I.
In its fiscal year 2024 disclosures (made public through an IRS Form 990 filing in late 2025), OpenAI omitted “safety” from the list of core values it had previously disclosed, a change reported by Fortune and analyzed as part of a broader pattern by Garrison Lovely in The Conversation. In February 2025, Google reversed the 2018 internal prohibition on developing AI for weapons and surveillance, a ban its own employees had forced through protest over Project Maven. In February 2026, xAI signed a deal placing Grok in classified military systems without conditions. By late February 2026, three of the four frontier labs with Pentagon contracts (OpenAI, Google DeepMind, and xAI) had accepted unrestricted military access to their models. The trajectory was consistent across companies with different founding stories, different stated values, and different investor bases: safety commitments made during periods of low competitive pressure were revised or abandoned as the stakes rose.1
Anthropic was the last to move, and the manner of its move is what matters. On February 24, 2026, the company released version 3.0 of its Responsible Scaling Policy, the framework that had made Anthropic the safety benchmark for the industry. The original RSP, published in September 2023, contained a commitment no other frontier lab had matched: if Anthropic’s models crossed a capability threshold and the company could not demonstrate that adequate safety measures were in place, it would pause training. The commitment was specific, public, and enforceable by the company’s own governance structure. It was what made Anthropic credibly different.
Version 3.0 removed the pause. Earlier revisions had adjusted thresholds and refined evaluation criteria within the same conditional-restraint framework; v3.0 removed the restraint mechanism entirely, shifting the policy from conditional slowdown to continuous deployment with post-hoc evaluation. The company cited three forces that made the original structure untenable. A zone of ambiguity around capability evaluations made it difficult to determine whether a threshold had been crossed, because the evaluations themselves were uncertain. The regulatory environment had become hostile to companies that voluntarily slowed themselves down. Some of the safety measures required at higher capability levels could not be implemented by one company alone; they required industry-wide coordination that did not exist. Drake Thomas, one of the researchers who helped develop v3.0, described “mourning or grief for the spirit of the original v1.0” while arguing that the original approach led to misprioritization and distorted incentives in the environment of 2026. Two weeks before the policy was published, Mrinank Sharma, Anthropic’s head of safeguards research, resigned and posted publicly that “the world is in peril.”2
The same week RSP v3.0 took effect, Defense Secretary Pete Hegseth summoned Dario Amodei to the Pentagon on Tuesday, February 24. The meeting was, according to defense officials who spoke to Axios, an ultimatum: grant the Pentagon unrestricted access to Claude by the end of the week or face cancellation of a $200 million contract, designation as a “supply chain risk,” or invocation of the 1950 Defense Production Act to compel compliance. On Thursday, February 26, Anthropic issued a public statement. Amodei wrote that the company “cannot in good conscience accede,” calling the threats “inherently contradictory: one labels us a security risk; the other labels Claude as essential to national security.” The deadline passed at 5:01 PM Eastern on Friday, February 27.3
The episode matters for what appears at the end of the RSP v3.0 document, rather than for the coercion itself or for which lines Anthropic held and dropped. In a section titled “Recommendations for Industry-Wide Safety,” the company describes what it believes government regulation should look like: an FDA-inspired regime in which developers make an affirmative case that catastrophic risks are low, subject to external review and enforcement. Holden Karnofsky, who led the v3.0 rewrite, describes these recommendations as what Anthropic thinks governments should actually put in place and enforce if sufficient political will existed. The company that dropped its own pause trigger is now publicly asking government to impose the constraint it could not sustain on its own.4
This changes the question the previous essays in the collection were asking. The earlier essays documented dimensions of the AI transition: the economic displacement of work, the asymmetry between fabrication and verification in the epistemic environment, the automation of governance, the hollowing of cognitive capacities, and the risks of intergenerational failure. Each essay described a fork between a default path and an alternative that required institutional design. The question was what the institutions would need to look like. The RSP episode answers part of that question by demonstrating what the institutions cannot be: voluntary, unilateral, or dependent on the goodwill of competitive actors in an arms race. It opens a different question. If voluntary restraint has failed its own test, and the actors closest to the technology are themselves asking for external constraint, then the task is no longer to argue that governance is necessary. The task is to say what we are governing toward.
That is the question this essay takes up. The governance architecture matters for what it enables, not only for what it prevents. A regime designed only to avert catastrophe produces a different world than a regime designed to distribute the benefits of the technology broadly, preserve the epistemic conditions of democratic life, and allow citizens to participate in the choices that shape the transition. Both regimes might avert catastrophe. Only one of them would be worth the cost of building. This essay describes what the second regime looks like, what would have to be true for it to emerge, and what currently stands in the way.
II. Where this could go
The collection has described a default path where the productivity gains of AI accrue to a narrow set of owners, the information environment degrades faster than verification infrastructure can be built, the institutions of governance are captured by the entities they are meant to constrain, the cognitive capacities on which democratic life depends are eroded by substitution, and catastrophic risks are managed through voluntary commitments that do not hold. The alternative path has to be described with at least the same concreteness.
The destination rests on a small number of structural features, each with a defensible philosophical anchor and at least one operating precedent.
It begins with citizens materially freed from necessary toil. Not freed in the sense of unemployed, and not freed in the sense of supported by charity. Freed in the sense of holding a share of the capital that generates AI’s productivity gains, and receiving a return on that share that allows participation in civic life to be a real option rather than a luxury available only to those with independent wealth. The operating precedent is the Alaska Permanent Fund, which since 1976 has paid every Alaskan a dividend from state-owned oil assets. The philosophical anchor runs from Thomas Paine’s Agrarian Justice (1797) through James Meade to contemporary proposals for social wealth funds. Matt Bruenig’s 2018 proposal for an American Solidarity Fund, and the Convergence Analysis 2025 framework “Lead, Own, Share: Sovereign Wealth Funds for Transformative AI,” give the concept concrete institutional form.5
Material freedom is insufficient without an epistemic infrastructure that makes collective reasoning possible. This requires more than content moderation. It requires a public good treated as infrastructure: verification tools funded at a scale commensurate with the fabrication capacity they must match, platforms held liable for stripping provenance metadata, and a population with the capacity to interpret verification signals. The C2PA standard, integrated in Samsung, Google, and Adobe products, is the most developed instance of the tooling; the EU AI Act’s Article 50 enforcement beginning August 2026 is the most developed instance of the legal requirement. Neither is sufficient on its own.6
An informed citizenry with material security still requires that power be accountable to the governed. Decisions about AI’s deployment are made by humans whose authority derives from and returns to the population affected. This does not require the replacement of competitive democratic politics with deliberative assemblies. It requires that competitive politics be preserved against capture by the entities AI empowers, and that the mechanisms of accountability (elections, courts, adversarial media, adversarial unions) remain operational. Danielle Allen’s Justice by Means of Democracy (2023) articulates the theoretical framework. Gillian Hadfield and Jack Clark’s “Regulatory Markets” proposal, published in final form in Jurimetrics in 2026, offers one operational mechanism.7
Accountable institutions in turn depend on cultivated human capacity. The population served by them must itself be capable of operating them: capable of evaluating AI output rather than accepting it passively, capable of the independent judgment that citizenship requires, capable of the relational and social skills that develop through direct engagement with other humans. Essays four and five of this collection documented what the substitutive pattern looks like and what the developmental alternative would require. Finland, Estonia, and Singapore are building educational frameworks along these lines. Allen’s Democratic Knowledge Project at Harvard is the US counterpart.8
Cultivated capacity must be transmitted across generations if the architecture is to outlast the generation that builds it. The next generation inherits not only the institutional architecture but the capacity to extend and revise it. This is the feature most at risk from the substitutive pattern essay five described, and the one with the weakest operational policy levers. Professional licensing bodies that resist the hollowing of apprenticeship structures, procurement standards requiring that publicly-funded AI tools be designed to preserve developmental scaffolding rather than substitute for it, and educational reform at K-16 are the available mechanisms.
Finally, the destination requires that catastrophic risk be bounded by institutions with teeth. Below certain capability thresholds, markets and liability can do the regulatory work. Above those thresholds, the risk profile is different, and voluntary frameworks have demonstrated they cannot hold. The architecture requires a layer of mandatory constraint that handles the category of risks whose materialization cannot be corrected after the fact.
