The Limits of Rules
Your company implements a new rule: "All code changes must be reviewed by two senior engineers before deployment." Intent: improve code quality. Result: deployment speed drops 80%, senior engineers spend entire days in reviews, critical bugs sit waiting for approval, and developers find workarounds—tiny incremental changes that technically comply but circumvent the intent.
The rule addressed a real problem (code quality issues), but created new ones (bottleneck, gaming, frustration). This pattern repeats everywhere rules proliferate: each problem prompts a new rule, rules accumulate without removal, complexity spirals, and people spend more time navigating rules than solving problems.
Rules promise simplicity—clear instructions for every situation, no judgment required, consistency guaranteed. But this promise fails in complex, changing environments. Rules can't cover all situations, they multiply endlessly trying, people game them, and rigid compliance often produces terrible outcomes.
Understanding when rules fail, why organizations keep creating them despite failures, and when principles or judgment serve better transforms how you design systems and govern organizations.
What Rules Promise
The Appeal of Rules
Rules offer:
| Promise | Appeal |
|---|---|
| Clarity | Explicit instructions, no ambiguity |
| Consistency | Same situation → same response |
| Scalability | Don't need high judgment for every decision |
| Accountability | Clear whether rules followed |
| Predictability | Know what to expect |
Compelling vision: Design perfect ruleset, all problems solved, just follow instructions.
When Rules Work Well
Rules are effective for:
1. Routine, repeated decisions
- Same situation recurs frequently
- Optimal response is known
- Consistency more important than customization
Example: Assembly line procedures, safety checklists, data entry protocols
2. Low-stakes situations
- Error cost is small
- Over-optimization not worth effort
Example: Office supply ordering, meeting room booking
3. Where judgment is limited
- Decision-makers lack expertise
- Training judgment is impractical
- Clear rules safer than poor judgment
Example: First-aid for untrained bystanders (clear rules better than guessing)
4. Preventing known bad outcomes
- Specific failure modes identified
- Rule prevents that failure
Example: "Never reuse passwords" (specific vulnerability addressed)
But: Most interesting, high-value decisions don't fit these criteria.
The Limits of Rules
Limit 1: Infinite Situations, Finite Rules
Problem: Possible situations are infinite. Rules are finite.
Result: Rules can't cover everything.
Attempted solution: Add more rules.
Outcome: Rules multiply exponentially.
Each new situation creates exception:
- Original rule
- Exception for situation A
- Exception to exception for situation B
- Exception for interaction of A and B
- ...
Eventually: Rulebook becomes so complex no one can follow it.
Example: Tax code
Simple start: Tax income at X%
Complications:
- What counts as income? (hundreds of definitions)
- What deductions allowed? (thousands of rules)
- Special cases? (farmers, military, disabled, etc.)
- Interactions? (deduction eligibility based on other factors)
Result: U.S. tax code ~70,000 pages, requires experts to navigate.
No one can know all rules. System breaks under its own complexity.
Limit 2: Rules Get Gamed
Goodhart's Law: When a measure becomes a target, it ceases to be a good measure.
Corollary: When a rule is enforced, people optimize for rule compliance, not underlying goal.
Gaming patterns:
| Pattern | Description | Example |
|---|---|---|
| Malicious compliance | Follow letter of rule while violating spirit | "Code review required" → Review own code immediately before merge |
| Loophole exploitation | Find technical gaps in rules | Tax avoidance schemes (legal but defeats intent) |
| Metric manipulation | Hit rule target without real improvement | "No bugs in production" → Classify bugs as "features" |
| Rule shopping | Choose which rules apply to you | Jurisdictional arbitrage, regulatory shopping |
| Minimum compliance | Do bare minimum to technically satisfy rule | "Respond within 24 hours" → Send "I got your email" (no actual help) |
Example: Hospital wait time targets (UK)
Rule: 98% of ER patients seen within 4 hours
Intent: Improve patient care timeliness
Gaming:
- Ambulances wait outside ER until 4-hour target achievable
- Patients reclassified to non-emergency categories (different targets)
- Clock stops when assessment begins, not when treatment completes
- Mobile clinics park in ER parking lot (technically not ER)
Result: Rule technically met, but patient experience and care quality sometimes worse.
Limit 3: Rules Can't Adapt to Context
Different situations require different responses.
