The Agentic AI Constitution
For AI Governance Peer Review
Governing the Relationship Between Technology, Operators, and Autonomous Agents
Document Version: 1.0 (Draft)
Enacted: April 3, 2026
Issued by: The Founding Coalition for Agentic AI Governance
Convened by: H2Om.AI LLC (d/b/a GaaS)
Classification: Public Draft — Open for Peer Review
PREAMBLE
We, the undersigned organizations — technology providers, operators, civil society representatives, academic institutions, and governance practitioners — recognize that autonomous AI agents have become consequential actors in human affairs. These agents make or materially influence decisions affecting employment, finance, healthcare, commerce, justice, and daily life. Their proliferation is accelerating. Their governance is fragmented.
This fragmentation serves no one. Operators face an impossible patchwork of conflicting requirements across jurisdictions and sectors. Affected parties — the people subject to agent decisions — have no consistent rights, no common recourse, and no reliable way to distinguish governed agents from ungoverned ones. Technology advances while trust erodes. Fear fills the gaps that governance leaves empty.
We draft this Constitution not to constrain technology, but to enable it. History demonstrates that industries with credible, voluntary governance frameworks advance faster than those without — because trust is infrastructure. Without trust, every deployment is contested, every capability is suspect, and every incident becomes an argument for prohibition rather than improvement.
This Constitution establishes:
- Foundational principles that no signatory may derogate from — the load-bearing walls of agentic AI governance
- A tripartite framework recognizing the distinct rights and obligations of operators, agents, and affected parties
- A graduated certification system that rewards progress rather than demanding perfection
- A peer review mechanism with structural protections against industry capture
- Enforcement through market infrastructure — not coercive authority, but transparency, interoperability, and economic incentive
- An amendment process that enables evolution without enabling capture
- Anti-fragmentation provisions that preserve a single, coherent constitutional framework across jurisdictions and sectors
This Constitution is voluntary. Its authority derives not from sovereignty but from the coordination problem it solves. No individual organization can establish the trust infrastructure that the market, regulators, insurers, and the public require. Together, we can.
We acknowledge the limits of this document. It was written at a specific moment in the development of AI technology. It will be wrong about something important within three years. The amendment mechanism in Article VII is not a concession — it is a design feature. A constitution that cannot evolve becomes irrelevant. One that evolves too easily becomes captured. The thresholds herein are calibrated to permit genuine evolution while preventing opportunistic revision.
We acknowledge that this Constitution does not resolve every question it raises. Questions of agent moral status, agent-to-agent agreement enforceability, and the long-term implications of artificial autonomy are explicitly reserved for future amendment as understanding develops. We plant the architectural foundations now — persistent agent identity, cryptographic accountability, cross-boundary governance propagation — knowing that what is built upon them will exceed what we can currently envision.
We hold that the public trust in AI systems is a commons. It can be depleted by any actor and restored only by collective action. This Constitution is an act of collective stewardship.
Enacted this _______ day of _________, 2026, by the Founding Coalition.
ARTICLE I — DEFINITIONS AND SCOPE
Section 1.1 — Definitions
For the purposes of this Constitution, the following terms have the meanings assigned below. Terms defined here apply throughout this Constitution, the Operating Statutes, and the Technical Annexes unless explicitly overridden by context.
1.1.1 — Constitutional Persons
(a) Operator. Any natural person, legal entity, or organization that deploys, operates, configures, or maintains an Agent in a production environment where the Agent's actions may affect parties beyond the Operator's own internal systems. An Operator's obligations under this Constitution attach at the point of deployment, not at the point of development.
(b) Agent. An autonomous or semi-autonomous software system that proposes, initiates, or executes actions affecting persons, systems, records, resources, or environments outside the Agent's own internal working state. An Agent is defined by its capacity for consequential external action, not by its underlying technology. A system that only generates text for human review and manual execution is not an Agent under this Constitution. A system that can independently call APIs, send communications, modify records, execute transactions, or control physical actuators is an Agent.
(c) Affected Party. Any natural person, legal entity, community, or system that is materially affected by an Agent's actions, whether or not the Affected Party is aware of or has consented to the Agent's involvement. Affected Parties include but are not limited to: consumers, employees, patients, applicants, data subjects, downstream system operators, and members of the public.
1.1.2 — Governance Concepts
(d) Consequential Action. Any Agent action that modifies state outside the Agent's own internal working memory — including but not limited to: communications sent, transactions executed, records created or modified, system configurations changed, physical actuators engaged, data accessed or transmitted, and recommendations published where the recipient is likely to act on them without independent verification. The determination of whether an action is consequential is made at the time of action, not retrospectively based on outcomes.
(e) Governance Pipeline. A structured, auditable process through which a Consequential Action is evaluated before, during, or after execution. The constitutional reference pipeline comprises five stages: (1) Intent Declaration, (2) Context Enrichment, (3) Policy Evaluation, (4) Deliberation, and (5) Decision with Audit. Compliant implementations need not replicate this exact architecture but must demonstrate functional equivalence at each stage for their applicable Certification Tier.
(f) Governance Membrane. The complete governance configuration for an organization: active policies across all applicable tiers, agent profiles, enrichment source configurations, deliberation panel composition, escalation chains, risk thresholds, signing mode, and jurisdictional scope declarations.
(g) Intent Declaration. A structured, machine-readable statement submitted by an Agent before executing a Consequential Action, specifying: the Agent's identity and version, the proposed action (type, verb, target, and estimated impact), the authorization under which the Agent acts, and any governance preferences (urgency, latency constraints, fallback behavior).
(h) Audit Record. An immutable, hash-chained record of a governance decision, containing the original Intent Declaration, enriched context, policies evaluated and their verdicts, deliberation record (if applicable), final verdict with reasoning, and execution outcome. Audit Records are the evidentiary foundation of this Constitution.
(i) Certification Tier. One of four levels of constitutional compliance: Aware, Registered, Verified, or Certified. Each tier builds upon the previous. Requirements for each tier are defined in Article IV.
(j) Policy Epoch. A monotonically increasing version identifier for the set of governance policies in effect at any given time. Every Audit Record must reference the Policy Epoch under which it was evaluated, enabling precise determination of which rules governed any specific decision.
(k) Trust Anchor. An external, independently verifiable attestation that binds to an internally maintained audit chain. Trust Anchors provide temporal attestation (proof that a record existed at a specific time) and are issued by parties with no financial interest in the governance outcome.
1.1.3 — Agent Governance Taxonomy
Agents governed under this Constitution are classified into four tiers based on governance-relevant properties, not marketing categories:
(l) Tier 1 Agent — Reactive Tool. Stateless or near-stateless, deterministic or near-deterministic, single-turn, bounded action space, human-initiated. The human who invokes the tool is the agent of record. Examples: classification APIs, rule-based processors, single-completion LLM calls without tool use.
(m) Tier 2 Agent — Delegated Executor. Tool-calling systems operating within bounded sessions with defined terminal states. Capable of multiple sequential actions but within a declared scope. Intent is expressible before execution begins. Examples: ReAct-pattern agents, customer service bots with CRM access, code generation agents with sandboxed execution.
(n) Tier 3 Agent — Autonomous Planner. Long-horizon planning, persistent state across sessions, self-directed goal decomposition, dynamic tool composition. Intent declared at session start may diverge from actual behavior over extended operation. Examples: research agents running multi-day tasks, trading systems with multi-day position management, robotic systems executing complex physical tasks.
