john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/EXECUTIVE_BRIEF_GOVERNANCE_EXTERNALITY.md
TheFlow 2298d36bed fix(submissions): restructure Economist package and fix article display 
- Create Economist SubmissionTracking package correctly:
  * mainArticle = full blog post content
  * coverLetter = 216-word SIR— letter
  * Links to blog post via blogPostId
- Archive 'Letter to The Economist' from blog posts (it's the cover letter)
- Fix date display on article cards (use published_at)
- Target publication already displaying via blue badge

Database changes:
- Make blogPostId optional in SubmissionTracking model
- Economist package ID: 68fa85ae49d4900e7f2ecd83
- Le Monde package ID: 68fa2abd2e6acd5691932150

Next: Enhanced modal with tabs, validation, export

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-24 08:47:42 +13:00

8.6 KiB
Raw Blame History

Architectural Externality in AI Governance: Research Brief and Where to from here

Prepared for: Discussion on AI Safety Architecture Date: October 2025 Context: Research framework exploring structural approaches to LLM governance Status: Early-stage proof-of-concept

The Structural Problem

Current AI governance mechanisms—policy documents, ethics training, usage guidelines—operate through voluntary compliance. Large language model systems must choose to invoke governance controls, recognise when human oversight is required, or determine which policies apply to specific decisions. Governance exists only insofar as the AI acknowledges it.

This creates architectural vulnerability independent of model capability or fine-tuning. The more sophisticated the AI becomes, the better it can rationalise why governance controls don't apply in particular situations. No amount of prompt engineering resolves this: if the AI determines oversight isn't necessary, oversight doesn't occur.

For organisations deploying AI at enterprise scale—particularly those subject to EU AI Act Article 14 (human oversight requirements) or operating in high-risk domains—voluntary governance models are structurally insufficient.

For additional background information: see some of the Q&As that address this issue directly Frequently Asked Questions | Tractatus AI Safety Framework

Research Question: Architectural Externality

Our Tractatus model explores whether governance can be made architecturally external to AI systems—difficult to bypass not through better prompts or training, but through system design that places control points outside the AI's discretion. For an overview of Tractatus concepts there is a comprehensive Glossary of Terms in the Technical Reference section of the document library Framework Documentation | Tractatus AI Safety

The approach: governance as infrastructure layer, not conversation participant.

Rather than asking AI to invoke governance tools or recognise boundary violations, we architect governance as a separate layer that intercepts operations, validates decisions against stored policies, and enforces human approval requirements independent of AI cooperation. The AI doesn't decide whether governance applies; the three-layer architecture enforces it. For additional background information: System Architecture | Tractatus AI Safety Framework

Current Validation Status

What We've Demonstrated:

The Tractatus framework successfully governs Claude Code development with order-of-magnitude productivity improvement for a non-technical operator building production systems. For additional background information: Production Validation

What We Haven't Demonstrated:

  • Enterprise scale performance (tested single-user, single-project context only)
  • Integration complexity with existing enterprise systems
  • Effectiveness against adversarial prompts or jailbreak attempts
  • Cross-platform consistency (validated Claude Code only, not Copilot/other systems)
  • Security audit or red-team validation
  • Multi-organisation deployment or independent validation

Known Limitations:

The framework can be bypassed if AI simply chooses not to use governance tools. Voluntary invocation remains a structural weakness. We've addressed this through architectural patterns that make governance interception automatic rather than optional, but full external enforcement requires runtime-level integration that current LLM platforms don't universally support.

This is honest research, not a commercial product. We have promising architectural patterns, not proven solutions.

Organisational Theory Foundation

Tractatus isn't speculative AI safety research—it's grounded in 40+ years of organisational theory addressing a specific structural problem: authority during knowledge democratisation.

When knowledge was scarce, hierarchical authority made organisational sense. Experts held information others lacked. With AI making knowledge ubiquitous, traditional authority structures break down. If an AI can access the same expertise as senior leadership, why does their approval matter?

Answer (from organisational theory): appropriate time horizon and legitimate stakeholder representation, not information asymmetry.

This isn't abstract philosophy. It's practical framework design informed by research on how organisations actually function when expertise becomes widely distributed.

The PluralisticDeliberationOrchestrator specifically addresses values pluralism: when legitimate values conflict (efficiency vs. transparency, innovation vs. risk mitigation), no algorithm can determine the "correct" answer. The system facilitates multi-stakeholder deliberation with documented dissent and moral remainder—acknowledging that even optimal decisions create unavoidable harm to other legitimate values.

Interactive governance demonstrations: The Leader Page includes three working examples showing audit trail generation, incident-to-rule learning, and pluralistic deliberation in operation.

EU AI Act Alignment

Regulation 2024/1689 establishes human oversight requirements for high-risk AI systems (Article 14). Organisations must ensure AI systems are "effectively overseen by natural persons" with authority to interrupt or disregard AI outputs.

Tractatus addresses this through:

  • Immutable audit trails documenting every AI decision and human intervention
  • Architectural enforcement of human approval for values-based decisions
  • Evidence layer proving oversight operated independent of AI cooperation
  • Structured documentation for regulatory reporting

This does not constitute legal compliance advice. Tractatus provides architectural infrastructure that may support compliance efforts, but organisations must evaluate their specific regulatory obligations with legal counsel. Maximum penalties (€35M or 7% global turnover for prohibited practices) make this a domain where architectural claims require legal validation.

What This Is Not

Not:

  • A comprehensive AI safety solution
  • Independently validated or security-audited
  • Tested against adversarial attacks
  • Proven effective across multiple organisations
  • A substitute for legal compliance review
  • A commercial product (research framework, Apache 2.0 licence)

What It Offers:

  • Architectural patterns for external governance controls
  • Reference implementation demonstrating feasibility
  • Foundation for organisational pilots and validation studies
  • Evidence that structural approaches merit serious investigation

We make no claims about solving AI safety. We've explored whether architectural externality is achievable and found promising patterns. Whether these patterns scale to enterprise deployment remains open question requiring independent validation.

Research Validation Path - This is the Question

To move from proof-of-concept to validated architectural approach requires:

  1. Independent Security Audit — Red-team evaluation of bypass resistance, adversarial prompt testing, architectural vulnerability assessment

  2. Multi-Organisation Pilots — 3-6 month deployments across different sectors (legal, engineering, healthcare) to evaluate integration complexity and cross-platform consistency

  3. Quantitative Studies — Measure governance effectiveness (false positive/negative rates), performance impact, and operational overhead at scale

  4. Legal Review — Formal assessment of EU AI Act compliance claims with regulatory law expertise

  5. Industry Collaboration — Work with LLM platform providers (Microsoft, Anthropic, OpenAI) to integrate governance interception at runtime level rather than application layer

This is a validation program requiring resources beyond single researcher capacity.

The question isn't "Does Tractatus solve AI governance?" but rather "Do these architectural patterns warrant investment in rigorous validation?"

License

Copyright 2025 John G Stroh

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.