Online harm taxonomies and changing US technology governance

The AI era has only just begun, but the impacts have already been severe: an American teen and a Belgian man died by suicide following conversations with ChatGPT and a Chai AI chatbot. Meta AI characters exhibited racism, fabricated identities, and exploited user trust. Character.AI’s chatbots allegedly encouraged murder, and several other LLMs are thought to have encouraged suicide. 

In response, one might expect governments to double down on safety. In the United States, however, the Trump administration has taken a dramatically different approach, rescinding regulations on harms and targeting people involved in digital trust and safety efforts. The administration considers governance of these technologies to constitute its own form of harm and has undercut efforts to define their impacts and risks. 

The political economy of online harm taxonomies 

Online harm taxonomies (also known as typologies), which categorise the impacts of digital spaces and influence regulation and legal action, have evolved significantly in recent years. Platforms themselves, researchers, civil society, and government agencies such as the US National Institute for Standards and Technology (NIST) produce taxonomies to categorise harmful effects from AI platforms. While taxonomies are typically internal, public-facing community guidelines, standards, rules, and policies by companies including Meta, YouTube, TikTok, Bluesky, and X make some of this information accessible.

The ability to define online harms is itself a site of contestation. Those with institutional legitimacy or policy clout disproportionately shape taxonomies, raising questions about which harms are seen as real, whose voices are prioritised, and what interventions are imagined as possible. 

Incentives corresponding to specific stakeholder groups can inform taxonomical development, given that taxonomies can lay a foundation for subsequent regulation and legal action. As such, online harm taxonomies are neither entirely neutral nor purely technical tools. Rather, they are often political and increasingly play a powerful role in the governance of digital platforms. 

US technology platforms have become primary producers of these taxonomies. For example, companies including Microsoft, IBM, NVIDIA, and OpenAI have recently authored their own taxonomies governing AI agents. Meanwhile, the US government has its own objectives, resulting in taxonomies and policies that reflect state priorities and enforcement mandates. Recent Trump administration press statements, an AI Action Plan, and executive orders make it clear that this administration feels over-governance is, itself, an online harm, framing regulation as both a threat to innovation and national power and a form of censorship.

These taxonomies are not passive descriptions of risk. They are central instruments in technology governance that shape product prioritisation and regulatory responses. Therefore, efforts to govern powerful technologies must recognise that different stakeholders are subject to their own influences and constraints and forge taxonomies that meet their unique contexts. As we observe governance and self-governance efforts by governments and platforms, we should consider their specific incentives and resulting taxonomical constructions. 

Trade-offs and platform self-regulation

Within American platforms, incentives differ across trust and safety, security, and AI safety functions when selecting, adopting, and implementing online harm taxonomies. For example, the Community Guidelines at Meta, YouTube, TikTok, Bluesky, and X all focus overwhelmingly on content harms over contact or conduct harms, such as technology-facilitated gender-based violence or grooming for sexual abuse. Companies may employ taxonomies to advance operational objectives, strategic goals, and regulatory compliance. 

Organisational contexts influence harm prioritisation and evolve dynamically over time. These factors include structural factors such as organisational size and configuration, external pressures like regulatory regimes and political conditions, internal dynamics like executive priorities and team incentives, and strategic choices regarding specialisation versus generalisation. 

For example, Meta’s significant size and impact created conditions that fostered the creation of an independent Oversight Board to evaluate Meta’s content moderation practices. Trade-offs between internal and external pressures and stable or dynamic contexts also shape taxonomy prioritisation. In Meta’s case, changing political headwinds enabled the end of their third-party independent fact-checking program, as well as many diversity, equity, and inclusion programmes. 

Platforms tend to frame, or even omit, harms in ways that preserve corporate autonomy, and minimise regulatory scrutiny. Their taxonomies may emphasise user responsibility, technical fixes, and large scale content moderation, reflecting both business imperatives and legal risk mitigation. 

Platform-authored taxonomies tend to focus on content harms (harms caused during creating and consuming content) as opposed to contact harms (relating to online interactions) and conduct harms (which come from behaviour facilitated by technology). For example, YouTube’s Community & Ad-Friendly Guidelines emphasise openness and free expression as ‘at the heart’ of their work. Platforms would rather define online harm as disrespectful discourse than address their own roles in, for example, the social harms that can be facilitated by amplifying or deamplifying independent news media or deplatforming users. 

Further, different platforms have different priorities. A business’ unique product features can limit or shape the harms that concern them. For example, Uber’s off-platform user experiences between drivers and customers creates a risk for physical contact harm, which informs their off-service conduct policy.

As regulation-induced compliance costs can be significant, platform companies are increasingly pushing self-regulatory models. In July 2023, most leading US AI developers signed the White House Voluntary AI Commitments, prioritising commitments to safety, security, and trust. In February 2024, technology companies at the Munich Security Conference agreed to proactively prevent deceptive AI-generated content from interfering with global elections. The agreement included commitment to principles such as the ‘importance of tracking the origin of deceptive election-related content and the need to raise public awareness about the problem.’ By proactively agreeing to norms or standards governing platform behaviour, companies aim to convey competence in risk areas and protect against subsequent regulation. 

Changing US government stances

Recent changes in US federal government policy have aligned with such a model. The US government produces and interprets taxonomies to align with state priorities and enforcement mandates. Previously, the Biden Administration’s Executive Order on AI categorised harms including privacy, algorithmic discrimination, and worker protection, for executive branch adoption, while NIST’s July 2024 600-1 AI Risk Management Framework outlined a structured set of 12 risks distinctive to generative AI or heightened by its development and deployment, with suggested mitigations for companies. Other definitions have focused on disinformation, terrorism, or child protection. As in the case of tech industry taxonomies, the origins and motivations behind these shape how harms are conceptualised, prioritised, and addressed.

Since the beginning of Trump’s second term, the administration has undercut such taxonomical efforts. Through several July 2025 executive orders and the related AI Action Plan, Trump rescinded the Biden administration’s Executive Order on AI and instructed the NIST to remove ‘references to misinformation, Diversity, Equity, Inclusion, and climate change’ from its framework. Then, the Trump administration authored a December executive order preventing state-level regulations seen as hindering innovation, targeting laws from regulation-forward states like California and Colorado. 

Further, the Trump administration has used immigration policy, particularly work and travel visas, to penalise workers involved in trust and safety efforts, arguing that their ‘censorship’ poses direct harm to Americans. The State Department has imposed visa bans on foreign nationals it deems to be censoring Americans; prohibited H-1B visas for highly skilled workers involved in ‘censorship of protected expression,’ including workers addressing misinformation, disinformation, content moderation, fact-checking, compliance and online safety; and barred five European regulators and researchers from entering the US. 

Ultimately, the US federal government has made it clear that it views taxonomised efforts to mitigate online harms like child sexual abuse, terrorism, and online hate as themselves a source of harm. Meanwhile, the Trump administration’s efforts to promote innovation without guardrails have allowed real online harm to flourish.