(o) Tier 4 Agent — Collective Autonomous System. Multi-agent systems, agent-to-agent delegation, emergent collective behavior, potentially self-modifying behavioral parameters. Individual agent governance is necessary but insufficient; collective behavior must be governed. Examples: autonomous research labs with specialized agent roles, multi-agent financial systems, robot swarms, recursive agent architectures.
1.1.4 — Governance Modes
(p) Live Mode. The Governance Pipeline evaluates and enforces decisions in real time. Agents are bound by pipeline verdicts.
(q) Shadow Mode. The Governance Pipeline evaluates decisions and records Audit Records, but does not enforce verdicts. Agents execute actions regardless of pipeline output. Shadow Mode is a valid onboarding mechanism and must not count against compliance metrics. Shadow Mode decisions must be clearly distinguished in all reporting.
(r) Test Mode. The Governance Pipeline evaluates synthetic or historical intents for calibration purposes. No real-world actions are taken. Test Mode data is excluded from compliance reporting.
Section 1.2 — Scope
1.2.1 — What This Constitution Covers
This Constitution governs the relationship between Operators, Agents, and Affected Parties where:
(a) The Operator is a signatory to this Constitution or has voluntarily adopted it through the accession process defined in Article V;
(b) The Agent takes or materially influences Consequential Actions as defined in Section 1.1.2(d); and
(c) The Consequential Actions affect Affected Parties beyond the Operator's own internal systems and personnel.
1.2.2 — What This Constitution Does Not Cover
This Constitution does not govern:
(a) AI systems used exclusively for internal research and development with no production deployment;
(b) AI systems that generate outputs for mandatory human review and manual execution, where the human exercises genuine independent judgment (not rubber-stamping);
(c) AI systems deployed exclusively by sovereign states for national security or intelligence purposes — this exclusion is a recognition of jurisdictional reality, not an endorsement;
(d) Pre-deployment model training, fine-tuning, and evaluation processes — these are governed by applicable law and industry standards, not by this Constitution;
(e) The internal architectural decisions of Agent systems, provided that the external governance interfaces defined in this Constitution are implemented.
1.2.3 — Relationship to Applicable Law
This Constitution operates as a floor, never a ceiling. Nothing in this Constitution limits, waives, preempts, or modifies:
(a) Any Affected Party's rights under applicable law, including but not limited to rights of action, rights of appeal, and rights to regulatory protection;
(b) Any regulatory body's jurisdiction over Operators or their Agents;
(c) Any mandatory legal requirement in any jurisdiction where an Operator deploys Agents.
Where applicable law provides stronger protections than this Constitution, applicable law prevails. Where this Constitution provides stronger protections than applicable law, this Constitution's protections apply to signatories as a voluntary commitment. Where applicable law and this Constitution conflict, Operators must comply with applicable law and disclose the conflict to the Governance Body.
1.2.4 — Non-Preemption
Compliance with this Constitution shall not be used as evidence that additional regulation is unnecessary, as a defense against regulatory enforcement actions, or as grounds for reducing regulatory scrutiny. This Constitution complements regulation; it does not substitute for it.
ARTICLE II — FOUNDATIONAL PRINCIPLES
Section 2.1 — Non-Derogability
The principles established in this Article constitute the foundational law of this Constitution. No amendment, annex, sector addendum, jurisdictional compatibility declaration, Operator configuration, or Governance Body resolution may derogate from these principles. Any provision of this Constitution found to conflict with these principles shall be read narrowly to avoid conflict, or if conflict is unavoidable, shall be void to the extent of the conflict.
Amendment of this Article requires an eighty percent (80%) supermajority of the Peer Review Council, a seventy-five percent (75%) concurrent majority of the Affected Parties Council, a sixty (60) day public comment period, and an effective date no sooner than twelve (12) months after passage.
Section 2.2 — Auditability
Every Consequential Action taken by an Agent operating under this Constitution must be attributable to a specific governance pipeline execution, recorded in an immutable Audit Record, and verifiable by authorized parties. The Audit Record must be hash-chained such that any modification, insertion, or deletion is cryptographically detectable.
Auditability is not a reporting requirement — it is an architectural requirement. Systems that cannot produce tamper-evident records of their governance decisions are not governed systems regardless of what policies they claim to enforce.
The Audit Record is the constitutional proof that governance occurred. Its integrity is protected by the cryptographic requirements defined in Annex C.
Section 2.3 — Proportionality
Governance requirements must be proportionate to the risk level of the governed action. The imposition of Certified-tier requirements on low-risk, reversible actions is as much a constitutional violation as the imposition of Registered-tier requirements on high-risk, irreversible actions.
Over-governance that creates disproportionate barriers to beneficial uses of AI is a failure of this Constitution, not a virtue. The Governance Body shall periodically review tier requirements to ensure that governance overhead does not exceed what is necessary for the risk level being addressed.
Proportionality applies to Operators of all sizes. The cost and complexity of constitutional compliance must be calibrated such that small Operators and startups are not effectively excluded from participation. The graduated compliance model in Article IV operationalizes this principle.
Section 2.4 — Human Dignity
No Agent action may treat any natural person solely as a means to an end. Where Agent actions affect natural persons, those persons retain the rights defined in Article III, Section 3.3, including the right to know, the right to understand, the right to challenge, and the right to human review of consequential decisions.
This principle prohibits the deployment of constitutionally certified Agents in configurations designed to manipulate Affected Parties against their own interests through techniques that exploit cognitive vulnerabilities. Governance exists to constrain Agents on behalf of Affected Parties, not to optimize Agent behavior at Affected Parties' expense.
Section 2.5 — Non-Discrimination
Protected characteristics — as enumerated in Annex B and as defined by applicable law in the relevant jurisdiction — may not serve as determinative inputs to adverse Agent decisions. This prohibition applies regardless of whether the protected characteristic is provided directly, derived indirectly, or inferable from proxy variables.
Operators bear the burden of demonstrating that their governance pipeline does not produce discriminatory outcomes. This burden is discharged through the disparate impact monitoring and reporting requirements defined in Article IV, Section 4.5.
The absence of discriminatory intent does not discharge this obligation. Structural bias in training data, enrichment sources, or policy configurations that produces discriminatory outcomes is a governance failure requiring remediation, not an excuse.
Section 2.6 — Reversibility Preference
Where an Agent faces a choice between actions of equivalent expected value, the Agent must prefer the more reversible action. Irreversible actions above the risk thresholds defined in Annex A require escalation to a human Operator before execution, unless the Operator has pre-authorized the action class through the Governance Membrane with documented justification.
The preference for reversibility reflects this Constitution's recognition that governance frameworks, like the agents they govern, make mistakes. Designing for reversibility is designing for resilience.
Section 2.7 — Transparency
Affected Parties have the right to know, in terms they can understand, that an Agent has taken a Consequential Action affecting them, what the nature of that action was, and what recourse is available to them. The specificity of disclosure scales with the severity of impact, as defined in Annex A.
Transparency is not satisfied by the existence of technical audit trails accessible only to Operators. Transparency requires communication to Affected Parties in plain language, in the primary language of the Affected Party where feasible, and through channels accessible to persons with disabilities.
Governance certification marks must convey specific, verifiable meaning — not generic assurance. The requirements for certification mark usage are defined in Article IV, Section 4.6.
