Brief
Bad regulation optimizes the visibility of action. Good regulation optimizes measurable public benefit, human agency and enforceable accountability.
A banner, cap, disclosure or risk form may show that a rule exists while doing little to change the dangerous system underneath.
Tethered caps are annoying, but they sit inside a measurable plastics directive with collection and recycled-content targets. The critique should be proportional.
The spiritual and philosophical material becomes strongest when it asks what kind of person the system assumes: chooser, subject, data point, sinner, citizen, worker, child.
Where theatre appears
Regulatory theatre starts when the visible ritual becomes easier to inspect than the actual outcome: fewer harms, less tracking, cleaner environments, safer AI or stronger dignity.
The consent ideal is defensible: no covert tracking without a real choice. The common implementation is often theatre: fatigue, dark patterns, repetitive interruption and consent that users do not meaningfully understand.
Unlike many banners, caps are tied to a physical leakage problem and measurable collection targets. The theatre risk is user annoyance becoming the symbol while upstream packaging and collection systems remain underexamined.
Risk-based AI rules can help if they force testing, documentation, incident reporting and human oversight. They become theatre if compliance templates replace measurement, red-teaming and accountability for actual deployment harm.
Digital ID can reduce fraud and exclusion when designed with choice and minimization. It becomes theatre or domination when every service demands persistent identity for problems that could use local, contextual proofs.
Reserve, disclosure and custody rules can protect users. But laws that mistake interface control for systemic risk control may push activity offshore while leaving leverage, fraud and settlement risk intact.
Modern systems often outsource ethics to a click. That is not autonomy if refusal is hidden, costly, impossible, or requires reading a policy no normal person can process.
What the record says
The practical question is not whether a rule has noble intent. It is whether the rule produces measurable benefit at lower total burden than available alternatives.
European and UK guidance is not absurd at the principle level: users should know when non-essential tracking happens and should be able to refuse it. The EDPB taskforce identified practices like no reject button on the first layer and pre-ticked boxes as invalid consent patterns. The failure is that enforcement has often chased banner form while the attention economy, ad-tech opacity and consent fatigue keep expanding.
The EU Single-Use Plastics Directive includes design requirements such as attached caps, but also collection targets for plastic bottles and recycled-content targets. That makes the case different from pure symbolic compliance. The better critique is implementation quality: does the design lower litter without shifting too much daily friction to users?
Small firms, open-source projects, researchers and civil-society groups feel procedural burden more sharply than dominant platforms. Rules that require expensive documentation without outcome testing can entrench incumbents while claiming to protect the public.
Avoid the bannerization of AI
AI governance should become a test bench, not a consent wall. It must ask: what can this system do, to whom, under whose control, with what recourse?
Useful when tied to deployment context, affected population and actual capability. Weak when it labels a model abstractly and ignores use.
Useful as evidence for audits and incident review. Weak when it becomes beautiful paperwork nobody validates against reality.
The non-theatrical core: red teams, bias tests, cybersecurity, abuse simulations, human factors and post-market monitoring.
The dignity test: can a person contest, understand, exit or repair a harmful automated decision without needing a lawyer?
People are not compliance endpoints
The "God, AI and 42" material belongs here: as a reminder that regulation fails when it protects a diagram of humanity while exhausting actual humans.
Consent is not agency if the person cannot understand, refuse or carry the cost of refusal. This applies to cookies, AI scoring and digital identity.
Formal compliance can become dead formalism. A rule should be judged by the harm it reduces and the dignity it preserves.
AI exposes institutional habits: who is counted, who is optimized, who is invisible, who has recourse, who carries externalities.
The Vatican AI text is useful as a moral frame: technical power without humility, solidarity and common good becomes architecture for domination.
Regulators love what can be counted. But the easiest thing to count is often the visible ritual, not the lived benefit.
A humane system admits that persons exceed profiles, risk scores, productivity metrics and data rights dashboards.
Critique of the draft
The draft is strongest as a theory of displaced burden: institutions make users perform small rituals so the institution can claim moral action.
Cookie banners are a canonical example of consent bureaucracy: legally meaningful in theory, often cognitively empty in practice.
Not every visible inconvenience is theatre. Tethered caps and some AI duties can be justified if they are linked to measurable harm reduction.
Use a burden-benefit ledger: user friction, small-firm cost, enforcement feasibility, measurable outcome, alternative designs and sunset review.
Rules that resist theatre
Session-only checklist. It does not save, track or transmit anything.
Outbound links are ordinary anchors. The page loads no external scripts, fonts, images, analytics or fetch calls.
Human dignity and philosophical layer.
Baseline institutional explanation of cookie purposes.
UK guidance on consent, exemptions and similar technologies.
Findings on reject buttons, pre-ticked boxes and deceptive designs.
Policy context for tethered caps and collection targets.
Progressive enforcement timeline for EU AI rules.
Voluntary risk-management framework and 2026 critical-infrastructure note.
Human-person and AI dignity frame.