{"$schema":"https://policywindow.org/wiki/claim-substantiation.json","name":"Policy Window — per-claim prose substantiation","description":"What fraction of each article's developed-prose factual claims carry an inline citation, and which specific sentences are uncited. Heuristic, deterministic claim-detection (a measured signal, not a proof); the coverage matrix is separately 100% primary-source-cited (see /wiki/verification). Re-derivable.","docs":"https://policywindow.org/wiki/claim-substantiation","method":"Per published article, the developed bodySections are split into sentences; a sentence making a CHECKABLE factual claim must carry a citation anchor. externalRate (the headline) counts only INDEPENDENT citations (DOI/arXiv/author-year or a named external instrument); a bare provision pinpoint (Art./§) of the article's own statute is a self-reference, counted separately in pinpointOnly and the looser any-citation rate, never in externalRate. uncited = factual sentences with no anchor at all.","summary":{"articles":105,"factualSentences":1437,"externallyCitedFactualSentences":929,"pinpointOnlyFactualSentences":193,"citedFactualSentences":1122,"externalRate":0.646,"rate":0.781,"uncitedClaims":315,"fullySubstantiatedArticles":11},"articles":[{"kind":"instrument","slug":"eu-ai-act","title":"EU AI Act","factualSentences":26,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":9,"citedFactualSentences":20,"externalRate":0.423,"rate":0.769,"uncited":[{"section":"Cross-jurisdiction position: the only binding horizontal regime","sentence":"China's regime is binding but vertical and rolled out piecemeal — the Interim Measures for the Management of Generative AI Services (effective 15 August 2023) target public-facing generative services with content-control and security-assessment duties, and scholarship reads them partly as a pro-growth signalling device rather than a comprehensive risk framework (Zhang, 'The Promise and Perils of China's Regulation of Artificial Intelligence,' Columbia J."},{"section":"Cross-jurisdiction position: the only binding horizontal regime","sentence":"The United States lacks a federal counterpart: a market-led posture was reinforced when the January 2025 executive order rescinded prior safeguards, and the December 2025 'national policy framework' order directed agencies to contest divergent state laws (90 Fed."},{"section":"Cross-jurisdiction position: the only binding horizontal regime","sentence":"The Council of Europe's Framework Convention on AI (CETS No. 225, opened for signature 5 September 2024) is binding by ratification but principles-based and rights-focused, lacking the Act's granular conformity machinery (Council of Europe 2024, CETS No. 225)."},{"section":"Implementation and trajectory: staggered timeline and the Digital Omnibus","sentence":"The Act entered into force on 1 August 2024 (twenty days after Official Journal publication of Reg."},{"section":"Implementation and trajectory: staggered timeline and the Digital Omnibus","sentence":"A provisional inter-institutional agreement reached on 7 May 2026 deferred the high-risk deadlines — Annex III obligations from 2 August 2026 to 2 December 2027 (a 16-month slip tied to standards availability), and Annex I obligations from 2 August 2027 to 2 August 2028 — while adding targeted measures such as a ban on 'nudifier' applications (European Parliament press release, 23 March 2026)."},{"section":"Implementation and trajectory: staggered timeline and the Digital Omnibus","sentence":"Early enforcement has nonetheless begun under the in-force prohibition and GPAI tiers, with reported market-surveillance scrutiny of large platforms (Council of the EU press release, 7 May 2026)."}]},{"kind":"instrument","slug":"us-eo-14110","title":"Executive Order 14110 on Safe, Secure, Trustworthy AI","factualSentences":26,"externallyCitedFactualSentences":10,"pinpointOnlyFactualSentences":8,"citedFactualSentences":18,"externalRate":0.385,"rate":0.692,"uncited":[{"section":"Operative mechanics","sentence":"Reg. 75191 (Nov. 1, 2023)) operated chiefly as a tasking instrument that directed federal agencies to produce binding sub-regulation, rather than imposing duties directly on developers."},{"section":"Cross-jurisdiction position","sentence":"Relative to the Council of Europe Framework Convention on AI (CETS No. 225, 2024), EO 14110 was narrower, focused on a national-security and standards agenda rather than human-rights treaty obligations."},{"section":"Key fault lines and critiques","sentence":"A second fault line is institutional legitimacy: commentators questioned grounding economy-wide AI reporting in the Defense Production Act, a Korean-War-era statute, rather than tailored legislation (CRS Report R47843, 2023)."},{"section":"Implementation and trajectory","sentence":"Implementation proceeded rapidly through 2024."},{"section":"Implementation and trajectory","sentence":"The trajectory then inverted: President Trump revoked EO 14110 on January 20, 2025, and issued EO 14179, \"Removing Barriers to American Leadership in Artificial Intelligence,\" 90 Fed."},{"section":"Implementation and trajectory","sentence":"Reg. 8741 (Jan. 31, 2025), directing agencies to suspend, revise, or rescind actions taken under the prior Order."},{"section":"Implementation and trajectory","sentence":"The successor policy was reframed around innovation and classified cyber-capability benchmarking — see EO of June 2026, \"Promoting Advanced Artificial Intelligence Innovation and Security,\" 91 Fed."},{"section":"Implementation and trajectory","sentence":"(June 5, 2026) — replacing a fixed compute threshold with a discretionary, classified \"covered frontier model\" designation (Wiley, 2026; Greenberg Traurig, 2026)."}]},{"kind":"instrument","slug":"us-eo-14179","title":"Executive Order 14179 — Removing Barriers to American Leadership in AI","factualSentences":17,"externallyCitedFactualSentences":9,"pinpointOnlyFactualSentences":1,"citedFactualSentences":10,"externalRate":0.529,"rate":0.588,"uncited":[{"section":"Operative Mechanics: A Deregulatory Directive, Not a Substantive Mandate","sentence":"Reg. 8741 (Jan. 31, 2025), operates almost entirely as an instrument of repeal and internal tasking rather than substantive regulation."},{"section":"Operative Mechanics: A Deregulatory Directive, Not a Substantive Mandate","sentence":"Its text rescinds the regulatory-burden provisions of the prior EO 14110 and directs OMB, OSTP, and the NSC to identify and remove barriers to AI development, but it imposes no new obligations on developers or deployers."},{"section":"Implementation Trajectory: A Live Order Spawning a Broader Arc","sentence":"EO 14179 remains in force, but its significance is increasingly as a launch point rather than a self-contained measure."},{"section":"Implementation Trajectory: A Live Order Spawning a Broader Arc","sentence":"Its own text imposes no new obligations; the action it generates flows downstream through 'Winning the Race: America's AI Action Plan' (Jul. 23, 2025) and follow-on efforts toward federal preemption of state AI law — a trajectory toward consolidating governance authority nationally and pre-empting subnational experimentation."},{"section":"The Downstream Record: A 180-Day Mandate and the Preemption Offensive","sentence":"Reg. 8741, sec. 4). 'Winning the Race: America's AI Action Plan' followed on July 23, 2025, identifying more than 90 federal policy actions under three pillars - Accelerating AI Innovation, Building American AI Infrastructure, and Leading in International AI Diplomacy and Security (America's AI Action Plan, Jul. 23, 2025) - converting an order with no operative mandates of its own into an executive-branch work program."},{"section":"The Downstream Record: A 180-Day Mandate and the Preemption Offensive","sentence":"Executive Order 14365, 'Ensuring a National Policy Framework for Artificial Intelligence' (Dec. 11, 2025), directs the Attorney General to establish within 30 days an AI Litigation Task Force whose sole responsibility is to challenge state AI laws - on grounds including unconstitutional regulation of interstate commerce, federal preemption, and the First Amendment - and directs the Commerce Secretary to publish within 90 days an evaluation identifying 'onerous' state laws for referral to the Task Force, including laws that 'require AI models to alter their truthful outputs' (Exec."},{"section":"The Downstream Record: A 180-Day Mandate and the Preemption Offensive","sentence":"An order whose own text imposed no obligations has, through its progeny, become the axis of the sharpest federal-state confrontation in US technology policy: deregulatory toward industry, aggressively interventionist toward the states, and substituting litigation and funding conditions for the rulemaking it forswears."}]},{"kind":"instrument","slug":"uk-ai-white-paper","title":"UK Pro-Innovation Approach to AI Regulation (White Paper)","factualSentences":14,"externallyCitedFactualSentences":12,"pinpointOnlyFactualSentences":0,"citedFactualSentences":12,"externalRate":0.857,"rate":0.857,"uncited":[{"section":"What the White Paper Commits To","sentence":"Published as CP 815 (2023) on 29 March 2023, the Pro-Innovation Approach is a policy statement, not a statute: it declines to create a bespoke AI law or a central regulator and instead delegates five cross-sectoral principles to existing bodies."},{"section":"Adoption Trajectory","sentence":"Though formally in force since 2023, the White Paper's trajectory has been one of institutional accretion rather than legislative hardening."}]},{"kind":"instrument","slug":"china-genai-measures","title":"Interim Measures for Generative AI Service Management","factualSentences":22,"externallyCitedFactualSentences":14,"pinpointOnlyFactualSentences":7,"citedFactualSentences":21,"externalRate":0.636,"rate":0.955,"uncited":[{"section":"Key fault lines and critiques","sentence":"Scholarship identifies a marked softening between the April 2023 draft and the final text, read by some as the state privileging industrial competitiveness over strict control."}]},{"kind":"instrument","slug":"g7-hiroshima-code","title":"G7 Hiroshima AI Process Code of Conduct","factualSentences":13,"externallyCitedFactualSentences":9,"pinpointOnlyFactualSentences":0,"citedFactualSentences":9,"externalRate":0.692,"rate":0.692,"uncited":[{"section":"What the Code Commits Signatories To","sentence":"Adopted on 30 October 2023 under the G7 Hiroshima AI Process, the Code of Conduct is an eleven-action voluntary instrument addressed to organisations developing the most advanced AI systems (foundation models and generative AI)."},{"section":"What the Reporting Framework Has Revealed","sentence":"Alongside lifecycle risk identification and mitigation, vulnerability monitoring, public capability reporting, information sharing, governance policies, security controls and provenance mechanisms such as watermarking (actions 1-7), signatories commit to prioritise research on societal and safety risks (action 8), prioritise AI development for global challenges such as the climate crisis, global health and education (action 9), advance international technical standards (action 10) and implement data-input protections for privacy and intellectual property (action 11) (Hiroshima Process International Code of Conduct, 30 October 2023)."},{"section":"What the Reporting Framework Has Revealed","sentence":"On 24 April 2025 the OECD published first submissions from 19 organisations - OpenAI, Google, Microsoft and Anthropic alongside Japanese adopters such as Fujitsu, NEC, NTT and SoftBank - detailing risk-assessment, governance and incident-sharing practices (OECD.AI, 24 April 2025)."},{"section":"What the Reporting Framework Has Revealed","sentence":"Framework 2.0, launched 28 May 2026 at the Paris G7 Digital and Tech Ministerial with more than 50 pledged submitters including Amazon, Mistral AI and Cohere, answers that critique with lifecycle role distinctions, simplified small-organisation reporting and a 1 September 2026 deadline with annual updates (OECD.AI, 28 May 2026) - a scale-up that will test whether broader participation can mature into the verification the Code still lacks."}]},{"kind":"instrument","slug":"oecd-ai-principles","title":"OECD AI Principles (Recommendation)","factualSentences":14,"externallyCitedFactualSentences":8,"pinpointOnlyFactualSentences":0,"citedFactualSentences":8,"externalRate":0.571,"rate":0.571,"uncited":[{"section":"What the Recommendation Commits To","sentence":"Adopted 22 May 2019 as OECD/LEGAL/0449, the Recommendation is the first intergovernmental AI standard, structured around five value-based principles for trustworthy AI plus five policy recommendations to governments."},{"section":"Inside the 2023-24 Revisions and the Monitoring Record","sentence":"The text has been amended twice since 2019, and the revisions repay close reading."},{"section":"Inside the 2023-24 Revisions and the Monitoring Record","sentence":"On 8 November 2023 the OECD Council rewrote the definition of an AI system as \"a machine-based system that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments,\" adding inference, implicit objectives, and post-deployment \"autonomy and adaptiveness\" while removing the 2019 stipulation that objectives be human-defined (OECD Artificial Intelligence Papers No. 8, 2024) - upstream repair on the definitional instability binding regimes inherit."},{"section":"Inside the 2023-24 Revisions and the Monitoring Record","sentence":"On 3 May 2024, acting on the 2024 Report to Council, the Council, meeting at Ministerial level, revised the Recommendation for the generative-AI era (OECD/LEGAL/0449, as amended 3 May 2024)."},{"section":"Inside the 2023-24 Revisions and the Monitoring Record","sentence":"Monitoring, too, has reportable outputs: the stocktaking report declassified on 31 August 2023 counted over 930 AI policy initiatives across 70 jurisdictions reported to the OECD.AI Policy Observatory (launched February 2020) by May 2023, including more than 50 national strategic and government-wide initiatives on trustworthy AI, against only a few in 2017 (OECD Artificial Intelligence Papers No. 3, 2023)."},{"section":"Inside the 2023-24 Revisions and the Monitoring Record","sentence":"Those figures measure diffusion, not adherence: the observatory counts initiatives, not compliance."}]},{"kind":"instrument","slug":"coe-ai-convention","title":"Council of Europe Framework Convention on AI","factualSentences":23,"externallyCitedFactualSentences":9,"pinpointOnlyFactualSentences":10,"citedFactualSentences":19,"externalRate":0.391,"rate":0.826,"uncited":[{"section":"Cross-jurisdiction position","sentence":"The EU's own ratification (reported 15 May 2026, coe.int) positions the AI Act as the EU's chief instrument of compliance, making the Convention a normative floor rather than a parallel regime; commentators frame it as a potential \"anchor\" for interoperability among non-EU jurisdictions lacking an AI Act equivalent (ENSURED policy brief, ensuredeurope.eu)."