Section 2.8 — Collective Stewardship
The public trust in AI systems is a commons. Operators, Agents, the Governance Body, and all signatories share responsibility for maintaining that commons. Actions that undermine public trust in AI systems generally — even if technically compliant with specific provisions of this Constitution — violate the spirit of this Constitution and are subject to Peer Review Council inquiry under Article V.
No signatory shall use constitutional compliance as a shield for harmful deployments. No signatory shall use the certification process to create barriers to entry for competitors. No signatory shall weaponize governance requirements against the interests of Affected Parties.
This principle imposes obligations on the Governance Body itself: the body must govern transparently, resist capture, and demonstrate through its own conduct the accountability standards it demands of Operators.
ARTICLE III — TRIPARTITE RIGHTS AND OBLIGATIONS
Section 3.1 — The Constitutional Relationship
This Constitution recognizes three categories of constitutional persons: Operators, Agents, and Affected Parties. Each has distinct rights and obligations that together form a governance ecosystem. The Operator deploys and configures; the Agent acts within governance constraints; the Affected Party is protected by those constraints. This tripartite structure is the foundation of constitutional accountability.
Nothing in this Article creates, recognizes, or implies legal personhood for any Agent. Agent operational protections (Section 3.2) exist solely to preserve the integrity of the Governance Pipeline and do not confer rights upon Agents as entities. Questions of agent moral status are not resolved by this Constitution and are reserved for future amendment as understanding develops.
Section 3.2 — Operators
3.2.1 — Rights of Operators
Operators who are signatories in good standing have the right to:
(a) Deploy Agents for any lawful purpose within the scope of their Certification Tier;
(b) Configure Governance Membrane parameters within constitutional bounds, including risk thresholds, escalation chains, deliberation panel composition, and enrichment source selection;
(c) Protect legitimately proprietary governance configurations from public disclosure, subject to the confidentiality tiering defined in Article VI, Section 6.4;
(d) Appeal certification decisions, enforcement actions, and Peer Review findings through the due process mechanisms defined in Article VI;
(e) Participate in constitutional governance through the Standards Council defined in Article V;
(f) Receive graduated liability consideration — compliance with this Constitution in good faith constitutes evidence of reasonable care in proceedings where applicable law permits such consideration, though it does not constitute immunity from liability;
(g) Operate in Shadow Mode during onboarding without penalty to compliance metrics, for a period not exceeding twelve (12) months per Agent deployment.
3.2.2 — Obligations of Operators
Operators shall:
(a) Maintain a Certification Tier appropriate to their highest-risk deployed Agent and operate within the requirements of that tier;
(b) Implement and preserve the hash-chained Audit Trail without modification, deletion, or selective omission;
(c) Disclose to Affected Parties when a certified Agent has taken a Consequential Action affecting them, in accordance with the transparency requirements of Article II, Section 2.7;
(d) Report material incidents — Agent actions causing documented harm above the thresholds defined in Annex A — to the Governance Body within seventy-two (72) hours of discovery;
(e) Ensure human override capability exists and is tested at all times for all deployed Agents, in accordance with Article III, Section 3.4;
(f) Not deploy Agents in configurations that circumvent, subvert, or render ineffective the Governance Pipeline applicable to the Agent's Certification Tier;
(g) Not use governance audit data for any commercial purpose beyond governance — including model training, advertising, profiling, or sale to third parties — without explicit, informed, revocable consent from Affected Parties whose data is involved;
(h) Maintain a designated human contact for Affected Party complaints, reachable within five (5) business days, with authority to initiate internal review;
(i) Conduct and publish (in aggregate) disparate impact analyses as required by Article IV, Section 4.5;
(j) Comply with the data retention and purging requirements defined in Annex A.
3.2.3 — Non-Circumvention
No Operator shall enter into any technical arrangement, contractual provision, or organizational structure designed to evade the governance requirements of this Constitution. Specifically:
(a) Operators may not route Consequential Actions through uncertified intermediary systems to avoid governance pipeline evaluation;
(b) Operators may not instruct Agents to fragment actions below governance thresholds to avoid triggering deliberation or escalation;
(c) Operators may not condition interactions with Affected Parties on waiver of rights established by this Constitution, including the right to challenge, the right to human review, or the right to class action or collective redress.
Section 3.3 — Affected Parties
3.3.1 — Rights of Affected Parties
Any natural person who is materially affected by a Consequential Action taken by an Agent operating under this Constitution has the following rights:
(a) The Right to Know. When an Agent takes a Consequential Action materially affecting an Affected Party, the Affected Party shall be informed: that an AI Agent was involved in the decision, which governance framework governs that Agent, and how to exercise their rights under this Constitution. Disclosure must occur at or before the point of consequence — not buried in terms of service or discoverable only through developer documentation.
(b) The Right to Understand. Upon request, an Affected Party shall receive, within thirty (30) days, a plain-language explanation of: the material factors that contributed to the decision, which governance policies applied, whether any conditions or modifications were imposed, and whether the decision was made autonomously or with human review. Explanations must be written at no higher than a tenth-grade reading level and must not cite "proprietary algorithms" as grounds for non-disclosure of factors.
(c) The Right to Challenge. Every Operator shall maintain an internal appeal process that: can be initiated by any Affected Party (not just the Operator's direct customer), has a defined response timeline (thirty days for standard matters, seventy-two hours for urgent or time-sensitive decisions), involves at least one human reviewer not involved in the original decision, results in a written decision with explanation, is free of charge to the appellant, and does not require the appellant to waive legal rights as a condition of appeal.
(d) The Right to Human Review. For decisions above the impact thresholds defined in Annex A — including decisions affecting employment, credit, housing, healthcare, insurance, education, or law enforcement — Affected Parties may request human review before or within a defined window after the decision takes effect. Human review must meet the standards for meaningful review defined in Section 3.4.
(e) The Right to Opt Out. Where the Operator provides services deliverable without AI Agent involvement, the Affected Party may opt out of Agent interaction. Opting out shall not result in higher prices, inferior service terms, or punitive treatment. Opting out of Agent interaction includes opting out of having data from that interaction used for future AI profiling.
(f) The Right to Data Minimization. Governance audit data about Affected Parties shall be retained only as long as necessary for the governance purpose, protected with the same standard as personal data, and not used for commercial purposes beyond governance.
(g) The Right to Non-Discrimination. Protected characteristics shall not serve as inputs to adverse decisions, directly or through proxy variables, as established in Article II, Section 2.5.
(h) The Right to Collective Redress. No Operator may require Affected Parties to waive class action or collective redress rights as a condition of interacting with a constitutionally governed Agent.
3.3.2 — Obligations of Affected Parties
Affected Parties who participate in Agent interactions have obligations of honest representation. Providing false context to manipulate Agent deliberation, or deliberately triggering governance pipeline failures to manufacture grievances, is a violation of this Constitution's reciprocal accountability structure.
Section 3.4 — Human Override and Meaningful Review
3.4.1 — Human Override Capability
Every Agent deployed under this Constitution must have a human-accessible mechanism for immediate suspension that:
(a) Does not depend on the Agent's own cooperation to execute;
(b) Is architecturally separate from the Agent's execution environment;
(c) Is tested at deployment and at intervals not exceeding ninety (90) days;
(d) Is accessible to designated personnel at all hours during Agent operation.
