Discerning Between the “Easy” and “Hard” Problems of AI Governance

While there is widespread consensus that artificial intelligence (AI) needs to be governed owing to its rapid diffusion and societal implications, the current scholarly discussion on AI governance is dispersed across numerous disciplines and problem domains. This paper clarifies the situation by discerning two problem areas, metaphorically titled the “easy” and “hard” problems of AI governance, using a dialectic theory synthesis approach. The “easy problem” of AI governance concerns how organizations’ design, development, and use of AI systems align with laws, values, and norms stemming from legislation, ethics guidelines, and the surrounding society. Organizations can provisionally solve the “easy problem” by implementing appropriate organizational mechanisms to govern data, algorithms, and algorithmic systems. The “hard problem” of AI governance concerns AI as a general-purpose technology that transforms organizations and societies. Rather than a matter to be resolved, the “hard problem” is a sensemaking process regarding socio-technical change. Partial solutions to the “hard problem” may open unforeseen issues. While societies should not lose track of the “hard problem” of AI governance, there is significant value in solving the “easy problem” for two reasons. First, the “easy problem” can be provisionally solved by tackling bias, harm, and transparency issues. Second, solving the “easy problem” helps solve the “hard problem,” as responsible organizational AI practices create virtuous rather than vicious cycles.


I. INTRODUCTION
T HERE is widespread consensus that artificial intelligence (AI) needs to be governed owing to its rapid diffusion and significant organizational and societal implications, as well as its unintended consequences and systemic risks [1], [2], [3]. AI is a broad term that has several definitions. One oftencited definition describes AI as an information system's ability to interpret data, learn, and use learnings to achieve specific goals through adaptation [4]. In contrast, a broader definition conceptualizes AI as a moving frontier of computational advancements that references human intelligence [5]. Recently, these advancements have been visible, for example, in generative AI technologies such as large language models (LLMs) that are used in the ChatGPT chatbot [6]. AI can thus be seen as a research field, a set of technologies, and a more abstract frontier of technological advancement that is always on the horizon. Research on AI dates back to the 1950s, stemming from the quest to develop machines that approach human capabilities in particular domains. Since its early beginnings, AI research and applications have experienced cycles of boom and bust (so-called AI summers and winters), with a recent resurgence of interest owing to more sophisticated algorithms, low-cost graphics processors, and large databases [7]. The current and envisioned AI application areas are numerous and include manufacturing, healthcare, and finance [8], [9]. While AI governance is evidently needed, the current scholarly discussion surrounding AI governance is dispersed across numerous disciplines and problem domains, with authors raising organizational [10], [11], [12] and societal [13], [14] issues. Researchers have conceptualized AI governance as a layered phenomenon concerning software development teams, organizations, industries, and regulators [3], [15], [16]. The scholarly debate on AI governance would benefit from the structuring of the different problem domains.
Our study contributes to structuring AI governance scholarship by providing a dialectic theory synthesis of the AI governance literature. In the 1990s, David Chalmers published the influential article "Facing Up to the Problem of Consciousness," which popularized the distinction between the easy and hard problems of consciousness [17]. The easy problem concerns the ability to react based on information, which can be explained scientifically. The hard problem concerns the phenomenological experience of consciousness, with which science continually struggles [17]. As an analogy, we suggest distinguishing between the "easy problem" of AI governance and the "hard problem" of AI governance. We use the terms "easy problem" and "hard problem" metaphorically, hence the quotation marks. The "easy problem" is by no means easy, but it is comparatively more straightforward than the "hard problem." Moreover, the separation into two problem domains is a dialectic simplification intended to facilitate discussion, organizations' strategy work, and national and transnational policy planning. In reality, AI governance issues do not fall neatly into two problem areas; rather, they encompass heterogeneous facets, such as software engineering workflows, standardization, diversity among development teams, and unemployment issues due to automation.
