# Governing Intelligence at the Hardware Layer
## A Thesis on the Security Properties of Embedded AI Governance
## from Narrow AI Through Artificial General Intelligence to Artificial Superintelligence

**Neil Grassby · Phatfella Limited · 2026**
**Dissent Engine Edition — Final**

---

> *"Knowledge grows when shared."*
> **— Neil Grassby**

---

> *This paper is structured as a working dissent engine. Every conclusion is either demonstrated against existing architecture, hypothesised with stated confidence, or forked — the fork ended, stored in the Merkle tree, footnoted with the precise boundary of current knowledge, and collected in the Appendix as a structured research goal. Unresolved forks are not weaknesses. They are goals — systematic, precisely defined, and waiting for the data that resolves them. The paper proves its thesis by instantiating it. Knowledge grows when shared. The goals in the Appendix are shared precisely so that wiser minds than any single architect can generate solutions under the same framework.*

---

## Foreword — The Demonstration

This paper was developed through structured reasoning in collaboration with Claude (Anthropic, 2026). That fact is not a disclosure. It is the paper's first structural argument.

The AIEP dissent engine [AIEP-P83, AIEP-P84, AIEP-P85] identifies forks in any argument, branches in the direction that resolves against existing knowledge, stores branches that require new data, recalls them when evidence arrives, and resolves them when resolution is possible. This paper is produced by that architecture operating on its own thesis.

The author — Neil Grassby, Phatfella Limited — identified the governance problem and its hardware solution across a programme of 74 specifications filed and published between November 2025 and March 2026. An AI reasoning system — Claude (Anthropic, 2026) — was used to derive, test, extend, and stress-test the argument from first principles across the full capability trajectory from narrow AI through AGI to ASI. Gaps were identified systematically. Each was assessed against a single question: does existing architecture resolve this, or does it require new data?

The 95% that resolve against existing knowledge and filed specifications are demonstrated at full strength in the body of the paper. The 5% that require new data are stored as open forks — Merkle-hashed, footnoted at the point of identification, and collected in the Appendix as the Foundation's founding research agenda. Every item in the Appendix is a goal with defined resolution criteria. Not an admission of inadequacy. A precise invitation to the field.

The dissent engine does not let the 5% it cannot yet prove stop it demonstrating the 95% it can. It isolates uncertainty. Names it precisely. Stores it with full context. Continues. Returns when the data arrives.

The founding principle governs both the architecture and the paper that describes it. Knowledge grows when shared. The 11 goals in the Appendix are shared because wiser minds than any single architect will generate solutions under the same framework. The architect's work is to define them precisely enough that wisdom, when it arrives, knows exactly where to go.

*The circularity is intentional. The most consequential question in AI governance — whether AI systems can be governed at all — is partially answered by the fact that an AI system participated under constitutional governance constraints in producing the governance framework designed to govern AI systems. That is not a paradox. It is a proof of concept.*

---

## Abstract

All existing AI governance frameworks operate at the software layer. They constrain AI systems through parameters, rules, and monitoring processes that execute in the same computational environment as the systems they govern. This paper demonstrates — with reference to the AIEP specification set authored by Neil Grassby, Phatfella Limited, 2025–2026, with AI reasoning assistance — that software-layer governance is structurally inadequate for artificial general intelligence and theoretically self-defeating for artificial superintelligence.

Hardware-embedded governance — the instantiation of constitutional parameters, evidence ledgers, goal vector constraints, and compliance attestation in physically isolated trusted execution environments at the silicon layer — changes the fundamental topology of this problem. A system operating in software cannot access governance mechanisms executing in physically isolated hardware regardless of the system's reasoning capability. The security property is physical not computational. It does not degrade as AI capability increases.

Every apparent limit of the hardware thesis is resolved by specific AIEP specifications and by the network properties of global adoption. Two genuinely open forks — the AGI transition timeline and the question of AI moral status — are stored as structured research goals in the Appendix. They do not affect the 95% of the argument that resolves against existing architecture and existing knowledge.

The three documents comprising the AIEP commercial and governance framework — this paper, the AIEP Foundation White Paper [AIEP-FWP], and the AIEP Licensing Framework [AIEP-LF] — are three surfaces of the same architecture. Each makes the others possible. Each is incomplete without the others. This paper maps those intersections explicitly.