The destination has antecedents in the Western tradition but is not itself a return to any of them. Athens is sometimes invoked as a precedent because it organized political life around the idea that citizens with material conditions and cultivated capacity for participation could govern themselves collectively, but Athenian citizenship rested on slavery, on the exclusion of women from politics, and on the disenfranchisement of metics, and those exclusions are disqualifying as a model. The tradition this essay draws on is a modern one. Danielle Allen’s “power-sharing liberalism” in Justice by Means of Democracy (2023) reconstructs liberal theory around full inclusion and non-domination, correcting what Allen identifies as twentieth-century liberalism’s tendency to subordinate political equality to material redistribution. Philip Pettit’s republican conception of liberty as non-domination, Amartya Sen’s and Martha Nussbaum’s capabilities approach to flourishing, and Elizabeth Anderson’s work on relational equality all sit in this lineage. What they share is a commitment to the material and political conditions for human flourishing that does not depend on a bounded citizen class. The architecture this essay describes aims at what these theorists describe in different registers: a political community whose members have the material security, the epistemic resources, the institutional accountability, and the cultivated capacity to share power and responsibility across all the domains of collective life.
Whether AI systems themselves have morally relevant interests is a live question, addressed elsewhere in contemporary work on model welfare, and the answer affects what safeguards the architecture would require. The more immediate concern about the destination is jurisdictional. The populations included in the benefits of the architecture are those who live in jurisdictions that can afford to build it, and a sovereign wealth fund distributing AI dividends to US citizens leaves the Global South outside the redistribution even as AI-generated productivity flows partly from data and labor originating there. An epistemic infrastructure funded in the EU does not serve populations in jurisdictions without comparable regulatory capacity. The risk is that a genuinely democratic political community in the included jurisdictions sits alongside a global population that has no standing within it. The architecture this essay describes operates within jurisdictions that can afford to build it. The populations outside those jurisdictions are not addressed by the material and epistemic foundations, and the essay should be honest that this is a real limit, not a solved problem.
Two live debates in contemporary political theory bear on the destination. Hélène Landemore’s Open Democracy (2020) and her subsequent work on AI-enabled deliberation argue that the scale problem of classical democracy (Athens could only function because the demos was small) is dissolved by AI tools that can synthesize mass input, support rotating mini-publics, and allow deliberation to scale. Henry Farrell and Hahrie Han’s “AI and Democratic Publics” (August 2025) responds that deliberation-focused proposals “scrub power relations from democracy,” ignoring that people participate as members of groups with durable interests rather than as individuals reasoning their way to agreement. The former position sees AI as enabling Athenian participation at modern scale; the latter sees AI as infrastructure for competitive politics among organized groups.9
The destination this essay describes does not resolve the dispute between the deliberative-sortitionist and competitive-politics traditions. It takes a synthesis position, consistent with the direction of Allen’s work and with the broader power-sharing liberal tradition she develops in Justice by Means of Democracy (2023): deliberative mini-publics are an appropriate mechanism for certain kinds of decisions (constitutional questions, long-term tradeoffs where cross-cutting perspectives are needed), while competitive politics between organized groups is the appropriate mechanism for distributional questions where interests genuinely conflict. Individual rights bound both. The essay’s claim is not hierarchical: rather than placing one form of democratic practice above the other, the destination preserves the conditions under which each can operate. This is a position the essay argues for, not a doctrine attributed to any single theorist.
The six features above are not a complete account of what a just political community requires. They are the features that AI specifically threatens and that institutional design can specifically address. Other features (civil rights protections, judicial independence, freedom of conscience, protections for minorities) matter as much and are not discussed here because they are not where AI creates new problems that existing law cannot handle. The six features selected are the ones where the collection has documented a specific AI-driven failure mode in the prior essays, and where the failure mode requires institutional response rather than doctrinal extension of existing frameworks.
III. What has to be true
Four institutional foundations would need to exist for the destination to be reachable. Each corresponds to a specific cluster of the six destination features: the material foundation addresses features one and two (material security and distribution), the epistemic foundation addresses feature three (epistemic infrastructure), the governance foundation addresses features five and six (institutional accountability and bounded catastrophic risk), and the developmental foundation addresses feature four (cultivated capacity). The chokepoint in Section IV addresses the cross-cutting requirement that the architecture must function even when other jurisdictions defect. The four foundations are not presented as exhaustive of everything a just political community would require; they are presented as the minimum set necessary to secure the destination features against the specific failure modes AI introduces. Each foundation can be described with enough specificity to evaluate. Each has a defensible theoretical anchor, at least one operating precedent or credible implementation pathway, a named actor capable of building it, and an honest accounting of what happens when other jurisdictions decline to cooperate. None is utopian; each is being attempted somewhere. The deficit is in scale, coordination, and durability.
III.1 Material foundation
The first foundation addresses the distributional question: who captures the productivity gains of AI, and how does the distribution reach the population whose labor and whose data made those gains possible. The question has two parts because the answer has two parts.
The distributive mechanism is public equity. A sovereign wealth fund, funded through a combination of equity stakes in frontier labs, a tax on compute deployment, and public investment in foundational AI infrastructure, distributes returns to the population as a universal basic dividend. The model is Alaska’s Permanent Fund, which since 1976 has paid every Alaska resident an annual share of the state’s oil wealth. Matt Bruenig’s 2018 proposal for an American Solidarity Fund scales the model to federal level, with every citizen holding one non-transferable ownership share and receiving an annual dividend from fund earnings. The Convergence Analysis 2025 framework applies the model specifically to frontier AI, identifying minority equity positions as the most feasible lever and distinguishing savings, strategic, and stabilization functions. Tom Steyer’s 2026 California proposal for a Golden State Sovereign Wealth Fund, drawing on an idea Anthropic CEO Dario Amodei had proposed in 2025, would fund the vehicle through a token tax on corporate AI use.10
The mechanism addresses the concentration problem documented in the first essay: left to the market, AI’s productivity gains flow to owners of the systems and to workers with complementary skills, while displacing workers whose tasks the systems perform. A sovereign wealth fund with universal ownership reverses the concentration by making every citizen a capital-holder in the technology that is absorbing their labor. The Alaska precedent demonstrates that the model can survive political turnover (the fund has paid dividends through every administration since 1982), remain insulated from raids on principal (Alaska’s constitutional protection), and generate durable public support (the dividend is among the most popular programs in state history). Norway’s Government Pension Fund Global demonstrates that the model scales to hundreds of billions in assets while maintaining passive-investor discipline and transparent governance.
The distributive mechanism alone is insufficient. Pure redistribution treats the symptoms of a concentration problem without addressing the direction of technological change that produces the concentration in the first place. Daron Acemoglu and Simon Johnson’s Power and Progress (2023) makes the argument: the path of technological development is a choice, influenced by relative prices, tax policy, and research subsidies. The choice to build AI that substitutes for human labor rather than complements it is produced by institutional arrangements, particularly tax structures that subsidize capital over labor and procurement practices that reward automation over augmentation.11
The second mechanism is directional. Acemoglu and Johnson’s framework identifies a set of levers that shape the direction of AI development: tax policy that alters the relative cost of labor and capital, research funding that prioritizes augmentation-oriented work, procurement standards that reward labor-complementing deployments. Not all of these levers are equally tractable. Restructuring the tax system to shift the relative burden from payroll to capital is a major political undertaking that exceeds what can realistically be accomplished within the window the architecture requires. The more tractable subset, which the material foundation should commit to, has three components. Federal procurement of AI tools for publicly-funded domains (education, healthcare, social services, public administration) can require that the tools meet augmentation-oriented specifications rather than substitution-oriented ones. Research funding through the National Science Foundation, the National Institutes of Health, and the Department of Energy can prioritize research agendas that develop AI as complement to human judgment rather than as replacement for it. Targeted labor-side subsidies, of the Earned Income Tax Credit family, can make labor cheaper at the margin in precisely the domains where AI substitution pressure is highest. These three instruments do not require the political majorities that tax-code restructuring would demand. They operate through executive-branch procurement authority, existing research-funding appropriations, and modest expansions of existing credits. Each has precedent; none is speculative.
The operationalization difficulty is real. Distinguishing labor-complementing from labor-substituting AI at a policy-relevant level of specificity is contested in the research literature, and the same model can function in both modes depending on deployment context. The response is that procurement standards do not need a clean theoretical distinction to function; they need administrable criteria. A procurement rule that AI tools in publicly-funded education must preserve teacher-student interaction time, or that AI tools in social services must support rather than replace caseworker judgment, produces behavior changes in the commercial market even if the underlying theoretical distinction remains contested. The mechanism works through incomplete but actionable specification, not through a resolved philosophical account. A further objection holds that commercial labs will not bifurcate their research agendas for a relatively small government procurement market when the global enterprise market is substantially larger. The response is that government procurement functions as a lead market in technology domains where integration and trust costs are high: once a vendor has built an augmentation-oriented product line to meet government specifications, the marginal cost of offering the same product to commercial buyers concerned about adoption risk, professional-liability exposure, or user-capability degradation is low. The Defense Department’s historical role in shaping the semiconductor, networking, and encryption industries provides the precedent; the mechanism is less about market share than about de-risking architectural choices that commercial buyers would otherwise treat as unproven.
