Om
back

AI Policy Making Is a Real Career Now, and It Is One of the Best Bets You Can Make Right Now

Om
Share
Table of Contents

On this page

I want to talk about something that does not get nearly enough attention when people discuss AI careers. Everyone focuses on building models, fine-tuning them, or writing prompts. Very few people are talking about the work that happens before any of that ships to users, which is deciding how the model should behave, what it should refuse, what values it should hold, and who gets to make those decisions. That work is called AI policy making, and it is becoming one of the most important and frankly underserved areas in the entire field.

This is not a theoretical observation. Companies like Anthropic are publishing full constitutions for their AI models. Consulting firms like Deloitte, McKinsey, Accenture, and KPMG are restructuring entire teams around AI governance. And the number of open roles in trust, safety, and AI governance is rising fast, while the supply of people who actually know how to do this work is still very thin. That gap is where the opportunity lives.

Let me walk through everything I have been researching on this, from what the job actually involves, to what skills you need, to where you can actually learn them.

What AI Policy Making Actually Is

At its core, AI policy making is about defining the rules of engagement for an AI model. It answers questions like: what should this model never say? How should it prioritize helpfulness against safety when those two things conflict? What happens when a user asks something that is legal in one country and illegal in another? These are not engineering questions. They are policy questions, and they require a completely different kind of thinking.

The people doing this work are not just writing bullet point lists of prohibited topics. They are building frameworks that have to hold up across millions of interactions, edge cases the model has never seen before, and adversarial users actively trying to find loopholes. It is closer to writing law than writing code, except the law has to be interpretable by a language model and consistent enough that the model can generalize it to new situations.

This is also why it is hard. Most policy documents fail because they are either too rigid, which makes the model unhelpful and annoying in normal cases, or too vague, which means the model cannot actually follow them reliably. Getting that balance right is genuinely difficult work.

What Anthropic Is Doing and Why It Matters

Anthropic is the clearest example of how seriously this work is being taken at the frontier of AI development. In January 2026, they published a full public constitution for Claude, their AI model. This is not an internal document. They put it out for everyone to read, which is itself a policy decision, because transparency is part of how they think the industry should operate.

What makes Claude's constitution interesting is that it does not just tell the model what to do. It explains why, so the model can reason about new situations it was not explicitly trained on. The document establishes a priority order across four properties: the model should first be broadly safe, meaning it should support human oversight of AI systems; then broadly ethical, meaning it should be honest and avoid causing harm; then compliant with Anthropic's specific guidelines; and finally, genuinely helpful to users and operators. If those properties ever conflict, the model is supposed to resolve the conflict in that order.

Anthropic also has something called the Responsible Scaling Policy, which takes inspiration from biosafety levels in laboratory settings. The idea is that as a model becomes more capable, the safety measures around it should scale proportionally. They define AI Safety Levels, and each level has specific requirements for what safeguards have to be in place before the model can be deployed or further developed. This is exactly the kind of structured, systematic thinking that AI policy making requires at scale.

Why Consulting Firms Are Hiring Hard for This

The Big Four consulting firms, which are Deloitte, KPMG, PwC, and EY, along with firms like Accenture and McKinsey, are all building out AI governance practices. This is a direct consequence of regulation. The EU AI Act is now in force. India is developing its own AI governance framework. The NIST AI Risk Management Framework is being adopted broadly across the United States. Every company that uses AI in a meaningful way now has compliance obligations, and most of them do not have internal people who understand what those obligations actually mean in practice.

Deloitte made a significant structural move in early 2026 by scrapping traditional job titles across their entire US workforce of around 181,500 people. The reason was exactly this: the old role structures did not match the new skills that clients are demanding. AI governance is one of the core skills that replaced those old hierarchies.

The roles being created fall into a few distinct tracks. AI Policy Analysts research legislation and help clients understand what compliance actually requires. AI Risk Managers identify where AI deployments could fail and build mitigation plans. Responsible AI Consultants embed ethical AI practices directly into product and engineering pipelines. AI Auditors independently test models and produce documentation that regulators and boards can rely on. Data Governance Managers focus on the data itself, making sure that what goes into AI systems is clean, consented, and legally permissible.

The most valuable profile across all of these is what I would call the translator. This is someone who can sit in a room with an engineering team, understand what the model is actually doing technically, walk into a board meeting an hour later, and explain the risk implications in plain language. That person is rare, and every major firm is looking for them.

What Skills You Actually Need

I want to be direct here because a lot of writing about this topic is vague. Here is what actually matters, broken into honest categories.