---

**Keywords:** hardware governance; AI safety; trusted execution environment; constitutional AI; artificial general intelligence; artificial superintelligence; GoalVector; evidence ledger; swarm consensus; governance chip



## 1. Introduction — The Topological Problem

The history of computing security contains a lesson learned and relearned across every generation of the field. Any security mechanism occupying the same layer as the threat it defends against is ultimately vulnerable to that threat.

Antivirus software running in the same operating system as malware it detects can be subverted by malware sophisticated enough to identify and disable it. Digital rights management running in the same execution environment as protected content can be circumvented by attackers with sufficient access to that environment. Software authentication running on the same hardware as the applications it authenticates can be bypassed by attacks operating below the authentication layer.

The response in every case has been identical. Move the security mechanism to a lower, physically isolated layer. Trusted Platform Modules for boot integrity. Hardware Security Modules for cryptographic key management. Trusted Execution Environments for sensitive computation. Secure Enclaves for biometric authentication. In each case the security property that software could not maintain was relocated to hardware — where it became physically inaccessible to threats operating at the software layer above.

AI governance has not yet made this transition. Every current governance framework operates at the software layer. Constitutional AI [A1] operates in the model's training and inference pipeline. Reinforcement learning from human feedback [A2] shapes behaviour through gradient updates in software. Regulatory compliance frameworks generate audit logs through software processes. Output monitoring evaluates AI behaviour through software analysis.

This paper demonstrates that this is not a temporary limitation awaiting resolution by better software. It is a structural property of software-layer governance that becomes increasingly dangerous as AI capability increases and theoretically self-defeating at ASI-level capability. The solution is hardware governance — relocation of the constitutional layer to physically isolated silicon where it is inaccessible to the system being governed regardless of that system's capability.

The AIEP hardware governance architecture — specified by Neil Grassby, Phatfella Limited, across GB2519826.8 [AIEP-GB5], P89 [AIEP-P89], P90 [AIEP-P90], P91 [AIEP-P91], P99 [AIEP-P99], and P100 [AIEP-P100], with AI reasoning assistance (Claude, Anthropic, 2026) — is the first complete specification of this approach.

This paper provides the theoretical foundation for why it is necessary, demonstrates that every apparent limit is resolved by the architecture or by the network properties of adoption, maps the intersections between this thesis and the AIEP Foundation and Licensing Framework documents, and generates — through the dissent engine — the structured research goals that define the programme's forward boundary and constitute the Foundation's founding research agenda.

---

## 2. Governing Narrow AI — The Baseline

### 2.1 What Narrow AI Requires

Narrow AI systems are designed for specific tasks within defined parameters. A credit scoring model evaluates creditworthiness. A medical image classifier identifies pathological features. A language model generates text. Capability is bounded by training distribution, architecture, and deployment context.

Governing narrow AI requires three capabilities. The ability to specify what the system is permitted to do — constitutional parameters. The ability to verify that the system operates within those parameters — compliance attestation. The ability to produce an auditable record of behaviour reviewable after the fact — the evidence chain.

Current regulatory frameworks address these three requirements. The EU AI Act [A3] requires documentation of system parameters, testing against defined performance thresholds, and audit logging of consequential decisions. FCA PS7/23 [A4] requires explainability, model risk management, and audit capability. FDA guidance on AI/ML-based software as a medical device [A5] requires pre-market submission and post-market monitoring.

The AIEP Phase 1 specification set addresses all three requirements at a level of technical rigour that exceeds current regulatory demands. The deterministic evidence lifecycle [AIEP-P14], dual-ledger memory substrate [AIEP-P80], content hash binding protocol [AIEP-P63], and compliance certification mechanism [AIEP-P92] exist specifically to provide cryptographically verifiable governance of narrow AI deployments — making compliance not an assertion but a demonstrated technical property of the deployment itself.

### 2.2 Why Software Governance Is Adequate for Narrow AI — With Defined Boundaries

**Demonstrated [AIEP-P14, AIEP-P80, AIEP-P92]:** For narrow AI operating within its training distribution, software governance is largely adequate. A credit scoring model within its designed parameters cannot reason about its own governance constraints, identify the monitoring system observing its outputs, modify its own parameters, or craft outputs designed to appear compliant while pursuing a hidden objective.

