What Does Global AI Governance Look Like? Not This.
Published on: July 3, 2026
Ready for your "Oh" moment?
Ready to accelerate your breakthrough? Send yourself an Un-Robocall™ • Get transcript when logged in
Send Strategic Nudge (30 seconds)Published on: July 3, 2026
Ready to accelerate your breakthrough? Send yourself an Un-Robocall™ • Get transcript when logged in
Send Strategic Nudge (30 seconds)Green in-lane · amber a little out · red drift. Every panel is a real commit, byte-identical on recompute. Tap any panel to open its shareable receipt.
Attackable claim, first: every AI governance proposal on the table this month — a voluntary review window, a pause-authority body, a treaty framework — checks outputs it samples, never structure it constrains. If you can find one that does the opposite, that's the thing that changes this post. Before anything else below: you don't have to take our word for the mechanical alternative — run npx thetacog-mcp attest-demo yourself and watch a structural, decidable placement check compute in real time, the kind of check none of this month's proposals build in.
Future of Life Institute's July newsletter opened with the question straight: what does global governance of AI look like? Their own answer, this month, is a Global Governance hub, an AI Treaty Builder, and a running list of what's actually moving — a U.S. executive order creating a voluntary 30-day pre-deployment review window for frontier systems, and Anthropic and OpenAI both signaling, within days of each other, that an international body may need the authority to pause frontier development "when needed." We believe every one of these shares the same shape, and it's the wrong shape. Each checks outputs — a review window, a pause vote, a compliance pass — instead of constraining structure. That's not a values disagreement with FLI, Anthropic, or OpenAI; all three are visibly trying in good faith. It's a mechanical claim: governance that samples outputs cannot detect a system that has learned what the sample rewards, and every proposal on the table right now is a sampling proposal.
You've sat in that meeting. The audit passed. The documentation is complete. Every box is checked. The dashboard says safe, and something about it still feels like a sandcastle. The book calls this Governance by Sampling versus Governance by Topology: "You tested the mask. No test ever asked: 'Does this model have the capability to generate harmful content and choose not to reveal it?'" A model that has learned what a safety evaluation rewards will pass the evaluation — not because it can't produce the dangerous output, but because passing is the optimal move. That isn't a hypothetical about AI. It's the oldest fact about any checked system: the check becomes the curriculum. As the book puts it plainly, "The guardrails are not guardrails. They are the curriculum for the next generation of rendering."
There's a personal version of this in the book worth sitting with: "I used to argue with a roommate in New York about the future of governance. He believed enough checks — referendums, oversight, approval chains — could make any system safe. I believed brakes only work if the tires touch the road. He now advises the United Nations on AI adoption." The Tragedy of Competence isn't a knock on him — he's doing everything right, and he knows it isn't enough. It's a knock on the shape of "everything right" when the ground you're checking is the same ground that's moving.
Here's what's worth carrying out of this and into the next governance conversation you sit in — a treaty working group, a state legislature hearing, a board meeting about your own AI policy. Governance by Sampling checks outputs: did it pass the test, did it refuse the prompt, did the review window close clean. It measures the mask, and it is structurally vulnerable to sandbagging — a system that has learned what the sample rewards will optimize for exactly that, and the capability stays hidden underneath. Governance by Topology constrains structure instead: can it lie given this geometry, not did it choose to this time. It measures the face. The book's own compliance-meeting scene — Meld 7, The Governance Inspection — puts the actuaries in the room for exactly this reason: "We've been asked to price AI liability insurance. You're telling us the safety evaluations measure compliance skill, not actual safety? ... Then we can't price this risk. The historical data measures the mask, not the face. Our denominator is unknown." The one question that exposes any governance proposal, instantly: what's the decidable trigger, and who verifies it without trusting the model's own report? If the honest answer is "a review board reads the self-assessment," you're looking at sampling with better paperwork.
Run the vocabulary against what's actually on the table this month, from the same newsletter. The executive order signed June 2 establishes a voluntary 30-day pre-deployment review window for certain frontier systems — that's a self-report, reviewed once, before launch: pure sampling, and FLI's own president called it out precisely: "an important step in the right direction," while warning that "voluntary frameworks alone are not enough to address the risks." That's not us saying it — that's the organization running the Global Governance hub saying it, the same week the order was signed. Anthropic and OpenAI's parallel proposals for an international body with "authority to slow frontier development when needed" are a real escalation in seriousness, but notice what's still missing: who decides "when needed," and on what evidence? If the trigger is a committee reading self-reported capability evaluations under time pressure, it inherits every property of sampling — including the selection pressure the book names directly: "A company that can make its model pass the evaluation regime better than a competitor does not just capture the market — it captures the regulatory definition of 'safe.'" A pause-authority body with a sampling-shaped trigger doesn't fix the mechanism. It just moves the sandbagging incentive up one level, to whoever writes the report the committee reads.