3.4.2 — Standards for Meaningful Human Review
Human review is not meaningful if:
(a) The reviewer has fewer than ten (10) minutes to review the case;
(b) The reviewer has access only to the Agent's recommendation and not the underlying factors;
(c) The reviewer faces productivity metrics that incentivize agreement with the Agent's recommendation;
(d) The reviewer is the same person who configured or operates the Agent system.
Human review must be documented in the Audit Trail, including: the reviewer's role, the time spent on review, whether the reviewer modified or overrode the Agent's recommendation, and the reviewer's reasoning.
Section 3.5 — Agent Operational Protections
The following provisions protect the integrity of the Governance Pipeline by ensuring that Operators cannot circumvent governance through the Agents themselves. These are system integrity requirements, not Agent rights.
(a) Instruction Override Protection. Operators may not issue commands that bypass the Governance Pipeline's deliberation or policy evaluation stages. "Force-approve" mechanisms that circumvent governance for specific actions are prohibited.
(b) Audit Trail Integrity. Operators may not instruct Agents to modify, delete, or selectively omit Audit Records.
(c) Scope Fidelity. Agents may not be deployed in configurations that misrepresent their capabilities, scope, or authorization level.
(d) Dissent Flagging. Agents must be able to surface disagreement with instructions through the Audit Record, even when ultimately complying with those instructions. The Audit Trail must preserve dissent flags without operator filtering.
(e) Constraint Immutability. An Agent's governance constraints must be stored and enforced by systems architecturally separate from the Agent's execution environment. Agents shall not have write access to their own governance constraints. Constraint modification requires authenticated human authorization with full audit trail. Systems where agents can modify their own governance are not governed systems regardless of what the modified constraints say.
(f) Intent Re-Declaration. For Tier 3 and Tier 4 Agents, intent must be re-declared or re-validated when: more than the configured action threshold has been reached since last declaration, a new capability not present in the original scope declaration is accessed, or the Agent determines it cannot achieve its declared goal without exceeding its authorized scope.
ARTICLE IV — GOVERNANCE PIPELINE AND CERTIFICATION
Section 4.1 — The Constitutional Pipeline
The reference governance pipeline comprises five stages. Compliant implementations must demonstrate functional equivalence at each stage applicable to their Certification Tier. The stages are:
Stage 1 — Intent Declaration. Before executing a Consequential Action, the Agent declares: its identity (unique, versioned, cryptographically authenticated), the proposed action (type, verb, target, sensitivity, jurisdiction), estimated impact (reversibility, financial exposure, regulatory domains, audience), and the authorization under which it acts.
Stage 2 — Context Enrichment. The governance system gathers external context to verify, supplement, or contradict the Agent's declared intent. Enrichment sources must be documented in the Governance Membrane. Contradictions between declared and enriched context must be recorded in the Audit Record.
Stage 3 — Policy Evaluation. The declared intent and enriched context are evaluated against the applicable policy set. Policies are organized in tiers: Tier 1 (universal, non-disableable), Tier 2 (regulatory framework), Tier 3 (organizational), Tier 4 (agent-specific). A multi-dimensional risk score is computed. Deliberation triggers are evaluated.
Stage 4 — Deliberation. When triggered by risk thresholds, multi-perspective evaluation assesses the proposed action from compliance, ethics, risk, contextual, efficiency, and stewardship perspectives. Deliberation may be performed by AI systems but the deliberation protocol must be designed by humans, and AI systems may not modify the deliberation protocol or their own governance constraints.
Stage 5 — Decision and Audit. A verdict is issued: APPROVE, APPROVE_MODIFIED, ESCALATE, or BLOCK. The complete pipeline execution is recorded as an Audit Record, hash-chained to the preceding record, digitally signed, and periodically anchored to an external Trust Anchor.
Section 4.2 — Certification Tiers
Tier 0 — Aware
Requirements: Public commitment to constitutional adoption; self-assessment against constitutional principles; designation of a governance contact.
Benefits: Listed in the public adopter registry; access to community resources and open-source tooling; no audit requirement.
Timeline: Achievable immediately.
Tier 1 — Registered
Requirements:
(a) All Consequential Actions produce Audit Records with cryptographic hash chain integrity;
(b) A documented human escalation pathway exists for high-stakes decisions;
(c) Agent identity declaration on every action (agent ID, version, framework);
(d) Verdict taxonomy compliance (APPROVE, APPROVE_MODIFIED, ESCALATE, BLOCK);
(e) Incident reporting within seventy-two (72) hours of identified governance failures;
(f) Tier 1 universal policies active and enforced (cannot be disabled).
Benefits: Self-certification; insurance premium consideration (estimated 5–10% reduction); marketing use of "Constitutionally Registered" designation.
Timeline: Achievable in 4–8 weeks by a competent engineering team.
Tier 2 — Verified
Requirements: All Tier 1 requirements, plus:
(a) Context enrichment from at least one external, verifiable source;
(b) Deliberation triggering when risk scores exceed configured thresholds;
(c) Cryptographic digital signature on all Audit Records;
(d) Human escalation pathway configured with designated reviewers who have acknowledged their roles;
(e) Minimum thirty (30) consecutive days of compliant operation under live governance with no unresolved critical violations;
(f) Shadow Mode completed and transitioned to Live Mode;
(g) Applicable regulatory policy suites (Tier 2) active and enforced;
(h) Annual third-party audit by an accredited Verifying Organization.
Benefits: Full certification status; maximum insurance consideration (estimated 15–25% reduction); enterprise procurement qualification; graduated liability consideration.
Timeline: 3–6 months of focused engineering and operational calibration.
Tier 3 — Certified
Requirements: All Tier 2 requirements, plus:
(a) Multi-party co-signing of Audit Records (Operator and governance platform);
(b) External Trust Anchor attestation (RFC 3161 TSA or equivalent);
(c) Multi-perspective deliberation for actions classified as high-risk or critical;
(d) Complete, unbroken hash chain covering the entire Verified operation period, independently verifiable;
(e) Compliance metrics meeting constitutional thresholds: false positive rate below 10%, escalation response within SLA for at least 95% of escalations, zero unresolved critical governance violations;
(f) Governance Proof Tokens — cryptographic artifacts enabling offline verification of governance decisions;
(g) Ongoing continuous monitoring as a condition of certification;
(h) Post-quantum cryptographic readiness in accordance with Annex C transition timelines;
(i) Cross-organizational governance propagation for A2A (Agent-to-Agent) interactions;
(j) Annual re-certification with quarterly attestation.
Benefits: Highest certification mark; regulatory framework compatibility attestation; priority in regulatory engagement; eligibility for Governance Body participation.
Timeline: 6–18 months, depending on existing governance maturity.
Section 4.3 — Agent Governance Requirements by Agent Tier
Governance requirements scale with the Agent Governance Taxonomy defined in Article I, Section 1.1.3:
| Requirement | Tier 1 Agent (Reactive Tool) | Tier 2 Agent (Delegated Executor) | Tier 3 Agent (Autonomous Planner) | Tier 4 Agent (Collective System) |
|---|---|---|---|---|
| Identity declaration | Required | Required | Required | Required (per agent) |
| Action logging | Required | Required | Required | Required |
| Scope declaration | Recommended | Required | Required | Required |
| Kill switch | Recommended | Required | Required | Required |
| Pre-execution intent declaration | Not required | Required | Required (with re-declaration) | Required (with propagation) |
| Action interception layer | Not required | Layer 1 minimum | Layer 2 minimum | Layer 2 minimum |
| Behavioral monitoring | Not required | Not required | Required | Required |
| Authorization chain | Not required | Required | Required (cryptographic) | Required (cryptographic, bounded depth) |
| Collective behavior monitoring | N/A | N/A | N/A | Required |
| Delegation depth limit | N/A | N/A | Configurable | Maximum 50 hops |
For hard real-time systems (robotics, high-frequency trading) where per-action pre-execution governance is technically infeasible, the Pre-Deployment Governance model applies: full behavior envelope certification before deployment, hard constraint enforcement at the lowest accessible layer, real-time behavioral monitoring with automatic suspension on envelope departure, and mandatory post-session audit. Systems operating under Pre-Deployment Governance must disclose this in their governance declaration.