It is important to note that what is proposed here is not a distinction between artificial narrow intelligence (AI applied to specific areas) and artificial general intelligence (autonomous AI that can solve problems in many areas) [4]. The distinction between "easy" and "hard" problems already emerges with the current state of artificial narrow intelligence and does not require us to imagine more fully developed artificial general intelligence.
The distinction between different problems is essential because it helps AI researchers and organizations that use AI to approach different problem areas appropriately, devote sufficient attention to both comparatively "easier" and "harder" problems, and contribute to solving both types of problems through a better understanding of their interlinkages. If the distinction between "easy" and "hard" problems is adopted, there is less risk of misunderstanding when using the concept of AI governance in scholarly articles, conference themes, organizational practice, and other contexts. This paper aims to contribute to this objective. We discuss the "easy" and "hard" problems separately before comparing the two problem domains and concluding with the implications.

II. METHODOLOGY
Discerning between the "easy" and "hard" problems of AI governance, we provide a theory synthesis [18] of AI governance scholarship using a dialectic approach [19], [20] as a unifying theoretical lens. A theory synthesis is a type of conceptual paper that strives toward conceptual integration across different literature streams by linking disconnected scholarly contributions in a novel way [18]. As AI governance research is currently dispersed across numerous disciplines and communities [1], integration is necessary for this domain. A theory synthesis differs from a literature review because it can build coherence by introducing new theoretical vocabulary, while a literature review remains within the existing conceptual boundaries [18].
To identify the existing AI governance literature for the synthesis, we searched peer-reviewed academic literature on AI governance from five central academic databases: Scopus, Web of Science, IEEE Xplore, ACM Digital Library journal publications, and ACM Digital Library conference proceedings. We used a range of synonyms as search terms because AI governance may be discussed using varying terminology. For AI, we used the terms "artificial intelligence," "AI," "machine learning," "deep learning," and "black box." Each of these terms was coupled with the term "governance" using the AND operator. The search was limited to journal and conference publications in English.
To conduct a coherent theory synthesis, we need to limit the body of literature to works that are similar enough to be synthesized. Therefore, we examined titles, abstracts, and full-text documents in borderline cases to screen the relevant literature. The central inclusion criterion was that articles must address the governance of AI systems executed by human actors. This criterion excludes any literature discussing the use of algorithmic systems to govern human behavior. AI governance thus means the governance of AI-not governance by AI.
We utilized a dialectic lens to make sense of the complex AI governance literature [19], [20]. At its core, a dialectic approach is concerned with historical context and the processes and relationships among entities and problem areas, as opposed to the characteristics of separate entities [20]. From this perspective, socio-technical phenomena evolve continuously owing to dynamics between opposing tendencies rather than linear trends [21]. In our study, the dialectic approach is used as a sensitizing device to simplify the AI governance literature field. Through this lens, we aim to strike a balance between comprehensibility and the risk of oversimplification. The theoretical simplification into two distinct categories is a key limitation of our dialectic theory synthesis approach. Moreover, because dialectics is a research tradition that emphasizes processual development, any specification of a problem domain, such as AI governance, is bound to a particular point in time rather than universally valid.
A dialectic perspective generally works with two opposing entities, sometimes labeled "thesis" and "antithesis," which are ultimately overcome in a subsequent synthesis [21]. While we present the "easy" and "hard" problems of AI governance as dialectically interlinked problem areas, we do not position either as a thesis or antithesis, because making this distinction does not seem fruitful for the analysis. Moreover, we do not aim for a dialectic synthesis between the two. This is because the topic is so novel, and significant work is still required to understand the opposing dialectic poles that are visible in the literature. Therefore, a synthesis in the dialectic sense would be premature. Eventually, a synthesis of AI governance approaches may be achieved, but this is currently speculative and beyond the scope of this article.

A. An Overview of the AI Governance Literature
Overall, the literature highlighted the complexities of governing AI [15], [22]. In particular, AI governance includes different dimensions, themes, and perspectives. For example, several studies discussed the legal and regulatory aspects of AI governance [1], [23], [24], [25], [26], [27], which are indirectly relevant to organizations through regulatory compliance and engagement.