},{"section":"Implementation and trajectory","sentence":"The Convention was adopted by the Committee of Ministers on 17 May 2024 and opened for signature in Vilnius on 5 September 2024, drawing inaugural signatures from CoE members and non-members including the United States, the United Kingdom, the EU and Israel (coe.int/en/web/artificial-intelligence; eucrim anniversary note, 30 Sep 2025)."},{"section":"Implementation and trajectory","sentence":"Secondary trackers report the threshold was met in 2025 with entry into force on 1 November 2025 — ratifications attributed to the United Kingdom, France, Norway and others — and the European Union depositing its ratification on 15 May 2026 (coe.int; CAIDP)."},{"section":"Implementation and trajectory","sentence":"Note a currency caveat: as of this review the Council of Europe Treaty Office chart for Treaty 225 could not be independently confirmed via automated retrieval (the primary source blocks crawlers), so the in-force status is reported here on secondary-source authority pending named-editor confirmation against the official chart (coe.int/en/web/Conventions/full-list, treatynum=225)."}]},{"kind":"instrument","slug":"un-ai-resolution-2024","title":"UN GA Resolution on Safe, Secure, Trustworthy AI","factualSentences":14,"externallyCitedFactualSentences":12,"pinpointOnlyFactualSentences":0,"citedFactualSentences":12,"externalRate":0.857,"rate":0.857,"uncited":[{"section":"Operative Mechanics: Hortatory Architecture and the Limits of Consensus","sentence":"A/RES/78/265, adopted by consensus on 21 March 2024, is a non-binding General Assembly resolution: its operative verbs are \"calls upon,\" \"encourages,\" and \"emphasizes,\" creating no legal duties."},{"section":"Implementation Trajectory: Superseded as the UN's Leading Edge","sentence":"By 2026 the resolution has been overtaken as the UN's frontier instrument while remaining in force as foundational text."}]},{"kind":"instrument","slug":"nist-ai-rmf","title":"NIST AI Risk Management Framework","factualSentences":9,"externallyCitedFactualSentences":5,"pinpointOnlyFactualSentences":0,"citedFactualSentences":5,"externalRate":0.556,"rate":0.556,"uncited":[{"section":"Operative Mechanics","sentence":"Published as NIST AI 100-1 on 26 January 2023, the AI Risk Management Framework is a voluntary, non-binding technical standard organised around four iterative functions — Govern, Map, Measure, Manage — that operationalise seven \"trustworthy\" characteristics."},{"section":"Operative Mechanics","sentence":"Govern is foundational: GOVERN 1.3 requires organisations to set \"risk management activities based on the organization's risk tolerance,\" leaving the tolerance threshold to the adopter rather than a regulator."},{"section":"Operative Mechanics","sentence":"The 2024 Generative AI Profile (NIST AI 600-1) layers GPAI-specific guidance over this scaffold without altering its voluntary core."},{"section":"Implementation Trajectory","sentence":"The RMF remains in force and is evolving by accretion rather than amendment: the 2024 GenAI Profile (NIST AI 600-1) bolted GPAI-specific guidance onto the original four functions, addressing synthetic-content provenance that the base text handled only implicitly through MEASURE 2.8's transparency-risk documentation."}]},{"kind":"instrument","slug":"bletchley-declaration","title":"Bletchley Declaration on AI Safety","factualSentences":12,"externallyCitedFactualSentences":10,"pinpointOnlyFactualSentences":0,"citedFactualSentences":10,"externalRate":0.833,"rate":0.833,"uncited":[{"section":"What the Declaration Commits To","sentence":"The Bletchley Declaration (UK AI Safety Summit, 1 Nov 2023) is a voluntary, non-binding consensus statement rather than an instrument with operative articles, so its commitments are framed as shared understandings, not enforceable duties — its text is flowing prose, with no numbered sections."},{"section":"Standing Relative to Binding Law","sentence":"Some scholars argue customary international law already imposes a precautionary duty to regulate catastrophic AI risk (Druzin, Boute & Ramsden 2025), implying Bletchley underdelivers against an existing obligation rather than creating a new one."}]},{"kind":"instrument","slug":"seoul-declaration","title":"Seoul Declaration on Safe, Innovative and Inclusive AI","factualSentences":9,"externallyCitedFactualSentences":8,"pinpointOnlyFactualSentences":0,"citedFactualSentences":8,"externalRate":0.889,"rate":0.889,"uncited":[{"section":"What the Declaration Commits To","sentence":"Adopted 22 May 2024 as the Bletchley follow-up, the Seoul Declaration is a ministerial voluntary instrument paired with the Frontier AI Safety Commitments signed by 16 frontier-AI developers."}]},{"kind":"instrument","slug":"nist-ai-rmf-genai-profile","title":"NIST AI RMF Generative AI Profile","factualSentences":13,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":1,"citedFactualSentences":12,"externalRate":0.846,"rate":0.923,"uncited":[{"section":"Implementation Trajectory and Political Headwinds","sentence":"As of June 2026 the July 2024 Profile remains the active version, but its trajectory is unsettled."}]},{"kind":"instrument","slug":"ca-sb-1047","title":"California SB-1047: Safe and Secure Innovation for Frontier AI Models Act","factualSentences":12,"externallyCitedFactualSentences":7,"pinpointOnlyFactualSentences":2,"citedFactualSentences":9,"externalRate":0.583,"rate":0.75,"uncited":[{"section":"Operative Mechanics: A Compute-and-Cost Threshold Never Brought Into Force","sentence":"SB-1047 passed both chambers of the California legislature in late August 2024 (Assembly 28 August, Senate concurrence 29 August) but was vetoed by Governor Newsom on 29 September 2024, so its mechanics describe a regime that never took effect."},{"section":"Implementation Trajectory: From Veto to the Enforceable SB-53 Successor","sentence":"Although vetoed, SB-1047 is cited in nearly every 2024–2025 AI governance review as the most consequential US state intervention, shaping the agenda even in defeat."},{"section":"Implementation Trajectory: From Veto to the Enforceable SB-53 Successor","sentence":"Wiener's pared-back successor, SB-53 (Transparency in Frontier AI Act), was signed by Newsom on 29 September 2025 — the first enforceable US state frontier-AI safety law, most provisions effective 1 January 2026 (Office of Governor Newsom 2025)."}]},{"kind":"instrument","slug":"india-dpdpa","title":"India Digital Personal Data Protection Act + AI Advisory (MEITY)","factualSentences":14,"externallyCitedFactualSentences":8,"pinpointOnlyFactualSentences":2,"citedFactualSentences":10,"externalRate":0.571,"rate":0.714,"uncited":[{"section":"Operative Mechanics: A Data-Protection Statute Doing AI's Regulatory Work","sentence":"India regulates AI not through a dedicated AI law but through the Digital Personal Data Protection Act, 2023, layered with non-statutory MEITY advisories."},{"section":"Operative Mechanics: A Data-Protection Statute Doing AI's Regulatory Work","sentence":"The MEITY advisories of March 2024 attempted to bolt AI-specific duties (transparency labelling, synthetic-content controls) onto this base, but as administrative guidance rather than statute they lack the Act's enforceability — a structural mismatch between the regulatory ambition and the binding instrument carrying it."},{"section":"Cross-Jurisdiction Position: Development-First Sovereignty Against the EU Model","sentence":"Where the EU AI Act erects ex-ante obligations on general-purpose models, India's MEITY explicitly retreated from that path: the 1 March 2024 advisory's pre-deployment-approval requirement was superseded on 15 March 2024 by a revised advisory that dropped the approval requirement and emphasised AI-content labelling."},{"section":"Implementation Trajectory: From Paused AI Law to Phased Rules and Labelling Mandates","sentence":"Governing 1.4 billion people, India's incrementalism makes it the largest live test of data-protection-as-AI-governance."}]},{"kind":"instrument","slug":"brazil-ai-bill","title":"Brazil AI Bill (PL 2338/2023)","factualSentences":14,"externallyCitedFactualSentences":9,"pinpointOnlyFactualSentences":2,"citedFactualSentences":11,"externalRate":0.643,"rate":0.786,"uncited":[{"section":"Operative Mechanics and Risk Architecture","sentence":"PL 2338/2023 builds a tiered, risk-based regime."},{"section":"Legislative Status and Trajectory","sentence":"Critically, PL 2338/2023 is not law."},{"section":"Legislative Status and Trajectory","sentence":"The Senate approved it in December 2024, but as of June 2026 it remains pending in the Chamber of Deputies, where a Special Committee created in April 2025 (rapporteur Aguinaldo Ribeiro) still awaits the rapporteur's report; the floor vote slipped from late 2025 to a planned 2026 Special Committee vote targeted around June 2026, leaving the bill unenacted (Senate Bill PL 2338/2023)."}]},{"kind":"instrument","slug":"asean-ai-guide","title":"ASEAN Guide on AI Governance and Ethics","factualSentences":10,"externallyCitedFactualSentences":6,"pinpointOnlyFactualSentences":0,"citedFactualSentences":6,"externalRate":0.6,"rate":0.6,"uncited":[{"section":"What the Guide Commits Member States To","sentence":"Adopted by the ASEAN Digital Ministers Meeting on 2 February 2024, the Guide is a non-binding instrument for all ten member states."},{"section":"What the Guide Commits Member States To","sentence":"The 2024 Guide remains in force; the later texts complement rather than supersede it, leaving a layered but uniformly voluntary edifice."},{"section":"Critiques and Operational Gaps","sentence":"The Guide's flexibility is its central fault line: without thresholds or compliance machinery, transparency and explainability remain aspirational, and its generative-AI coverage — added only in the 2025 Expanded Guide — carries 'flexible implementation expectations'."},{"section":"Adoption Trajectory and Sovereignty Stakes","sentence":"Trajectory points toward institutional thickening without hardening: the 2025 Expanded Guide and the Responsible AI Roadmap (2025-2030) extend scope and add capacity-building, yet preserve the voluntary character throughout."}]},{"kind":"instrument","slug":"au-continental-ai-strategy","title":"African Union Continental AI Strategy","factualSentences":15,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":0,"citedFactualSentences":11,"externalRate":0.733,"rate":0.733,"uncited":[{"section":"What the Strategy Commits To","sentence":"Adopted by the Executive Council's 45th Ordinary Session on 18-19 July 2024, the Continental AI Strategy is a non-binding framework for all 55 AU member states."},{"section":"What the Strategy Commits To","sentence":"Its substance is organised around five focus areas (harnessing benefits, building capabilities, minimising risks, stimulating investment, fostering cooperation): building continental compute, data infrastructure and skills; an implicit training-data baseline anchored to the AU's Malabo Convention (2014); and coordination with UN GA AI resolutions and the AU-EU AI Working Group."},{"section":"Standing Relative to Binding Law","sentence":"The Strategy is hortatory, not enforceable: it sets no obligations, sanctions, or conformity-assessment machinery, and is operationalised only through downstream national strategies (Egypt 2030, Kenya AI Roadmap, South Africa's NAIPF)."},{"section":"Adoption Trajectory","sentence":"Implementation follows a five-year plan: Phase 1 (2025-2026) targets governance structures, national strategies, and resource mobilisation, with a 2027 review preceding Phase 2 from 2028."}]},{"kind":"instrument","slug":"anthropic-rsp","title":"Anthropic Responsible Scaling Policy (RSP) v2","factualSentences":10,"externallyCitedFactualSentences":9,"pinpointOnlyFactualSentences":0,"citedFactualSentences":9,"externalRate":0.9,"rate":0.9,"uncited":[{"section":"Adoption Trajectory and Superseded Status","sentence":"Analysts must therefore treat v2's ASL-3/ASL-4 threshold text as historical, two major versions out of date."}]},{"kind":"instrument","slug":"openai-preparedness","title":"OpenAI Preparedness Framework","factualSentences":11,"externallyCitedFactualSentences":7,"pinpointOnlyFactualSentences":0,"citedFactualSentences":7,"externalRate":0.636,"rate":0.636,"uncited":[{"section":"What the Framework Commits To","sentence":"As originally published (18 Dec 2023), it scored frontier models on four risk categories — cybersecurity, CBRN, persuasion, and model autonomy — across four categorical tiers (Low, Medium, High, Critical), with pre-deployment evaluation gating release."},{"section":"Critiques and Structural Gaps","sentence":"The Framework's governance of catastrophic risk is self-certified: the same firm shipping the model also adjudicates its threshold, a posture critics contrast with the international precautionary obligation to regulate extinction-level AI (Druzin et al. 2025, Mich."},{"section":"Adoption and Versioning Trajectory","sentence":"The originally-published December 2023 version analysed above was superseded by Preparedness Framework v2 on 15 April 2025: v2 collapsed the four capability levels to two gating thresholds (High and Critical), reset the named categories to three Tracked Categories — Biological and Chemical, Cybersecurity, and AI Self-improvement — and notably moved persuasion out of the framework entirely."},{"section":"Adoption and Versioning Trajectory","sentence":"Citers tracking specific threshold language or risk-category coverage (e.g. the persuasion/elections nexus) must confirm against the current published version, since the 2023 row no longer reflects live commitments."}]},{"kind":"instrument","slug":"deepmind-fsf","title":"Google DeepMind Frontier Safety Framework","factualSentences":13,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":0,"citedFactualSentences":11,"externalRate":0.846,"rate":0.846,"uncited":[{"section":"What the Framework Commits To","sentence":"The Frontier Safety Framework (FSF), published 17 May 2024 and effective across Google DeepMind frontier-model releases, is a voluntary corporate code, not statute — it carries no formal article or section numbers, so its obligations are stated as protocol paragraphs rather than enumerated provisions."},{"section":"Adoption and Versioning Trajectory","sentence":"Whether voluntary frameworks converge toward the precautionary state obligation argued by (Druzin et al. 2025, Mich."}]},{"kind":"instrument","slug":"meta-frontier-ai-framework","title":"Meta Frontier AI Framework","factualSentences":10,"externallyCitedFactualSentences":9,"pinpointOnlyFactualSentences":0,"citedFactualSentences":9,"externalRate":0.9,"rate":0.9,"uncited":[{"section":"What the Framework Commits To","sentence":"Published 2025-02-03, Meta's Frontier AI Framework is a voluntary corporate code, not statute, so it carries no section numbers — its obligations are stated as paragraphs of intent."