The first category is regulatory and legal knowledge. You need to understand the EU AI Act well enough to explain which risk tier a given AI system falls into and what obligations that creates. You need to understand the NIST AI RMF well enough to conduct a real risk assessment. You need to know ISO 42001, which is the international standard for AI management systems. If you are in India, you need to follow the development of the Personal Data Protection framework and how it intersects with AI data practices. None of this requires a law degree, but it requires genuine engagement with the actual documents, not summaries of summaries.

The second category is technical fluency. You do not need to write production code, but you need to understand how models are trained, why bias enters a model and at what stage, what explainability means and why it is hard, and what the difference is between a model that is retrieval-augmented versus one that is purely generative. As AI systems move toward agentic architectures where models are making multi-step decisions autonomously, you also need to understand the governance challenges that creates. A model making a single decision in response to a user prompt is a very different governance problem than a model autonomously browsing the web, writing code, and executing tasks on someone's behalf.

The third category is policy writing and analysis. This is a practical skill. Can you write a clear, well-structured policy brief? Can you analyze a proposed regulation and explain its second-order effects on a business? Can you model a failure scenario and trace the downstream harm? These are skills you build by doing them, not by reading about them.

The fourth category is communication. This is where most technically strong people fall short. Being able to write a technically accurate risk assessment is not enough if the people who need to act on it cannot understand it. Being able to persuade a product team to slow down a launch because of a governance gap requires both credibility and communication skill. This is the part of the job that no certification teaches you directly.

Certifications That Are Actually Worth It

There are a few credentials that are being recognized in real hiring decisions right now. The AI Governance Professional certification, abbreviated AIGP and issued by the AI Governance Institute, is the broadest and most generally applicable one for policy and compliance roles. ISACA launched the AAIA, which stands for Advance in AI Audit, in May 2025, and it is directly relevant for anyone targeting auditor or assurance roles. The CIPP/E or CIPP/US credentials from the IAPP are valuable for roles that sit at the intersection of data privacy and AI compliance, since most AI governance work involves significant data handling questions. For senior roles, the Harvard and MIT programs in AI ethics and governance carry institutional credibility that is useful when advising boards or government bodies.

The honest framing here is that certifications open doors but they do not make you good at the job. The people who are genuinely effective in this field have done the work of reading actual policy documents, working through real compliance scenarios, and engaging with the technical teams they need to govern. Credentials signal intent and baseline knowledge. Depth comes from practice.

Where to Learn on Coursera Right Now

For anyone who wants a structured starting point, Coursera has some genuinely useful courses in this space right now.

The best starting point is probably the Generative AI: Governance, Policy, and Emerging Regulation course from the University of Michigan. It covers the actual regulatory landscape across the US, EU, and G7 countries and teaches stakeholder mapping and cost-benefit analysis in the context of real AI systems. It is broad enough to give you a useful map of the space.

After that, AI Policy Essentials is a focused course on policy design, risk, and governance that is specifically aimed at people who want to work in public or organizational policy roles. It pairs well with the Michigan course because it goes deeper on the policy design process itself.

For risk management specifically, the AI Model Risk Management course on Coursera is one of the more technically rigorous options. It covers regulatory frameworks like SR 11-7 and Basel Principles alongside the EU AI Act, and the course project involves drafting a real model-risk control framework. If you want to work in auditing or assurance, this is the right course to prioritize.

The Strategic AI Governance Specialization is a nine-course program that covers the entire AI lifecycle from responsible design through deployment monitoring and enterprise documentation. It is the most comprehensive option available on the platform and the right choice if you are serious about making this a primary career track rather than a secondary skill.

Finally, there is a newer course called Ethical Governance and Risk in Agentic AI that I think is underappreciated. As AI systems become more autonomous in 2026 and beyond, the governance challenges change significantly. This course addresses those directly, covering AI autonomy levels, adaptive compliance strategies, and how to build governance frameworks that scale with agentic systems. It is probably the most forward-looking course available on the platform right now.

The Bigger Picture

I want to end with the thing that I think is most important to understand about this space. AI policy making is not a temporary compliance exercise that companies will eventually automate away. It is the ongoing, contested, socially embedded work of deciding what values AI systems should hold and how they should behave in the world. That work will get more complex, not less, as models become more capable and more autonomous.

The reason Anthropic publishes its constitution publicly, the reason the EU spent years drafting the AI Act, the reason consulting firms are restructuring entire practices around this, is that everyone involved understands that the decisions being made right now will shape how AI develops for a long time. The people who understand both the technical reality of what these systems can do and the policy frameworks that govern them are going to be in very high demand, and that demand is only going to grow.

If you have a background in law, philosophy, public policy, or social sciences, this is a genuine path into a field that is usually inaccessible without an engineering degree. If you have a technical background, adding policy and governance depth to your skillset creates a profile that is genuinely scarce. Either way, the window to build this expertise while it is still a differentiator rather than a baseline expectation is open right now, and it is worth taking seriously.