing or official role, were the ones who forced the issue into public view in the first place. This story is sometimes told as a cybersecurity failure, but it is more accurately a governance failure. At every stage — design, certification, post-market monitoring, disclosure — the system assumed that someone else was responsible. The regulator assumed the manufacturer was conducting security testing. The manufacturer assumed the regulator would flag requirements. Hospitals assumed devices certified for medical use were secure by definition. The pacemaker case is unusually dramatic, but the structure it reveals — diffuse responsibility, retrospective rules, private actors filling public gaps — is entirely typical of how emerging technology gets governed, from autonomous vehicles to large language models to synthetic biology.

Why It Matters

Understanding this governance gap changes how you read technology news. When a company announces a new AI policy, or a government launches a consultation on algorithmic accountability, the instinct is to evaluate the content of the policy. But the more important question is often structural: who actually has the power to enforce this, and what incentive do they have to do so? It also reframes what expertise means in this space. The people shaping technology governance are not just politicians and lawyers — they are engineers setting default parameters, researchers publishing vulnerabilities, and civil society groups translating technical realities into language that policymakers can act on. The gap between technical possibility and democratic oversight is partly a knowledge gap, and it is one that curious, informed non-specialists can genuinely help close. Finally, it sharpens a question worth carrying into every conversation about a new technology: not just 'what can this do?' but 'who decides what it should do, and what happens when they get it wrong?'

A Question to Ponder

When a technology becomes genuinely indispensable — woven into healthcare, finance, communication — does that make it harder or easier to govern well, and why?

Get a new one of these every morning.

Start learning with Thinkable
One topic like this, every day.Start free