From Aviation to Law: Engineering in Regulated Industries
Everyone builds AI for consumer apps. The real challenges and opportunities are in industries where mistakes have consequences: aviation, legal, healthcare.
The most interesting engineering problems I've ever worked on weren't in Silicon Valley. They were in a flight school classroom, an attorney's office, and a hospital's scheduling system.
I've spent over a decade building technology for regulated industries: aviation first, then legal, then healthcare. Every time, the same pattern repeats. The problems are harder, the constraints are tighter, the competition is thinner, and the impact is more tangible than anything I've seen in consumer tech.
This article is about why I keep choosing regulated industries, and why I think more engineers should.
The Attraction of Easy Problems
The tech industry has a gravity problem. It pulls talent toward easy problems.
Easy doesn't mean simple. Building a social media algorithm is genuinely complex. But the consequences of failure are low. If Instagram's recommendation engine shows you a bad post, you scroll past it. If TikTok's algorithm misjudges your interests, you close the app and come back tomorrow.
The engineering challenge is real, but the stakes are artificial. Nobody gets hurt when the engagement metric dips.
Regulated industries are different. When Aviation Infinity's AI teaches a wrong answer about stall recovery, a pilot might carry that error into a cockpit. When LegalAgento's system generates a contract with a missing clause, a client might lose a dispute. When MedAgento's scheduling system double-books a surgical suite, a procedure gets delayed.
The stakes constrain the engineering. And those constraints produce better engineers and better products.
Why Constraints Make Better Products
Most engineers see constraints as obstacles. In regulated industries, I've learned to see them as design guides.
Accuracy constraints force better architecture. When your system can't hallucinate, you can't just call an LLM and serve the output. You need retrieval-augmented generation grounded in verified sources. You need validation pipelines. You need human review loops. You need confidence scoring. The architecture that emerges is stronger than anything you'd build for a consumer chatbot.
Compliance constraints force better data models. When you need to track which attorney is licensed in which jurisdiction, which aviation authority governs which airspace, or which drug interactions are contraindicated for which conditions, your data model has to be precise. Sloppy schemas don't survive in regulated environments. The precision required produces systems that are more maintainable and more extensible than their consumer equivalents.
Audit constraints force better logging. Regulated industries require audit trails. Who accessed what, when, and why. This forces you to build observability into the system from day one, not as an afterthought, but as a core feature. The result is systems that are easier to debug, easier to improve, and easier to trust.
Privacy constraints force better security. HIPAA in healthcare. Attorney-client privilege in legal. Passenger data protection in aviation. These aren't optional checkboxes. They're structural requirements that force security into the architecture rather than bolting it on later.
Every one of these constraints makes the engineering harder. Every one of them makes the product better.
The Pattern Across Industries
I've now built for three regulated industries. The technical challenges are different, but the structural pattern is identical.
Aviation: 33 regulatory frameworks, each with its own syllabus, exam format, and compliance requirements. The AI needs to know which authority it's operating under and validate content accordingly. Getting it wrong means a pilot studies the wrong material.
Legal: 50 state bar associations, each with its own rules about limited-scope representation, trust account compliance, and unauthorized practice of law. The AI needs to know which jurisdiction governs the case and what the attorney can and can't delegate. Getting it wrong means a bar complaint or malpractice claim.
Healthcare: HIPAA compliance, state licensing requirements, drug interaction databases, insurance billing codes, and clinical workflow standards. The AI needs to handle patient data with proper access controls and generate recommendations that are medically sound. Getting it wrong means patient harm.
Three industries. Three completely different domains. One shared engineering principle: the system must know its boundaries and operate within them.
In consumer tech, you push boundaries. In regulated tech, you define boundaries and enforce them. That's a fundamentally different engineering discipline, and it's one that most engineers never develop because they never work in environments that require it.
The Domain Knowledge Advantage
Here's something that rarely gets discussed in tech: the most valuable skill in regulated industries isn't engineering. It's domain knowledge.
I can build for aviation because I'm a commercial pilot. I've taken the exams. I've sat in the cockpit. I know what information a pilot needs at which phase of flight, because I've needed that information myself.
I can build for legal because I've spent two years studying the access to justice crisis, understanding bar rules across multiple jurisdictions, and learning how solo practitioners actually run their practices.
Domain knowledge does three things that pure engineering skill can't:
It tells you what to build. Engineers without domain knowledge build features. Engineers with domain knowledge build solutions. The difference is whether you're optimizing for technical elegance or for the user's actual workflow.