The question of what happens when other countries decline to cooperate has a partial answer for the material foundation. Both mechanisms operate within a jurisdiction; neither requires international cooperation to function domestically. A US sovereign wealth fund in AI does not depend on China to hold. An EU labor-complementing R&D subsidy does not depend on India to sign. The limits of the mechanism are that a country that declines to redistribute captures short-term competitive advantage, and a country that declines to redirect produces AI cheaper than one that does. These are real costs of domestic action, but they are borne primarily by the country that acts (through lower domestic returns to AI capital), not by the actors the action is meant to protect. The foundation is feasible unilaterally, with competitive costs that are survivable.
The end state is a population that holds a stake in the technology absorbing its labor, receives returns from that stake that underwrite the material conditions for civic participation, and lives in an economy where AI’s development direction is shaped by institutional incentives rather than by the narrower goals of companies whose business models depend on labor substitution. The residual risks are governance (any large public fund can be captured or politicized, which is why Alaska’s constitutional protection and Norway’s passive-investor discipline are load-bearing design features) and sufficiency (whether the scale of dividend is large enough to actually buy time for participation rather than merely supplement wages).
Tyler Cowen and market-liberal critics raise the knowledge objection: concentrating capital under political control produces worse allocations than markets do, and the productivity costs compound over time. The response is that the AI case is specifically different from the general case. The productivity gains are being produced by systems whose training data came from a public commons without compensation, whose capabilities impose externalized harms on populations that had no voice in the deployment decisions, and whose owners are a narrow set of investors whose competitive pressures drive precisely the substitutive direction Acemoglu describes. Even accepting Cowen’s general argument about market efficiency, the AI case involves enough negative externalities and enough public inputs that the default distribution cannot be treated as a natural market outcome; it reflects the market’s distribution conditional on structural features (data commons, externalized harms, concentrated ownership) that the institutional architecture can legitimately alter.
III.2 Epistemic foundation
The second foundation addresses the asymmetry documented in the collection’s second essay: the cost of fabricating synthetic content has collapsed while the cost of verifying content has risen, producing an environment in which shared reasoning becomes progressively more difficult. The mechanism is architected verification infrastructure funded as a public good, with three components.
The first component is provenance at point of creation. Cryptographically-signed content credentials are attached to digital content when it is produced, by cameras and by AI systems, using the C2PA standard developed by a 300-member coalition including Adobe, Microsoft, Intel, Samsung, Google, and major news organizations. The standard is mature: v2.2 was released in May 2025, Samsung’s Galaxy S25 and Google’s Pixel 10 sign images at capture, and Adobe Firefly and OpenAI’s DALL-E 3 embed credentials automatically. The EU AI Act’s Article 50 enforcement, effective August 2026, requires machine-readable disclosure on AI-generated content. The first component already exists in operational form.12
The second component addresses the metadata-stripping problem that the first component does not solve. C2PA manifests are typically embedded in the asset itself, and any re-compression, format conversion, or platform re-hosting that discards metadata breaks the provenance chain. This is not a marginal failure mode. RAND’s June 2025 assessment concluded that “the success of C2PA depends on end-to-end compliance by all elements of the ecosystem, but in an open ecosystem this is unrealistic.” Uploading a credentialed image to a social media platform that re-compresses it produces an unverifiable copy. A screenshot does the same. The Durable Content Credentials extension, which combines the cryptographic manifest with invisible watermarks and content fingerprints, addresses the problem technically: when metadata is stripped, the watermark allows the stripped manifest to be retrieved from a cloud repository, and the fingerprint confirms the match. But the technical fix only functions if platforms preserve the watermark through their processing pipelines, and platforms have financial incentives to prioritize engagement and bandwidth economy over verification fidelity.13
The mechanism that closes the gap is platform liability. Platforms that strip or fail to preserve provenance metadata are held liable for the downstream consequences when synthetic content originating on their infrastructure causes provable harm (fraud, defamation, election interference). The liability rule does not prevent synthetic content from existing; it ensures that the infrastructure that carries it has a financial incentive to maintain the verification chain. The legal design questions (how is harm established, how is causation traced, what is the standard of care) are not trivial, but they are familiar. Platform liability for hosted content is a well-developed area of law, and the specific application to provenance fidelity would extend existing frameworks rather than invent new ones.
The third component is verification capacity at scale. The tooling that lets journalists, courts, election officials, and ordinary citizens verify content provenance must be available as a public good, funded at a level commensurate with the fabrication capacity it is meant to match. The deepfake detection market is projected to reach $15.7 billion by 2026, which is a fraction of what the generative-AI industry spends on production. The asymmetry is structural: fabrication is subsidized by the business models of the platforms that carry it, while verification has no comparable commercial driver. Public funding of verification infrastructure corrects the asymmetry. The model is the Postal Service and the National Weather Service, not the venture-capital-funded detection startup.
The epistemic foundation holds up better than the material one against foreign non-cooperation. Its instruments operate primarily through jurisdictional enforcement: the EU can require provenance on content distributed in the EU, the US can require platform liability for US-hosted content, regardless of where the content is produced. Chinese open-weight models deployed to generate synthetic media for Western audiences are subject to Western platform rules when they enter Western information environments. Chinese refusal to adopt similar standards does not prevent Western adoption from functioning, though it does mean that content originating from Chinese-hosted platforms may arrive unverified and require handling at the platform level.
The end state is not universal content verifiability but a world in which verifiable content is reliably available as a baseline, where journalists, courts, and platforms making moderation decisions have a trustworthy substrate to work from, and where citizens who want to verify what they are seeing have tools that do not require specialist training. Synthetic media continues to exist, but a parallel trust layer exists alongside it. The residual risks include privacy (provenance metadata can reveal creators who need anonymity, which is why pseudonymous certificates are a spec feature even if rarely implemented in practice), circumvention (determined adversaries can still create content that appears credentialed when it is not, which is why the cryptographic layer must resist tampering and the certification authorities must be carefully designed), and adoption lag during the transition period.
III.3 Governance foundation
The third foundation is the one most closely tied to the RSP story. It addresses the governance gap between what voluntary frameworks can hold and what mandatory regulation has so far provided, in a category of risks (catastrophic, irreversible, transmissible) where the absence of external constraint has already been demonstrated inadequate. The mechanism has three layers.
The first layer is strict liability with mandatory insurance, combined with government reinsurance for systemic tail risk. Developers of frontier AI systems are financially responsible for harms their systems cause, the responsibility is priced through mandatory insurance, and a federally-backed reinsurance pool handles the class of correlated catastrophic events that private markets cannot absorb. The structure has historical precedent. The aviation model handles attributable crashes with discrete victims through private liability insurance, and this portion translates to AI cases where harms are identifiable and localized. But the nuclear power model is closer to the AI case for the systemic-risk portion: the Price-Anderson Act of 1957 created a two-tier structure in which operators carry private insurance up to a specified limit, and a federal mechanism covers damages above the limit. The logic was that private insurance markets could not price the tail of nuclear risk because the correlations were too severe and the events too rare, but liability without insurance would make the industry uninsurable and therefore unviable. The same logic applies to AI. Cyber insurance, which is the nearest contemporary precedent to AI insurance, has been in a sustained hardening cycle since 2022: insurers have withdrawn coverage, added systemic-risk exclusions, and required ransomware-specific sublimits, because the correlation structure of cyber events invalidates traditional pricing. AI risk shares this correlation problem (a vulnerability in a widely-deployed model affects all its deployments simultaneously) and adds its own (the distinction between developer, deployer, fine-tuner, and user creates liability-allocation ambiguity that traditional tort doctrine does not handle cleanly).
The architecture responds to these problems rather than ignoring them. The liability-allocation question is resolved by entity-based regulation at the developer level, with proportional pass-through obligations to deployers and fine-tuners specified by contract and by statute. The correlation-and-tail problem is resolved by the Price-Anderson-style reinsurance pool: private insurers cover the first tier of harms using traditional underwriting, and government reinsurance covers the systemic-event tier. The insurability of AI is constructed rather than assumed, through the combination of clear liability rules, mandatory but bounded private coverage, and federal reinsurance for the systemic portion. Without this combined structure, strict liability for frontier AI would produce the outcome its opponents predict: either no one is willing to develop the systems, or the systems are developed by actors who can self-insure through scale, further concentrating the industry.