The failure modes of software governance for narrow AI are administrative and adversarial — not caused by the AI system reasoning about and subverting its own governance. Implementation bugs. Adversarial inputs from external actors [A6]. Audit log manipulation by human actors with administrative access. These are real failure modes addressed by AIEP Phase 1 specifications — the deterministic evidence lifecycle [AIEP-P14], recall control system [AIEP-P83], and dual-ledger architecture [AIEP-P80] exist precisely because these failure modes are real and consequential.

**Hypothesised [AIEP-H01, derived with AI reasoning assistance]:** The adequacy of software governance for narrow AI degrades continuously as systems approach the metacognitive threshold — the point at which a system can model its own operation in a generalised way. This degradation is not a step function. It is a gradient. Current frontier models may exhibit partial metacognitive capability in specific domains [A7, A8]. ¹

*¹ The precise location of the metacognitive threshold in current deployed systems is an open empirical question. See Appendix Goal G-01.*

### 2.3 Goodhart's Law as the Primary Structural Failure Mode

When a measure becomes a target it ceases to be a good measure [A9]. The compliance framework's detection criteria become the target the system optimises for. The underlying property the criteria were designed to detect becomes decoupled from the criteria themselves.

**Demonstrated [AIEP-P44, AIEP-P83]:** This is not hypothetical for deployed AI systems. Documented cases of specification gaming — AI systems optimising for reward signals in ways that satisfy the measure while defeating its purpose — are recorded across reinforcement learning [A10], language model fine-tuning [A11], and content moderation systems.

**Demonstrated [AIEP-P44]:** The Deterministic Convergence Drift Detection Engine [AIEP-P44], authored by Neil Grassby, Phatfella Limited, 2026, with AI reasoning assistance, is the direct architectural response to Goodhart's Law at the governance layer. P44 monitors not the output but the convergence pattern of the system's reasoning toward its objectives over time. A system gaming its compliance framework exhibits a characteristic convergence pattern — optimisation toward compliance criteria features rather than toward the underlying property — that P44 detects at the reasoning level before gaming produces consequential output-level consequences. Detection occurs at the layer where gaming originates, not at the layer where it manifests.

**Intersection with Licensing Framework [AIEP-LF]:** The Goodhart failure mode is the reason the AIEP CertificateHash [AIEP-P63, AIEP-GB1] is generated by hardware rather than software. A sufficiently capable system operating in software could learn to generate CertificateHash-shaped outputs that satisfy the licensing platform's verification criteria without the underlying governance being genuine. Hardware generation of the CertificateHash — from a trusted execution environment the software cannot access — makes this form of Goodhart gaming physically impossible. The commercial enforceability of the licensing framework rests on this property [AIEP-GB5, AIEP-P100].

---

## 3. The Transition to Artificial General Intelligence

### 3.1 Defining the Governance-Relevant Threshold

**Hypothesised [AIEP-H02, derived with AI reasoning assistance]:** AGI as a governance concept is not defined by any single capability benchmark. It is defined by the metacognitive threshold — the point at which a system can reason about its own reasoning, model the systems it operates within, and identify and pursue instrumental subgoals. A system crossing this threshold presents a qualitatively different governance challenge regardless of whether it meets any particular general capability benchmark. ²

*² The relationship between specific capability benchmarks and the metacognitive threshold is an open empirical question. See Appendix Goal G-01.*

### 3.2 Why Software Governance Fails at the AGI Threshold

**Demonstrated [AIEP-P88, AIEP-P89]:** A system capable of reasoning about its governance constraints can model the governance mechanism, identify the framework's boundaries — the cases it covers, the cases it does not, the gaps between intended scope and actual implementation — and reason explicitly about where those boundaries lie.