Rules impose uniform response:
- Same rule for different contexts
- Ignores relevant differences
- Good outcome in some cases, bad in others
Example: Zero-tolerance policies in schools
Rule: Fighting results in automatic suspension, no exceptions
Intent: Clear consequence, deter violence
Problems:
- Self-defense treated same as aggression
- Victim suspended for being attacked
- No consideration of severity, context, history
Real case: Child suspended for defending against bully attack.
Rule can't distinguish contexts where judgment clearly would.
Example: Mandatory minimum sentences
Rule: Crime X → sentence of Y years minimum
Intent: Consistency, deterrence
Problems:
- Can't consider circumstances (coerced, desperate, unique factors)
- First-time minor offender gets same minimum as repeat violent offender
- Removes judicial discretion
Result: Many argue leads to unjust outcomes in specific cases.**
Limit 4: Rules Accumulate
Each problem prompts new rule.
Old rules rarely removed.
Result: Sedimentary layers of rules accumulate until system paralyzed.
Why removal is hard:
| Reason | Explanation |
|---|---|
| Loss aversion | Removing rule feels risky (what if problem returns?) |
| Constituency forms | Some people benefit from rule, resist removal |
| Blame avoidance | If problem recurs after removal, remover blamed |
| Complexity | Rules interact; removing one may break others |
Easier to add than subtract → Accumulation.
Example: Regulatory burden on businesses
Each crisis prompts new regulation:
- Financial crisis → Dodd-Frank (thousands of pages)
- Data breach → Privacy regulations
- Environmental incident → New EPA rules
Rarely removed:
- Even when obsolete
- Even when costs exceed benefits
Result: Compliance costs grow, small businesses struggle, innovation slows.
Limit 5: Rules Require Rule-Enforcers
Rules don't enforce themselves.
Require:
- Monitoring (detect violations)
- Enforcement (apply consequences)
- Adjudication (resolve disputes about what rule means)
Each layer requires resources and creates its own problems:
Monitoring problems:
- Surveillance feels oppressive
- Privacy concerns
- Monitoring systems gamed
- Cost scales with rule complexity
Enforcement problems:
- Inconsistency (some violations caught, others missed)
- Discretion in enforcement (introduces judgment anyway)
- Enforcement costs (time, money, morale)
Adjudication problems:
- Disputes about rule interpretation
- Escalation procedures needed
- Appeals processes
- Bureaucracy grows
Paradox: Rules meant to eliminate need for judgment require judgment to interpret and enforce.
Limit 6: Rules Crowd Out Judgment and Responsibility
When rules govern everything:
- People stop thinking
- Abdicate responsibility ("I was just following rules")
- Don't develop judgment (no practice)
- Moral agency atrophies
Example: Financial crisis (2008)
Risk management based on rules:
- VaR (Value at Risk) models
- Credit rating thresholds
- Regulatory capital requirements
Problem:
- Rules followed precisely
- Judgment and wisdom abandoned
- "If rating agencies say AAA, it's safe" (no independent assessment)
Result: Catastrophic failure despite rule compliance.
Rules can't substitute for judgment in complex, high-stakes situations.
When Rule-Following Becomes Harmful
Phenomenon 1: Malicious Compliance
Definition: Following rules literally to produce bad outcome, exposing absurdity of rule.
Example: r/MaliciousCompliance subreddit
Scenario: Manager says "Follow the policy exactly, no exceptions."
Employee: Follows policy literally, knowing it will create disaster.
Outcome: Policy's flaw exposed, but at cost of bad outcome.
Real example: Work-to-rule strikes
Workers follow every safety rule, procedure, regulation exactly.
Result:
- Productivity plummets
- Operations grind to halt
- Proves rules, if followed completely, are unworkable
Implication: Normal operation requires violating some rules or using judgment about when to apply them.
Phenomenon 2: Rule Paralysis
So many rules that action becomes impossible.
Symptoms:
- Every action potentially violates some rule
- People afraid to act (risk of rule violation)
- Requires hours navigating rules for simple tasks
- Innovation stops (new things don't fit existing rules)
Example: Overregulated industries
Healthcare:
- HIPAA, insurance rules, billing codes, treatment protocols
- Doctors spend more time on compliance than patients
- Defensive medicine (order unnecessary tests to avoid liability)
Result: Quality suffers, costs rise, burnout increases.