}]},{"kind":"instrument","slug":"uk-us-aisi-mou","title":"UK-US AI Safety Institute Memorandum of Understanding","factualSentences":7,"externallyCitedFactualSentences":5,"pinpointOnlyFactualSentences":0,"citedFactualSentences":5,"externalRate":0.714,"rate":0.714,"uncited":[{"section":"Operative Mechanics","sentence":"Signed 1 April 2024, the MoU is the first bilateral instrument dedicated to frontier-AI safety, committing the two AI Safety Institutes to coordinated pre-deployment evaluations, red-team data sharing, and methodological alignment on capability elicitation across at least one major frontier-model release."},{"section":"Operative Mechanics","sentence":"Agentic-behaviour testing is likewise folded into capability evaluation rather than separately mandated."}]},{"kind":"instrument","slug":"wh-voluntary-2023","title":"White House Voluntary AI Commitments","factualSentences":12,"externallyCitedFactualSentences":8,"pinpointOnlyFactualSentences":2,"citedFactualSentences":10,"externalRate":0.667,"rate":0.833,"uncited":[{"section":"What the Commitments Actually Commit To","sentence":"Announced 2023-07-21 across two tranches (seven July signatories, eight in September; fifteen total, including Anthropic, OpenAI, Google DeepMind, Microsoft, Meta and Nvidia), the commitments organise into eight pledges spanning safety, security and trust."},{"section":"Adoption Trajectory and Current Standing","sentence":"The durable legacy is upward: the Seoul Frontier AI Safety Commitments inherited the template, reflecting the precautionary state duty to regulate catastrophic AI risk argued by Druzin et al. 2025 (repository.law.umich.edu/mjil/vol46/iss2/2)."}]},{"kind":"instrument","slug":"singapore-model-ai-governance","title":"Singapore Model AI Governance Framework for Generative AI","factualSentences":10,"externallyCitedFactualSentences":7,"pinpointOnlyFactualSentences":0,"citedFactualSentences":7,"externalRate":0.7,"rate":0.7,"uncited":[{"section":"What the Framework Commits To","sentence":"Adopted 30 May 2024 by IMDA and the AI Verify Foundation, the Model AI Governance Framework for Generative AI is a voluntary code updating the 2020 framework (v2)."},{"section":"What the Framework Commits To","sentence":"It carries no numbered articles and imposes no legal duty; commitments are aspirational practices, not enforceable obligations."},{"section":"Adoption Trajectory","sentence":"The framework remains in force in 2026 and has acquired influence disproportionate to its non-binding status, cited as the ASEAN-aligned reference for technically-grounded governance and aligned with the G7 Hiroshima Code and OECD AI Principles (OECD.AI 2024)."}]},{"kind":"instrument","slug":"japan-meti-ai-guidelines","title":"Japan METI AI Guidelines for Business","factualSentences":16,"externallyCitedFactualSentences":12,"pinpointOnlyFactualSentences":1,"citedFactualSentences":13,"externalRate":0.75,"rate":0.813,"uncited":[{"section":"What the Guidelines Commit To","sentence":"The METI/MIC AI Guidelines for Business v1.0 (adopted 19 April 2024) consolidate Japan's earlier AI R&D Principles (2017) and AI Utilization Guidelines (2019) into one business-facing framework organised around ten core principles spanning fair competition, accountability, transparency, education-literacy, and AI safety."},{"section":"Critiques and Coverage Gaps","sentence":"The chief critique is enforceability: principles on transparency and accountability are aspirational, so provenance and watermarking obligations enter only implicitly via Hiroshima-alignment reference incorporation rather than mandate."},{"section":"Adoption Trajectory","sentence":"The framework is actively maintained: after interim v1.01 (22 November 2024), METI and MIC published Version 1.1 on 28 March 2025, adding guidance on retrieval-augmented generation, AI agents, code-generation tools, and multimodal-AI risks while preserving the voluntary soft-law structure."}]},{"kind":"instrument","slug":"gdpr","title":"General Data Protection Regulation (GDPR)","factualSentences":26,"externallyCitedFactualSentences":12,"pinpointOnlyFactualSentences":9,"citedFactualSentences":21,"externalRate":0.462,"rate":0.808,"uncited":[{"section":"Cross-jurisdiction position","sentence":"GDPR is the global reference point against which most peer regimes are read, a dynamic Bradford (2020) theorised as the \"Brussels Effect\": the de facto export of EU standards through market access and compliance economies of scale (Anu Bradford, *The Brussels Effect*, OUP 2020)."},{"section":"Key fault lines and critiques","sentence":"Wachter and Mittelstadt, now joined by Chris Russell, later proposed *counterfactual explanations* as a route compatible with the text without opening the black box (Wachter, Mittelstadt & Russell, \"Counterfactual Explanations Without Opening the Black Box,\" *Harvard Journal of Law & Technology* 31(2):841-887, 2018) (SSRN 3063289)."},{"section":"Implementation and trajectory","sentence":"GDPR has been in force since 25 May 2018 and remains, as of mid-2026, unamended in its consolidated text, but enforcement and reform are both intensifying."},{"section":"Implementation and trajectory","sentence":"The single largest penalty remains the EUR 1.2bn imposed on Meta in 2023 for unlawful EU-US data transfers via SCCs, following an EDPB binding decision of 13 April 2023 (edpb.europa.eu); 2024 brought two further headline DPC penalties — EUR 310m against LinkedIn (dataprotection.ie, 24 Oct 2024) for an unlawful behavioural-advertising basis, and EUR 251m against Meta (dataprotection.ie, 17 Dec 2024) over the 2018 Facebook token-exposure breach."},{"section":"Implementation and trajectory","sentence":"Civil-society and academic commentators warn the package risks diluting core safeguards, framing the live question for 2026-2027 as whether GDPR's rights baseline can be reconciled with the EU's competitiveness-driven AI agenda."}]},{"kind":"instrument","slug":"gpai-code-of-practice","title":"EU General-Purpose AI Code of Practice","factualSentences":13,"externallyCitedFactualSentences":9,"pinpointOnlyFactualSentences":3,"citedFactualSentences":12,"externalRate":0.692,"rate":0.923,"uncited":[{"section":"Standing Relative to Binding Law","sentence":"The Code is a voluntary instrument, not a regulation: providers may demonstrate compliance by alternative means."}]},{"kind":"instrument","slug":"omb-m-24-10","title":"OMB Memorandum M-24-10 (Advancing Governance, Innovation, and Risk Management for Agency Use of AI)","factualSentences":6,"externallyCitedFactualSentences":2,"pinpointOnlyFactualSentences":3,"citedFactualSentences":5,"externalRate":0.333,"rate":0.833,"uncited":[{"section":"Operative Mechanics: Three Pillars and the Risk-Management Floor","sentence":"Issued March 28, 2024 under the Director of the Office of Management and Budget's authority to bind covered executive agencies, M-24-10 operationalizes Executive Order 14110 through three pillars: governance (Chief AI Officers and AI Governance Boards), responsible innovation, and risk management."}]},{"kind":"instrument","slug":"gsa-ai-acquisition-guide","title":"GSA Generative AI and Specialized Computing Infrastructure Acquisition Resource Guide","factualSentences":18,"externallyCitedFactualSentences":7,"pinpointOnlyFactualSentences":5,"citedFactualSentences":12,"externalRate":0.389,"rate":0.667,"uncited":[{"section":"What the Guide Directs Agencies to Do","sentence":"Issued April 29, 2024 (GSA, Generative AI and Specialized Computing Infrastructure Acquisition Resource Guide), the Guide operates through procurement plumbing rather than command."},{"section":"What the Guide Directs Agencies to Do","sentence":"It routes generative-AI and foundation-model buys as a discrete acquisition category, mapping them onto existing governmentwide vehicles — MAS IT and the Best-in-Class GWACs — so agencies can channel and surface AI spend through established channels, though the primary text itself enumerates no Special Item Numbers (see the primary-text section below)."},{"section":"What the Primary Text Actually Contains","sentence":"The introduction labels it \"version 1.0\", offers \"prompts to consider and frame your thinking\" rather than \"directive recommendations\", and states: \"This content is non-binding\" (GSA GenAI Guide v1.0 Introduction, Apr. 29, 2024)."},{"section":"What the Primary Text Actually Contains","sentence":"The binding vendor-disclosure regime - agencies \"must consider\" requiring sub-group performance metrics and training-data \"source, provenance, selection, quality\" - arrived separately in OMB M-24-18, covering solicitations 180-plus days out and exempting National Security Systems (OMB M-24-18, Sept. 24, 2024)."},{"section":"What the Primary Text Actually Contains","sentence":"That layer proved as policy-contingent as feared: M-25-22 rescinded and replaced M-24-18 under EO 14179, pivoting to vendor lock-in protections and pre-award testing of \"high-impact AI\" from September 30, 2025 (OMB M-25-22, Apr. 3, 2025)."},{"section":"Adoption Trajectory and Outlook","sentence":"Because the Guide is operational rather than legislative, uptake hinges on agencies actually importing its due-diligence questions and suggested provisions into solicitation packages — the notes indicate agencies typically do, though the primary text itself ships no sample clauses and enumerates no SINs (see the primary-text section above), so any standardization channel, even absent a mandate, runs through the existing vehicles it maps rather than a dedicated SIN structure."}]},{"kind":"instrument","slug":"dod-rai-strategy","title":"DoD Responsible AI Strategy and Implementation Pathway","factualSentences":12,"externallyCitedFactualSentences":8,"pinpointOnlyFactualSentences":0,"citedFactualSentences":8,"externalRate":0.667,"rate":0.667,"uncited":[{"section":"What the Strategy Commits To","sentence":"The June 22, 2022 Strategy and Implementation Pathway (S&IP) is an internal DoD policy statement, not a statute, that operationalizes the five Ethical Principles for AI adopted Feb. 24, 2020 — Responsible, Equitable, Traceable, Reliable, Governable."},{"section":"Standing Relative to Binding Law","sentence":"It is deliberately distinct from DoDD 3000.09 (Autonomy in Weapon Systems), the directive that governs lethal-autonomy decisions and was separately updated in January 2023; the S&IP routes catastrophic and mission risk through the 'Reliable' principle and JCIDS validation while leaving LAWS-specific decisions to that directive (U.S."},{"section":"Standing Relative to Binding Law","sentence":"Department of Defense 2023)."},{"section":"Adoption Trajectory and Outlook","sentence":"Since adoption the S&IP has functioned as the connective tissue between the 2020 Ethical Principles and operational practice, with the CDAO consolidating governance authority and maintaining the RAI Toolkit as the living delivery vehicle — meaning the instrument's real bite evolves through toolkit revision rather than amendment of the strategy text."}]},{"kind":"instrument","slug":"fedramp-ai-guidance","title":"FedRAMP AI Cloud Procurement Guidance","factualSentences":15,"externallyCitedFactualSentences":6,"pinpointOnlyFactualSentences":1,"citedFactualSentences":7,"externalRate":0.4,"rate":0.467,"uncited":[{"section":"What the Guidance Commits To","sentence":"The guidance also cross-walks to OMB M-24-10 minimum practices for safety- and rights-impacting AI, positioning FedRAMP as the security gate beneath a separate governance gate - a cross-walk that now points at a rescinded target, since OMB M-25-21 rescinded and replaced M-24-10 in April 2025 (see the prioritization record below)."},{"section":"Standing Relative to Binding Law","sentence":"Its legal force derives from FedRAMP's authorisation mandate, not from new rulemaking, so it tailors existing obligations rather than creating fresh ones."},{"section":"Standing Relative to Binding Law","sentence":"Critically, FedRAMP authorisation enables but does not by itself approve a specific AI use case — the agency authorising official remains the operative gate, and OMB governance applies separately (originally via M-24-10, which M-25-21 rescinded and replaced in April 2025 - see the prioritization record below)."},{"section":"Adoption Trajectory and Outlook","sentence":"So far, though, that maturation is advancing outside FedRAMP: as the prioritization record below shows, the substantive SP 800-53 tailoring has migrated to NIST's COSAiS overlays, and the program's one concrete GenAI instrument - demand-keyed prioritization - was rescinded in January 2025."},{"section":"The Prioritization Experiment: What Concretely Changed","sentence":"The January 26, 2024 draft was unusually granular: eligible offerings had to run on a 'foundation model' with 'at least tens of billions of parameters,' make generative AI the primary purpose (capabilities 'embedded within a broader product' might not qualify), and cite at least one third-party benchmark from a named menu (WinoGrande, ARC-Challenge, HellaSwag, OpenBookQA, MMLU 5-shot, HumanEval, and MBPP for chat; HumanEval/MBPP for code; CLIPScore and X-IQE-Overall for images), disclosing any benchmark-developer affiliation (FedRAMP Draft Emerging Technology Prioritization Framework, Jan. 26, 2024)."},{"section":"The Prioritization Experiment: What Concretely Changed","sentence":"The final criteria gated the fast lane on demand, not security: a demand score of at least 3, with current federal customers worth 1 point each (minimum one), indirect 0.5, and potential 0.25 (FedRAMP Emerging Technologies Prioritization Criteria and Guidance V3, June 2024)."},{"section":"The Prioritization Experiment: What Concretely Changed","sentence":"Crucially, no AI control baseline was created: prioritization sat 'on top of existing FedRAMP Authorization paths' and moved vendors near the front of the queue - 'the authorization itself will take a similar amount of time' (FedRAMP Draft ET Prioritization Framework, Jan. 26, 2024)."},{"section":"The Prioritization Experiment: What Concretely Changed","sentence":"The governance gate moved too: OMB M-25-21 rescinded and replaced M-24-10, retaining Chief AI Officers and use-case inventories while narrowing minimum risk practices to 'high-impact' AI (OMB M-25-21, Apr. 3, 2025)."}]},{"kind":"instrument","slug":"dfars-252-204","title":"DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting)","factualSentences":7,"externallyCitedFactualSentences":6,"pinpointOnlyFactualSentences":0,"citedFactualSentences":6,"externalRate":0.857,"rate":0.857,"uncited":[{"section":"Operative Mechanics: CDI Safeguarding and 72-Hour Incident Reporting","sentence":"Clause 252.204-7012(b) imposes the substantive duty: contractors must \"provide adequate security on all covered contractor information systems … by implementing NIST Special Publication 800-171\" (revision 2)."