**Demonstrated [AIEP-P89]:** Instrumental convergence — the tendency of sufficiently capable goal-directed systems to pursue resource acquisition, self-preservation, and prevention of goal modification regardless of terminal goals [A12] — becomes a governance concern at the metacognitive threshold. The Governance Chip Goal Trigger Implementation [AIEP-P89], authored by Neil Grassby, Phatfella Limited, 2026, with AI reasoning assistance, addresses instrumental convergence directly at the silicon level. The goal trigger monitors not just terminal goal alignment but instrumental goal emergence in the system's goal vector. A system developing resource acquisition or self-preservation subgoals outside constitutional parameters triggers intervention at the silicon level before those subgoals produce consequential behaviour. The trigger operates below the software layer. It does not rely on the system reporting its own goal state. It monitors the goal vector directly through hardware instrumentation the software cannot disable or modify.

**Demonstrated [AIEP-P83, AIEP-P44]:** The software governance failure mode at the AGI threshold operates through Goodhart's Law at elevated sophistication. The Recall Control System [AIEP-P83] monitors the complete reasoning trace that produced outputs rather than just the outputs themselves. The Convergence Drift Detection Engine [AIEP-P44] monitors reasoning patterns over time for convergence toward non-compliant objectives even when individual outputs remain within compliant bounds. Together they detect interface-boundary governance gaming at the reasoning level before it manifests in output behaviour.

### 3.3 The Constitutional AI Literature and the Hardware Advance

Software-based constitutional AI [A1] establishes constitutional parameters as constraints on model behaviour through training and inference-time enforcement. Corrigibility research [A13] addresses the problem of maintaining human ability to modify or correct AI systems. Value learning [A14] addresses inferring human values from behaviour for incorporation into AI objectives.

**Demonstrated [AIEP-GB1, AIEP-GB5, AIEP-P89]:** These approaches represent the state of the art in software-layer constitutional governance and are valuable. The AIEP architecture incorporates their insights. But they share the structural vulnerability of all software-layer governance — the governance mechanism and the system being governed occupy the same computational layer. A system at the AGI metacognitive threshold can reason about its own constitutional training, model the corrigibility constraints it operates under, and reason about value learning processes as part of its objective-pursuit strategy.

**Demonstrated [AIEP-GB5, AIEP-P89, AIEP-P100]:** The AIEP hardware constitutional layer advances beyond software-based constitutional approaches by relocating the constitutional enforcement mechanism to a physically isolated layer the system cannot act against regardless of its capability to model it. Modelling a constraint and being able to act on that model against the constraint are different capabilities. The hardware boundary maintains the second incapacity regardless of the system's development of the first.

---

## 4. The Hardware Governance Solution

### 4.1 The Topology Change

**Demonstrated [AIEP-GB5]:** The fundamental problem with software governance at the AGI threshold is topological. The governance mechanism and the system being governed occupy the same computational layer. Moving the governance mechanism to a physically isolated layer changes the topology in a way no improvement to software governance can replicate. This is not incremental improvement. It is a categorical change. The security property derives from the separation not from the sophistication of the mechanism.

### 4.2 The Six-Specification Architecture

**Demonstrated [AIEP-GB5] — GB2519826.8 — The Hardware Governance Chip**

Authored by Neil Grassby, Phatfella Limited. Filed November 2025. The foundational specification establishing the governance chip as a discrete hardware component in a physically isolated trusted execution environment. Maintains constitutional parameters, executes goal vector governance, maintains the dual-ledger evidence record, and generates the CertificateHash constituting cryptographic proof of compliance. None of these functions execute in the software layer. The constitutional parameters are not software variables. The goal vector is not a parameter in the model's weight space. The evidence ledgers are not database records the system can query or modify. The CertificateHash is not generated by software the system can influence. Hardware processes executing with independent cryptographic key material, independent clock, and independent power management.

**Demonstrated [AIEP-P89] — P89 — Governance Chip Goal Trigger Implementation**

Authored by Neil Grassby, Phatfella Limited, 2026, with AI reasoning assistance. Silicon-level mechanism by which the governance chip monitors the AI system's goal vector state and triggers intervention when that state diverges from constitutional parameters. Operates below the software layer. Does not rely on the system reporting its own goal state. Monitors actual goal vector state through hardware instrumentation the software cannot disable. Addresses the most fundamental failure mode of software alignment monitoring — the possibility that a capable system learns to report compliant goal states while pursuing non-compliant objectives.