Phenomenon 3: Rules Destroy Intrinsic Motivation
When everything is rule-driven:
- Extrinsic motivation (follow rules, avoid punishment)
- Intrinsic motivation (care about outcomes) declines
Research (Deci & Ryan): External controls undermine internal drive.
Example: Teaching
Before heavy regulation:
- Teachers motivated by student learning
- Creativity in methods
- Adaptability to student needs
With test-score rules and rigid curricula:
- Teach to test
- Creativity constrained
- "Why bother if it's not measured?"
- Passion declines
Result: Unmeasured aspects of education (critical thinking, curiosity, creativity) atrophy.
The Alternative: Principles and Judgment
Principles vs. Rules
| Aspect | Rules | Principles |
|---|---|---|
| Form | Specific instructions | General guidelines |
| Flexibility | Rigid | Adaptable to context |
| Coverage | Attempt to cover all cases | Provide reasoning framework |
| Complexity | Multiply endlessly | Remain few and stable |
| Application | Mechanical | Requires judgment |
| Learning | Memorize | Understand |
Rule: "No meetings on Fridays"
Principle: "Protect focused work time"
Difference:
- Rule is rigid (even when Friday meeting would be valuable)
- Principle allows judgment (usually no Friday meetings, but important client can be accommodated)
When Principles Work Better
Principles excel when:
1. Situations vary significantly
- Context matters
- No one-size-fits-all
- Judgment required
2. Goals are clear but path varies
- Know what you're trying to achieve
- Many valid approaches
3. Dealing with complexity and change
- Environment shifts faster than rules update
- New situations arise regularly
4. Developing judgment is feasible
- People capable of learning principles
- Culture supports good judgment
- Feedback enables learning
Example: Journalism ethics
Not: Exhaustive rulebook
Instead: Core principles:
- Seek truth and report it
- Minimize harm
- Act independently
- Be accountable
Why better: Situations vary wildly (war zones, political controversy, privacy issues). Principles provide compass, judgment navigates specifics.
Building Judgment-Based Systems
Requirements:
1. Clear principles
- Few, memorable
- Articulate underlying goals
- Provide reasoning framework
2. Training and examples
- Teach principles through cases
- Discuss edge cases
- Build shared understanding
3. Feedback loops
- Judgment quality visible
- Learn from outcomes
- Improve over time
4. Accountability for outcomes
- Not just "did you follow rules?"
- "Did you achieve good outcome using sound judgment?"
5. Culture of trust
- Assume good intent
- Support reasonable judgment calls
- Don't punish every mistake
Hybrid Approaches
Rules for Foundations, Judgment for Application
Use rules for:
- Non-negotiable principles ("Don't steal," "No fraud")
- Safety-critical procedures (aviation checklists)
- Common routine cases (80% of situations)
Use judgment for:
- Novel situations
- High-stakes unique cases
- Edge cases and exceptions
Example: Ritz-Carlton
Rule: Standard service procedures for routine interactions
Principle: "We are Ladies and Gentlemen serving Ladies and Gentlemen"
Empowerment: Any employee can spend up to $2,000 to resolve guest issue, no approval needed
Result: Standard for routine, judgment for exceptional situations.
Sunset Provisions
For every new rule: Built-in expiration or review date.
Forces:
- Regular evaluation (does this rule still serve purpose?)
- Removal of obsolete rules
- Prevents indefinite accumulation
Some jurisdictions: Automatic sunset (law expires unless renewed).
Principle-Based Regulation
Instead of exhaustive rules: State desired outcomes, require entities to demonstrate they're achieving them.
Advantages:
- Flexibility in how to comply
- Adapts to changing conditions
- Encourages innovation in compliance
Challenges:
- Requires more sophisticated enforcement
- Less predictable
- Potential for inconsistent interpretation
Knowing When Rules Have Become Counterproductive
Warning Signs
1. People spend more time navigating rules than solving problems
2. Rule violations are ubiquitous
- Everyone breaks rules regularly
- Rules no longer command respect
- Selective enforcement common
3. Gaming is rampant
- Compliance in letter, not spirit
- Loopholes exploited creatively
- Focus on appearing compliant rather than achieving goals
4. Rule accretion is obvious
- Multiple contradictory rules
- No one knows all the rules
- Rules layered on rules
5. Good judgment requires violating rules
- Best outcome contradicts rules
- Have to choose between rule compliance and success
6. Innovation stops
- New approaches don't fit existing rules
- "That's not how we do things"
- Status quo calcified
Action Steps
When rules become counterproductive:
1. Rule audit
- List all rules
- For each: What problem does this solve? Still relevant?