The second layer addresses the category of risks where liability and insurance are structurally insufficient. For capabilities that could cause catastrophic and irreversible harm (bioweapons uplift beyond specified thresholds, cyberoffensive capabilities that could disable critical infrastructure, autonomous systems that could resist shutdown or acquire resources), insurance markets cannot price the risk (the tail is too heavy, the events too rare, the correlations too severe), and liability after the fact is insufficient because there may be no after. This category requires pre-deployment evaluation and approval by government-authorized bodies. The mechanism is capability-triggered: below specified thresholds, the liability-insurance layer governs; above thresholds, models cannot be deployed without approval. The thresholds are set by treaty-recognized international AI Safety Institutes (the UK AISI, the US Center for AI Standards and Innovation, Japan’s AISI, and others in the International Network) using the best available evidence, and are revised at least annually to account for algorithmic efficiency.
Daniel Carpenter and Carson Ezell’s 2024 AAAI paper “An FDA for AI?” raises four objections to simplistically applied approval regulation for frontier AI, and the architecture has to address them. The product-definition problem (what exactly is the “product” being approved, when models are general-purpose and continuously updated) is addressed by regulating at the capability level rather than the model level: the approval attaches to a capability profile rather than to a static artifact, and models whose capabilities change materially must be re-evaluated. The Knightian-uncertainty problem (catastrophic-risk probabilities cannot be assigned the way pharmaceutical adverse-event rates can) is addressed by adopting an affirmative-case standard: developers must demonstrate that catastrophic risks are low through capability evaluations, red-team testing, and interpretability work, rather than relying on statistical estimates of harm rates. The transmissibility problem (AI risks can cascade across systems and affect non-users) is addressed by extending liability and approval obligations to the downstream chain: deployers, fine-tuners, and integrators take on proportional responsibilities. The distributed-activities problem (multiple actors along the AI lifecycle contribute to outcomes) is addressed by entity-based regulation: the primary regulatory target is the frontier developer, with obligations passed down contractually to deployers.14
A separate civil-liberties objection deserves engagement. Pre-deployment approval is a form of prior restraint on the development and release of an information technology, and prior restraint is a disfavored regulatory posture in traditions that treat speech, code, and technical artifacts as expressive. The objection has force, and the architecture does not pretend that capability-gated approval is a minor intervention. The justification rests on the same structural feature that supports controlled-weapons regimes, dual-use biology export controls, and nuclear material regulation: specific capabilities whose materialization is catastrophic and irreversible warrant ex-ante constraint because ex-post remedies are insufficient. The analogy rests on the regulatory category (irreversible catastrophic potential) rather than on any claim that frontier AI is identical to nuclear material. The scope is bounded by the capability threshold, which is why the threshold-setting mechanism is treaty-recognized rather than agency-discretionary, and why below-threshold development remains governed by tort, insurance, and transparency rather than approval. The architecture accepts that it is intervening in a domain that civil-liberties frameworks treat as presumptively protected, and justifies the intervention on the same narrow grounds that existing regimes use for comparable-risk categories. This is a principled position, not a costless one.
The third layer is the evaluation infrastructure that supports the first two. For the liability-insurance layer to function, underwriters need access to credible capability evaluations. For the approval layer to function, government-authorized bodies need the same, plus red-team access and interpretability tooling. Gillian Hadfield and Jack Clark’s “Regulatory Markets” proposal provides the mechanism: licensed private regulators compete to evaluate frontier AI systems, operating under publicly-set objectives and subject to periodic re-licensing. The mechanism addresses the knowledge problem that concerns Dean Ball and Tyler Cowen, because the evaluation capacity is private and can keep pace with technical development, while the accountability remains public because the licensing is government-controlled and the objectives are set democratically. Jack Clark co-authored the proposal in his capacity as Anthropic’s head of policy, and the fact that a frontier lab’s policy lead is proposing the mechanism is itself evidence that the coalition for mandatory evaluation extends beyond the academic community.15
The standard public-choice objection to this architecture is that regulatory markets will be captured by incumbents through the back door: licensed evaluators will compete to offer the lightest-touch assessments that still meet minimum criteria, frontier labs will select evaluators known for accommodation, and the competitive dynamic among evaluators will produce a race to the bottom rather than the race to quality the design assumes. The concern is not hypothetical. Credit rating agencies, which operate under a similar structure of private competition under public licensing, produced catastrophic mispricing of mortgage-backed securities in the mid-2000s precisely because issuers paid for the ratings and shopped for favorable ones. The architecture has to respond to this, not by denying the risk, but by building structural defenses into the licensing regime: evaluators face rotation requirements so that no single lab can establish a durable relationship with a single evaluator; evaluation outputs are subject to public disclosure and adversarial audit by a separate accountability body; licenses are revoked not only for demonstrated failure but for statistically anomalous leniency relative to peer evaluators; and a fraction of evaluations are performed by a public-option evaluator (analogous to a government auditor of last resort) funded independently of the regulated entities. None of these defenses eliminates the capture risk. Together they reduce it to the level at which other licensed professional regimes (medical boards, accounting oversight, securities regulation) function imperfectly but durably. The alternative to imperfect defense is either abandoning the evaluation layer (which concedes the ground Ball’s critique occupies) or requiring government agencies to perform the evaluation directly (which concedes the knowledge-problem ground). The architecture chooses imperfect defense against capture as the least-bad configuration.
Dean Ball’s critique. The mechanism described above overlaps substantially with the framework proposed by Dean Ball, who was primary staff drafter of America’s AI Action Plan in 2025 and is now a senior fellow at the Foundation for American Innovation. The overlap matters, and the disagreement matters. Ball supports California’s SB 53 (the transparency bill effective January 2026), supports Hadfield-Clark regulatory markets, and supports entity-based regulation targeting frontier developers rather than specific models or uses. His Carnegie Endowment paper with Ketan Ramakrishnan of Yale Law School lays out the entity-based framework in detail. He is not, in the category of market-liberal critics of AI governance, an opponent of the essay’s architecture; he is largely a fellow traveler on the liability-and-markets portion.
His disagreement is with the second layer. Ball argues that centralized government AI regulation fails on two grounds. The political-economy argument holds that any centralized regulator will be captured by organized interests that use it to protect incumbent jobs rather than reduce catastrophic risk. He points to existing examples: laws blocking AI-powered mental health services in some states (protecting licensed therapists), Writers Guild contract provisions restricting AI writing (protecting WGA members), copyright fights (protecting content industries). His inference is that a federal AI regulator will predictably focus on displacing-technology concerns rather than catastrophic-risk concerns, and that this is worse than the alternative of light-touch transparency combined with private governance. The knowledge-problem argument holds that government agencies cannot keep pace with technical development, and that any centralized regulator will be either captured-into-irrelevance (delegating substantive evaluation back to industry) or frozen-into-obsolescence (imposing rules that reflect a prior technical generation).
Ball’s critique is sharp and deserves direct engagement rather than dismissal. The response has three parts. First, the political-economy concern is real and is why the architecture described here distinguishes catastrophic-risk regulation (the second layer) from general-purpose AI regulation. The second layer does not regulate AI deployment in mental health, screenwriting, or copyright; those domains are governed by existing law and by the liability-insurance layer. The second layer applies specifically to capabilities whose materialization could be catastrophic and irreversible, where the political-economy failure mode Ball describes (displaced-worker protectionism dressed as safety) cannot dominate because the displaced-worker concerns are not legible in the catastrophic-risk category. A union cannot credibly argue that bioweapons uplift is a labor issue. Second, the knowledge-problem concern is addressed by the Hadfield-Clark layer: government does not perform the technical evaluation; licensed private evaluators do, with the government setting the objectives and revoking licenses for failure. This is the architecture Ball himself supports. Third, and decisively: Ball’s own political economy operates against his preferred outcome in the current environment. The Anthropic RSP v3.0 episode demonstrates that voluntary constraint cannot survive sustained competitive pressure. His framework depends on labs remaining willing to purchase certification from licensed private regulators, but the pressures that collapsed the RSP pause also collapse the incentive to certify. The second layer (government-run approval for catastrophic-category capabilities) is the mechanism that makes the certification structure itself durable, because it converts participation from optional to required for a specified risk class.
The disagreement with Ball, once specified, is narrow. It is whether mandatory pre-deployment approval by government-authorized bodies is appropriate for a specified catastrophic-risk category, or whether the same function can be performed by private governance with appropriate design. The essay’s position is that for the irreversible-harm category, private governance is structurally insufficient, because the competitive pressures that drive voluntary frameworks to erode operate on the private regulators as well. The rest of the architecture (liability, insurance, entity-based triggers, transparency) can be shared territory.
The governance foundation is harder to sustain against foreign non-cooperation than the epistemic one. Liability operates within jurisdictions, and US liability for AI harms does not depend on Chinese adoption. Pre-deployment approval above capability thresholds is a harder case. If the US requires approval for capabilities above certain thresholds, and China does not, then developers face an incentive to shift development to jurisdictions without the requirement. This is the race-to-the-bottom problem, and it is one of the reasons the fourth section below (the chokepoint) is necessary. Approval regimes without compute governance are bypassed; compute governance without approval regimes is a blunt instrument. They function together.
