Complex industries such as petroleum production, civil aviation, and nuclear power produce “public risks” that are widely distributed and temporally remote, and thus tend to be ignored by the risk producers. Regulation is perhaps the most common policy tool for governing such risks, but requires expert knowledge that often resides solely within the industries. Hence, many scholars and policymakers raise concerns about “regulatory capture,” wherein regulation serves private interests rather than the public good. This paper argues that regulatory capture framing has tended to limit understanding of expertise and its role in governing public risks. Most studies of regulatory capture treat expertise as a source of knowledge and skills that are created exogenously to political processes, and which can therefore be politically neutral. By contrast, we draw on work in science and technology studies that highlight the value‐laden and relational nature of knowledge and expertise, showing how its formation is endogenous to political processes. Thus, we argue for both broadening analyses of regulatory capture to consider the historically contingent and uncertain process of creating expert knowledge, and going beyond the capture framing by considering the challenge of negotiating different epistemologies and ways of life. We illustrate this analytic strategy by examining the history of and current debate about critical infrastructure protection standards to protect the United States electric power grid from cyberattack. We conclude by considering the broader implications of these findings for governing public risks.