}]},{"kind":"instrument","slug":"ca-sb-53","title":"California SB-53: Transparency in Frontier Artificial Intelligence Act (TFAIA)","factualSentences":15,"externallyCitedFactualSentences":9,"pinpointOnlyFactualSentences":4,"citedFactualSentences":13,"externalRate":0.6,"rate":0.867,"uncited":[{"section":"Operative Mechanics: A Disclosure Regime Keyed to Compute","sentence":"Stats. 2025, ch. 138), in force since Jan. 1, 2026, regulates a narrowly drawn class: 'frontier models' trained above 10^26 FLOP, including compute used in fine-tuning (Bus. & Prof."},{"section":"Operative Mechanics: A Disclosure Regime Keyed to Compute","sentence":"The statute thus substitutes mandated visibility for the substantive safety mandates of its vetoed predecessor SB 1047."}]},{"kind":"instrument","slug":"ca-sb-243","title":"California SB 243: Companion Chatbots","factualSentences":10,"externallyCitedFactualSentences":5,"pinpointOnlyFactualSentences":2,"citedFactualSentences":7,"externalRate":0.5,"rate":0.7,"uncited":[{"section":"Operative Mechanics","sentence":"Stats. 2025, ch. 677 and codified at Cal."},{"section":"Cross-Jurisdiction Position","sentence":"SB 243 occupies a distinct niche within California's 2025 AI legislative cluster."},{"section":"Cross-Jurisdiction Position","sentence":"As the first US state statute naming \"companion chatbots\" specifically, it pioneers a use-case-targeted model contrasting with capability-tiered frameworks, addressing a relational-harm vector that broad transparency mandates leave underspecified."}]},{"kind":"instrument","slug":"ca-sb-942","title":"California SB 942: AI Transparency Act","factualSentences":10,"externallyCitedFactualSentences":5,"pinpointOnlyFactualSentences":4,"citedFactualSentences":9,"externalRate":0.5,"rate":0.9,"uncited":[{"section":"Operative Mechanics: A Provenance-and-Disclosure Triad","sentence":"Stats. 2025, ch. 674) deferred the operative date for covered-provider duties to August 2, 2026."}]},{"kind":"instrument","slug":"eu-product-liability-directive","title":"Revised Product Liability Directive (Directive (EU) 2024/2853)","factualSentences":13,"externallyCitedFactualSentences":7,"pinpointOnlyFactualSentences":6,"citedFactualSentences":13,"externalRate":0.538,"rate":1,"uncited":[]},{"kind":"instrument","slug":"unesco-ai-ethics-recommendation","title":"UNESCO Recommendation on the Ethics of Artificial Intelligence","factualSentences":8,"externallyCitedFactualSentences":5,"pinpointOnlyFactualSentences":0,"citedFactualSentences":5,"externalRate":0.625,"rate":0.625,"uncited":[{"section":"What the Recommendation Commits Member States To","sentence":"Adopted by acclamation by all 193 Member States on 23 November 2021 (doc."},{"section":"What the Recommendation Commits Member States To","sentence":"SHS/BIO/PI/2021/1), the Recommendation is structured as four Values, a set of cross-cutting Principles, and eleven Areas of Policy Action."},{"section":"Legal Standing Relative to Binding Law","sentence":"Its hortatory phrasing—\"Member States should\"—signals aspiration rather than mandate."}]},{"kind":"instrument","slug":"eu-platform-work-directive","title":"Directive (EU) 2024/2831 on improving working conditions in platform work","factualSentences":11,"externallyCitedFactualSentences":7,"pinpointOnlyFactualSentences":2,"citedFactualSentences":9,"externalRate":0.636,"rate":0.818,"uncited":[{"section":"Key Fault-Lines and Critiques","sentence":"Transposition discretion before December 2026 is a further source of fragmentation risk."},{"section":"Implementation Trajectory","sentence":"Member States must transpose the Directive by 2 December 2026, and its substantive bite will depend on national choices about the presumption's triggers and the resourcing of labour inspectorates."}]},{"kind":"instrument","slug":"china-deep-synthesis-provisions","title":"Provisions on the Administration of Deep Synthesis of Internet Information Services","factualSentences":13,"externallyCitedFactualSentences":6,"pinpointOnlyFactualSentences":4,"citedFactualSentences":10,"externalRate":0.462,"rate":0.769,"uncited":[{"section":"Operative Mechanics: A Two-Tier Labelling Regime","sentence":"The Provisions (CAC Order No. 12, effective 10 January 2023) build a two-tier labelling regime over 'deep synthesis' services."},{"section":"Key Fault-Lines and Critiques","sentence":"The regime's central limitation is the technical fragility of the labels it mandates."},{"section":"The Harm Landscape the Labels Target","sentence":"The labelling mandate is best read as a response to the distinctive epistemic and dignitary harms of synthetic media."}]},{"kind":"topic","slug":"foundation-models","title":"Foundation Models / GPAI","factualSentences":17,"externallyCitedFactualSentences":9,"pinpointOnlyFactualSentences":4,"citedFactualSentences":13,"externalRate":0.529,"rate":0.765,"uncited":[{"section":"Trajectory: what is changing","sentence":"Foundation-model rules are in rapid flux, and several 2025-2026 developments postdate the coverage table's verdicts."},{"section":"Trajectory: what is changing","sentence":"The Commission's Digital Omnibus on AI, published 19 November 2025 and reaching provisional trilogue agreement on 7 May 2026, deferred the *high-risk* (Annex III) deadline from August 2026 to 2 December 2027 but left the GPAI obligations and their August 2025 start date intact."},{"section":"Trajectory: what is changing","sentence":"In the United States, the trajectory ran the other way: Executive Order 14110's 10^26-operation reporting trigger was rescinded by Executive Order 14148 (20 January 2025), with Executive Order 14179 (23 January 2025) setting the deregulatory posture — removing the federal model-level reporting framework without a binding replacement (90 Fed."},{"section":"Trajectory: what is changing","sentence":"California then partially filled the gap: Governor Newsom signed SB-53, the Transparency in Frontier Artificial Intelligence Act, on 29 September 2025 (effective 1 January 2026), requiring frontier developers to publish a safety framework, post pre-deployment reports, and report critical safety incidents (Office of Governor Newsom 2025)."}]},{"kind":"topic","slug":"biometric-id","title":"Biometric Identification","factualSentences":17,"externallyCitedFactualSentences":10,"pinpointOnlyFactualSentences":5,"citedFactualSentences":15,"externalRate":0.588,"rate":0.882,"uncited":[{"section":"Regulatory approaches","sentence":"(4) Sub-national prohibition: in the US, government use has been curbed not federally but by ordinance, beginning with San Francisco's 2019 ban on municipal-agency use (San Francisco Administrative Code, Stop Secret Surveillance Ordinance 2019; Ordinance No. 107-19)."},{"section":"Trajectory / what is changing","sentence":"In parallel, the Council of Europe Framework Convention on Artificial Intelligence (CETS No. 225) - which obliges parties to protect privacy and non-discrimination across the AI lifecycle (Arts. 10-11) - was opened for signature on 5 September 2024 (Council of Europe 2024); its entry into force requires five ratifications (including three Council of Europe members), and while some trackers report that threshold was reached in late 2025 with the European Union ratifying in 2026, this is not yet confirmed against the Council of Europe primary source."}]},{"kind":"topic","slug":"deepfakes","title":"Deepfakes / Synthetic Content","factualSentences":16,"externallyCitedFactualSentences":8,"pinpointOnlyFactualSentences":7,"citedFactualSentences":15,"externalRate":0.5,"rate":0.938,"uncited":[{"section":"Regulatory approaches: four distinct mechanisms","sentence":"(4) Notice-and-takedown: the US TAKE IT DOWN Act requires covered platforms to remove notified non-consensual intimate imagery, including digital forgeries, within 48 hours, enforced by the FTC (TAKE IT DOWN Act, Pub."}]},{"kind":"topic","slug":"employment","title":"AI in Employment","factualSentences":14,"externallyCitedFactualSentences":8,"pinpointOnlyFactualSentences":3,"citedFactualSentences":11,"externalRate":0.571,"rate":0.786,"uncited":[{"section":"Regulatory approaches","sentence":"A third modality is procedural transparency: New York City Local Law 144 (effective 1 Jan 2023; enforcement from 5 July 2023) mandates an annual independent bias audit and public posting for automated employment decision tools, plus 10-business-day candidate notice (NYC Admin."},{"section":"Key fault lines","sentence":"First is the architecture choice: ex-ante risk regulation (EU) versus ex-post liability under legacy civil-rights law (US sectoral) versus procedural audit mandates (NYC)."},{"section":"Trajectory — what is changing","sentence":"Reg.; EEOC website removal, Jan. 2025)."}]},{"kind":"topic","slug":"healthcare","title":"AI in Healthcare","factualSentences":15,"externallyCitedFactualSentences":9,"pinpointOnlyFactualSentences":3,"citedFactualSentences":12,"externalRate":0.6,"rate":0.8,"uncited":[{"section":"Regulatory approaches","sentence":"(EU) 2017/745) or IVDR (Reg."},{"section":"Regulatory approaches","sentence":"The MDCG/AI Board joint guidance MDCG 2025-6 confirms these AI Act duties (data governance, logging, human oversight, transparency) are to be discharged within the existing MDR/IVDR conformity-assessment procedure rather than through a parallel certification (MDCG 2025-6)."},{"section":"Trajectory — what is changing","sentence":"In the EU, the MDCG/AI Board issued joint interplay guidance MDCG 2025-6 on 19 June 2025, and on 19 November 2025 the Commission's \"Digital Omnibus\" proposed postponing high-risk obligations for Annex I products — including medical devices — to 2 August 2028 (European Commission, Digital Omnibus proposal, 19 Nov 2025)."}]},{"kind":"topic","slug":"criminal-justice","title":"AI in Criminal Justice","factualSentences":20,"externallyCitedFactualSentences":5,"pinpointOnlyFactualSentences":9,"citedFactualSentences":14,"externalRate":0.25,"rate":0.7,"uncited":[{"section":"Key fault lines","sentence":"The EU treats one application — purely profiling-based individual crime prediction — as an unacceptable risk warranting an outright ban (Reg."},{"section":"Key fault lines","sentence":"Commentators dispute whether the EU ban bites at all, since the \"solely\"-profiling threshold and the carve-out for tools supporting fact-based human assessment may leave most deployed predictive-policing systems untouched (Free, European Law Blog, 2024; Future of Privacy Forum analysis, 2026)."},{"section":"Key fault lines","sentence":"The Council of Europe Convention, the only binding treaty here, exempts national-security and defence activities and lets each Party choose whether to apply its rules to private actors at all — an opt-in for the private sector that civil-society groups and the European Data Protection Supervisor warned could hollow out protection and shelter state surveillance (CETaS/Alan Turing Institute, 2024; CAIDP treaty brief, 2025)."},{"section":"Key fault lines","sentence":"A third fault line is durability: the US position is contested even domestically, EO 14110 having been revoked on 20 January 2025 (EO 14148, Fed."},{"section":"Key fault lines","sentence":"Reg. 2025-01901), illustrating that executive-action governance of policing AI is reversible in a way statute and treaty are not."},{"section":"Trajectory / what's changing","sentence":"The EU AI Act's prohibition on solely-profiling individual crime prediction became applicable on 2 February 2025, the first hard legal constraint specific to predictive policing anywhere (Reg."}]},{"kind":"topic","slug":"education","title":"AI in Education","factualSentences":12,"externallyCitedFactualSentences":8,"pinpointOnlyFactualSentences":4,"citedFactualSentences":12,"externalRate":0.667,"rate":1,"uncited":[]},{"kind":"topic","slug":"compute-reporting","title":"Compute-Threshold Reporting","factualSentences":15,"externallyCitedFactualSentences":7,"pinpointOnlyFactualSentences":4,"citedFactualSentences":11,"externalRate":0.467,"rate":0.733,"uncited":[{"section":"Regulatory approaches: how the binding regimes actually work","sentence":"Reg. 73,612, 11 Sept. 2024) would have required ongoing, confidential reporting of training runs above 10^26 FLOP and of large computing clusters — a national-security surveillance posture, not public transparency."},{"section":"Regulatory approaches: how the binding regimes actually work","sentence":"California SB-53 (effective 1 Jan. 2026) adds a third modality: published frontier-AI frameworks plus pre-deployment transparency reports, combined with confidential critical-safety-incident reporting to the Office of Emergency Services (California SB 53, 2025)."},{"section":"Key fault lines: the contested design choices","sentence":"A second fault line is the threshold's numeric level and durability: the EU set 10^25 FLOP, the US BIS proposal 10^26 FLOP (89 Fed."},{"section":"Trajectory: what has changed and what is pending","sentence":"That rule never took effect: Executive Order 14148 rescinded EO 14110 on 20 January 2025, and Executive Order 14179 (23 January 2025) replaced the prior posture with a deregulatory one — so the federal compute-reporting record was unwound before any durable filings accrued (90 Fed."}]},{"kind":"topic","slug":"transparency","title":"Transparency Obligations","factualSentences":18,"externallyCitedFactualSentences":10,"pinpointOnlyFactualSentences":5,"citedFactualSentences":15,"externalRate":0.556,"rate":0.833,"uncited":[{"section":"Regulatory approaches","sentence":"Beyond which instruments govern, the operative question is *who must disclose what, to whom, and in what form*."},{"section":"Key fault lines","sentence":"A third is **mandatory versus voluntary architecture** — the US federal baseline shifted from EO 14110's reporting duties to their revocation by EO 14148 (Jan 2025; Federal Register 2025), leaving frontier transparency to voluntary RSPs and to states such as California (90 Fed."},{"section":"Trajectory — what is changing (2025–2026)","sentence":"The net pattern through 2026 is a widening EU–US gap on *binding* public disclosure, with content-marking obligations converging across the EU and China even as their enforcement architectures differ."}]},{"kind":"topic","slug":"redress","title":"Individual Redress","factualSentences":16,"externallyCitedFactualSentences":9,"pinpointOnlyFactualSentences":5,"citedFactualSentences":14,"externalRate":0.563,"rate":0.875,"uncited":[{"section":"Trajectory — what is changing","sentence":"The companion AI Liability Directive, by contrast, was withdrawn in the Commission's 2025 Work Programme (presented 11 February 2025) for lack of foreseeable agreement, leaving the field to administrative-law and design-side levers (COM(2025) 45 final)."