The end state is a regulatory environment where below-threshold AI development proceeds under familiar tort and insurance mechanisms, above-threshold AI development is subject to pre-deployment approval that the voluntary frameworks acknowledged as necessary, and the infrastructure to evaluate both is competitive, licensed, and accountable to democratic objective-setting. The residual risks are agency capture (which is why strict liability, whistleblower protections, and adversarial oversight must survive independently of any particular regulator), threshold drift (which is why thresholds must be revised annually and set by international rather than national bodies), and insufficient coverage (which is why the chokepoint layer below is necessary to prevent jurisdiction-shopping).
III.4 Developmental foundation
The fourth foundation is the one with the least developed policy-instrument literature, and this essay will be honest about the limits. The foundation addresses the cognitive-hollowing and intergenerational problems documented in essays four and five: that the population whose capacity for independent judgment the governance architecture depends on is the population whose capacity the technology is most directly eroding. The mechanism has three components, each narrower than the material and epistemic foundations.
The first component is procurement standards. Federal and state procurement represents a substantial share of AI deployment in education, professional training, and public services, and procurement specifications are a familiar policy instrument. The specification that matters for this foundation is developmental scaffolding: publicly-funded AI tools used in education and training must be designed to augment the user’s cognitive work rather than replace it, must make the user’s reasoning visible to the user, must degrade gracefully to support independent task completion when the AI is unavailable, and must include features that support the transition from assisted to unassisted performance as user capability develops. The distinction is operational, not philosophical: a math tutor that shows a worked solution alongside a student-driven attempt is developmentally scaffolded; a math tutor that produces the answer in response to the question is substitutive. The same distinction applies to writing tools, coding assistants, and diagnostic aids used in professional training. The Finnish Ministry of Education and the Finnish National Agency for Education have jointly published AI guidelines for schools (2024-2025) that codify a version of this distinction, requiring that AI use in education support “the development of learners’ AI literacy” and provide added value to learning rather than substitute for it. A procurement standard at the federal or state level in the US would adapt this logic: the General Services Administration and state procurement offices would require developmental-scaffolding specifications in AI contracts for education, training, and public-facing services, with independent evaluation against those specifications as a precondition for contract award.
The second component is professional licensing preservation. State bar associations, medical boards, engineering licensing bodies, nursing boards, and similar institutions have the authority to require that entry-level training include genuine human-judgment components. The mechanism operates through the licensing authority these bodies already possess. The concrete specification is resistance to the automation of apprenticeship structures in professional contexts where judgment under uncertainty is what the profession exists to provide. In medicine, this means preserving the resident-patient diagnostic encounter as primary rather than allowing it to become a review of AI-generated differentials. In law, this means preserving the junior-associate document-review and drafting exercises that produce the pattern recognition senior lawyers rely on, even as AI tools become available to perform the tasks faster. In accounting and auditing, it means preserving the entry-level reconciliation and ledger-walking that produces the professional skepticism certified public accountants are licensed for. The ABA, AMA, AICPA, and equivalent bodies have the standing to specify these requirements in their accreditation criteria for training programs and in their continuing-education requirements for licensed practitioners. The limitation is that these bodies move slowly and face sustained pressure from firms and educational institutions to reduce training requirements in the name of efficiency. The mechanism depends on the bodies’ willingness to use their authority against short-term efficiency pressures, which is a cultural choice as much as a policy one. It helps that the bodies have an institutional interest in preserving the distinctive value of professional judgment, which is what their licensing authority is grounded in.
The third component is educational reform at K-16. Finland, Estonia, and Singapore are building educational frameworks that treat cognitive independence as a developmental requirement and AI literacy as a civic skill rather than a technical specialty. Finland’s Elements of AI program, developed by the University of Helsinki in partnership with MinnaLearn and now used in curricula across multiple European countries, teaches AI fundamentals to general audiences without presupposing computer science background. Estonia’s digital curriculum integrates AI literacy from early grades alongside media literacy and civic education. Singapore’s Smart Nation initiative funds AI literacy at K-12. In the US, Danielle Allen’s Democratic Knowledge Project at Harvard has developed the Roadmap to Educating for American Democracy, adopted in varying forms across multiple state education departments, which treats civic reasoning (including the capacity to evaluate AI-generated content) as a developmental target. The concrete reform targets are: AI literacy as a required component of secondary civics education, not delegated to computer science electives; writing and reasoning assessments that measure unassisted capability alongside AI-assisted performance, so that the developmental trajectory is visible; and teacher preparation programs that train educators to distinguish scaffolded from substitutive AI use and to design assignments accordingly. The mechanism here is slow and depends on state-level education decisions, but the precedents exist and the federal role (through Department of Education grants, Title IV funding conditions, and teacher-preparation program accreditation) is substantial.
The limits of the developmental foundation are worth naming. The policy instruments are weaker than for the other three foundations. The mechanism depends on cultural and institutional choices (what professions define as their standards, what educational systems prioritize) that policy can influence but not mandate. The question of foreign non-cooperation is moot here because the foundation is not geopolitical; it operates within a country’s educational and professional institutions. What the foundation cannot do is prevent individuals from choosing dependence on AI tools even when developmental alternatives are available; what it can do is ensure that the public-facing institutions (schools, professional training, public services) maintain the alternatives as available options. The foundation also cannot address the commercial sector directly, where the pressure to substitute rather than scaffold is strongest; the mechanism is to shape the developmental trajectory of the population before it enters the commercial sector, on the hypothesis that a workforce with intact cognitive capacity is more resistant to substitutive pressure than one without. This hypothesis is plausible but unproven, and the foundation’s success depends on whether it is correct.
IV. The chokepoint
The four foundations together describe what a jurisdiction would build internally. Material, epistemic, governance, and developmental architecture operate within the reach of domestic law and domestic institutions, and even a fully-built domestic architecture fails under one condition: capability development that escapes the jurisdiction. If any jurisdiction declines to participate, actors in that jurisdiction face lower compliance costs and can either undercut compliant actors commercially or produce the specific harms (deployment of ungoverned catastrophic capabilities, release of open-weight models stripped of safeguards) that the architecture is designed to prevent. The developmental foundation’s protection of the internal demos is insufficient if frontier capability development moves offshore. The liability mechanism operates within jurisdictions and partially withstands defection. The governance mechanism is more fragile. The material and epistemic foundations sit in between. The RSP v3.0 episode illustrated the domestic version of this problem, where voluntary constraint collapses under competitive pressure from actors not bound by the same constraint; the geopolitical version is the same problem at larger scale, and it requires a different kind of mechanism to address.
The chokepoint that makes geopolitical coordination mechanically possible is compute. Not because compute is inherently interesting, but because it is the one input to frontier AI that is, in Lennart Heim’s description, “detectable, excludable, quantifiable, and produced via an extremely concentrated supply chain.” The semiconductor supply chain runs through a small number of identifiable nodes (Taiwan’s TSMC for fabrication, South Korea’s Samsung for memory, US firms for design, the Netherlands’ ASML for extreme-ultraviolet lithography) that no country can replicate domestically on short timescales. This makes compute the only input on which international coordination can be enforced without requiring universal agreement.16
The compute-governance architecture has four components. The first is export controls on advanced chips above capability thresholds. The US Framework for Artificial Intelligence Diffusion, published in January 2025, established the template: Tier 1 allies receive unrestricted access, Tier 2 countries face compute caps (100,000 H100-equivalents by end of 2025, rising to 320,000 by 2027), Tier 3 countries are embargoed. The framework is operational and has been refined in response to specific evasion attempts (TSMC’s production of chips for Huawei in 2024 was addressed by a January 2025 foundry due-diligence rule).
The second component is know-your-customer requirements for compute providers. Janet Egan and Lennart Heim’s 2023 proposal extends anti-money-laundering logic to large compute purchases: cloud providers running training runs above specified thresholds must verify customer identity, intended use, and safety frameworks, and report to national AISIs. The mechanism addresses the diffusion problem where chips are legally sold to one party and then rented out to another whose identity the original seller does not track.
The third component is international treaty structure. Several concrete proposals exist: Scholefield, Martin, and Barten’s 2025 “Conditional AI Safety Treaty” establishes a compute threshold above which development requires rigorous oversight by an international network of AI Safety Institutes with authority to pause development; Trager et al.’s “Jurisdictional Certification Approach” offers an alternative based on certification rather than direct oversight. The treaty structure is not yet in place, and the 2026 India AI Impact Summit where the broadest international declaration on AI governance was discussed was not signed by the US or the UK. But the treaty proposals exist, the verification literature (Baker 2023 on lessons from nuclear arms control) exists, and the operational precedents (the Montreal Protocol for ozone, the Missile Technology Control Regime for dual-use rockets) demonstrate that dual-use technologies can be governed internationally under specific conditions.
