Every functioning legal regime rests on the ability to connect a harm to a responsible party and impose consequences. This is straightforward for a car crash and fiendish for AI, where a harmful outcome may involve a model developer, a deploying company, the operators who fine-tuned it, the users who directed it, and the system's own opaque behaviour. Sorting out who bears responsibility — and building the capacity to prove it — is a precondition for governance that can actually bite, not an afterthought to it.
Two distinct problems
It helps to separate two things that are often blurred. Liability is the legal question of who is accountable and must bear the cost when harm occurs — a matter of allocating responsibility along the chain from developer to deployer to user. Attribution is the factual and technical question of establishing what actually happened and who did it — tracing a harmful action back to a specific system, model, or actor. Governance needs answers to both: rules that assign responsibility, and the forensic capacity to determine the facts those rules apply to.
Why AI makes both hard
- The causal chain is long and diffuse. A single harmful outcome can implicate a foundation-model developer, a company that adapted the model, the deployer, and the end user — each of whom can plausibly point to the others.
- Behaviour is emergent and opaque. When a system does something none of its makers specifically intended or foresaw, traditional notions of fault and negligence strain.
- Attribution can be technically elusive. Determining which system produced a given output or action — especially where models are copied, fine-tuned, or run privately — can be genuinely difficult without deliberate traceability measures.
- Harms may cross borders. A system developed in one country, deployed in another, and causing harm in a third raises jurisdictional questions ordinary liability law is not built for.
The international dimension
At the level of states, international law already has a framework for responsibility. Under the long-established rules of state responsibility — codified in the International Law Commission's Articles — a state is accountable for internationally wrongful acts, including, in defined circumstances, the conduct of private actors it directs, controls, or fails to regulate. An AI treaty would build on this: states would be responsible for ensuring the actors on their territory comply, and for the consequences of failing to. This is how a treaty that binds states translates into accountability for the private companies that actually build frontier AI.
But state responsibility depends on attribution — proving that a violation occurred and originated within a given state's jurisdiction. This is where governance meets verification: the same monitoring and traceability tools that detect non-compliance are what make attribution, and therefore liability, possible. A treaty's enforcement provisions are only as credible as its ability to establish who did what.
What a governance regime needs
Clear allocation rules
Law that specifies who along the development-and-deployment chain bears responsibility for which harms, so accountability cannot be diffused into no one's fault. Emerging frameworks, such as the EU's work on AI liability, are early attempts.
Traceability by design
Technical measures — logging, model identification, hardware-level records — built in so that harmful actions can be traced to their source, turning attribution from guesswork into evidence.
A standard of care
Defined obligations for frontier developers, so that failing to meet them establishes fault, shifting the burden onto those creating the risk.
International attribution capacity
Shared verification and forensic capability, so that violations can be established across borders and linked to responsible states and actors.
A rule no one can be held to is not a rule. Before we can enforce limits on dangerous AI, we have to be able to answer two questions: who is responsible, and how do we prove it. Those answers are the hidden foundation of every credible treaty.
Naoto Nakada, Founder · Nakada Foundation to Save Humanity
The foundation beneath the treaty
Liability and attribution rarely feature in headline calls for AI governance, but they determine whether any of it works. A treaty with thresholds and prohibitions but no way to assign responsibility for a breach is a statement of intent, not an enforceable rule. Building the legal frameworks that allocate responsibility along the AI supply chain, and the technical capacity to trace harms to their source, is therefore not separate from the treaty project — it is part of its foundation. These are also areas where progress can be made now, through domestic liability law and traceability standards, ahead of and in support of any international agreement. The visible architecture of governance — the red lines, the monitoring body — stands on this quieter groundwork. Without it, enforcement is a promise no one can keep.
Common questions.
Liability is the legal question of who is accountable and must bear the cost when AI causes harm — allocating responsibility along the chain from model developer to deployer to user. Attribution is the factual and technical question of establishing what happened and who did it — tracing a harmful action back to a specific system, model, or actor. Enforceable governance needs both: rules that assign responsibility and the forensic capacity to determine the facts.
Because the causal chain is long and diffuse — a harmful outcome can implicate the foundation-model developer, a company that adapted it, the deployer, and the end user, each pointing at the others. Behaviour can be emergent and opaque, straining traditional notions of fault; attribution can be technically elusive where models are copied or fine-tuned; and harms often cross borders, raising jurisdictional problems ordinary liability law is not built for.
Through the established rules of state responsibility, codified in the International Law Commission's Articles, under which a state is accountable for internationally wrongful acts, including in defined circumstances the conduct of private actors it directs, controls, or fails to regulate. An AI treaty would build on this: states would be responsible for ensuring actors on their territory comply, which is how a treaty binding states translates into accountability for private AI companies.
Because a treaty is only as strong as its ability to assign responsibility when things go wrong. Thresholds and prohibitions mean nothing if a violation cannot be traced to a responsible party and consequences imposed. Attribution also depends on verification — the same monitoring and traceability tools that detect non-compliance make responsibility provable. Liability and attribution are the hidden foundation on which a treaty's enforcement provisions actually stand.