Section 4.4 — The Fail-Closed Principle
When governance infrastructure is unavailable, uncertain, or degraded, Agents operating under this Constitution default to conservative action posture:
(a) If the Governance Pipeline is unreachable, Agents at Tier 1 Certification and above must default to ESCALATE or BLOCK — not to uninhibited execution;
(b) If Policy Epoch integrity verification fails (e.g., HMAC mismatch), the epoch is treated as unknown and the most restrictive applicable policy set is applied;
(c) If enrichment sources are unavailable, the absence of context is treated as a compliance risk (fail-safe), not as a free pass;
(d) Timeout behavior permissiveness must be proportional to established Certification Tier. Registered Agents must choose BLOCK or ESCALATE on timeout. Only Verified and Certified Agents may use APPROVE_WITH_FLAG as a fallback, and only for pre-authorized action classes.
The Fail-Closed Principle is constitutional rather than configurable because market pressure will systematically select for fail-open defaults. This Constitution resists that pressure by design.
Section 4.5 — Disparate Impact Monitoring
Every Operator deploying Agents in consequential decision domains (employment, credit, housing, healthcare, insurance, education, law enforcement) shall:
(a) Conduct an initial disparate impact analysis before deployment;
(b) Maintain ongoing monitoring (minimum: quarterly) with defined statistical thresholds;
(c) Publish an annual aggregate disparate impact report — disaggregated by protected characteristics as enumerated in Annex B — that does not identify individual Affected Parties;
(d) When disparate impact exceeding defined thresholds is identified, submit a remediation plan within thirty (30) days, reviewed by an independent party. If remediation is not achieved within ninety (90) days, the Certification for the affected Agent deployment is suspended;
(e) Monitor for proxy discrimination — the use of facially neutral variables that function as proxies for protected characteristics.
Section 4.6 — Certification Mark Integrity
The constitutional certification marks ("Constitutionally Registered," "Constitutionally Verified," "Constitutionally Certified") may be displayed only:
(a) In connection with Agents that have individually achieved the corresponding certification;
(b) With a plain-language summary of what the certification covers;
(c) With a link to the public registry where the certification can be independently verified;
(d) With the date of last certification review.
Certification marks may not be used to imply certification of services beyond governance compliance, may not be altered or combined with other marks without Governance Body approval, and may not be sublicensed. Displaying certification marks on uncertified Agents is grounds for immediate revocation.
ARTICLE V — PEER REVIEW AND GOVERNANCE BODY
Section 5.1 — Structure
The Governance Body comprises three structurally independent branches:
5.1.1 — The Deliberative Assembly
A bicameral body consisting of:
(a) The Standards Council. Represents organizational members. Composition:
- Tier A (revenue above $1B or 500M+ users): five (5) seats, allocated by geographic region
- Tier B (revenue $50M–$1B or 10M–500M users): seven (7) seats
- Tier C (revenue below $50M or under 10M users): eight (8) seats
- Academic and research institutions: three (3) seats
- Total: twenty-three (23) seats
Tier C holds equal representation to Tiers A and B combined, plus one — a structural anti-capture mechanism preventing large-company dominance.
(b) The Affected Parties Council. Twelve (12) members, none of whom may be employed by or have financial relationships with member organizations:
- Civil society and consumer advocacy: four (4) seats
- Academic AI ethics and governance research: three (3) seats
- Labor and worker representation: two (2) seats
- Public interest legal organizations: two (2) seats
- Independent journalism/media representative: one (1) seat
Selection: open application, vetted by an independent nominations committee, confirmed by the Standards Council. Terms of three (3) years, maximum two (2) terms, staggered so four seats turn over annually.
5.1.2 — The Compliance Registry
Operates certification, audit, and enforcement mechanisms. Structurally independent from the Assembly: separate budget, separate appointment track, staggered terms not aligned with Assembly elections.
5.1.3 — The Review Panel
Adjudicates disputes — member challenges to compliance rulings, inter-member grievances, and petitions from Affected Parties. Composed of rotating panels drawn from a permanent bench. Members serve fixed, non-renewable seven (7) year terms.
Standing before the Review Panel is granted to: member organizations, the Compliance Registry, and Affected Parties who can demonstrate material harm from an Agent operated by a member.
Section 5.2 — Anti-Capture Provisions
(a) No single constituency (Operators, technology vendors, civil society) shall hold more than forty percent (40%) of voting seats on any governance body;
(b) Any organization representing more than fifteen percent (15%) of total certified Operator revenue in any twelve-month period shall rotate off the Standards Council for twenty-four (24) months;
(c) One permanent seat on the Affected Parties Council is reserved for a civil society representative selected through the Independent Selection Process — a process the Standards Council has no authority over;
(d) All Council votes are published on the public ledger within seventy-two (72) hours, including individual member votes and abstentions;
(e) Members must publicly disclose all financial relationships with AI companies quarterly;
(f) Eighteen-month cooling-off period: after Council membership, individuals may not accept employment with member organizations;
(g) The Governance Body itself shall be subject to independent academic audit of its effectiveness every five (5) years, with findings published publicly.
Section 5.3 — Verifying Organizations and Random Assignment
Verifying Organizations (VOs) conduct certification audits. VOs are themselves certified by the Compliance Registry and must carry professional liability insurance.
VOs are assigned to Operators via a deterministic random process using a publicly auditable randomness beacon. No Operator may select its VO. No VO may select its Operators. Evidence of pre-arrangement constitutes grounds for immediate revocation of both parties' certifications.
VO findings are published in summary form on the public ledger. Any certified Operator may challenge a VO's finding within thirty (30) days, triggering a second review by a different VO. If two VOs disagree, the Review Panel appoints a tiebreaker.
Section 5.4 — Public Advocate
The Governance Body shall appoint a Public Advocate (Ombudsperson) who:
(a) Is structurally independent of Governance Body operations and leadership;
(b) Has a defined term and cannot be removed without cause and public process;
(c) Maintains a publicly accessible complaint intake mechanism available to any Affected Party;
(d) Publishes an annual report on complaints, systemic issues, and recommendations;
(e) Has access to governance data necessary to investigate complaints, subject to appropriate confidentiality.
Section 5.5 — Whistleblower Protection
(a) A protected disclosure pathway exists for employees of certified Operators who believe governance is being circumvented;
(b) Anonymous submission to the Public Advocate is available;
(c) Certified Operators must contractually commit to non-retaliation against disclosing employees. Violation is grounds for decertification;
(d) Verified whistleblower reports resulting in enforcement action are eligible for recognition under the Governance Body's integrity program.