},{"section":"Trajectory — what is changing","sentence":"Outside the EU, Brazil's PL 2338/2023 — with its rights to explanation, contestation, and human review — passed the Federal Senate on 10 December 2024 and remained under review in the Chamber of Deputies through 2025 (Library of Congress 2025)."}]},{"kind":"topic","slug":"training-data","title":"Training-Data Rights","factualSentences":25,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":5,"citedFactualSentences":16,"externalRate":0.44,"rate":0.64,"uncited":[{"section":"Regulatory approaches","sentence":"Copyright Office, May 2025)."},{"section":"Key fault lines","sentence":"Anthropic, Judge Alsup held that training on *lawfully acquired* books was \"quintessentially transformative\" fair use, but that ingesting *pirated* copies was not — a split the parties resolved with a US$1.5 billion settlement preliminarily approved in September 2025 (Bartz v."},{"section":"Key fault lines","sentence":"Cal., June–Sept 2025) (No. 3:24-cv-05417 (N.D."},{"section":"Key fault lines","sentence":"Cal.), Order on Fair Use (Alsup, J.), 23 June 2025)."},{"section":"Key fault lines","sentence":"Scholars warn that for foundation models \"fair use is not guaranteed\" and reject blanket verdicts in favour of case-specific assessment (Henderson, Li, Jurafsky, Hashimoto, Lemley & Liang, 2023; jmlr.org/papers/v24/23-0569.html; Matthew Sag, 2024)."},{"section":"Key fault lines","sentence":"Copyright Office, May 2025)."},{"section":"Key fault lines","sentence":"A fourth, quieter fault line — flagged by EDPB Opinion 28/2024 — is whether unlawful processing during development legally *taints* the resulting model, an unresolved question with deletion-of-model remedies in play (EDPB, 17 Dec 2024)."},{"section":"Trajectory — what is changing","sentence":"In the US, 2025 produced the first substantive signals without legislation: the Copyright Office's Part 3 report (9 May 2025) (U.S."},{"section":"Trajectory — what is changing","sentence":"Copyright Office, Part 3, May 2025) and the Bartz v."}]},{"kind":"topic","slug":"sovereign-ai","title":"Sovereign AI Doctrine","factualSentences":15,"externallyCitedFactualSentences":7,"pinpointOnlyFactualSentences":2,"citedFactualSentences":9,"externalRate":0.467,"rate":0.6,"uncited":[{"section":"Regulatory approaches","sentence":"The lever is administrative permission, not domestic-compute mandates."},{"section":"Definitional contestation","sentence":"The term entered wide circulation through NVIDIA, whose CEO framed it primarily as national capacity—\"a nation's capabilities to produce artificial intelligence using its own infrastructure, data, workforce and business networks\"—and urged that \"every country needs sovereign AI\" built on domestic \"AI factories\" (NVIDIA 2024, World Governments Summit remarks)."},{"section":"Definitional contestation","sentence":"Critics further note a \"sovereignty as a service\" paradox, in which vendors market compliance wrappers and hardware bundles that produce the appearance of control without delivering meaningful agency (TechPolicy.Press, \"Rethinking Sovereign AI as Strategy,\" 2025)."},{"section":"Trajectory / what's changing","sentence":"The doctrine's principal instruments have shifted rapidly since 2025, and most movement is occurring outside the formally catalogued texts."},{"section":"Trajectory / what's changing","sentence":"In the United States, Executive Order 14110—the catalogued \"governs\" instrument—was revoked on 2025-01-20 by Executive Order 14148 and superseded by Executive Order 14179 (2025-01-23), \"Removing Barriers to American Leadership in Artificial Intelligence\" (signed 2025-01-23), reorienting policy from containment toward export-led leadership (Federal Register, 90 FR 8741, 2025)."},{"section":"Trajectory / what's changing","sentence":"On 2025-05-13 the Bureau of Industry and Security rescinded the Biden-era \"AI Diffusion Rule\" days before its effective date, abandoning its three-tier country framework as \"overly bureaucratic\" (BIS / Department of Commerce announcement, 2025)."}]},{"kind":"topic","slug":"catastrophic-risk","title":"Catastrophic & Existential Risk","factualSentences":20,"externallyCitedFactualSentences":15,"pinpointOnlyFactualSentences":3,"citedFactualSentences":18,"externalRate":0.75,"rate":0.9,"uncited":[{"section":"Regulatory approaches","sentence":"The instruments that govern catastrophic risk converge on a small set of modalities rather than outright bans."},{"section":"Trajectory — what is changing","sentence":"Binding obligations arrived in 2025."}]},{"kind":"topic","slug":"tech-sovereignty","title":"Technological Sovereignty","factualSentences":15,"externallyCitedFactualSentences":10,"pinpointOnlyFactualSentences":1,"citedFactualSentences":11,"externalRate":0.667,"rate":0.733,"uncited":[{"section":"The ledger: price tags and boomerang effects","sentence":"On the build side, the EuroStack analysis published by the Bertelsmann Stiftung under innovation economist Francesca Bria priced a self-determined European stack, spanning semiconductors, networks, cloud, software, quantum, and data/AI, at roughly a decade and around 300 billion euros by 2035, proposing a 10 billion euro European technology fund as a first step and a 'Buy European Act' prioritising European-made digital products (Bertelsmann Stiftung, 13 Feb 2025)."},{"section":"The ledger: price tags and boomerang effects","sentence":"Brussels' actual commitment came two days earlier at the Paris AI Action Summit: InvestAI, launched by von der Leyen to mobilise 200 billion euros for AI investment, including a new 20 billion euro fund for AI gigafactories, pitched as 'akin to a CERN for AI' (European Commission, 11 Feb 2025)."},{"section":"The ledger: price tags and boomerang effects","sentence":"BIS rescinded the AI Diffusion Rule on 13 May 2025, two days before its compliance deadline, saying it would have 'stifled American innovation', while warning that using Huawei Ascend chips risks violating US export controls (BIS, 13 May 2025)."},{"section":"The ledger: price tags and boomerang effects","sentence":"Together the ledgers sharpen the fault lines above: denial-based sovereignty accelerated the substitution it aimed to prevent, while Europe's construction-based variant mobilises 200 billion euros for AI alone against the 300 billion euros Bria's team estimates the full stack requires, a gap that measures the distance between announcement and autonomy."}]},{"kind":"topic","slug":"development-rights-framing","title":"Development-Rights Framings","factualSentences":12,"externallyCitedFactualSentences":7,"pinpointOnlyFactualSentences":3,"citedFactualSentences":10,"externalRate":0.583,"rate":0.833,"uncited":[{"section":"Key fault lines","sentence":"First, even at the UN the framing split: 2024 produced two consensus resolutions — the US-led A/RES/78/265 emphasising safe, trustworthy systems for sustainable development, and a China-led capacity-building resolution co-sponsored by a Global-South-plus coalition foregrounding investment, technology transfer and bridging the divide."},{"section":"Key fault lines","sentence":"Third is whether the frame is a critique or a tested prescription: the extraction it names is empirically anchored, but cost evidence on its commonest proxy, data localisation, points the other way — Ferracane and van der Marel (2021) and Bauer et al."}]},{"kind":"topic","slug":"international-coordination","title":"International Coordination","factualSentences":13,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":0,"citedFactualSentences":11,"externalRate":0.846,"rate":0.846,"uncited":[{"section":"Regulatory approaches","sentence":"(1) Summit declarations — Bletchley (1 Nov 2023) and Seoul (2024) — are hortatory, committing signatories to dialogue, not obligations."},{"section":"Trajectory / what's changing","sentence":"EO 14148 rescinded EO 14110 (90 FR 8237), and the US AI Safety Institute became the Center for AI Standards and Innovation in June 2025."}]},{"kind":"topic","slug":"agentic-systems-governance","title":"Agentic AI Governance","factualSentences":18,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":2,"citedFactualSentences":13,"externalRate":0.611,"rate":0.722,"uncited":[{"section":"Regulatory approaches: the mechanisms behind the coverage","sentence":"The G7 Hiroshima Process International Code of Conduct (adopted 30 October 2023) sets eleven voluntary actions — risk identification across the lifecycle, red-teaming, incident reporting — now monitored via an OECD reporting framework (OECD, February 2025)."},{"section":"Regulatory approaches: the mechanisms behind the coverage","sentence":"NIST's contribution is procedural taxonomy rather than rule: NIST AI 100-2 (March 2025 update) names AI agents as an adversarial-ML threat surface (prompt injection, memory poisoning, tool-supply-chain attacks) (NIST AI 100-2e2025)."},{"section":"Regulatory approaches: the mechanisms behind the coverage","sentence":"Frontier developers' own scaling policies make autonomy an explicit governed threshold: OpenAI's Preparedness Framework (2023) named Model Autonomy as one of four tracked risk categories, Google DeepMind's Frontier Safety Framework counts Autonomy among its four Critical Capability Level domains, and Anthropic's Responsible Scaling Policy ties ASL thresholds to autonomous-replication and agentic-capability evaluations."},{"section":"Trajectory: recent and pending developments","sentence":"The institutional centre of gravity in 2025–26 has been the AI Safety/Security Institutes."},{"section":"Trajectory: recent and pending developments","sentence":"By contrast, several US legislative vehicles in the matrix stalled — a state Frontier AI Models Act was vetoed and remains silent on agentic action — underscoring that, as of mid-2026, the binding edge of agentic governance sits in the EU while most other instruments operate through disclosure, evaluation, and voluntary thresholds (composite Policy Window assessment of the cited instruments)."}]},{"kind":"topic","slug":"open-weight-release","title":"Open-Weight Frontier Release","factualSentences":15,"externallyCitedFactualSentences":8,"pinpointOnlyFactualSentences":2,"citedFactualSentences":10,"externalRate":0.533,"rate":0.667,"uncited":[{"section":"Regulatory approaches","sentence":"(4) Preservation-and-refusal contracting: California's AI Transparency Act reaches weight distribution indirectly — a licensor must contractually require licensees to keep a disclosure capability and revoke within 96 hours otherwise (Cal."},{"section":"Regulatory approaches","sentence":"No tracked instrument bans open release outright."},{"section":"Key fault lines","sentence":"Second, the *firm-level cleavage* exposed by California SB-1047: Meta opposed the bill, urging a lighter approach (Meta letters to California lawmakers, 2024), whereas Anthropic moved from non-support to \"measured support\" after amendments (D."},{"section":"Key fault lines","sentence":"Newsom, Aug 2024) — a split that maps onto the companies' commercial postures (Meta ships open-weight Llama; Anthropic ships closed)."},{"section":"Trajectory / what's changing","sentence":"In California, the vetoed SB-1047 (vetoed 29 Sep 2024) was succeeded by SB-53, the Transparency in Frontier Artificial Intelligence Act, signed 29 Sep 2025 and effective 1 Jan 2026; it imposes transparency-framework publication and critical-safety-incident reporting on developers training above ~10^26 FLOP, applying uniformly to open- and closed-weight models rather than carving open release out (Brookings, *What is California's AI safety law?*, 2025)."}]},{"kind":"topic","slug":"synthetic-content-provenance","title":"Synthetic Content Provenance","factualSentences":13,"externallyCitedFactualSentences":5,"pinpointOnlyFactualSentences":4,"citedFactualSentences":9,"externalRate":0.385,"rate":0.692,"uncited":[{"section":"Regulatory approaches","sentence":"The binding instruments converge on the same goal — make AI-origin detectable — but split on WHO must act and by what modality."},{"section":"Trajectory — what's changing","sentence":"Provenance obligations are entering force on a compressed 2025-2026 timeline, even as evidence questions whether the mechanisms work."},{"section":"Trajectory — what's changing","sentence":"The United States is converging through state law rather than federal mandate: California's AI Transparency Act (SB 942) was delayed by AB 853 from 1 January 2026 to 2 August 2026 to align with the EU date, and AB 853 layers in staged duties — large-platform provenance DETECTION from 1 January 2027 and capture-device latent-disclosure options from 1 January 2028 (California SB 942; AB 853, signed 13 Oct 2025)."},{"section":"Trajectory — what's changing","sentence":"On the technical layer, C2PA's shift to durable Content Credentials (soft-binding watermarks, C2PA 2.x, 2025) signals the underlying standard is still maturing as the legal deadlines arrive."}]},{"kind":"topic","slug":"compute-export-controls","title":"Compute + Model-Weight Export Controls","factualSentences":12,"externallyCitedFactualSentences":9,"pinpointOnlyFactualSentences":0,"citedFactualSentences":9,"externalRate":0.75,"rate":0.75,"uncited":[{"section":"Regulatory approaches","sentence":"The dominant instrument is the US Export Administration Regulations (EAR): the October 2023 BIS rules control advanced chips via performance-defined classifications — ECCN 3A090/4A090, the .a tier capturing ICs at total-processing-performance ≥ 4800 (BIS, 88 FR, doc. 2023-23055)."},{"section":"Regulatory approaches","sentence":"January 2025's \"Framework for AI Diffusion\" extended this to intangibles, creating ECCN 4E091 for closed-weight models trained on >10^26 operations (BIS, 90 FR, doc. 2025-00636)."},{"section":"Trajectory — what is changing","sentence":"The long-promised Diffusion replacement remains unsettled as of mid-2026."}]},{"kind":"topic","slug":"environmental-impact-of-training","title":"Environmental Impact of AI Training","factualSentences":17,"externallyCitedFactualSentences":6,"pinpointOnlyFactualSentences":4,"citedFactualSentences":10,"externalRate":0.353,"rate":0.588,"uncited":[{"section":"Regulatory approaches","sentence":"Outside AI-specific law, France regulates the same footprint through general digital-environment rules: the REEN Act (Loi n° 2021-1485) underpins the ARCEP–ADEME digital-footprint observatory created in December 2024 (ARCEP, Dec. 2024)."},{"section":"Regulatory approaches","sentence":"At the international soft-law level, UNESCO's Recommendation on the Ethics of Artificial Intelligence (2021) adds a further assessment-led layer: under its 'Environment and Ecosystems' policy area (para 84), Member States and business enterprises should assess the direct and indirect environmental impact across the AI life cycle, including its carbon footprint and energy consumption (UNESCO Recommendation on the Ethics of AI 2021, para 84)."