The literature pertinent to regulation presents disparate views of the role of human agency in regulatory compliance. Some authors assume regulators' and regulatees' capacity for agency to be self-evident; others show that human agency may be constrained and as a consequence tends toward sustaining the legitimacy of their respective organizations rather than achieving the risk reduction goals prescribed by the regulatory regime. Drawing on Margaret Archer's work (among others'), this article explores how the agency of regulatory actors is critical to the regulatory project yet contingent. This contingency is explored through a comparative analysis of the regulatory responses to an industrial disaster and to counterterrorism efforts at seaports and airports in the wake of the 11 September 2001 (“9/11”) terrorist attacks. This analysis found that problem solving in the pursuit of regulatory goals was most effective when there was political support for the authority of the regulators and respect for their expertise and when the risk of concern could be narrowly defined. These conditions could also reap benefits at the worksite level. However, the capacity of regulators to mobilize resources, exert authority, and transform constraints into opportunities in order to reduce risk could be limited. Tight political control, limited knowledge of the environment to be regulated, and a potentially limitless exposure to risk meant that while agency could still be expressed, it was aimed at goals that included shoring up political legitimacy, enhancing personal authority, and allaying public concern.