If your moat is built on “users can’t leave,” if you value switching costs in downstream apps, or if you’re judging how high-risk a scenario agents can actually deploy into — here’s why regulation isn’t a fuzzy blob of “policy risk” but three independent variables, each repricing a different layer.

Physics sets how deep upstream scarcity runs, politics sets who’s eligible to own it, law sets the boundary of downstream lock-in — how deep it locks, how long it lasts. Law can build the lock-in wall higher, or knock it flat with a single decree. It’s the boundary-drawer of the downstream moat: the same moat is impregnable under one legal regime, useless under another. So don’t treat regulation as a fuzzy policy risk — split it into three variables and track each.

Variable 1 · Copyright: Turning Free Fuel Into Priced Fuel

The first fortune of the large-model era rested on a legal gray zone: public internet content treated as free training fuel, scrape-and-use. That era is ending — rights-holders are waking up, case law is accumulating, licensing deals are forming.

But see clearly what it reprices. For public training data, copyright raises cost, not moat. This echoes an old judgment: public training data was never a moat (a mine anyone can enter); making it copyrighted just installs a tollbooth at the entrance. The effects: industry-wide training cost shifts up systematically (favoring incumbents who can afford licenses, hurting small players relying on free scraping); it favors two substitutes — synthetic data (routing around copyright) and proprietary data loops (which never depended on public data). But it doesn’t change the direction of the profit structure — the model layer commoditizes as before, just with pricier fuel.

Variable 2 · Liability: The Legal Gate on Where Agents Can Deploy

The second mechanism matters far more than copyright. Selling outcomes means owning the wrong ones (the reliability tax); enterprises won’t hand irreversible decisions to a 95%-correct agent (the trust cost). Behind both sits an unsettled legal question: when an autonomous agent causes harm — a wrong contract, a wrong diagnosis, a wrong trade executed — who is liable? The model company? The enterprise deploying it? Or no one?

That answer directly sets how high-risk a scenario an agent can deploy into:

• Liability unclear, the agent is trapped in low-risk zones: no one dares deploy a liability-ambiguous agent where “wrong means big payouts or criminal exposure.” The ceiling is held down by law.
• Liability framework matures, high-value scenarios open: once law clearly draws “who is liable for an agent’s actions under what conditions” (via insurance, compliance standards, or case law), high-value scenarios like healthcare, finance, and legal execution can open to agents — TAM widened by the legal gate.

So the maturity of liability law is the legal gate on application-layer agent TAM. Valuing an agent app means looking not just at technical reliability but at whether liability law in its scenario is clear.

Variable 3 · Mandated Interoperability: The Number-One Killer of Distribution Rent

The third mechanism is the heaviest piece of the book’s falsifier. The core of the downstream moat is switching cost — you can’t leave the product that holds three years of context and is embedded in your process. But switching cost has one fatal fragility: it can be erased by law with a stroke.

Regulators have a tool called mandated interoperability and data portability: law can require platforms to open interfaces, require user data and context to migrate to a competitor in one click, require agents to interoperate. This tool has precedent elsewhere — number portability voided telecom lock-in, open banking made account data portable, the EU’s Digital Markets Act imposed interoperability on “gatekeeper” platforms. Apply the same logic to AI downstream:

Mandated interoperability is to distribution rent what open source is to model capability. Open source spent a decade knocking model capability from rentable scarcity to a public good anyone can get; mandated interoperability can, with a single regulation, knock downstream switching cost from a moat to a low wall anyone can step over — and it can take effect instantly.

But state the nature precisely: mandated interoperability necessarily lowers switching cost, but whether it “punches through” lock-in depends on the result — brand, default entry, trust, compliance liability, and network effects are residual moats beyond switching cost. So the downstream falsifier is outcome-based: after mandated interoperability lands, only if downstream retention, ARPU, and supplier take-rate visibly fall is lock-in actually falsified. Regulation always lags technology, and mandated interoperability hasn’t reached AI downstream in most jurisdictions. But it’s a switch hanging over every downstream moat, triggerable by legislation any time. A downstream player betting its entire moat on “high switching cost” has handed its fate to a variable regulation can zero out at will.

Law’s Double Edge

The same force is some downstream players’ hardest moat and others’ extinction event. The difference: is your moat built on “compliance is hard for others” (a wall law builds, in your favor), or on “users can’t leave” (a wall law can push, a risk for you)? The former is reinforced as regulation tightens; the latter collapses under mandated interoperability. This is the most important strategic distinction for downstream founders.

Three closing lines. One: split “regulation” into three independent variables and track each — copyright cost (reprices training), liability clarity (reprices agent TAM), mandated interoperability (reprices the life-or-death of downstream lock-in). Two: combine mandated interoperability with the tech side’s agent portability into one gauge, and watch it as the downstream-end falsifier of the book’s spine — together with the upstream “power supply curve,” these are the two gauges to watch longest. Three: distinguish two downstream moat types — compliance-barrier (gains as regulation tightens) vs switching-cost (discount under interoperability risk).

Your moat — is it “compliance is hard for others,” or “users can’t leave”? Suppose mandated interoperability lands tomorrow — what’s left? Comments open.

Sources (framework argument, June 2026): mandated-interoperability precedents (number portability, open banking, the EU DMA’s gatekeeper interoperability requirements; qualitative references, reporting/public record); reliability tax, trust cost, data loop carried over from Chapters 9, 11, 7.

— From Chapter 14 of a book in progress, working title The Deflation Sandwich

#AI #Regulation #DeflationSandwich