Over the years, industrial safety regulation has shifted from a “hard” command and control regime to a “soft” regime. A “hard” regime includes the use of strict prescriptive requirements which explain how industry should solve particular issues. A “soft” regime, uses more functional requirements, pointing out what goals are to be achieved. In a “soft” regime, prescriptive standards might still exist, but they are considered suggested solutions, with alternative solutions also being considered if they achieve the overall regulatory goals. The purpose of such a shift is to create regulations that are more flexible, meaning that they are more open for the use of novel technology and for the use of risk assessments as a basis for decision making. However, it is not clear that the shift from a hard to a soft regime has made it easier to use risk assessments for such a purpose in practice. In the present article, we discuss the limitations caused by strict adherence to prescriptive requirements presented in standards or regulations and present our perspective on why and how these can limit risk management in practice. The article aims to discuss the strengths and weaknesses, with regard to risk management, when regulations are strictly dependent on prescriptive or specification‐based standards and guidelines. Several examples are used to illustrate some of the main challenges related to the use of specification‐based technical standards and how the regulatory shift from “hard” to “soft” has not necessarily made it easier to implement technological solutions based on risk assessments.