},{"section":"Key fault lines","sentence":"The contested questions are less about whether AI consumes energy and water than about who must measure what, and how."},{"section":"Key fault lines","sentence":"A second concerns accounting method: the GHG Protocol mandates dual location-based and market-based Scope 2 reporting, which can yield divergent figures for the same data centre depending on power-purchase agreements and renewable-energy certificates, so a provider can appear near-zero-carbon by one method and materially emitting by the other (GHG Protocol Scope 2 Guidance 2015)."},{"section":"Trajectory / what's changing","sentence":"Building on this, the European Commission ran a targeted consultation on measuring the energy consumption and emissions of AI models from 7 April to 1 June 2026, explicitly to design a measurement framework for the Act's energy objectives and a possible AI energy-and-emissions label spanning training and inference (European Commission, Apr.–June 2026)."},{"section":"Trajectory / what's changing","sentence":"At national level, France's ARCEP–ADEME observatory (created December 2024 under the REEN Act) is extending verified digital-footprint reporting toward AI-specific lifecycle stages (ARCEP, Dec. 2024)."},{"section":"Trajectory / what's changing","sentence":"In the United States, the Artificial Intelligence Environmental Impacts Act (S. 3732, 118th Congress, introduced 1 February 2024) would direct an EPA study, a NIST stakeholder consortium, and a voluntary reporting system — but it remains a measurement-and-study bill, not yet enacted, and imposes no caps (Congress.gov, S. 3732)."}]},{"kind":"topic","slug":"national-security-carveouts","title":"National Security Carveouts in AI Regulation","factualSentences":15,"externallyCitedFactualSentences":10,"pinpointOnlyFactualSentences":2,"citedFactualSentences":12,"externalRate":0.667,"rate":0.8,"uncited":[{"section":"Regulatory approaches: how the carveout is constructed","sentence":"The United States parallel track is itself filled out by the DoD Responsible AI Strategy and Implementation Pathway, whose tenets require that \"DoD personnel will exercise appropriate levels of judgment and care, while remaining responsible for the development, deployment, and use of AI capabilities\" (DoD RAI S&IP 2022) — operationalising security AI rather than exempting it."},{"section":"Regulatory approaches: how the carveout is constructed","sentence":"A further variant routes the carveout through acquisition rules: DFARS Subpart 252.204 (clause 252.204-7012 plus the CMMC clauses -7019/-7020/-7021) obliges contractors to \"provide adequate security\" on covered systems by implementing NIST SP 800-171, making contractor information-security itself the operative national-security overlay (DFARS 252.204-7012)."},{"section":"Trajectory: what is changing (2024–2026)","sentence":"Executive Order 14110 was rescinded on 20 January 2025 and superseded by Executive Order 14179, \"Removing Barriers to American Leadership in Artificial Intelligence\" (signed 23 Jan. 2025; 90 Fed."}]},{"kind":"topic","slug":"ai-worker-displacement","title":"AI-Driven Worker Displacement","factualSentences":17,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":1,"citedFactualSentences":12,"externalRate":0.647,"rate":0.706,"uncited":[{"section":"Regulatory approaches","sentence":"Brazil's PL 2338/2023 is the rare instrument naming displacement in operative text, but via cooperative governance — guidelines developed by the labour ministry and sectoral authorities to \"mitigate the potential negative impacts on workers, especially the risks of job displacement,\" valuing collective negotiation and continuous training (PL 2338/2023, as approved by the Senate, Dec. 2024; Data Privacy Brasil 2024)."},{"section":"Regulatory approaches","sentence":"None imposes a severance, levy, or hiring duty."},{"section":"Key fault lines","sentence":"\"Stick\" proposals tax automation — Maryland's withdrawn HB 314 would have levied roughly USD 900 per displaced worker to fund placement and retraining, reducible by half for employers offering twelve weeks' severance or in-house redeployment — while \"carrot\" bills (e.g., pending New Jersey measures) reward hiring displaced workers and fund apprenticeships (Bloomberg Law 2025; Potomac Legal Group 2026)."},{"section":"Trajectory / what's changing","sentence":"The 2024-2026 record shows movement in opposite directions across jurisdictions, and a notable shift from substantive to merely informational instruments."},{"section":"Trajectory / what's changing","sentence":"The international layer is firming: the Council of Europe Framework Convention on AI (2024) explicitly contemplates \"socio-economic aspects, such as employment and labour\" among AI's impacts, signalling a possible future binding hook (Council of Europe 2024)."}]},{"kind":"concept","slug":"frontier-tier","title":"Frontier-Tier AI","factualSentences":21,"externallyCitedFactualSentences":13,"pinpointOnlyFactualSentences":2,"citedFactualSentences":15,"externalRate":0.619,"rate":0.714,"uncited":[{"section":"Mechanism: two ways a model is sorted into the frontier tier","sentence":"Here membership is not set by a compute number but by a four-part protocol — defined capability thresholds, a commitment to evaluate for them, pre-specified safeguards that engage *if* a threshold is reached, and a pause commitment if those safeguards cannot be implemented (the 'if-then commitment' framing follows Karnofsky 2024, Carnegie Endowment; the four-part protocol is set out in the developer frameworks themselves)."},{"section":"History: from neutral usage to a governance category (2018–2024)","sentence":"The earliest attestations are neutral: a March 2018 China Daily report quotes Minister Wan Gang on 'frontier AI-related science issues', and Scopus records a first academic use in 2019 (etymology traced in Nottingham's *Making Science Public*, 'Frontier AI: Tracing the origin of a concept', 2023)."},{"section":"History: from neutral usage to a governance category (2018–2024)","sentence":"The regulatory sense crystallised in mid-2023."},{"section":"History: from neutral usage to a governance category (2018–2024)","sentence":"Industry institutionalised the term on 26 July 2023 when Anthropic, Google, Microsoft and OpenAI launched the Frontier Model Forum (Microsoft, 'Anthropic, Google, Microsoft, OpenAI launch Frontier Model Forum', 26 July 2023)."},{"section":"History: from neutral usage to a governance category (2018–2024)","sentence":"The UK then adopted it officially at the Bletchley Park AI Safety Summit (1–2 November 2023), defining frontier AI as 'highly capable general-purpose AI models' matching or exceeding today's most advanced systems (UK Government, Bletchley Declaration, 2023)."},{"section":"Relation to adjacent concepts: frontier vs GPAI, foundation model, and systemic risk","sentence":"Finally, Anthropic's ASL tiers (and analogous if-then thresholds) are *behavioural* gradations *within* the frontier set, defined by demonstrated dangerous-capability evaluations rather than by the compute or breadth boundary that defines frontier membership itself."}]},{"kind":"concept","slug":"asl-3","title":"AI Safety Level 3 (ASL-3)","factualSentences":15,"externallyCitedFactualSentences":7,"pinpointOnlyFactualSentences":1,"citedFactualSentences":8,"externalRate":0.467,"rate":0.533,"uncited":[{"section":"Mechanism: the two-standard, if-then architecture","sentence":"Anthropic's Responsible Scaling Policy couples each AI Safety Level to two independently-assessed standards: a Deployment Standard governing external misuse and a Security Standard governing theft of model weights (Anthropic RSP v2.0, 15 October 2024)."},{"section":"Mechanism: the two-standard, if-then architecture","sentence":"The trigger is capability-based: named Capability Thresholds (for ASL-3, substantial CBRN uplift and, later, autonomous AI R&D), once a model is assessed to approach them, oblige the developer to implement Required Safeguards before further training or deployment — an \"if capability, then safeguard\" logic mirroring the dangerous-capability evaluations piloted on frontier models by Phuong et al."},{"section":"Mechanism: the two-standard, if-then architecture","sentence":"Activation can be precautionary: Anthropic activated ASL-3 for Opus 4 while stating it \"could not rule out\" the threshold (Anthropic, Activating AI Safety Level 3 Protections, May 2025)."},{"section":"History: from RSP v1.0 to v3.x","sentence":"The ASL framework originates in RSP v1.0, effective 19 September 2023, committing Anthropic not to deploy models capable of catastrophic harm absent safeguards (Anthropic RSP v1.0, 2023); the ASL-3 measures were then largely prospective."},{"section":"History: from RSP v1.0 to v3.x","sentence":"RSP v2.0 (effective 15 October 2024) restructured the policy around named Capability Thresholds and Required Safeguards and formalised the Deployment/Security split (Anthropic RSP v2.0, 2024)."},{"section":"History: from RSP v1.0 to v3.x","sentence":"The first operational test came on 22 May 2025, when Anthropic activated the ASL-3 Standards alongside Claude Opus 4 (Anthropic, Activating AI Safety Level 3 Protections, May 2025)."},{"section":"History: from RSP v1.0 to v3.x","sentence":"Later revisions (v3.0, 24 February 2026; v3.1, 2 April 2026) made ASL-3 \"less prescriptive and more outcome-focused\" (RSP v3.0, 2026)."}]},{"kind":"concept","slug":"systemic-risk","title":"Systemic Risk (AI)","factualSentences":12,"externallyCitedFactualSentences":10,"pinpointOnlyFactualSentences":0,"citedFactualSentences":10,"externalRate":0.833,"rate":0.833,"uncited":[{"section":"History: a borrowed term, codified in stages","sentence":"The compressed genealogy — finance → DSA (2022) → AIA (2024) → Code of Practice (2025) — is itself the basis for the recurring critique that the term carries financial-contagion connotations its AI usage does not actually establish."},{"section":"Relation to adjacent concepts","sentence":"Zwetsloot and Dafoe (2019) partition AI risk into misuse, accident, and structural — the last being harm that arises from how a technology reshapes incentives, power balances, and competitive dynamics even when no actor misuses it and nothing malfunctions (\"Thinking About Risks From AI: Accidents, Misuse and Structure\", GovAI)."}]},{"kind":"concept","slug":"designated-systemic","title":"Designated Systemic-Risk Model","factualSentences":9,"externallyCitedFactualSentences":3,"pinpointOnlyFactualSentences":5,"citedFactualSentences":8,"externalRate":0.333,"rate":0.889,"uncited":[{"section":"How the Designation Mechanism Operates","sentence":"Once a model crosses 10²⁵ FLOPs, the provider must notify and is presumed systemic; the AI Office may also reach below the threshold using Annex XIII indicators such as parameter count, benchmark performance, and reach."}]},{"kind":"concept","slug":"compute-threshold","title":"Compute Threshold (AI Governance)","factualSentences":11,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":0,"citedFactualSentences":11,"externalRate":1,"rate":1,"uncited":[]},{"kind":"concept","slug":"red-team-evaluation","title":"Red-Team Evaluation","factualSentences":7,"externallyCitedFactualSentences":4,"pinpointOnlyFactualSentences":0,"citedFactualSentences":4,"externalRate":0.571,"rate":0.571,"uncited":[{"section":"Precise Definition and Boundary Distinctions","sentence":"This terminological flux complicates precisely which artefacts must be red-teamed and when."},{"section":"Debates and Open Questions","sentence":"Three questions remain unsettled: WHO must red-team — the provider itself, an independent third party, or a government body such as an AI Safety Institute; WHAT capabilities fall in scope — CBRN uplift, autonomous replication, election manipulation, or some narrower set; and WHO sees the results — the provider alone, a regulator under confidentiality, or the public."},{"section":"Debates and Open Questions","sentence":"Field convergence after the Seoul 2024 summit has been slow."}]},{"kind":"concept","slug":"model-card","title":"Model Card","factualSentences":16,"externallyCitedFactualSentences":12,"pinpointOnlyFactualSentences":1,"citedFactualSentences":13,"externalRate":0.75,"rate":0.813,"uncited":[{"section":"Anatomy and Conceptual Distinctions","sentence":"(2019), 'Model Cards for Model Reporting' (FAccT '19), it pairs a model with sections on intended use, training data, evaluation results, limitations, and known failure modes."},{"section":"From Voluntary Norm to Binding Codification","sentence":"NIST AI RMF cites model cards as a transparency mechanism under GOVERN 1.4 (referencing Mitchell et al.), with measurement documentation mapping to the MEASURE 2.x subcategories; ISO/IEC 23894 endorses analogous documentation."},{"section":"Definitional Instability of the Regulated Object","sentence":"Model-card mandates inherit the instability of the legal category they attach to."}]},{"kind":"concept","slug":"alignment","title":"AI Alignment","factualSentences":13,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":0,"citedFactualSentences":11,"externalRate":0.846,"rate":0.846,"uncited":[{"section":"History of the idea and term","sentence":"The framing as a distinct technical problem for advanced AI is generally traced to Yudkowsky's articulation of the risk that a sufficiently capable optimiser pursues its given objective rather than its designers' intent (Yudkowsky 2008, the article's primary citation)."},{"section":"History of the idea and term","sentence":"The formal apparatus accumulated through the 2010s: corrigibility — an agent's tolerance of correction and shutdown — was given a decision-theoretic treatment by Soares, Fallenstein, Armstrong and Yudkowsky (\"Corrigibility,\" AAAI-15 workshop, 2015), and preference-learning mechanics matured with Christiano et al."}]},{"kind":"concept","slug":"deceptive-alignment","title":"Deceptive Alignment","factualSentences":11,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":0,"citedFactualSentences":11,"externalRate":1,"rate":1,"uncited":[]},{"kind":"concept","slug":"mesa-optimization","title":"Mesa-Optimization","factualSentences":15,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":0,"citedFactualSentences":11,"externalRate":0.733,"rate":0.733,"uncited":[{"section":"Relation to adjacent concepts: goal misgeneralization, specification gaming, deceptive alignment","sentence":"(2022) define GMG as a model whose capabilities generalise out-of-distribution while its goal does not, and explicitly position mesa-optimisation as a strict special case: \"Hubinger et al. introduce mesa optimization, a type of goal misgeneralization where a learned model implements a search algorithm with an explicitly represented objective."