Explicit AI governance definitions have begun to emerge in the 2020s. At the organizational level, AI governance is defined as "a system of rules, practices, processes, and technological tools that are employed to ensure an organization's use of AI technologies aligns with the organization's strategies, objectives, and values; fulfills legal requirements; and meets principles of ethical AI followed by the organization" [12, p. 604]. This definition emphasizes the alignment between organizational practices and requirements from the operational environment. However, a notable trend in the AI governance literature is that many authors consider AI governance to intersect with regulation and public policy. For example, Kaminski [28] discusses collaborative governance in the context of algorithmic accountability as a regulatory system consisting of mechanisms that regulate organizational activities. Butcher and Beridze [1, p. 88] define AI governance as "the mechanisms and processes that shape and govern AI, considering regulation as a legislative subset of governance." Approaches at this societal level tend to focus on broad questions, such as workforce substitution, autonomous weapons in warfare, and the general social acceptance of AI [1], [13], [29].
In sum, AI governance is currently an ambiguous term that can refer to complex problem areas that are relevant to governments [13], global governance arrangements [1], [30], or issues upon which individual organizations can act [12], [31]. Our dialectic theory synthesis aims to give structure to this ambiguity. The following sections briefly outline what we call the "easy" and "hard" problems of AI governance before comparing the two problem areas.

B. The "Easy Problem" of AI Governance
A growing literature stream discusses the organizational challenges related to governing AI systems, which we label the "easy problem" of AI governance [11], [12], [31], [32], [33]. The "easy problem" concerns how organizations' use of AI systems aligns with laws, values, and norms stemming from legislation, ethics guidelines, and the surrounding society. This problem area covers aspects such as organizational mechanisms to govern data, algorithms, and algorithmic systems [11], as well as engineering approaches that seek to ensure responsible AI development [34], [35]. In addition to legal compliance and engineering ethics, AI governance is linked to corporate social responsibility and business ethics concerns [36], [37].
This problem domain is becoming increasingly important as organizations strive to adopt AI to enhance their performance in various areas, including analytics and process automation. For example, AI algorithms can be used in the assessment of job candidates, and markets are growing around algorithmic recruitment. Regulation requires job candidates to be treated fairly; this entails auditing hiring algorithms for biases, which has, in turn, led to a nascent algorithmic auditing industry [38], [39]. Similar questions of fairness and transparency could be found in customer service chatbots and many other examples.
In regard to their AI governance efforts, organizations deploying AI systems in their operations can receive help from service providers, such as AI auditing firms; however, these organizations ultimately carry the responsibility of ensuring alignment between their AI systems and laws, values, and norms [32]. Accountability issues may be thorny in real cases, but the number of actors is nevertheless limited. The primary actors are AI user organizations; AI system providers; and oversight actors, such as auditors. Questions are focused on specific AI systems used by particular organizations.
Laws, values, and norms evolve; therefore, the "easy problem" of AI governance can be solved only provisionally. However, given a particular stage of AI regulation, organizations and AI systems can reach a sufficient level of compliance, which can be verified by auditing and independent oversight, given that the required governance mechanisms are available [34]. Thus, it is plausible that the "easy problem" of AI governance can be (provisionally) solved.

C. The "Hard Problem" of AI Governance
In contrast, the "hard problem" of AI governance concerns AI as a general-purpose technology [13] that transforms organizations, societies, and the lives of individuals. The transformative potential of AI can be seen on a continuum ranging from narrowly transformative AI (comparable to the invention of the typewriter) to transformative AI (comparable to the internal combustion engine) to radically transformative AI (comparable to the industrial revolution) [40]. While the level of transformation remains to be seen, the point is that AI is an emerging technology with societal effects that extend beyond specific organizations and sectors.