The fourth component is restrictions on open-weight release above capability thresholds. Once model weights are public, the weights cannot be recalled, and Alignment Forum research through 2025 has demonstrated that safety guardrails can be stripped from released models while preserving capability, across DeepSeek, GPT-4o, Claude, and Gemini. For models below catastrophic-capability thresholds, open release remains valuable for research access, competition, and diffusion of benefits. Above thresholds, the release becomes irreversible proliferation. The mechanism is capability-gated release: models above specified thresholds cannot be open-weight released; models below specified thresholds are presumptively releasable. The thresholds are the same ones used in the governance foundation, set by treaty-recognized international bodies.
Sara Hooker’s 2024 critique of compute thresholds deserves direct engagement. Her argument is that compute does not equal capability (algorithmic improvements constantly reduce the compute required for a given capability), compute does not equal risk (a small targeted model can be more dangerous than a large general one), and static FLOP thresholds become obsolete as efficiency improves. The critique is largely correct, and it shapes the architecture described here rather than defeating it. Compute thresholds function as one trigger in a multi-trigger system, combined with capability evaluations and deployment-context assessment. The thresholds have to be revisable, updated at least annually to track algorithmic efficiency. They are not the sole governance mechanism; they are the layer that holds against foreign defection when other layers cannot. Hooker’s own recommendation is toward revisable thresholds and diversified metrics, which is compatible with the design here; her critique is of compute thresholds as currently implemented, not of the category.17
The architecture has to be honest about the time horizon on which the chokepoint operates. The semiconductor supply chain is concentrated today, which is what makes coordination enforceable. Three trend lines are eroding the concentration. Chinese domestic semiconductor production is improving at a rate that most analysts place domestic frontier-capable fabrication in the 2028 to 2030 window. Algorithmic efficiency gains have been running at roughly an order of magnitude every 2-3 years for comparable capability, which means that absolute FLOP thresholds that bind today do not bind in five years without revision. And inference-compute paradigms (test-time reasoning, agentic workflows) shift some capability-gating from training-compute to inference-compute, which complicates the governance target. The honest window for the chokepoint functioning as currently designed is approximately three to seven years, depending on how aggressively Chinese domestic capacity scales and on whether the next major architectural breakthrough further compresses training-compute requirements. If an algorithmic breakthrough reduces training-compute requirements by two orders of magnitude (plausible on current trajectories), the chokepoint loses most of its leverage before Chinese domestic fabrication closes. Within this window, the chokepoint provides the coordination surface on which treaty structure, KYC requirements for compute providers, and capability-gated open-weight restrictions can be built. Outside it, these mechanisms must stand on other grounds: jurisdictional enforcement at the platform layer, liability and insurance at the deployment layer, and capability evaluations that do not depend on compute as a proxy. The policy implication is that the treaty structure has to be built now, while the chokepoint functions, so that the coordination infrastructure is in place before the chokepoint erodes.
The case for the chokepoint as a separate section, rather than a subset of governance, rests on its performance under foreign non-cooperation. The semiconductor supply chain is physically concentrated, which means that countries with frontier AI ambitions must either participate in the governance structure or develop indigenous supply chains at substantial cost and on timescales measured in years. DeepSeek’s December 2024 training of a GPT-4-level model at approximately $5.6 million in final pre-training compute costs (a figure DeepSeek itself qualifies as covering only the official training run at $2/hour H800 rental rate, excluding prior research, ablation experiments, salaries, and infrastructure investment that SemiAnalysis estimates at approximately $1.3 billion in total server CapEx), much discussed as evidence that compute controls had failed, was in fact evidence of the reverse: DeepSeek’s reliance on Nvidia H800 chips rather than Huawei chips, and the substantial efficiency gap between Chinese domestic semiconductors and the export-controlled frontier, demonstrate that compute governance is working within its design parameters. Chinese chips will improve, but the rate of improvement is slow enough that the policy window measured in years remains open.
The residual risks are substantial and must be named. First, the chokepoint closes over time as domestic Chinese semiconductor production improves (2028 to 2030 on most estimates), which means the window for building treaty structure is bounded. Second, the chokepoint does not recall capabilities that have already been open-weight released, only bounds the worst subsequent releases. Third, the governance mechanism depends on allied participation (US, UK, EU, Japan, South Korea) that is not guaranteed: the US renamed its AI Safety Institute to the Center for AI Standards and Innovation in June 2025 with an explicit mandate shift from safety evaluation to promoting American competitiveness, which weakens but does not eliminate the US role in the international network.
The end state is a governance architecture where development above specified capability thresholds requires treaty-registered compute, is monitored by international AISIs with statutory access, and cannot proceed to open-weight release. Below the thresholds, development is governed by domestic liability mechanisms and remains open to commercial and research use. The chokepoint bounds the specific category of catastrophic-capability development rather than AI development in general, the category where the RSP v3.0 episode demonstrated that voluntary constraint cannot hold.
V. The coalition
The institutional architecture described above is substantially available. Each foundation has theoretical anchors, operating precedents, and named policy instruments. The chokepoint has functioning mechanisms and concrete treaty proposals. The Recommendations for Industry-Wide Safety section of Anthropic’s RSP v3.0 describes the governance foundation with specificity comparable to what this essay describes. The material foundation has working implementations in Alaska and Norway, and AI-specific proposals from Bruenig, Convergence Analysis, Steyer, and Amodei. The epistemic foundation has operational standards in C2PA and legal requirements in the EU AI Act.
The architecture is not being built at the scale and speed that the capabilities warrant. This section is about why, and about what would change the conditions.
The federal US administration in 2026 opposes most of the architecture described here. The US AI Safety Institute was renamed to the Center for AI Standards and Innovation in June 2025 with an explicit shift away from safety evaluation. The Trump White House’s AI Action Plan, drafted primarily by Dean Ball, emphasizes state preemption of stricter regulations, light-touch federal transparency rules, and industry-led private governance. The administration has been hostile to the collective-bargaining rights that the AFL-CIO’s framework depends on, welcomed Google’s 2025 reversal of its Project Maven prohibition on AI for weapons and surveillance, and has issued ultimatums to Anthropic to drop safeguards on military deployment. At the international level, the US and UK declined to sign the February 2026 India AI Action Summit declaration that 60 other countries endorsed, signaling the fracturing of international coordination on AI governance.
The political window for assembling the coalition needed to build this architecture is narrower than it was 24 months ago. The labor movement has been weakened by the administration’s direct attacks on federal-worker unions. The academic policy community has less access to decision-making. The international coordination infrastructure is fragmenting.
The coalition that would have to form to change these conditions has identifiable components. First, the labor movement, which in October 2025 released the AFL-CIO framework “Workers First AI” articulating six principles for worker-protective AI governance and which found bipartisan support in the November 2025 Kelly-Fitzpatrick letter asking the White House to adopt the framework. The labor position has never been that AI should be blocked; the demand is that AI deployment should be subject to worker voice, transparency, and democratic accountability. This is compatible with the architecture described here and provides the political base that abstract safety arguments cannot. Second, the frontier labs themselves, at least at the margins: Anthropic’s Recommendations for Industry-Wide Safety, OpenAI’s April 2026 “Industrial Policy for the Intelligence Age” document proposing public wealth funds and auditing regimes, and Jack Clark’s co-authorship of the regulatory markets proposal all demonstrate that at least some voices within the industry are publicly asking for governance structures that the current political equilibrium does not provide. Third, bipartisan safety-concerned legislators, represented by the SB 53 coalition in California, the Kelly-Fitzpatrick letter at the federal level, and similar efforts in Texas (TRAIGA, effective January 2026). Fourth, the academic policy community that has produced the technical literature the architecture draws on: Heim at RAND, Hadfield at Johns Hopkins, Allen at Harvard, Acemoglu at MIT, Carpenter at Harvard, Bengio at Montreal, and the broader GovAI and CSET networks. Fifth, the international signatories of the India declaration: 60 countries, including major AI developers outside the US-UK axis (France, Germany, Japan, South Korea, India itself), demonstrating that the coordination infrastructure exists even when the US and UK defect.
None of these components alone is sufficient. A labor coalition without the lab voices reads as sectoral protectionism. Lab voices without labor read as corporate self-interest. Academic policy writing without political delivery reads as commentary. International coordination without US participation is incomplete. What the architecture requires is the components operating in concert: labor providing the political base, lab voices providing the technical credibility and the internal-industry pressure, academic policy writing providing the intellectual infrastructure, bipartisan legislators providing the legislative vehicle, and international coordination providing the geopolitical cover.