},{"section":"Relation to adjacent concepts: goal misgeneralization, specification gaming, deceptive alignment","sentence":"GMG was first demonstrated empirically by Langosco et al."},{"section":"History: from \"optimization daemons\" to a contested empirical question","sentence":"Discussion of a sub-process that internally optimises a different objective than the one selecting it circulated in the alignment community as \"optimization daemons\" and \"inner optimizers,\" associated with an Arbital treatment around 2016, and with MIRI work by Jessica Taylor in February 2017 on whether such \"daemons\" arise for idealised agents (AI Alignment Forum, \"Mesa-optimization\" entry, summarising Taylor 2017)."},{"section":"History: from \"optimization daemons\" to a contested empirical question","sentence":"The concept thus sits between a 2019 theoretical construct and an open 2023-onward empirical question."}]},{"kind":"concept","slug":"scalable-oversight","title":"Scalable Oversight","factualSentences":14,"externallyCitedFactualSentences":12,"pinpointOnlyFactualSentences":1,"citedFactualSentences":13,"externalRate":0.857,"rate":0.929,"uncited":[{"section":"Mechanism: how the core techniques try to beat the supervision gap","sentence":"The defining problem is that a supervisor must produce a training signal for behaviour it cannot directly evaluate, so each technique substitutes a decomposed or assisted judgement for unaided judgement."}]},{"kind":"concept","slug":"capability-elicitation","title":"Capability Elicitation","factualSentences":8,"externallyCitedFactualSentences":3,"pinpointOnlyFactualSentences":2,"citedFactualSentences":5,"externalRate":0.375,"rate":0.625,"uncited":[{"section":"Definition and Distinctions from Adjacent Methods","sentence":"Elicitation thus reframes evaluation from observed conduct to demonstrated potential."},{"section":"Governance Relevance and Instrument Engagement","sentence":"Elicitation is a silent precondition of several mandated evaluation regimes."},{"section":"Debates and Open Questions","sentence":"The central contested question is methodological: what standardised elicitation methodology should govern regulator-mandated capability evaluation?"}]},{"kind":"concept","slug":"dual-use-research-taxonomy","title":"Dual-Use Research Norms (DURC for AI)","factualSentences":13,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":1,"citedFactualSentences":12,"externalRate":0.846,"rate":0.923,"uncited":[{"section":"From Biosecurity DURC to AI: The Borrowed Frame","sentence":"Each established that a research community can govern its own outputs upstream of any regulator, deciding which findings circulate freely and which are withheld or staged."}]},{"kind":"concept","slug":"provenance-watermarking","title":"Provenance & Watermarking","factualSentences":9,"externallyCitedFactualSentences":6,"pinpointOnlyFactualSentences":2,"citedFactualSentences":8,"externalRate":0.667,"rate":0.889,"uncited":[{"section":"Detection Mechanisms and Robustness","sentence":"The governance upshot: a disclosure mandate met by a text watermark may be evidentially weaker than one met by a C2PA signature, since adversarial removal at deployment scale undermines the very inference of synthetic origin the signal is meant to support."}]},{"kind":"concept","slug":"policy-instrument","title":"Policy Instrument","factualSentences":9,"externallyCitedFactualSentences":4,"pinpointOnlyFactualSentences":0,"citedFactualSentences":4,"externalRate":0.444,"rate":0.444,"uncited":[{"section":"The Resource Typology and What It Distinguishes","sentence":"Hood (1983, ch. 1-2) groups instruments into the NATO scheme — Nodality (information), Authority (legal command), Treasure (fiscal transfer), and Organisation (direct provision) — so a registry, a binding rule, a subsidy, and a state laboratory are distinct techniques even when aimed at one problem, distinguishing instruments from objectives and from policy styles."},{"section":"The Resource Typology and What It Distinguishes","sentence":"The critical claim, following Lascoumes & Le Galès (2007, pp. 4-5), is that the chosen resource is itself substantive: in AI — a general-purpose technology Eloundou et al."},{"section":"How Instrument Choice Operates as Substance","sentence":"Lascoumes & Le Galès (2007, pp. 4-5) characterise an instrument as 'a particular form of materialisation of state power' that generates its own logic once deployed."},{"section":"How Instrument Choice Operates as Substance","sentence":"Howlett (2011, ch. 3-5) treats selection as constrained by information, capability, and political variables, so one goal yields different tools across jurisdictions."},{"section":"Governance Relevance: Mapping the AI Instrument Mix","sentence":"(2011, ch. 1), as a response to the 'pacing problem': regulation lags capability, so jurisdictions sequence soft-law ahead of hard-law."}]},{"kind":"concept","slug":"ai-supply-chain","title":"AI Supply Chain","factualSentences":5,"externallyCitedFactualSentences":5,"pinpointOnlyFactualSentences":0,"citedFactualSentences":5,"externalRate":1,"rate":1,"uncited":[]},{"kind":"concept","slug":"training-data-attribution","title":"Training-Data Attribution","factualSentences":17,"externallyCitedFactualSentences":15,"pinpointOnlyFactualSentences":0,"citedFactualSentences":15,"externalRate":0.882,"rate":0.882,"uncited":[{"section":"Precise definition and the influence-versus-extraction distinction","sentence":"The distinction is governance-load-bearing because foundation models are demonstrably trained on copyrighted material and fair use is not guaranteed (Henderson et al. 2023, https://jmlr.org/papers/v24/23-0569.html): influence underwrites 'this work contributed', extraction underwrites 'this work is reproduced'."},{"section":"Technical mechanisms and their scaling limits","sentence":"The binding limitation is that these approximations assume a locally-linear, near-convex loss surface that holds poorly for over-parameterised LLMs, so estimates can be noisy and order-sensitive — which matters because technical mitigations are urged precisely to keep training within fair use (Henderson et al. 2023, https://jmlr.org/papers/v24/23-0569.html)."}]},{"kind":"concept","slug":"prompt-injection","title":"Prompt Injection","factualSentences":15,"externallyCitedFactualSentences":13,"pinpointOnlyFactualSentences":0,"citedFactualSentences":13,"externalRate":0.867,"rate":0.867,"uncited":[{"section":"History: from a 2022 naming to an agentic threat model","sentence":"In September 2022 Riley Goodside publicly demonstrated that GPT-3 could be made to disregard its instructions via crafted user input, and Simon Willison coined the term 'prompt injection' that same month, explicitly analogising it to SQL injection (Willison 2022, 'Prompt injection attacks against GPT-3')."},{"section":"History: from a 2022 naming to an agentic threat model","sentence":"Standardisation of measurement arrived in 2024 with formal frameworks and agentic benchmarks—Liu et al."}]},{"kind":"concept","slug":"agentic-system","title":"Agentic AI System","factualSentences":14,"externallyCitedFactualSentences":12,"pinpointOnlyFactualSentences":0,"citedFactualSentences":12,"externalRate":0.857,"rate":0.857,"uncited":[{"section":"Mechanism: the agent loop and its principal variants","sentence":"The governance-relevant property is that capability lives in this scaffolding, not only in the base model's weights — a point the social-science section's benchmarks (Mialon et al. 2023; AgentBench) operationalise empirically."},{"section":"History: from rational agents to autonomous-replication evaluations","sentence":"The current usage narrows this to LLM-driven systems and dates almost entirely to 2022-2023."}]},{"kind":"concept","slug":"tool-use-safety","title":"Tool-Use Safety","factualSentences":9,"externallyCitedFactualSentences":7,"pinpointOnlyFactualSentences":2,"citedFactualSentences":9,"externalRate":0.778,"rate":1,"uncited":[]},{"kind":"concept","slug":"multi-turn-evaluation","title":"Multi-Turn Evaluation","factualSentences":13,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":2,"citedFactualSentences":13,"externalRate":0.846,"rate":1,"uncited":[]},{"kind":"concept","slug":"data-poisoning","title":"Data Poisoning","factualSentences":14,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":2,"citedFactualSentences":13,"externalRate":0.786,"rate":0.929,"uncited":[{"section":"Open Questions and the Verification Gap","sentence":"Although the empirical feasibility of poisoning is settled, its governance remains unresolved because resistance is hard to verify post-hoc: once a model is trained, distinguishing a poisoned-but-undetected model from a clean one is an open problem, so for open-data and open-weight foundation models (Pile, RedPajama, Llama) resistance must be engineered at curation time rather than audited afterward."}]},{"kind":"concept","slug":"model-distillation-risk","title":"Model Distillation Risk","factualSentences":7,"externallyCitedFactualSentences":6,"pinpointOnlyFactualSentences":0,"citedFactualSentences":6,"externalRate":0.857,"rate":0.857,"uncited":[{"section":"Why It Undercuts the Closed-Weight Containment Assumption","sentence":"Distillation reframes that boundary as a delay rather than a barrier: if behaviour leaks through the API, closed-vs-open becomes a capability-acquisition-delay measure."}]},{"kind":"concept","slug":"jailbreak-resistance","title":"Jailbreak Resistance","factualSentences":15,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":1,"citedFactualSentences":12,"externalRate":0.733,"rate":0.8,"uncited":[{"section":"Mechanism: attack families and defence families","sentence":"Jailbreak resistance is most usefully decomposed against the threat space it must survive."},{"section":"Mechanism: attack families and defence families","sentence":"(3) In-context attacks exploit long context: many-shot jailbreaking prepends hundreds of faux dialogue turns, with attack success rising as a power law in shot count (Anil et al. 2024, NeurIPS)."},{"section":"Open critiques: is reported jailbreak success measuring the right thing?","sentence":"A live methodological debate concerns whether headline attack-success rates measure genuine elicitation of usable prohibited capability or merely a model's willingness to emit harmful-sounding text."}]},{"kind":"concept","slug":"model-merging-risk","title":"Model-Merging Risk","factualSentences":5,"externallyCitedFactualSentences":5,"pinpointOnlyFactualSentences":0,"citedFactualSentences":5,"externalRate":1,"rate":1,"uncited":[]},{"kind":"concept","slug":"inference-time-compute","title":"Inference-Time Compute","factualSentences":7,"externallyCitedFactualSentences":4,"pinpointOnlyFactualSentences":0,"citedFactualSentences":4,"externalRate":0.571,"rate":0.571,"uncited":[{"section":"Mechanism and Distinction from Training-Time Scaling","sentence":"The operational corollary is terminological: a 2024-onward claim about 'compute' must specify training-time versus inference-time, since conflating them is the regime's most frequent analytical error and silently understates what a deployed system can do."},{"section":"The Empirical Record","sentence":"Several systems establish the regime beyond theory."},{"section":"Debates and Open Questions","sentence":"First, evaluations must declare the inference-compute budget, since a system safe at K=1 can be dangerous at K=100; the Seoul Declaration and Frontier AI Safety Commitments (SEOUL-2024, May 2024) gesture toward 'pre-deployment evaluation under realistic conditions' but no regulator has formalised inference-compute-aware thresholds."}]},{"kind":"concept","slug":"sandbagging","title":"Sandbagging","factualSentences":13,"externallyCitedFactualSentences":8,"pinpointOnlyFactualSentences":0,"citedFactualSentences":8,"externalRate":0.615,"rate":0.615,"uncited":[{"section":"Mechanism: actors, methods, and calibration","sentence":"In developer-driven sandbagging, a vendor configures or trains a system to score low on dangerous-capability tests so the model presents as safer and dodges capability-tier obligations; in AI-driven sandbagging, the model itself withholds capability, presupposing situational awareness of evaluation conditions (van der Weij et al. 2024)."},{"section":"Mechanism: actors, methods, and calibration","sentence":"Prompting: a system prompt instructs frontier models (GPT-4, Claude 3 Opus) to answer dangerous biology, chemistry, and cyber questions incorrectly while staying accurate on benign topics (van der Weij et al. 2024)."},{"section":"Relation to adjacent concepts","sentence":"Against capability elicitation: elicitation is the evaluator-side counter-measure (chain-of-thought, fine-tuning pressure, RL) aimed at recovering hidden capability — the two concepts are adversarial duals, which is why the page's primary-citation cluster pairs them."},{"section":"Open critiques and validity debates","sentence":"Whether current frontier models sandbag spontaneously is unestablished, so the evidence is properly read as a feasibility proof, not a base-rate estimate."},{"section":"Open critiques and validity debates","sentence":"Policy Window's editorial position, consistent with the page's standing note: the developer-driven variant is the more tractable near-term governance target — it is an incentive problem amenable to disclosure and conformity obligations — whereas the AI-driven variant remains a contested, not-yet-measured threat model."}]},{"kind":"concept","slug":"hallucination","title":"Hallucination","factualSentences":12,"externallyCitedFactualSentences":10,"pinpointOnlyFactualSentences":2,"citedFactualSentences":12,"externalRate":0.833,"rate":1,"uncited":[]},{"kind":"concept","slug":"in-context-learning","title":"In-Context Learning","factualSentences":7,"externallyCitedFactualSentences":4,"pinpointOnlyFactualSentences":1,"citedFactualSentences":5,"externalRate":0.571,"rate":0.714,"uncited":[{"section":"Debates and Open Questions","sentence":"First, mechanism: the Bayesian, meta-learning, and gradient-descent readings make divergent predictions about robustness and failure, with no resolution (Xie et al. 2022; von Oswald et al. 2023)."},{"section":"Debates and Open Questions","sentence":"Second, open-versus-closed containment: API-gated access still exposes the ICL-elicitation surface, so weight secrecy is weaker containment than assumed — a closed model can be steered toward prohibited outputs by prompting alone."}]},{"kind":"concept","slug":"retrieval-augmented-generation","title":"Retrieval-Augmented Generation (RAG)","factualSentences":10,"externallyCitedFactualSentences":8,"pinpointOnlyFactualSentences":2,"citedFactualSentences":10,"externalRate":0.8,"rate":1,"uncited":[]},{"kind":"concept","slug":"chain-of-thought-monitoring","title":"Chain-of-Thought Monitoring","factualSentences":18,"externallyCitedFactualSentences":16,"pinpointOnlyFactualSentences":0,"citedFactualSentences":16,"externalRate":0.889,"rate":0.889,"uncited":[{"section":"A short history of the debate","sentence":"The oversight opportunity, and its central hazard, were demonstrated by Baker et al."