AI Policy Analyst

AI Policy Analysts are the people who figure out what society should actually do about artificial intelligence — and then do the work of making that happen inside an institution. That institution might be a hyperscaler drafting its public comment on the EU AI Act, a federal agency standing up an AI audit function, a think tank producing the research that shapes congressional staff's understanding of foundation models, or a civil society organization pushing for algorithmic impact assessment requirements. The role exists across this entire landscape, and the day-to-day varies accordingly.

At a large technology company, the work is deeply stakeholder-facing. The analyst tracks regulatory proposals across a dozen jurisdictions simultaneously, synthesizes what each one means for specific products, coordinates with lawyers and engineers to develop a defensible organizational position, and then writes the comment letter or prepares the executive for the hearing. When the EU AI Act's conformity assessment requirements intersect with how the company's general-purpose model is distributed to downstream API customers, the policy analyst is the person who maps that intersection and explains it to the product team in terms they can act on.

At a federal agency — NIST, the FTC, the Office of Science and Technology Policy, or a newly stood-up AI safety institute — the work is regulatory and standard-setting. The analyst drafts guidance documents, facilitates workshops with industry and civil society, reads and synthesizes thousands of public comments, and helps write the frameworks that become the baseline against which companies benchmark their practices. NIST's AI RMF process involved exactly this kind of sustained analytical work over multiple years.

At a think tank, the work is research-first. An analyst at the Brookings Institution, Georgetown's CSET, or the AI Now Institute spends a significant share of time producing original analysis: reviewing internal documents obtained through FOIA, analyzing regulatory filings, interviewing technical experts, and constructing empirical arguments about AI's labor market effects, national security implications, or civil rights impacts. The output is white papers, congressional testimony, and op-eds — not internal memos.

Across all settings, three capabilities define strong performance: genuine technical literacy sufficient to evaluate AI claims critically, clear writing that translates complexity without losing accuracy, and the political judgment to understand which arguments will actually move an institution. The last of these is the hardest to teach and the most valuable to develop.

Education:

• JD from an accredited law school with relevant coursework in administrative law, technology law, or intellectual property (strong path for regulatory and compliance-facing roles)
• Master's in Public Policy (MPP), Public Administration (MPA), or International Affairs with a technology policy focus (Georgetown McCourt, Harvard Kennedy School, and UCSD School of Global Policy are well-represented pipelines)
• Bachelor's or Master's in computer science, statistics, or AI/ML combined with policy work experience (increasingly competitive at technical organizations and agencies with engineering credibility requirements)
• PhD in political science, economics, or a technical field for senior research roles at think tanks and academic centers

Experience benchmarks:

• 2–5 years for analyst-level roles; backgrounds include legislative staff positions, policy fellowships (AAAS, Presidential Management Fellowship, TechCongress), or roles at regulatory agencies
• 5–10 years for senior analyst and policy manager positions; expects prior track record of published policy work, regulatory engagement, or government service
• Internships with congressional offices, federal agencies, or AI-focused NGOs are the most common early-career differentiators

Key frameworks and regulatory literacy:

• EU AI Act — prohibited practices, high-risk system classification, GPAI model obligations, and conformity assessment procedures
• NIST AI Risk Management Framework (AI RMF 1.0 and 2.0 updates)
• White House AI Executive Orders and OMB implementing guidance for federal agencies
• Sector-specific AI rules: FDA guidance on AI/ML-based Software as a Medical Device (SaMD), CFPB guidance on algorithmic credit decisions, EEOC guidance on AI hiring tools
• International governance: G7 Hiroshima AI Process, OECD AI Principles, UN AI governance discussions

Technical literacy benchmarks:

• Ability to read and critically evaluate model cards, data sheets, and system cards
• Working understanding of training data sourcing, fine-tuning, RLHF, and evaluation benchmark limitations
• Familiarity with AI safety concepts: alignment, red-teaming, capability evaluations, and catastrophic risk frameworks
• No expectation of coding proficiency, but Python fundamentals and the ability to interpret quantitative research are common differentiators