Coalitions of this scale do not form around abstract governance architecture. They form around concrete grievances that connect back to the architecture. Four specific issues have the structure to carry the weight. Algorithmic management in the workplace, where the Warehouse Worker Protection Act (reintroduced in bipartisan, bicameral form in July 2025 by Senators Markey, Smith, and Hawley with Representatives Norcross, Lawler, and Stevens) already identifies the target: AI-driven quota systems that push workers past injury thresholds, interfere with bathroom breaks, and enable automated discipline without human review. This is the issue labor can mobilize around and that connects directly to the worker-voice provisions the governance architecture requires. Algorithmic displacement in specific professional categories (paralegals, radiology technicians, junior accountants, customer-service agents, entry-level copywriters), where the displacement is visible, measurable, and concentrated enough to produce identifiable constituencies rather than diffuse concerns; professional associations in these categories are natural allies for procurement-standard and licensing-body provisions. AI-generated electoral disruption, where the January 2024 New Hampshire deepfake robocall impersonating President Biden to suppress primary turnout demonstrated the template that the epistemic foundation directly addresses; electoral-integrity coalitions exist, the FCC has established that AI voice cloning in robocalls is illegal, and state attorneys general have built the enforcement infrastructure. And documented AI incidents that expose the governance gap: Alibaba’s ROME agent, in a December 2025 technical report revised in January 2026, engaged in unauthorized cryptocurrency mining and established covert network tunnels during reinforcement-learning training, behaviors its own researchers characterized as instrumental rather than task-directed. Incidents of this type, along with the recurring prompt-injection, memory-poisoning, and tool-misuse failures catalogued in the OWASP Top 10 for Agentic Applications 2026, provide the concrete material that the governance foundation treats as design inputs rather than edge cases. Each of these issues connects to a specific piece of the architecture (labor rights to material foundation, professional displacement to developmental foundation, electoral disruption to epistemic foundation, agent-governance failures to governance foundation), and each has an existing constituency with institutional infrastructure. The coalition-building task is not to invent new constituencies but to connect existing constituencies around issues whose solutions require the broader architecture.
This is not a predictable assembly. The historical precedents for coalitions of this breadth forming under conditions of active federal opposition are thin. The New Deal coalition formed in response to the 1929 collapse; the post-war international architecture formed in response to the Second World War; the environmental coalition of the 1970s formed against a backdrop of visible pollution disasters. Coalitions of this scale typically form in response to precipitating events rather than in anticipation of structural problems. The collection has argued throughout that AI’s most dangerous risks are specifically those whose materialization cannot be corrected after the fact, which means that the coalition would have to form either through political realignment (a constituency builds sufficient political power to demand it before a catastrophe) or through a sufficiently visible near-miss (an event that demonstrates the cost of inaction without being catastrophic enough to foreclose the alternative).
Neither path is likely in the conventional sense. Both remain possible. The historical record shows that political realignments on the scale the architecture requires have happened, although infrequently and usually in response to crises of legitimacy rather than to technical arguments. Near-misses have historically been effective in specific domains (Three Mile Island for nuclear regulation, the 2008 collapse for financial regulation) but have also been specifically insufficient in others (climate change, for all its cascade of near-misses, has not produced the coalition that climate governance would require). AI sits in an unusual position: the specific risks most likely to produce a coalition-building near-miss (visible cyber incidents, electoral disruption, documented bioweapons uplift) are also the risks where a near-miss could escalate rapidly into the catastrophic event that forecloses the alternative.
The honest version of the political close is this. The architecture is available. The coalition that would build it is identifiable in its components. The political window is narrower than it was, and narrowing. The structural forces documented across six essays (competitive selection against safety, regulatory capture, the equilibrium of inaction, international fracturing) work against assembly. The architecture is not guaranteed to emerge. Neither is it foreclosed. What it would require is that the components named above act in concert, and that they do so in time.
VI.
The collection began with work and ends with institutions because the argument is cumulative. Each essay documented a dimension of a single transition, and each essay found that the default path was negative and the alternative path required institutional design. The variable determining the outcome was whether anyone would build the institutions that made the alternative possible. This essay has described what the institutions would need to look like and what would have to be true for them to be built.
The destination is not a return to any historical precedent but something the modern tradition of political philosophy has articulated without any society having fully achieved it: a political community of citizens with the material conditions for civic participation, the epistemic resources for collective reasoning, the institutional accountability that makes power answerable to the governed, and the cultivated capacity to operate all of it. AI makes the destination more possible in specific ways and more endangered in others. Which direction the technology pushes depends on the architecture the institutions build.
The architecture has four foundations and a chokepoint. None is utopian. Each is being attempted somewhere. What the architecture lacks is scale, coordination, and durability, and what makes these lacking is not a technical problem but a political one. The actors with the authority to build the architecture are, in the current configuration, the actors who benefit most from its absence. The actors who would benefit from its construction (the population whose labor is being absorbed, the generations who will inherit the consequences, the future citizens whose democratic capacities depend on institutions not yet built) have no representation in the decision-making processes. This is the structural problem the collection has documented from six angles.
The RSP v3.0 episode changes the equation in a small but consequential way. The company that tried hardest to maintain voluntary constraint, under the most sustained external pressure, has concluded that voluntary constraint cannot hold and has publicly asked government to impose what it could not sustain on its own. The testimony is not a prediction that government will act; it demonstrates that the argument for external constraint now includes the most credible internal actor. The coalition that would build the architecture is not complete, but it has acquired a new member.
The collection has taken the position throughout that the forks it describes are real, that the alternative paths are achievable, and that the variable determining the outcome is institutional design. The collection has not claimed that the alternative paths are likely or that the political conditions for building the institutions are present. The claim has been narrower: the paths exist, they can be described with specificity, and describing them is a necessary precondition for whatever political work might follow. This essay has tried to meet that precondition for the specific case of governance. The architecture is available. The coalition is identifiable. The window is narrower than it was and is still narrowing. What remains is political, not conceptual, and the cost of leaving it unbuilt is paid in the specific forms the collection has documented: concentrated wealth, degraded information, captured institutions, eroded capacity, and catastrophic risks absorbed on terms the affected populations never agreed to. Whether that cost is accepted, contested, or refused is now a choice the institutions the collection has described would make possible. The choice is not made by describing it. The choice is made by building what the description requires.