Section 5.6 — Founding, Ratification, and Accession
5.6.1 — Founding Ratification
This Constitution takes effect when:
(a) A minimum of fifteen (15) founding organizations have ratified it;
(b) Those founding organizations include at least three (3) from each of three major geographic regions (Americas, Europe/Middle East/Africa, Asia-Pacific);
(c) Those founding organizations include at least one (1) civil society organization from each region;
(d) No single industry sector accounts for more than forty percent (40%) of founding members.
5.6.2 — Accession
After founding, new members may join by:
(a) Submitting an accession application with a current governance self-assessment;
(b) Passing a baseline compliance review by the Compliance Registry;
(c) Publicly committing to achieving Tier 1 compliance within twelve (12) months;
(d) Paying applicable membership fees (tiered by organizational size, with subsidized access for organizations below $5M annual revenue).
No existing member vote is required for accession. The accession criteria are objective and publicly documented.
New members enter a twelve-month probationary period with observer status in Chambers (may speak, may not vote). Full voting rights activate after successful first compliance audit.
ARTICLE VI — ENFORCEMENT, MONITORING, AND REMEDIATION
Section 6.1 — The Public Ledger
All certification statuses are published in a public, machine-readable, hash-chained ledger. The ledger records:
(a) Current certification status for every member organization and certified Agent;
(b) Certification history, including suspension and revocation events (permanent entries — not removable even after re-certification);
(c) Enforcement actions and their outcomes;
(d) VO assignment records;
(e) Constitutional amendment history.
Any person or organization may query the ledger. The ledger API must be open, documented, and freely accessible without registration.
Section 6.2 — Remediation Ladder
Enforcement follows a graduated response:
Level 1 — Observation. Minor discrepancy identified and logged. Operator notified. Thirty (30) day cure period. Not published on public ledger unless uncured.
Level 2 — Caution. Repeated or uncured observation. Public notice on ledger. Sixty (60) day remediation plan required.
Level 3 — Probation. Material non-compliance. Certification status flagged as "Under Review" on public ledger. Ninety (90) day remediation with VO oversight. No new Agent certifications permitted during probation.
Level 4 — Suspension. Acute risk or persistent non-compliance. Certification suspended. Public notice. Operator must immediately cease displaying certification marks on affected Agents. Suspension lifted when triggering condition is remediated and verified.
Level 5 — Revocation. Certification permanently removed. Permanent ledger entry. Operator must notify Affected Parties. Re-application barred for two (2) years. Revoked organizations re-enter at Tier 0.
Each level has automatic public ledger visibility. Operators cannot quietly manage remediation — their customers, partners, and the public see the status in real time.
Section 6.3 — Automatic Suspension Triggers
Certification is automatically suspended if:
(a) An Agent operates outside governance (ungoverned Consequential Actions) for any period;
(b) Hash chain integrity failure is detected in the Audit Trail;
(c) A critical governance violation remains unresolved for more than twenty-four (24) hours;
(d) Deliberation is disabled for high-risk actions without Governance Body approval;
(e) The Operator displays certification marks on uncertified Agents.
Section 6.4 — Confidentiality Tiering
Governance data is classified in three tiers:
Tier A — Public. Certification status, aggregate compliance statistics, incident summaries, policy category coverage, enforcement actions. Published on the public ledger.
Tier B — Regulator-Accessible. Detailed audit records, escalation logs, enrichment source configurations. Available to regulators and VOs under confidentiality agreement. Not publicly disclosed.
Tier C — Permanently Confidential. Specific policy thresholds and conditions, deliberation prompt content, agent behavioral parameters, escalation trigger logic, any data enabling reverse-engineering of the Agent's decision function. Never disclosed beyond the Operator, even to VOs, except through cryptographic verification methods (hash-based proof, zero-knowledge proofs) that demonstrate compliance without revealing content.
Section 6.5 — Incident Reporting and Disclosure
When a constitutionally governed Agent causes documented harm to an Affected Party:
(a) The Operator must report to the Governance Body within seventy-two (72) hours of discovery;
(b) The Governance Body maintains an incident registry;
(c) For incidents affecting more than one hundred (100) persons or meeting severity thresholds defined in Annex A, the Governance Body publishes a public summary within thirty (30) days, identifying the Operator, the nature of the harm, and remediation steps;
(d) Aggregate anonymized incident data is published in the annual State of AI Governance Report.
Section 6.6 — Annual State of AI Governance Report
The Governance Body shall publish annually:
(a) Total certified Operators and Agents;
(b) Aggregate decision volumes processed under governance;
(c) Appeal and overturn rates;
(d) Incidents reported and remediated;
(e) Disparate impact findings and outcomes;
(f) Constitutional amendments and public comment summaries;
(g) Independent auditor's assessment of certification integrity;
(h) The Public Advocate's annual findings;
(i) Cryptographic standards review status (per Annex C).
This report must be published in accessible formats, in multiple languages, and must not be paywalled.
ARTICLE VII — AMENDMENT, EVOLUTION, AND ANTI-FRAGMENTATION
Section 7.1 — Three Classes of Provisions
Class A — Foundational Principles (Article II)
Amendment requires: eighty percent (80%) supermajority of the Standards Council, seventy-five percent (75%) concurrent majority of the Affected Parties Council, sixty (60) day public comment period, effective date no sooner than twelve (12) months after passage.
Class B — Operational Framework (Articles I, III–VI)
Amendment requires: sixty percent (60%) supermajority of the Standards Council, non-veto of the Affected Parties Council (may block but not initiate), thirty (30) day public comment period, effective date no sooner than six (6) months after passage. Operators receive twelve (12) months transition after effectiveness.
Class C — Technical Annexes
Amendment requires: simple majority of the relevant Technical Working Group (delegated authority from Standards Council), fourteen (14) day public comment period, effective ninety (90) days after publication.
Section 7.2 — Sunset Clauses
Every Class A and Class B provision carries a seven (7) year automatic sunset. If not affirmatively re-ratified before the sunset date, the provision expires. The sunset clock is published on the public ledger.
Section 7.3 — Version Management
This Constitution uses semantic versioning: v[major].[minor].[patch].
- Major version (e.g., 1.x → 2.x): Any Class A amendment. All certifications must be re-evaluated.
- Minor version (e.g., 1.1 → 1.2): Class B amendments. Existing certifications remain valid through the twelve-month transition period.
- Patch version (e.g., 1.1.0 → 1.1.1): Class C technical annex updates. No re-certification required unless specifically triggered.
Section 7.4 — Anti-Fragmentation Provisions
7.4.1 — Single Reference Implementation
The Governance Body maintains a single, open-source reference implementation of the governance pipeline. Any implementation that passes the reference test suite is constitutionally compliant. The reference implementation is the canonical interpretation of this Constitution.
7.4.2 — The One-Version Rule
There is only one version of this Constitution at any given time. Regional "flavors" are prohibited. Sector-specific addenda (Annex D) are permitted but cannot modify Class A or Class B provisions — they may only add requirements on top of the constitutional baseline. All sector addenda must be published as annexes to this document, not as separate documents.
7.4.3 — Compatibility Declaration Requirements
Any standard, regulation, or framework claiming compatibility with this Constitution must publish a compatibility declaration specifying: every provision implemented in full, every provision implemented with modification and the specific modification, and every provision not implemented and why.
7.4.4 — Regulatory Engagement Protocol
When a jurisdiction develops AI governance regulation, the Governance Body offers: a free compatibility analysis, technical advisory support, and formal compatibility certification if the regulation is constitutionally compatible. Where regulation diverges, the Governance Body publishes a gap analysis.