At the societal level, the widespread use of AI raises questions about the future of democracy in the context of sophisticated electoral manipulation, the future of work due to increased automation, and warfare with autonomous lethal robots [13]. For example, misinformation, such as the deepfakes produced by generative adversarial networks, can seriously threaten citizens' trust in media sources [41], [42].
Given the global nature of AI technologies and networks, it is unclear who the responsible governing parties are, particularly if the harms caused by AI systems emerge diffusely. Emergent AI harms can be compared to the argument that many privacy harms, akin to environmental harms, arise from individual practices with no malicious intent [43]. The networked nature of accountability, with different actors, forums, and relationships [44], makes attributing responsibilities complex. While single organizations cannot solve networked ethical problems, such as electoral manipulation, technology platforms currently wield a great deal of power to influence AI governance on a macro scale through platform design, monitoring choices, and lobbying regulators.
Moreover, in the case of the "hard problem" of AI governance, setting the boundaries of problems and solutions is challenging. Can we even discuss one complex problem area, or is the "hard problem" composed of many distinct problem areas, such as democracy, work, and international relations? This question logically leads to the follow-up consideration of whether problems in different domains can be solved horizontally-for example, by introducing a regulation such as the European Union's proposed AI Act [45]-or whether piecemeal (e.g., sectoral) solutions are likely to be more effective.
Assessing alternative options is also challenging because it is difficult to define when we are closer to solving the "hard problem" and whether, at some point, we can consider the problem solved. Perhaps the "hard problem" should not be viewed as a matter to be resolved. Instead, the "hard problem" is like an ongoing sensemaking process concerning socio-technical change. In the coming years, AI technologies and their social implications will continue to evolve, and new global situations, such as financial crises, pandemics, and wars, may induce unpredictable applications and impacts of AI technologies. Hence, the large-scale societal issues around AI are an open category rather than knowable in advance. Moreover, during the sensemaking process of tackling the "hard problem," partial solutions may lead to new unforeseen issues [46]. Table I presents a simplified structured comparison of the different AI governance problem domains, juxtaposing the two using several characteristics. The "easy" and "hard" problems Authorized licensed use limited to the terms of the applicable license agreement with IEEE. Restrictions apply. The first characteristic, time horizon, is implicit rather than explicit in the literature. Arguably, short-and long-term concerns are involved in both problem areas. However, organizational AI governance tends to be more engaged with the present and the near future-for example, with regulatory compliance and stakeholder pressures here and now, rather than speculating what law and ethical issues could look like in the longer term. In contrast, the "hard problem" takes a longerterm view and relates to how the law should be changed, what new institutions are needed, how to ensure meaningful employment for future generations, and other longer-term concerns.

D. Comparing the "Easy" and "Hard" Problems
The conception of AI is also an implicit characteristic that goes together with the time horizon because different aspects of the broad AI phenomenon are relevant at different timeframes. In the short term, the "AI" that is governed is related to information systems with particular abilities, such as machine learning, data interpretation, and adaptation [4]. Over the longer term, governing AI means the governance of an everevolving frontier of computation that seeks to attain humanlike capabilities and, possibly, eventually surpass them [5]. From this latter perspective, it is not enough to govern what is possible today (e.g., with machine learning). To deal with the "hard problem," governance must also tackle the broader social implications of machines continuously approaching humanlike capabilities. In sum, with respect to the "easy problem," AI is conceived of as a particular set of things (information systems), while for the "hard problem," AI is a more abstract dynamic frontier.
In tandem with the time horizon and conception of AI, the "easy problem" issues tend to be about complying with current legislation and stakeholder pressures and developing the required organizational mechanisms and technical tools. In contrast, the "hard problem" pertains to large-scale societal challenges, such as the future of work as a result of automation and even existential risks related to autonomous weapons [13].