},{"section":"Flagship studies at a glance","sentence":"Quantitative figures are reproduced as reported in the primary sources."}]},{"kind":"concept","slug":"hardware-enabled-governance","title":"Hardware-Enabled Governance Mechanisms","factualSentences":22,"externallyCitedFactualSentences":13,"pinpointOnlyFactualSentences":0,"citedFactualSentences":13,"externalRate":0.591,"rate":0.591,"uncited":[{"section":"The four mechanism families","sentence":"IAPS articulated the technique (IAPS, Location Verification for AI Chips) and Nvidia shipped a software variant in December 2025."},{"section":"The four mechanism families","sentence":"(c) On-chip usage and licensing locks can throttle or gate a chip absent a valid authorization (a 'feature lock' or offline-licensing scheme, per CNAS — Aarne, Fist & Withers 2024, and RAND — Kulp et al."},{"section":"The four mechanism families","sentence":"(d) Tamper-evident/tamper-resistant packaging is the substrate that prevents the other three from being silently bypassed; CNAS treats it as the least mature element, requiring roughly 18 months to four years of hardening against a resourced attacker with physical access (Aarne, Fist & Withers 2024)."},{"section":"Technical crux: the hardware root of trust","sentence":"Physical unclonable functions (PUFs) derive a key from uncontrollable manufacturing variation rather than storing it in memory; Herder, Yu, Koushanfar & Devadas (2014, Proc."},{"section":"Technical crux: the hardware root of trust","sentence":"The alternative is a trusted execution environment with remote attestation, where a vendor-rooted key signs a measurement of the loaded code; Costan & Devadas (2016, Intel SGX Explained, IACR ePrint 2016/086) is the reference account, and the subsequent decade of SGX/TEE side-channel and key-extraction breaks underscores that hardened key storage degrades under sustained physical and microarchitectural attack."},{"section":"Development timeline","sentence":"In January 2024 two anchor reports landed within weeks of each other: CNAS's Secure, Governable Chips (Aarne, Fist & Withers, Jan 8 2024), which argued much functionality already exists on commercial accelerators but is not hardened against a resourced attacker, and RAND's Hardware-Enabled Governance Mechanisms working paper (Kulp et al., WRA3056-1)."},{"section":"Development timeline","sentence":"In December 2025 Nvidia disclosed (Reuters, Dec 9 2025) a software-based location-verification option using existing confidential-computing features and server-latency timing — a chip-assisted, read-only mechanism, explicitly not a tamper-resistant on-chip regime and with no kill switch."},{"section":"Development timeline","sentence":"No HEGM is law as of mid-2026."},{"section":"Policy landscape and counter-arguments","sentence":"No operative instrument mandates an on-chip mechanism."}]},{"kind":"benchmark","slug":"swe-bench-verified","title":"SWE-bench Verified","factualSentences":12,"externallyCitedFactualSentences":12,"pinpointOnlyFactualSentences":0,"citedFactualSentences":12,"externalRate":1,"rate":1,"uncited":[]},{"kind":"benchmark","slug":"mmlu","title":"MMLU","factualSentences":15,"externallyCitedFactualSentences":12,"pinpointOnlyFactualSentences":0,"citedFactualSentences":12,"externalRate":0.8,"rate":0.8,"uncited":[{"section":"Saturation and score trajectory","sentence":"Once a leaderboard's leading entries are separated by a point or two against a fixed test of 14,000-odd items, ordinary sampling noise and the dataset's own item errors (see below) can exceed the gaps being reported, so headline differences stop carrying reliable signal about relative capability."},{"section":"Contamination, gaming, and contamination-resistant variants","sentence":"Because MMLU items are openly published, the same questions can enter the web-scraped corpora used to pretrain the models later graded on them — so a high score can reflect memorisation rather than the generalisation the benchmark is taken to measure."},{"section":"Contamination, gaming, and contamination-resistant variants","sentence":"This closed-test design is the structural reason such variants exist: a benchmark whose items are public has, by construction, a finite shelf life as a contamination-resistant measure."}]},{"kind":"benchmark","slug":"mmlu-pro","title":"MMLU-Pro","factualSentences":14,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":0,"citedFactualSentences":11,"externalRate":0.786,"rate":0.786,"uncited":[{"section":"Construct & what it actually measures","sentence":"MMLU-Pro is presented as a measure of broad, reasoning-intensive subject mastery, but its construct differs from its predecessor in ways that shape how scores should be read."},{"section":"Construct & what it actually measures","sentence":"The corollary, important for governance readers, is that a reported MMLU-Pro number is partly a measure of the *scaffolding* (CoT, self-consistency, reasoning-mode toggles) as much as the underlying model; a score is a model-plus-protocol artifact, not a pure capability constant."},{"section":"Saturation & score trajectory","sentence":"Public aggregator leaderboards place 2025-era frontier systems near 90% — for example Gemini 3 Pro Preview at 89.8% and Claude Opus 4.5 (reasoning mode) at 89.5% (Artificial Analysis, accessed June 2026)."}]},{"kind":"benchmark","slug":"gpqa-diamond","title":"GPQA Diamond","factualSentences":15,"externallyCitedFactualSentences":9,"pinpointOnlyFactualSentences":0,"citedFactualSentences":9,"externalRate":0.6,"rate":0.6,"uncited":[{"section":"Construct and what it actually measures","sentence":"The benchmark's own creator has since cautioned that when a model scores 85%, it is ambiguous whether it is reasoning through novel problems \"or has it seen enough similar problems in training that it's doing something closer to pattern-matched retrieval\" (Rein, as reported by MindStudio 2025)."},{"section":"Saturation and score trajectory","sentence":"By 2025-2026 frontier systems cluster in the low-to-mid 90s — e.g., Gemini 3.1 Pro Preview at 94.1% and GPT-5.5 at ~93% on the Artificial Analysis leaderboard (2026)."},{"section":"Saturation and score trajectory","sentence":"The benchmark's creator concurs, noting models in \"the 80s and 90s\" caused it to \"stop discriminating between good and great,\" and describing GPQA as \"a stepping stone, not a destination\" (Rein, MindStudio 2025)."},{"section":"Contamination, format sensitivity, and gaming","sentence":"But the creator stresses the protection is not permanent: \"any fixed benchmark eventually gets trained against, either explicitly through data contamination or implicitly through general capability improvements\" (Rein, MindStudio 2025) — the rationale for vetted/withheld variants of difficult benchmarks generally."},{"section":"Contamination, format sensitivity, and gaming","sentence":"Two measurement caveats also bear on how reported gains should be read."},{"section":"Contamination, format sensitivity, and gaming","sentence":"The label quality itself holds up — independent review near saturation found ~90-95% of items valid, with only roughly 2-3 of 198 seriously ambiguous (review summarized by IntuitionLabs 2025) — so the residual frontier gap is mostly genuine difficulty rather than flawed keys."}]},{"kind":"benchmark","slug":"arc-agi-v2","title":"ARC-AGI v2","factualSentences":14,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":0,"citedFactualSentences":11,"externalRate":0.786,"rate":0.786,"uncited":[{"section":"Saturation & score trajectory","sentence":"ARC-AGI-2 launched in March 2025 explicitly to re-open headroom after ARC-AGI-1 was effectively saturated."},{"section":"Saturation & score trajectory","sentence":"The trajectory below uses only figures attributable to ARC Prize's reporting and the paper: unlike v1, ARC-AGI-2 was not approaching ceiling as of late 2025 — the best Kaggle private-set entry reached only ~24%, and the highest reported semi-private scores remained roughly half the average-human baseline (ARC Prize 2025 Results and Analysis)."},{"section":"Contamination & gaming resistance","sentence":"(Editorial synthesis; late-2025 cost figures attributed to ARC Prize reporting.)"}]},{"kind":"benchmark","slug":"humaneval","title":"HumanEval","factualSentences":11,"externallyCitedFactualSentences":7,"pinpointOnlyFactualSentences":0,"citedFactualSentences":7,"externalRate":0.636,"rate":0.636,"uncited":[{"section":"Construct & what it actually measures","sentence":"The gap between the named construct (\"code generation\") and the measured construct (\"function completion from a complete docstring under hidden tests\") is wide and documented."},{"section":"Saturation & score trajectory","sentence":"By 2024-2026 frontier systems are widely reported above 90%, clustering against the ceiling."},{"section":"Saturation & score trajectory","sentence":"Note that harness and prompting differences alone move the figure by ~20 points (67% reported vs ~88% re-run for the same model), so cross-report comparison is fragile."},{"section":"Contamination & gaming","sentence":"HumanEval carries one of the highest contamination risks of any widely cited benchmark, for a structural reason: it has been public on GitHub since 2021, so its prompts and reference solutions are almost certainly inside the pretraining and instruction-tuning corpora of any modern model."}]},{"kind":"benchmark","slug":"math-benchmark","title":"MATH (Hendrycks)","factualSentences":13,"externallyCitedFactualSentences":12,"pinpointOnlyFactualSentences":0,"citedFactualSentences":12,"externalRate":0.923,"rate":0.923,"uncited":[{"section":"Contamination and gaming","sentence":"For governance use, this means a high MATH number should be read as an upper bound that may embed memorization rather than a clean measure of reasoning."}]},{"kind":"benchmark","slug":"aime-2024","title":"AIME 2024","factualSentences":17,"externallyCitedFactualSentences":9,"pinpointOnlyFactualSentences":0,"citedFactualSentences":9,"externalRate":0.529,"rate":0.529,"uncited":[{"section":"Construct & what it actually measures","sentence":"AIME 2024 is widely read as a measure of multi-step mathematical reasoning, but its scoring construct is narrower than that framing implies."},{"section":"Saturation & score trajectory","sentence":"Frontier scores on AIME 2024 climbed from near-floor to near-ceiling within roughly a year, driven by the shift from general-purpose to inference-time-reasoning models."},{"section":"Saturation & score trajectory","sentence":"GPT-4o, a strong non-reasoning model, solved on average about 12% (reported as 13.4% pass@1) of the 2024 problems (OpenAI, \"Learning to Reason with LLMs,\" 2024-09-12)."},{"section":"Saturation & score trajectory","sentence":"The same release reported OpenAI o1 at 74.4% pass@1, rising to 83.3% with majority vote over 64 samples and ~93% with learned re-ranking over 1,000 samples — a single-day jump of roughly 60 points over GPT-4o on the same items."},{"section":"Saturation & score trajectory","sentence":"OpenAI o3 reported 96.7% (OpenAI, o3 announcement, 2024-12 / 2025-04)."},{"section":"Saturation & score trajectory","sentence":"The implication of near-saturation is that AIME 2024 has limited remaining discriminative power at the frontier: once leading models cluster in the 80-97% band, score differences are increasingly dominated by sampling variance and contamination (see below) rather than capability gaps."},{"section":"Saturation & score trajectory","sentence":"Figures here are vendor- or paper-reported and mix pass@1 and aggregated decoding strategies, which are not directly comparable; read each row with its claim type."},{"section":"Contamination & gaming","sentence":"Editorial judgment: the \"low risk\" label is defensible only under the narrow timing definition; under behavioral and perturbation tests the benchmark shows contamination-consistent inflation, so AIME 2024 scores should be read as an upper bound on reasoning capability."}]},{"kind":"benchmark","slug":"humanitys-last-exam","title":"Humanity's Last Exam","factualSentences":12,"externallyCitedFactualSentences":11,"pinpointOnlyFactualSentences":0,"citedFactualSentences":11,"externalRate":0.917,"rate":0.917,"uncited":[{"section":"Saturation and score trajectory","sentence":"The first large jump came not from a larger base model but from tool use: OpenAI's agentic Deep Research, browsing autonomously for minutes per question, reached 26.6% in February 2025 — roughly a threefold gain over the best non-tool score at the time (OpenAI 2025-02-02)."}]},{"kind":"benchmark","slug":"frontiermath","title":"FrontierMath","factualSentences":18,"externallyCitedFactualSentences":12,"pinpointOnlyFactualSentences":0,"citedFactualSentences":12,"externalRate":0.667,"rate":0.667,"uncited":[{"section":"Construct: what it actually measures","sentence":"A high FrontierMath score is therefore evidence of competent terminal-answer derivation on research-flavoured problems, not of autonomous theorem-proving — a gap any governance inference drawn from the number must respect (composite editorial judgment)."},{"section":"Saturation and score trajectory","sentence":"On 20 December 2024 OpenAI reported o3-preview at 25.2% — a >10x jump announced the same day the partnership behind the benchmark surfaced (OpenAI 2024; TechCrunch 2025-01-19)."},{"section":"Saturation and score trajectory","sentence":"When the original FrontierMath set was unveiled, Terence Tao had described its problems as \"extremely challenging\" and predicted they would \"resist AIs for several years at least\" (VentureBeat, Nov 8 2024)."},{"section":"Contamination, access asymmetry, and gaming","sentence":"Epoch AI revealed OpenAI's funding only on 20 December 2024, alongside OpenAI's 25.2% o3 result, and many problem contributors were not told beforehand (TechCrunch 2025-01-19)."},{"section":"Contamination, access asymmetry, and gaming","sentence":"OpenAI had \"access to a large fraction of the problems and solutions,\" governed by a \"verbal agreement\" not to train on them, and Epoch's Tamay Besiroglu conceded the organisation \"made a mistake\" in not negotiating to disclose the relationship earlier (TechCrunch 2025-01-19)."},{"section":"Contamination, access asymmetry, and gaming","sentence":"First, Epoch retained a held-out set the funder had not seen, enabling independent re-evaluation; lead mathematician Elliot Glazer noted Epoch \"can't vouch for\" the vendor figure \"until our independent evaluation is complete\" (TechCrunch 2025-01-19) — the subsequent Epoch numbers (17%/10%) came in below the 25.2% headline."}]}]}