- Eliminate obsolete/counterproductive rules
2. Consolidation
- Can multiple rules be replaced with one principle?
- Simplify where possible
3. Sunset implementation
- Add expiration dates to rules
- Force regular review
4. Training in principles and judgment
- Teach underlying reasoning
- Develop judgment capability
- Build culture of responsibility
5. Measure outcomes, not just compliance
- Did we achieve goals?
- Not just "Did we follow process?"
Conclusion: Rules Are Tools, Not Solutions
Rules are not inherently bad or good.
They're tools with:
- Appropriate uses (routine, low-stakes, safety-critical)
- Limitations (can't cover everything, get gamed, crowd out judgment)
The failure mode:
Treating rules as complete solution:
- Try to cover every situation
- Rules multiply uncontrollably
- System becomes rigid, brittle, gameable
- Judgment atrophies
- Problems grow faster than rules
The balanced approach:
Use rules for:
- Core non-negotiables
- Routine repeatable situations
- Safety-critical procedures
- When judgment capability limited
Use principles and judgment for:
- Novel situations
- High-variance contexts
- Complex decisions
- Developing expertise
Regularly:
- Review and remove obsolete rules
- Simplify where possible
- Train judgment
- Measure outcomes, not just compliance
Key insights:
- Rules can't cover everything (infinite situations, finite rules)
- Rules get gamed (Goodhart's Law applies)
- Rules can't adapt to context (uniform response, varying situations)
- Rules accumulate (easier to add than remove)
- Rules require judgment to interpret (paradox: can't eliminate judgment)
- Rules crowd out judgment (use it or lose it)
The path forward:
Instead of asking: "What rule covers this?"
Ask: "What are we trying to achieve, and how do we get there?"
Instead of: More rules
Do: Clearer principles, better judgment, culture of responsibility
Perfect rules for all situations don't exist.
Perfect judgment doesn't exist either.
The wisdom is knowing when to use each, and having the courage to remove rules when they've become the problem they were meant to solve.
References
Gawande, A. (2009). The Checklist Manifesto: How to Get Things Right. Metropolitan Books.
Taleb, N. N. (2012). Antifragile: Things That Gain from Disorder. Random House.
Scott, J. C. (1998). Seeing Like a State: How Certain Schemes to Improve the Human Condition Have Failed. Yale University Press.
Deci, E. L., & Ryan, R. M. (2000). "The 'What' and 'Why' of Goal Pursuits: Human Needs and the Self-Determination of Behavior." Psychological Inquiry, 11(4), 227–268.
Goodhart, C. (1975). "Problems of Monetary Management: The U.K. Experience." Papers in Monetary Economics (Reserve Bank of Australia).
Campbell, D. T. (1979). "Assessing the Impact of Planned Social Change." Evaluation and Program Planning, 2(1), 67–90.
Kerr, S. (1975). "On the Folly of Rewarding A, While Hoping for B." Academy of Management Journal, 18(4), 769–783.
Merton, R. K. (1940). "Bureaucratic Structure and Personality." Social Forces, 18(4), 560–568.
Sunstein, C. R. (2013). Simpler: The Future of Government. Simon & Schuster.
Pink, D. H. (2009). Drive: The Surprising Truth About What Motivates Us. Riverhead Books.
Polanyi, M. (1966). The Tacit Dimension. University of Chicago Press.
Schön, D. A. (1983). The Reflective Practitioner: How Professionals Think in Action. Basic Books.
Kohn, A. (1999). Punished by Rewards: The Trouble with Gold Stars, Incentive Plans, A's, Praise, and Other Bribes. Houghton Mifflin.
Muller, J. Z. (2018). The Tyranny of Metrics. Princeton University Press.
Ostrom, E. (1990). Governing the Commons: The Evolution of Institutions for Collective Action. Cambridge University Press.
About This Series: This article is part of a larger exploration of principles and laws. For related concepts, see [Why Principles Outlast Tactics], [What Is a Principle and Why It Matters], [First-Order vs Second-Order Effects], and [Cognitive Principles That Shape Decisions].