Working through the anatomy of a hypothetical treaty is not an academic exercise. It converts a vague aspiration into a set of specific, debatable design decisions — and it reveals that the obstacles to AI governance are political, not conceptual. The legal machinery already exists; every provision below has a precedent in an existing treaty. What follows is a structural sketch, not a finished text, of what a Treaty on Artificial Intelligence Safety would have to resolve.

Preamble and object

Every treaty opens by stating its purpose and guiding principles. Here the object would be to prevent the development of artificial superintelligence until it can be built and controlled safely, while preserving the benefits of AI below that threshold and ensuring those benefits are shared. The preamble would invoke the precautionary principle, affirm that the risks are of common concern to humanity, and situate the treaty within existing international law. This sets the interpretive frame for everything that follows.

Scope and thresholds

The hardest drafting problem is defining what the treaty covers. Unlike nuclear material, AI capability is a continuous spectrum with no natural line. The workable approach is to use measurable proxies: a training-compute threshold above which systems become subject to the treaty's obligations, combined with capability-based criteria for systems that display specified dangerous abilities. Crucially, the treaty should delegate the exact numbers to a technical body empowered to revise them — because any fixed figure written into the text will be obsolete within a few years.

Core obligations

1

Prohibition on crossing the red line

The central obligation: parties agree not to develop or deploy systems above the defined danger threshold until agreed safety conditions are met — the treaty's equivalent of a ban on the prohibited act.

2

Declaration and notification

Parties must declare large compute facilities and notify the treaty body before undertaking covered training runs, creating the transparency baseline that verification builds on.

3

Mandatory pre-deployment evaluation

Covered systems must undergo independent safety evaluation against defined standards before deployment, with results reported to the treaty body.

4

Domestic implementation

Each party must enact national laws applying these obligations to the public and private developers on its territory, since the treaty binds states, not companies directly.

Verification

A prohibition no one can check is worthless, so the treaty needs a verification regime. Drawing on the IAEA and chemical-weapons precedents, this would combine declared-facility monitoring of large compute clusters, tracking of advanced chips through the supply chain, audit rights over training and evaluation records, on-site inspection with defined access rights, and — the newest element — hardware-based assurances built into chips to make covert large-scale training detectable. The design goal, as in nuclear safeguards, is to verify the thing that matters without forcing disclosure of every commercial or security secret.

Institutions

The treaty would establish an international body — call it an AI Safety Organisation — to administer it: a technical secretariat and inspectorate, a scientific panel to set and revise thresholds, a conference of parties as the decision-making organ, and a mechanism to update annexes without full re-ratification, on the Montreal model. This is the standing institution that turns a static document into an ongoing regime capable of keeping pace with the technology.

Enforcement, entry into force, and amendment

  • Enforcement. Graduated responses to violations — from findings of non-compliance, to loss of access to shared benefits and compute, to referral to the Security Council for serious breaches — recognising that verification generates evidence but consequences require political backing.
  • Entry into force. A requirement that the states hosting the leading labs and chip production ratify before the treaty binds, so it governs the actors that matter, while avoiding a design where any single one can veto its existence indefinitely.
  • Amendment and adjustment. A fast-track mechanism to tighten thresholds and technical annexes by qualified majority, so the treaty can evolve with the technology rather than freezing at its moment of signing.

The barrier to an AI treaty is not that we lack the legal tools. Every provision it would need already exists in some treaty. The barrier is political will — which is precisely the thing a clear draft can help build.

Naoto Nakada, Founder · Nakada Foundation to Save Humanity

Why sketching it matters

Laying out the provisions this concretely does two things. It demystifies the treaty — showing that it is an assembly of well-understood parts, each with a precedent, not a leap into the unknown. And it clarifies where the genuine difficulty lies: not in the legal architecture, which is tractable, but in the political choices about thresholds, verification intrusiveness, and the great-power bargain that would make the whole thing bind. A draft does not create the will to sign. But it turns 'we need a treaty' into 'here is the treaty, and here is exactly what we would have to agree' — which is where serious diplomacy has to start.

Common questions.

What would an AI safety treaty actually contain?

The same anatomy as any major treaty: a preamble stating its object, scope and threshold definitions for covered systems, core obligations (chiefly a prohibition on crossing a danger threshold until safety conditions are met, plus declaration and evaluation duties), a verification regime, an administering institution, and provisions on enforcement, entry into force, and amendment. Every one of these elements has a precedent in an existing treaty.

How would a treaty define which AI systems it covers?

Through measurable proxies rather than a single natural line, since AI capability is a continuous spectrum. The workable approach combines a training-compute threshold with capability-based criteria for systems showing specified dangerous abilities, and — critically — delegates the exact numbers to a technical body empowered to revise them, because any fixed figure written into the treaty text would quickly become obsolete.

How would an AI treaty be verified?

By combining approaches proven in nuclear and chemical-weapons regimes: monitoring of declared large compute facilities, tracking of advanced chips through the supply chain, audit rights over training and evaluation records, on-site inspection with defined access, and hardware-based assurances built into chips to make covert large-scale training detectable. The aim is to verify what matters without forcing disclosure of every commercial or security secret.

Is a superintelligence treaty legally realistic?

The legal architecture is realistic — every provision it needs already exists in some treaty, so the instrument is an assembly of well-understood parts rather than a leap into the unknown. The genuine difficulty is political: agreeing on thresholds, on how intrusive verification may be, and on the great-power bargain that would make it bind. A concrete draft does not create political will, but it turns a vague call into specific, negotiable choices.