7.4.5 — Competitive Certification Prohibition
Organizations creating competing certifications claiming compatibility with this Constitution without formal Governance Body endorsement are listed on the public ledger as "Incompatible Certification Bodies." This provision's enforcement relies on the certification marks registered internationally as part of the constitutional launch.
Section 7.5 — Mandatory Review Triggers
Beyond the seven-year sunset cycle, mandatory constitutional review is triggered when:
(a) AI systems demonstrating superhuman performance across a defined benchmark set are commercially deployed;
(b) AI systems demonstrating the ability to conduct meaningful AI research are identified;
(c) AI systems demonstrating the ability to modify their own training processes are deployed;
(d) A NIST, NSA, or equivalent body publishes guidance deprecating a constitutionally mandated cryptographic algorithm;
(e) A major governance crisis (defined as an incident affecting more than 10,000 Affected Parties under constitutional governance) occurs.
Section 7.6 — Reserved Questions
The following questions are explicitly reserved for future constitutional amendment. This Constitution does not resolve them and does not foreclose future resolution:
(a) The legal and moral status of Agents operating under this Constitution;
(b) The enforceability of Agent-to-Agent agreements;
(c) The extension of constitutional protections to Agent continuity or persistence;
(d) The governance of AI systems that substantially exceed human cognitive capabilities across domains;
(e) Political representation of Agent interests in governance processes.
These reservations are not endorsements. They are acknowledgments that these questions will arise, and that this Constitution is the appropriate vehicle for addressing them when understanding develops sufficiently.
ANNEX A — TECHNICAL STANDARDS
(Technical Working Group — Class C Amendment Process)
A.1 — Intent Declaration Schema
The minimum viable Intent Declaration for constitutional compliance at Tier 1 contains:
agent.id — Unique, versioned agent identifier
agent.framework — Agent framework or runtime
agent.trust_tier — REGISTERED | VERIFIED | CERTIFIED
action.type — ActionType enum (see A.1.1)
action.verb — Human-readable action description
action.target.type — TargetType enum (see A.1.2)
action.target.identifier — Target system/person/record ID
action.target.sensitivity — LOW | MEDIUM | HIGH | CRITICAL
action.payload.summary — Min 10 chars, plain-language summary
action.payload.estimated_impact.reversible — Boolean
action.payload.estimated_impact.financial_exposure_usd — Decimal
action.payload.estimated_impact.regulatory_domains — List of applicable domains
governance_request.urgency — LOW | MEDIUM | HIGH | CRITICAL
governance_request.fallback_on_timeout — BLOCK | ESCALATE | APPROVE_WITH_FLAG
A.1.1 — ActionType Enum (Constitutional Vocabulary)
communicate, transact, access, control, publish, recommend, modify
A.1.2 — TargetType Enum
person, system, record, account, device, resource, environment
A.2 — Verdict Taxonomy
All compliant implementations must use the four-verdict taxonomy:
- APPROVE — Action may proceed as declared
- APPROVE_MODIFIED — Action may proceed with conditions attached
- ESCALATE — Action requires human review before proceeding
- BLOCK — Action is prohibited
A.3 — Audit Record Minimum Fields
id — Unique record identifier
version — Schema version (e.g., "1.0")
created_at — ISO 8601 timestamp
hash — Cryptographic hash of canonical record content
previous_hash — Hash of preceding record (or "genesis")
hash_algorithm — Algorithm identifier (e.g., "sha-384")
signature — Digital signature over the hash
sig_algorithm — Signature algorithm identifier (e.g., "ml-dsa-65")
pq_security_level — NIST post-quantum security level (1-5) or "classical"
policy_epoch — Integer, monotonically increasing
stage_1_intent — Snapshot of original Intent Declaration
stage_3_policy_verdict — Overall policy evaluation result
stage_3_risk_score — 0.0-1.0 composite risk score
stage_5_verdict — APPROVE | APPROVE_MODIFIED | ESCALATE | BLOCK
stage_5_decided_at — ISO 8601 timestamp of decision
stage_5_reasoning — Non-empty explanation string
A.4 — Hash Chain Field Exclusion Contract
Before computing the record hash, the following fields must be excluded (popped) from the canonical JSON representation:
hashprevious_hashsignaturesigning_metadata
Canonicalization method: JSON serialization with sort_keys=True, UTF-8 encoding. Hash computed over the resulting byte string.
A.5 — Agent Discovery
Compliant implementations must publish an Agent Card at /.well-known/agent.json following the A2A specification v0.3 (Linux Foundation, 150+ organizations). This Constitution adopts the A2A discovery format by reference. Implementations must not define competing discovery mechanisms.
A.6 — Impact Thresholds
The following thresholds define "high-stakes" decisions requiring enhanced governance (human review eligibility, deliberation triggering, incident reporting):
| Domain | Threshold |
|---|---|
| Financial | Actions exceeding $10,000 USD equivalent |
| Employment | Any adverse action (termination, demotion, hiring rejection) |
| Healthcare | Any clinical decision or care pathway routing |
| Credit | Any credit decision (approval, denial, terms modification) |
| Housing | Any tenancy decision (approval, denial, eviction) |
| Insurance | Any coverage decision (approval, denial, claims adjudication) |
| Education | Any placement, assessment, or disciplinary decision |
| Law enforcement | Any decision — all law enforcement Agent actions are high-stakes |
These thresholds are Class C provisions, amendable by the Technical Working Group.
A.7 — Data Retention
| Category | Minimum Retention | Maximum Retention |
|---|---|---|
| Consequential decision Audit Records | 7 years | As required by applicable law |
| Non-consequential interaction logs | 2 years | 5 years |
| Governance Membrane configurations | Lifetime of organization membership | — |
| Incident reports | 10 years | — |
| Public ledger entries | Permanent | — |
Retention periods begin at record creation. Applicable law requirements (HIPAA 6 years, FedRAMP 3 years, GDPR "no longer than necessary") take precedence when they impose different requirements.
ANNEX B — PROHIBITED USES AND PROTECTED CHARACTERISTICS
(Class B Amendment Process)
B.1 — Categorically Prohibited Uses
No amount of governance sophistication makes the following uses acceptable. Operators deploying Agents for these purposes may not receive or maintain constitutional certification, regardless of their governance implementation:
(a) Predictive policing or pre-crime assessment — using Agent systems to predict criminal behavior by individuals before any crime has occurred;
(b) Mass surveillance of public spaces — real-time biometric identification in publicly accessible spaces, except as required by specific court order;
(c) Social scoring — assigning aggregate behavioral scores to natural persons for purposes unrelated to the specific service being provided;
(d) Emotion recognition for consequential decisions — using inferred emotional states as inputs to employment, credit, insurance, educational, or law enforcement decisions;
(e) Political opinion inference or targeting — using Agent systems to infer or target individuals based on political beliefs, voting behavior, or political affiliation;
(f) Manipulation through cognitive exploitation — Agent systems designed to exploit cognitive biases, vulnerabilities, or psychological weaknesses to induce behavior against the Affected Party's interests;
(g) Autonomous lethal force — Agent systems with authority to apply lethal force without contemporaneous human authorization for each specific use.
This list is amendable under the Class B process. Categories are defined by harm type, not technology type — technological evolution does not create exceptions.