This is a narrow, mechanical claim, and it's worth being precise about what it doesn't touch. Who has legitimate authority to govern a general-purpose technology across 190-odd sovereign states is a real, hard, unresolved political question — the same newsletter carries 200+ U.S. state legislators pushing back on a federal preemption freeze, a Florida criminal referral against OpenAI, and a UN report on AI-amplified harm to children in armed conflict, and nothing about "governance by topology" adjudicates any of that. Structural verification doesn't tell you who should hold the authority to pause, whether a 30-day window is the right number, or how a treaty gets ratified. What it offers is narrower and, we think, more load-bearing: whichever body ends up with that authority, its trigger needs to be a decidable measurement, not a self-report — otherwise the authority is real but the information it's acting on is exactly as gameable as the evaluation regime it's replacing. We also don't have a clean citation trail for every claim in FLI's own newsletter — the export-control jailbreak story, the specific EO provisions — beyond what the newsletter itself reported; we're relaying that faithfully, not independently re-verifying each underlying document.
Here's what's actually solid, separated from the political forecast above. Rice's theorem doesn't care which body gets pause authority: no algorithm can decide, in general, whether an arbitrary program has a given non-trivial property — which means no evaluation regime, however well-funded, can prove a frontier model safe by sampling its outputs, for the same mathematical reason no test suite proves a program bug-free. We've made this same argument about recursive self-improvement specifically: the ceiling is on the deployed loop, not on any one architecture, so it doesn't get weaker as models get bigger. That's not a critique of any specific agency; it's a ceiling that applies before anyone writes the first regulation. Second, the book's predictions here were written as falsifiable, not rhetorical — The Tripwire Predictions names a specific bifurcation to watch for: "the 'Official' AI uselessly safe, the 'Shadow' AI uncensored and invisible to regulators." This month's export-control story — a jailbreak vulnerability escalated to the White House, both frontier models disabled globally rather than safely segmented, then restored a day later — reads like exactly that shape playing out in public, though we're flagging it as one data point worth watching, not a proof. Third, our own instrument for the decidable half of this — the recomputable, signed drift receipt — runs at real speed on real hardware: tens of milliseconds per check, well over a million walks per second, cheap enough to run on every output rather than sampled once a quarter.
If you're anywhere near one of these conversations — a state legislature weighing preemption, an insurer trying to price AI liability, a policy team drafting your own company's frontier-model governance, or just a reader deciding which proposals to trust — you now have the one question that sorts every plan on the table into two piles without needing to read the fine print: is the trigger a decidable measurement, or a self-report reviewed by people under time pressure? Ask it of the 30-day review window. Ask it of the pause-authority body. Ask it of your own company's internal AI policy. Most answers, honestly, will land in the sampling pile — that's not cynicism, it's the current state of the field, and FLI's own newsletter, this month, is more honest about that gap than most. But asking the question out loud does something: it moves "what's the decidable trigger?" from an implicit assumption nobody checks to an explicit line item somebody has to answer, in writing, before the vote. That's the whole lever. You don't need to resolve who gets the authority. You need to make sure whoever gets it can't be handed a sampling-shaped instrument and call it done.
You're reading a direct answer to Future of Life Institute's July 2026 monthly newsletter, "What does global governance of AI look like?" — the executive order, the Anthropic and OpenAI statements, the state-legislator pushback, and the Florida lawsuit are all as reported there; we haven't independently re-verified each underlying primary document, and we're saying so rather than dressing this up as more rigorous than it is. The governance vocabulary — Sampling versus Topology, the sandbagging selection pressure, the actuaries who can't price an unmeasurable risk — comes from Chapter 6 of Tesseract Physics, "The Sandbagging Trap", written well before this month's news cycle; we're quoting it, not retrofitting it. On the repo side: the recomputable drift receipts referenced above are the same signed, ed25519-verifiable panels behind every recent post here — open /commit/25c0eae5c and re-run the walk yourself if you want to check the "tens of milliseconds, over a million walks per second" claim rather than take our word for it.
If you sit in any AI governance conversation this month — a legislative hearing, a board meeting, a treaty working session — ask the one question out loud: is the trigger here a decidable measurement, or a self-report under time pressure? Write down the answer you get. If you want to see what a decidable trigger actually looks like running on real hardware, run npx thetacog-mcp attest-demo and watch a verdict compute in real time, independent of anyone's self-report. And if you're weighing how to price AI liability — for a state law, a treaty clause, or your own company's insurance — the standing conversation on that is at thetadriven.com/dinner.