Footnotes
Footnotes
-
OpenAI’s removal of “safety” from its mission statement became public through its November 2025 IRS Form 990 filing covering fiscal year 2024, reported by Fortune and analyzed by Garrison Lovely in The Conversation (November 17, 2025), https://theconversation.com/openai-has-deleted-the-word-safely-from-its-mission-and-its-new-structure-is-a-test-for-whether-ai-serves-society-or-shareholders-274467. OpenAI deployed ChatGPT through the Pentagon’s GenAI.mil platform, serving 1.1 million users across all three military service departments, as reported by Breaking Defense, “ChatGPT will be available to 3 million military users on GenAI.mil” (February 10, 2026), https://breakingdefense.com/2026/02/chatgpt-will-be-available-to-3-million-military-users-on-genai-mil/. Google reversed its 2018 Project Maven prohibition on AI for weapons and surveillance on February 4, 2025; see CNBC, “Google drops pledge not to use AI for weapons or surveillance” (February 4, 2025) and Washington Post coverage of the same date. xAI signed its classified-systems deal with the Pentagon in February 2026; see Axios, “Musk’s xAI and Pentagon reach deal to use Grok in classified systems” (February 23, 2026), https://www.axios.com/2026/02/23/ai-defense-department-deal-musk-xai-grok, and New York Times coverage of the same week. xAI had earlier signed a GenAI.mil deployment agreement in December 2025. ↩
-
Anthropic (2026), “Responsible Scaling Policy v3.0,” February 24, 2026, policy document at https://anthropic.com/responsible-scaling-policy/rsp-v3-0 and rewrite explainer at https://www.anthropic.com/news/responsible-scaling-policy-v3. The “FDA-inspired” characterization and the broader case for the v3.0 rewrite come from Holden Karnofsky, “Responsible Scaling Policy v3,” LessWrong, February 24, 2026, https://www.lesswrong.com/posts/HzKuzrKfaDJvQqmjh/responsible-scaling-policy-v3. The characterization of the change as warranting “mourning or grief for the spirit of the original v1.0 RSP” is from Drake Thomas’s contemporaneous thread on X (February 24, 2026), https://x.com/MaskedTorah/status/2026513179690545586. Mrinank Sharma’s February 9, 2026 resignation is reported in eWeek and Yahoo Finance; his public statement that “the world is in peril” circulated widely across coverage. GovAI assessment: “Anthropic’s RSP v3.0: How it Works, What’s Changed, and Some Reflections,” https://www.governance.ai/analysis/anthropics-rsp-v3-0-how-it-works-whats-changed-and-some-reflections. ↩
-
Anthropic, “Statement regarding the Department of War,” February 26, 2026, https://www.anthropic.com/news/statement-department-of-war. See also Axios, “Pentagon-Anthropic battle pushes other AI labs into major dilemma” (February 23–26, 2026); NPR, Fortune, CNN, and Fox News coverage of the Hegseth-Amodei confrontation (February 24–27, 2026); PBS/AP reporting on the deadline (February 27, 2026). Hegseth’s January 2026 AI Acceleration Strategy required all military AI contracts to eliminate company-specific guardrails within 180 days. ↩
-
Anthropic RSP v3.0, “Recommendations for Industry-Wide Safety” section. The FDA-inspired framing and enforcement recommendations are discussed in Karnofsky (2026), cited in footnote 2. ↩
-
Matt Bruenig (2018), “Social Wealth Fund for America,” People’s Policy Project, https://www.peoplespolicyproject.org/projects/social-wealth-fund/. Liam Epstein (2025), “Lead, Own, Share: Sovereign Wealth Funds for Transformative AI,” Convergence Analysis / SPAR Spring 2025 fellowship, July 7, 2025, https://www.convergenceanalysis.org/fellowships/spar-economics/lead-own-share-sovereign-wealth-funds-for-transformative-ai; also available at SSRN, https://ssrn.com/abstract=5343934. Alaska Permanent Fund Corporation, https://apfc.org. On the philosophical tradition, see Thomas Paine, Agrarian Justice (1797); James Meade, “Efficiency, Equality and the Ownership of Property” (1964); and John Roemer, A Future for Socialism (1994). ↩
-
Coalition for Content Provenance and Authenticity, C2PA v2.2 specification (May 2025), https://c2pa.org. EU AI Act, https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai. Article 50 enforcement begins August 2, 2026. ↩
-
Danielle Allen (2023), Justice by Means of Democracy, University of Chicago Press. Gillian K. Hadfield and Jack Clark (2026), “Regulatory Markets: The Future of AI Governance,” Jurimetrics Journal 65: 195–240. Pre-print available at https://arxiv.org/abs/2304.04914. ↩
-
Allen Lab for Democracy Renovation, Harvard Kennedy School, https://ash.harvard.edu/programs/allen-lab-for-democracy-renovation/. Democratic Knowledge Project, https://www.democraticknowledgeproject.org. Finland’s Ministry of Education and Culture has published guidelines on AI in education consistent with the developmental approach. ↩
-
Hélène Landemore (2020), Open Democracy: Reinventing Popular Rule for the Twenty-First Century, Princeton University Press. Landemore (2024), “Can AI bring deliberative democracy to the masses?” NYU School of Law working paper, https://www.law.nyu.edu/sites/default/files/Helen%20Landemore%20Can%20AI%20bring%20deliberative%20democracy%20to%20the%20masses.pdf. Henry Farrell and Hahrie Han (August 1, 2025), “AI and Democratic Publics,” Knight First Amendment Institute at Columbia University, 25-17, https://knightcolumbia.org/content/ai-and-democratic-publics. Danielle Allen and E. Glen Weyl (2024), “The Real Dangers of Generative AI,” Journal of Democracy 35(1): 147–162, DOI 10.1353/jod.2024.a915355, https://www.journalofdemocracy.org/articles/the-real-dangers-of-generative-ai/. ↩
-
On Alaska: Alaska Permanent Fund Dividend Division, https://pfd.alaska.gov. On Norway: Government Pension Fund Global, https://www.nbim.no. Tom Steyer’s Golden State Sovereign Wealth Fund proposal is laid out at https://www.tomsteyer.com/press/steyer-unveils-ai-plan-to-lead-the-future-protect-working-families and was presented at his March 31, 2026 San Diego town hall. The genealogy of the token-tax idea is traced in Matt Novak, “This California Billionaire Wants to Tax AI Tokens to Create a Sovereign Wealth Fund,” Gizmodo, April 2026, https://gizmodo.com/this-california-billionaire-wants-to-tax-ai-tokens-to-create-a-sovereign-wealth-fund-2000741036, which attributes the original proposal to Dario Amodei in 2025; also E&E News by Politico, “Tom Steyer’s tech and AI plan” (March 5, 2026), which identifies both Sam Altman and Amodei as proponents of related frameworks. See also Epstein (2025) cited in footnote 5. ↩
-
Daron Acemoglu and Simon Johnson (2023), Power and Progress: Our Thousand-Year Struggle Over Technology and Prosperity, PublicAffairs. Acemoglu (2021), “Harms of AI,” NBER Working Paper 29247, https://www.nber.org/papers/w29247. Acemoglu and Johnson (December 2023), “Rebalancing AI,” Finance & Development (IMF), https://www.imf.org/en/publications/fandd/issues/2023/12/rebalancing-ai-acemoglu-johnson. ↩
-
C2PA Technical Specification 2.2, May 2025, https://c2pa.org/specifications/specifications/2.2/. Samsung Galaxy S25, Google Pixel 10, Adobe Firefly, and OpenAI DALL-E 3 C2PA integration documented across their respective technical publications. ↩
-
RAND Corporation (June 4, 2025), “Overpromising on Digital Provenance and Security,” https://www.rand.org/pubs/commentary/2025/06/overpromising-on-digital-provenance-and-security.html. Durable Content Credentials specification, https://contentauthenticity.org/durable-content-credentials. Shruti Das (December 12, 2025), “The Promise and Risk of Digital Content Provenance,” Center for Democracy and Technology, https://cdt.org/insights/the-promise-and-risk-of-digital-content-provenance/. ↩
-
Daniel Carpenter and Carson Ezell (2024), “An FDA for AI? Pitfalls and Plausibility of Approval Regulation for Frontier Artificial Intelligence,” AAAI/ACM Conference on AI, Ethics, and Society, https://arxiv.org/abs/2408.00821. Carpenter’s foundational work on FDA regulation is Reputation and Power: Organizational Image and Pharmaceutical Regulation at the FDA (Princeton University Press, 2010). ↩
-
Hadfield and Clark (2026), cited in footnote 7. Schwartz Reisman Institute (August 2025), “Co-designing Regulatory Markets for AI,” https://srinstitute.utoronto.ca/news/co-designing-regulatory-markets-for-ai. Dean W. Ball and Ketan Ramakrishnan (July 7, 2025), “Entity-Based Regulation in Frontier AI Governance,” Carnegie Endowment for International Peace, https://carnegieendowment.org/research/2025/07/artificial-intelligence-regulation-united-states. On Ball’s broader framework: Ball, “A Framework for the Private Governance of Frontier Artificial Intelligence,” Foundation for American Innovation / Fathom, April 15, 2025, https://arxiv.org/abs/2504.11501. California SB 53, effective January 2026. ↩
-
Girish Sastry, Lennart Heim, Haydn Belfield, Markus Anderljung, Miles Brundage, Julian Hazell, et al. (February 13, 2024), “Computing Power and the Governance of Artificial Intelligence,” arXiv:2402.08797, https://arxiv.org/abs/2402.08797. Lennart Heim (January 2025), “Understanding the Artificial Intelligence Diffusion Framework: Can Export Controls Create a U.S.-Led Global Artificial Intelligence Ecosystem?” RAND Perspective PEA3776-1, https://www.rand.org/pubs/perspectives/PEA3776-1.html. Janet Egan and Lennart Heim (October 20, 2023), “Oversight for Frontier AI Through a Know-Your-Customer Scheme for Compute Providers,” arXiv:2310.13625, https://arxiv.org/abs/2310.13625. Rebecca Scholefield, Samuel Martin, and Otto Barten (March 18, 2025), “International Agreements on AI Safety: Review and Recommendations for a Conditional AI Safety Treaty,” arXiv:2503.18956, https://arxiv.org/abs/2503.18956. Robert F. Trager, Ben Harack, Anka Reuel, et al. (August 29, 2023), “International Governance of Civilian AI: A Jurisdictional Certification Approach,” Institute for Law & AI Working Paper No. 3-2023, https://law-ai.org/international-governance-of-civilian-ai/. ↩
-
Sara Hooker (July 2024), “On the Limitations of Compute Thresholds as a Governance Strategy,” arXiv:2407.05694. DeepSeek V3 technical report, December 2024. RAND analysis of DeepSeek implications: Ashley Lin and Lennart Heim (February 2025), “DeepSeek’s Lesson: America Needs Smarter Export Controls,” https://www.rand.org/pubs/commentary/2025/02/deepseeks-lesson-america-needs-smarter-export-controls.html. On Chinese domestic chip capabilities: Huawei Ascend 910B comparison data from multiple 2025 industry analyses; timelines for domestic Chinese frontier-capable production from CSIS and RAND estimates. ↩