It tells you what not to build. In aviation, I know which features are safety-critical and which are nice-to-have. In legal, I know where the unauthorized practice of law boundary sits. Without domain knowledge, you build blindly and hope compliance catches the mistakes before users do.
It builds trust with users. Professionals in regulated industries are skeptical of technology vendors who don't understand their world. When a flight school owner learns I'm a pilot, the conversation changes. When an attorney learns I understand trust account rules, they take the product seriously. Domain credibility is the fastest path to adoption.
This is why most tech companies fail in regulated industries. They send engineers who've never been inside a cockpit, a courtroom, or a clinic. The engineers build technically impressive products that don't match how professionals actually work.
The Business Case
Regulated industries aren't just harder. They're better businesses.
Less competition. Most startups look at compliance requirements and choose an easier market. The ones that stay have the space to build without a dozen funded competitors copying every feature.
Higher switching costs. When a flight school adopts your platform, they've verified your content against their authority's requirements. They've trained their instructors on your system. They've integrated your tools into their curriculum. Switching costs are enormous, not because of lock-in tricks, but because of genuine integration depth.
More predictable revenue. Regulated professionals have recurring needs. Pilots study for 12-24 months. Attorneys need practice management tools indefinitely. Doctors use clinical systems every day. The revenue models are naturally subscription-based with low churn.
Stronger word of mouth. Professional communities are tight. Pilots talk to pilots. Attorneys talk to attorneys. A recommendation from a trusted colleague carries more weight than any marketing campaign. If your product works, the community does the distribution for you.
Real moats. In consumer tech, moats are ephemeral: a better algorithm, a bigger dataset, a network effect that can be replicated. In regulated tech, moats are structural: compliance infrastructure, domain expertise, institutional trust, regulatory relationships. These take years to build and can't be copied overnight.
Why Engineers Should Care
If you're an engineer choosing where to focus your career, regulated industries offer something consumer tech doesn't: meaning that's hard to fake.
When a student tells me they passed their ATPL exam using Aviation Infinity and they're now flying for an airline, that's a tangible outcome. When a single mother gets an attorney to review her lease for $75 instead of $500, that's access to justice. When a doctor's scheduling system prevents a double-booking, that's a patient who gets care on time.
Consumer tech offers scale. Regulated tech offers impact. Both are valid. But if you want to build things where correctness matters and users' lives are materially affected, regulated industries are where you should be.
The problems are harder. The constraints are tighter. The engineering is better. And when you get it right, you know it actually mattered.
How to Get Started
If you're considering building for a regulated industry, here's what I'd tell my younger self:
Pick an industry where you have a personal connection. You don't need to be an expert, but you need a genuine reason to care. Mine was aviation, because I was a pilot. Yours might be healthcare because of a family experience, or legal because you witnessed the access to justice gap firsthand.
Spend months learning before writing code. Read the regulations. Talk to practitioners. Shadow professionals. Understand the workflow. The code is the easy part. Understanding the domain is the hard part.
Find your first user before you build your first feature. In regulated industries, that first user is usually a professional who's frustrated with existing tools. They'll tell you exactly what they need, and more importantly, what compliance constraints you haven't thought of.
Expect a longer timeline. Consumer products can find product-market fit in weeks. Regulated products take months to years, because trust takes time to build. Aviation Infinity took three years to reach meaningful scale. Budget accordingly.
Build compliance in from the start. Don't plan to "add compliance later." It's like planning to "add security later." By the time you get to it, the architecture doesn't support it and you have to rebuild.
The regulated path is slower. It's harder. It's less glamorous than building the next social app. But the products last longer, the moats run deeper, and the impact is real.
I've been on this path for eighteen years. I'm not going back.
Enjoyed this article?
I write about building products, AI, aviation, and the journey of entrepreneurship. Follow along for more.
Keep reading
Getting Started with Allem SDK: React Hooks for AI, Forms & Auth
Allem SDK is a collection of React hooks for AI chat, form validation, authentication, analytics, and utilities. Here is how to install and use it.
Getting Started with Allem UI: React & React Native Components
Allem UI is an accessible component library for React and React Native with 44+ components, dark mode, and Tailwind CSS v4. Here is how to install and use it.
LegalAgento: AI-Powered Unbundled Legal Services Marketplace
80% of Americans with civil legal problems can't afford an attorney. Unbundled legal services is the solution the industry ignored. We built the AI marketplace.