| Layer | Question it answers | Mechanisms | Structural limit |
|---|
| Corporate (Ch 8.4) | What does an org building AI commit to + internally enforce? | RSPs, internal safety teams, board oversight, model cards, capability disclosures | Unilateral; undercut by competitor behavior (L8 race-to-the-bottom) |
| National (Ch 8.5) | What does a sovereign jurisdiction require through regulation? | Pre-deployment evaluation, incident reporting, licensing, liability rules | Jurisdictional; nations incentivized to maintain lighter regulation to attract AI development |
| International (Ch 8.6) | How do jurisdictions coordinate across borders? | Unilateral-then-reciprocal commitments, treaties, IAEA-style organizations, certification regimes | Verification asymmetry: violations detectable, development hard to confirm |
| Compute (Ch 8.7) | How does the physical-resource supply chain get governed? | Compute reporting, compute caps, chip export controls, cloud-provider KYC | Depends on supply-chain concentration + FLOP-capability proxy reliability + international coordination |
The layers are NOT strictly hierarchical. Real proposals usually operate on multiple layers; the taxonomy is useful because it makes the multi-layer structure visible.
| Property | What it means | What it enables |
|---|
| Physical | Compute lives in chips, data centers, identifiable supply chains | Regulation possible where algorithm/data regulation is not (you cannot regulate a software equation) |
| Excludable | Can be restricted at supplier-customer interfaces (chip fabs, cloud providers, export controls) | Multiple regulatory entry points along the supply chain |
| Quantifiable | Standard units (FLOPs); training compute is measurable | Regulatory thresholds (e.g., “above 10^25 FLOPs requires X”) are enforceable |
Verbatim framing: “Compute is indispensable for developing and deploying AIs. Restricting access to compute allows control over what AIs are created and used” (Hendrycks §8.7); “Compute is physical, excludable, and quantifiable which allows it to be tracked, restricted, and measured” (Hendrycks §8.7).
| Stage | Nuclear weapons | AI |
|---|
| Use | Readily detectable | Partially detectable (deployed outputs visible; misuse harder) |
| Successful development | Difficult to confirm | Possibly harder to confirm than nuclear |
| Supply-chain chokepoint | Uranium enrichment infrastructure | Compute production + data centers |
The verification regime is what determines how enforceable any international AI treaty is. The chapter does not pretend the verification problem is solved; it names it as the open governance research question.
Given a real governance proposal:
- Read the proposal. Identify what specifically is being required, prohibited, or incentivized.
- Identify the primary layer. Whose enforcement teeth does the proposal depend on? (Corporate self-enforcement? National regulator? International treaty body? Compute supply chain operator?)
- Identify secondary layers. Most proposals are multi-layer. Name each layer the proposal touches.
- Predict layer interaction. How do the layers compose? Where does one layer’s enforcement compensate for another’s gap?
- Identify the verification challenge. What does a violation look like, how would the regulator detect it, what makes detection hard?
| Proposal | Primary layer | Secondary layers | Interaction story |
|---|
| EU AI Act general-purpose-AI-with-systemic-risk provisions | National (EU) | Corporate (obligations land on providers), Compute (10^25 FLOPs threshold) | National provides teeth via market access, corporate specifies obligated party, compute provides measurable threshold |
| Hypothetical chip-export multilateral | International (treaty) | Compute (regulated resource), National (enforcement via customs) | Mirrors nuclear non-proliferation; coordination establishes constraint, compute identifies resource, nations enforce |
| When the question is | The primary layer is usually |
|---|
| ”What does this lab commit to?” | Corporate |
| ”What does this country require?” | National |
| ”How do countries coordinate?” | International |
| ”Who controls the chips / data centers?” | Compute |
| ”How is the threshold measured?” | Likely compute (FLOPs) even if the binding instrument is national or international |
| The track does | The track does not |
|---|
| Provide working vocabulary for AI safety as a discipline (Phase 1) | Take a position on AI deceleration vs acceleration |
| Work the deployment-time safety case across 4 lessons (Phase 2) | Endorse any specific governance proposal |
| Add the policy and coordination layer across 3 lessons (Phase 3) | Provide a settled ethical framework |
| Attribute claims to Hendrycks / cited sources throughout | Guarantee the safety case for any specific deployment will work |
| Use descriptive-not-prescriptive register on contested claims | Pretend the field is solved at any layer |
- L1-L2 (Phase 1): field-framing + four-bucket typology. Vocabulary to classify any AI-harm headline.
- L3 (monitoring + robustness): deployment-time failure surface. The slices L5 composes.
- L4 (alignment): the substrate. The slice with the largest holes because the field has the fewest tools.
- L5 (safety engineering): the cross-disciplinary toolkit. Swiss-cheese composition rule.
- L6 (complex systems): the constraints on L5; what happens when layers stop being independent.
- L7 (ethics): value-loading and moral uncertainty. The moral parliament approach to stakeholder heterogeneity.
- L8 (collective action): formal vocabulary for multi-agent dynamics. The institutional-mechanism response to coordination failures.
- L9 (governance): the policy and coordination layer; who designs the institutional mechanisms L8 named. Closes Phase 3 and closes the track.