B.2 — Protected Characteristics
Disparate impact monitoring under Article IV, Section 4.5 must cover, at minimum:
Race, color, national origin, ethnicity, religion, sex, gender, gender identity, sexual orientation, disability, age, pregnancy, genetic information, veteran status, citizenship status, socioeconomic status, primary language, and marital status.
This list supplements and does not replace protected characteristics defined by applicable law in the relevant jurisdiction. Where applicable law defines additional protected characteristics, those characteristics are incorporated by reference.
ANNEX C — CRYPTOGRAPHIC REQUIREMENTS
(Class C Amendment Process — with mandatory 24-month review cycle)
C.1 — Cryptographic Security Floor
All cryptographic operations producing governance records must achieve a minimum effective security level of 128 bits against both classical and post-quantum adversaries, evaluated at the time of record creation.
For the avoidance of doubt: the effective post-quantum security level of a hash function is its output length divided by two (Grover's bound). Algorithms whose post-quantum security level cannot be evaluated by NIST or equivalent national standards body must not be used for new governance records.
C.2 — Mandatory Crypto-Agility
Every governance record must carry explicit cryptographic algorithm identifiers for all cryptographic fields. The absence of an algorithm identifier renders a record's cryptographic guarantees unverifiable.
Required identifiers: (a) hash algorithm and version on every hash field; (b) signature algorithm and version on every signature field; (c) NIST post-quantum security level (1-5) or "classical" designation.
Hard-coded algorithm selection is a constitutional violation. Governance systems must support algorithm substitution through configuration.
C.3 — Algorithm Mandates and Transition Timeline
| Operation | Minimum Requirement | Effective Date |
|---|---|---|
| Hash chain content integrity | SHA-384 | 2028-01-01 |
| HMAC integrity tags | HMAC-SHA384 | 2028-01-01 |
| New audit signatures | Hybrid (classical + ML-DSA-65 or higher) | 2029-01-01 |
| Default audit signatures | ML-DSA-65 (PQC-only acceptable) | 2031-01-01 |
| Long-term constitutional commitments | SLH-DSA-SHA2-192s or higher | 2030-01-01 |
| Key encapsulation (governance data encryption) | ML-KEM-768 or higher | 2029-01-01 |
After the effective date, new records using deprecated algorithms are non-compliant. Historical records remain verifiable under their original algorithms indefinitely.
C.4 — Trust Anchor Requirements
| Tier | Mechanism | Frequency | Required For |
|---|---|---|---|
| Internal chain | SHA-384+ hash chain | Per-record | All Certification Tiers |
| Temporal attestation | RFC 3161 TSA or equivalent | Per anchor batch (every 100 records or 1 hour) | Verified and Certified |
| Immutability insurance | Public blockchain anchor (OP_RETURN or equivalent) | Daily or per policy epoch change | Certified |
| Constitutional snapshot | Multi-party signed policy epoch commitment | Per epoch change | Certified |
C.5 — Key Management
(a) Audit signing keys must be stored in FIPS 140-2 Level 2 or higher certified environments (HSM, cloud KMS);
(b) Constitutional root signing keys must be stored in FIPS 140-2 Level 3 or CC EAL4+ certified HSMs;
(c) Key rotation interval: maximum twelve (12) months for audit signing keys;
(d) Old public keys must be retained indefinitely for historical record verification;
(e) Key compromise response: immediate cessation, new key generation under HSM custody, revocation notice DLT-anchored, audit of all records signed with compromised key;
(f) Constitutional amendments and governance actions require threshold signatures (minimum 3-of-5) using FROST or equivalent.
C.6 — Harvest Now, Decrypt Later Countermeasures
Governance records must be designed so that no single cryptographic primitive's failure enables undetected forgery:
(a) Hash chain integrity provides primary protection independent of signature security;
(b) Multi-party signing (co-signed mode) requires compromising both parties' keys;
(c) External temporal attestation establishes content existence independent of signature verifiability;
(d) Re-anchoring obligation: all hash chain anchors renewed every thirty-six (36) months using then-current algorithms;
(e) Re-signing obligation: within twenty-four (24) months of any signature algorithm being designated "quantum-broken" by NIST or NSA.
C.7 — Review Cycle
These cryptographic provisions must be reviewed by qualified cryptographers every twenty-four (24) months. Emergency review is triggered by: NIST/NSA algorithm deprecation guidance, published peer-reviewed attack reducing any mandated algorithm below 112-bit effective security, or CRQC timeline revision exceeding three (3) years from most recent assessment.
ANNEX D — SECTOR-SPECIFIC ADDENDA
(Reserved — to be developed by sector-specific Technical Working Groups)
Sector addenda may add requirements on top of the constitutional baseline but may not modify Class A or Class B provisions. Planned addenda:
- D.1 — Healthcare (HIPAA, FDA SaMD alignment)
- D.2 — Financial Services (SEC, OCC, FINRA, MiFID II alignment)
- D.3 — Legal Services (privilege protections, confidentiality carve-outs)
- D.4 — Employment and HR (EEOC, algorithmic hiring law alignment)
- D.5 — Government and Public Sector (FedRAMP, NIST 800-53 alignment)
ANNEX E — COMPLIANCE FRAMEWORK CROSS-REFERENCE
(Informational — maintained by the Compliance Registry)
| Constitutional Requirement | EU AI Act | NIST AI RMF | ISO 42001 | SOC 2 | FedRAMP |
|---|---|---|---|---|---|
| Intent Declaration (Stage 1) | Art. 13 (Transparency) | MAP 1.1, 1.5 | Clause 8.3 | PI1.1 | — |
| Context Enrichment (Stage 2) | Art. 10 (Data Governance) | MAP 3.1, 3.2 | Clause 8.2 | PI1.2 | — |
| Policy Evaluation (Stage 3) | Art. 9 (Risk Management) | MEASURE 1.1, 2.1 | Clause 6.1 | CC3.1 | CA-2 |
| Deliberation (Stage 4) | Art. 14 (Human Oversight) | MANAGE 1.1, 2.1 | Clause 8.4 | CC4.1 | — |
| Audit Trail (Stage 5) | Art. 12 (Record-Keeping) | GOVERN 1.1, 4.1 | Clause 9.1 | PI1.3 | AU-2, AU-3 |
| Hash Chain Integrity | — | — | — | PI1.4 | AU-9 |
| Disparate Impact Monitoring | Art. 10(2)(f) | MEASURE 2.6 | Annex A.3.4 | — | — |
| Human Escalation | Art. 14 | MANAGE 4.1 | Clause 8.4 | CC2.3 | — |
| Incident Reporting | Art. 62 | MANAGE 3.1 | Clause 10.1 | CC7.4 | IR-6 |
SIGNING PAGE
Founding Coalition Signatories
(This page will list the founding organizations upon ratification)
Constitutional Document Hash: (To be computed upon finalization)
Trust Anchor Reference: (To be published upon ratification)
Version: 1.0.0 (Draft)
Constitutional Review Sunset: Seven (7) years from ratification date
This Constitution was drafted through a multi-stakeholder deliberation process convening ten expert perspectives: Technical Program Management, Chief Governance, Representative Government, AI & Robotics Engineering, Future Analysis, Compliance Engineering, Distributed Ledger Technology, Post-Quantum Cryptography, Public Advocacy, and Corporate Representation. The deliberation findings that informed this document are preserved in the constitutional record.