Soft skills that matter:

• Persuasive, precise writing — policy arguments that are too hedged or too technical fail in both directions
• Coalition-building across organizations with conflicting interests
• Comfort operating in ambiguity; AI policy has few settled answers and many stakeholders who claim certainty they don't possess

AI policy is one of the fastest-growing niches in the policy and governance labor market. That growth is not primarily driven by headcount expansion at established agencies — the federal government's AI-related hiring has been uneven and politically sensitive. It is driven by three overlapping forces: regulatory multiplication, corporate governance buildout, and a persistent supply shortage of people who can credibly operate in both technical and policy domains.

Regulatory multiplication: The EU AI Act entered force in 2024 and begins applying its most consequential provisions on a rolling basis through 2027. The UK is moving toward statutory AI oversight following its AI Safety Institute experiments. China has implemented generative AI regulations with real enforcement. U.S. state legislatures — Colorado, California, Texas, and others — have active AI governance legislation in various stages. Every jurisdiction that passes meaningful AI law creates demand for analysts who can interpret its requirements, map them onto specific systems, and advise on compliance strategy. Organizations operating across multiple jurisdictions need people who can manage that complexity simultaneously.

Corporate governance buildout: After years of voluntary commitments that attracted criticism for being unverifiable, major AI developers and deployers are building internal policy and governance functions with real organizational authority. Roles that didn't exist in 2020 — Head of AI Policy, Responsible AI Program Manager, AI Governance Counsel — are now standard at companies above a certain size. The Microsoft, Google, and OpenAI policy teams have all grown substantially since 2022, and mid-market companies that deploy AI in regulated sectors are hiring their first dedicated policy analysts.

Supply shortage: The candidate pool of people with both technical credibility and policy skill is genuinely small. Law schools and policy schools have added AI coursework rapidly, but the people who completed those programs are only now entering the job market in meaningful numbers. Organizations consistently report that competitive searches for senior AI policy roles take longer than equivalent searches in adjacent fields. That scarcity keeps compensation elevated and gives candidates with relevant experience real negotiating power.

Career trajectory: Entry-level analysts typically spend 3–5 years building regulatory expertise and publication track records before moving into senior analyst, manager, or director roles. Government alumni who have worked on AI-related rulemaking are particularly sought after for senior positions in industry and advocacy. The long-term career paths include VP-level policy leadership at major tech firms, partner-track work at law and consulting firms with AI practices, and senior fellow positions at policy research institutions. For people who entered the field early and built genuine expertise, the next decade looks well-compensated and consequential.

Dear Hiring Manager,

I'm applying for the AI Policy Analyst position at [Organization]. I've spent the past three years at [Agency/Organization] working on technology policy, most recently as the lead analyst on our team's engagement with the NIST AI Risk Management Framework development process — drafting our formal comments on both the initial concept paper and the 1.0 release, and representing us in two of NIST's public workshops.

That work required me to translate fairly abstract framework language into concrete questions: what does 'contextual integrity' actually require of a company deploying a hiring algorithm? Which of the measurement categories in the Map function apply when the system in question is a third-party model accessed via API rather than a proprietary build? I spent a lot of time in those two years talking to engineers and product managers who had to implement whatever our policy positions implied, which sharpened my habit of checking technical assumptions before finalizing any written position.

On the EU AI Act side, I've tracked the legislative process since the Commission's 2021 proposal and spent the past year analyzing how the GPAI model provisions interact with the downstream deployer obligations — a question that isn't fully settled in the text and that matters significantly for organizations in the API distribution chain. I have a draft analysis of that interaction that I'm happy to share as a writing sample.

I'm looking for a role where policy positions connect directly to product and legal decisions rather than staying purely external-facing. [Organization]'s scale of AI deployment and the cross-functional nature of this role look like exactly that environment.

Thank you for your consideration.

[Your Name]