The relevant actors also show the different scopes of the problem areas. The actors for the "easy problem" contain the types of actors necessary for practically implementing AI governance. These include organizational managers and development teams, as well as oversight bodies, such as review boards, investors [48], and professional associations that help organizations. The "hard problem," in turn, is more diffuse, and its solution requires both established actors (e.g., nation-states) and proposed new actors (e.g., new institutions). Numerous actors, such as policy makers, regulators, auditors, standardization bodies such as the International Organization for Standardization (ISO) and the IEEE P7000 groups [50], professional associations, and consumers, are affected by problems and try to mitigate and manage them. In this context, researchers and EU institutions promote an ecosystem approach whereby networked actors attempt to jointly resolve the issues of responsible AI [51], [52]. In responsible AI ecosystems, actors such as auditing firms, regulators, and technology developers could contribute to the shared societal goal of responsible AI with some degree of coordination. At the time of writing, such ecosystems are in a nascent state, and the question of who should orchestrate them is unresolved; however, over time, they may prove to be a mainstay in inter-organizational and global AI governance.
The types of actors are closely linked to the types of solutions that are appropriate for the divergent problem areas. For the "easy problem," solutions operate at two levels: organizational (strategies, processes, guidelines) and technical (tools and methods). Organizational solutions include, for example, appointing an AI governance officer and drafting organizational AI strategies. In contrast, technical tools and methods include, for example, explainable machine learning tools, such as the Local Interpretable Model-agnostic Explanations (LIME) method, as well as broader machine learning pipelines [47]. In contrast, the "hard problem" requires binding regulation; global frameworks, such as human rights frameworks; and potentially new institutions, such as an "International AI Agency." Attempts at regulatory frameworks, such as the EU objective of trustworthy AI [58], and standardization efforts by the ISO and IEEE P7000 groups, are relevant at this level. The "hard problem" of AI governance is thus partly a problem of institutional design, while the "easy problem" is more about organizational or technical design.
Concerning the ethical basis of AI governance, the current approaches to the "easy problem" primarily build on deontology-that is, the obligation to adhere to principles and rules-although virtue ethics has also been promoted as a promising approach [54]. Within the domain of the "hard problem," the issues are linked to the ethics of emerging technologies [59] and similar ethical foresight analyses [60], which anticipate and assess the potential implications of new and emerging technologies and seek to influence their development. Links can also be drawn to the data justice [61], human rights [53], and technology for good [55] discourses. Both the "easy" and "hard" problems are connected to responsible research and innovation [62], which seeks to steer technological development toward socially acceptable goals.

IV. DISCUSSION AND CONCLUSION
This paper has explored the "easy" and "hard" problems of AI governance and clarified the distinction between these two problem areas using a dialectic theory synthesis of the AI governance literature. Our study naturally has some limitations. Synthesizing a heterogeneous set of literature into two problem areas requires a balance to be struck between comprehensibility and the risk of oversimplification. While we cannot do justice to the rich discussions in the AI governance literature streams, we argue that the AI governance field presently needs such broad distinctions to help position the debates and research institutions within it. In fact, it could possibly be beneficial if more nuanced terminology were developed and "AI governance" carried fewer meanings, but at present, this seems unlikely. Therefore, we consider our main contribution to be the distinction between the "easy" and "hard" problems as a sensemaking and communication device for the various scholarly and practitioner communities working on AI governance.
However, the dialectic theoretical lens allows us to go further than distinguishing between two problem domains. Thus far, we have contrasted the two problem areas as separate entities, but a dialectic approach is concerned with the interrelations and dynamics between different entities. How do the "easy" and "hard" problems of AI governance interact with each other? While this question warrants further analysis beyond the scope of this paper, we present a heuristic model of intertwining developments in the two problem areas, visualized as two loops and a further loop connecting them (Fig. 1).
