[jowiar]

The framework for regulation of these sorts of systems will almost certainly come down to “possession of data”.

You can build/host things anywhere, but something centered around “if you generate profits in the USA, and hold the data of Americans, these requirements exist for your system” makes sense. In particular, liability needs to rest somewhere, such that someone gives enough of a shit to do things right.

A civil engineering firm could outsource the design of a bridge anywhere, but in the end, somebody’s neck is on the line if it fails.

[majewsky]

> something centered around “if you generate profits in the USA, and hold the data of Americans, these requirements exist for your system” makes sense

This is exactly the stance taken by GDPR. Most devs don't like it from what I've seen on HN. (Saying this without any judgment. I am personally very much in favor of what GDPR does.)

[frobozz]

> “if you generate profits in the USA,

This sort of thing already gets dodged by international companies who "generate profits" in countries with lower taxes and "incur costs" in countries with higher taxes.

>" and hold the data of Americans"

GDPR? System requirements is one thing, requiring a licensed engineer from multiple jurisdictions is another. Bear in mind that because software changes constantly, this has to be a senior staff position, not a one-time sign-off like it could be for a bridge.