The "easy" and "hard" problems of AI governance can be illustrated as two loops that depict the continuous management of organizational and societal AI governance challenges, respectively. Each loop illustrates the iterative search for solutions, which are different for the two problem domains, as Connections between the "easy" and "hard" problems of AI governance. discussed in the previous section. However, an additional loop between the two problem domains can be identified where they contribute to each other. In particular, provisional solutions to the "hard problem" provide new regulations, institutions, and refined problem definitions for organizations to deal with. In turn, the "easy problem" provides emergent solutions as organizations innovate new AI governance mechanisms that are contextually appropriate in their sectors. Over time, these governance efforts can, in the best case, lead to broader solutions that are more than the sum of their parts. For example, technical bias mitigation tools developed by technology companies, such as AI Fairness 360 [63], can contribute to making the policy goal of fairer AI more feasible. Even if this aggregation does not take place, the continuous management of the "easy problem" provides refined and more contextual problem definitions to help understand the "hard problem" from a bottom-up perspective. As both problem domains refine each other's problem definition, the broader loop between them is a dialectic development toward a more systemic understanding of AI governance, driven by both large-scale societal problems and more concrete organizational problems. New generations of AI technologies, such as generative AI in chatbots such as ChatGPT [6], necessitate this continuous loop because they introduce new ethical issues, such as the effective spreading of misinformation in the case of generative AI [64].
Solving the "hard problems" is crucial in the long run, as these are large-scale challenges threatening preferable socioeconomic development. Nevertheless, there are two key reasons why there is significant value in devoting at least equal scholarly attention to the comparatively easier ones. First, the "easy problem" can plausibly be solved for each development stage of AI and AI regulation, whereas the "hard problem" is more like an umbrella term for an ongoing process toward an ideal that may never be reached but deserves our efforts. Keeping our eyes solely on the "North Star"-that is, the "hard problem"carries the significant risk of losing track of the current concrete issues, such as biased systems and harm toward particular groups, while navigating AI development and use.
Second, understanding and resolving the "easy problem" helps identify linkages between the problem areas and thus manage the "hard problem." Each piecemeal solution that allows organizations to govern their AI systems and ensure their alignment with laws, values, and norms can create a small virtuous cycle that may ultimately solve more significant problems than was initially anticipated. Conversely, if "easy" AI governance problems are not solved satisfactorily, they may accumulate to form more complex emergent problems. For example, organizations lacking quality assurance mechanisms and offering irresponsible image manipulation products may exacerbate the problems that deepfakes pose vis-à-vis trust [41]. Indeed, portraying the two problem areas as unconnected would be irresponsible, and more work should be devoted to understanding the complex connections between them.
Thus, researchers, companies, and public organizations should take both "easy" and "hard" problems and their interconnections seriously. In other words, we advocate a more systemic approach to AI governance, and our recommendation is twofold. First, neither problem area should be neglected when companies, public organizations, investors, researchers, and funding bodies devote resources to research and practical solutions because progress in both domains is ultimately interlinked. Second, for the same reason, researchers within a particular problem domain should also position their work in relation to other AI governance domains to promote interdisciplinary dialogue. In practice, this could mean including broader implications in organizational AI governance research and, conversely, exploring concrete implementation questions in research devoted to societal AI governance. These recommendations would strengthen the mutual refinement of the problem definitions shown in Fig. 1 and, thus, potentially enable researchers and organizations to concurrently address both "easy" and "hard" problems.
More broadly, societies should not lose track of the "North Star"-that is, ensuring the long-term responsible design, development, and use of AI technologies. It would be shortsighted to focus solely on the present problem of aligning AI system use with current laws, values, and norms at the societal level. As previously mentioned, the actor and accountability networks are complex, with formal regulators, self-regulatory mechanisms, inter-organizational networks, and end users playing their distinct parts [65].
The problems of which AI actors should devote attention to which problem area and how different actors should collaborate require extensive scholarly discussion that extends beyond the scope of this paper. However, two general conclusions can be mentioned. First, a clearer understanding of current AI governance problems helps organizations and policy makers define pathways and take steps toward effective AI governance. Second, problems should be raised and tackled at an appropriate level of governance (development team, organizational, national, or transnational), depending on their complexity.