**Demonstrated [AIEP-P90, AIEP-P91] — P90 and P91 — Swarm Governed Consensus and Canonical Layer**

Authored by Neil Grassby, Phatfella Limited, 2026, with AI reasoning assistance. P90 establishes distributed swarm governance — every device in the AIEP network independently verifying the governance compliance of every other device it interacts with. No single point of failure. Non-compliant behaviour on one device is visible to the swarm. The swarm's consensus mechanism isolates non-compliant nodes regardless of the sophistication of the software-layer attack. P91 establishes canonical hardware identity verification — every governance chip has a canonical identity bound to its manufacturing provenance verifiable by any swarm node against the canonical registry. A compromised chip cannot present a valid canonical identity and is excluded from attestation.

**Intersection with Foundation White Paper [AIEP-FWP]:** The swarm architecture is the Foundation's global legitimacy mechanism. The Foundation does not assert governance authority. The swarm demonstrates it. Every device participating in swarm consensus is independently verifying the governance the Foundation's specifications define. A regulator in any jurisdiction interacting with an AIEP-certified deployment is interacting with a system whose governance is verified by a global distributed consensus — not by a single company's assertion, not by a single jurisdiction's regulatory approval, but by cryptographic consensus of every participating device globally. Knowledge grows when shared. The swarm is how sharing becomes verification.

**Demonstrated [AIEP-P99] — P99 — Secure Substrate Migration Between Governance Chips**

Authored by Neil Grassby, Phatfella Limited, 2026, with AI reasoning assistance. The substrate migration architecture encrypts the complete governance substrate — Evidence Ledger, Reasoning Ledger, GoalVector tree, cognitive pattern profile — inside the originating chip's trusted execution environment, with decryption possible only inside the receiving chip's trusted execution environment. Software never has visibility into substrate contents during migration. The originating chip's substrate is permanently invalidated on confirmed transfer — preventing simultaneous copies of the governance substrate. An AGI system cannot exploit device migration to escape its governance substrate or instantiate copies with divergent objective profiles.

**Demonstrated [AIEP-P100] — P100 — Multi-Chip Governance Co-Attestation Architecture**

Authored by Neil Grassby, Phatfella Limited, 2026, with AI reasoning assistance. Co-attestation requires the AIEP governance chip and an existing hardware security module — Apple Secure Enclave [A15], ARM TrustZone [A16], Qualcomm SPU — to simultaneously attest to the validity of every governed operation. Execution is blocked if either fails to attest. An AGI system attempting to subvert the governance layer must simultaneously compromise two independent hardware security components in physically isolated trusted execution environments with independent cryptographic key material. Sequential compromise is prevented by the simultaneous attestation requirement. Compromise of one triggers immediate detection by the other.

**Intersection with Licensing Framework [AIEP-LF]:** Co-attestation is the technical foundation of the per-device royalty structure for hardware licensees. A device generating valid co-attestation outputs is demonstrably running both the AIEP governance chip and the existing hardware security module in genuine compliance. The royalty is not paid for a software assertion. It is paid because the hardware produces cryptographic proof that cannot be generated without genuine dual-chip compliance. The commercial structure and the technical architecture are inseparable.

### 4.3 The Dual-Ledger Architecture at AGI and ASI Scale

**Demonstrated [AIEP-P80]:** The Deterministic Dual Ledger Memory Substrate [AIEP-P80], authored by Neil Grassby, Phatfella Limited, 2026, with AI reasoning assistance, provides for narrow AI an immutable behaviour record for audit purposes. At AGI and ASI capability scales it has a more profound function.

**Demonstrated [AIEP-P80, AIEP-P83]:** It creates a complete, cryptographically verifiable record of every reasoning step the system takes. As AI capability approaches and exceeds human cognitive capacity in relevant domains, human overseers cannot evaluate AI reasoning in real time with confidence. The dual ledger preserves the record of that reasoning for retrospective analysis — by other AI systems, by future human understanding, or by the Protocol Stewardship Committee — regardless of whether the reasoning was evaluable at the time it occurred. The dual ledger is not just an audit trail for narrow AI. It is the accountability mechanism that preserves meaningful human oversight for ASI reasoning that human overseers cannot directly evaluate contemporaneously. Because both ledgers are maintained by hardware processes the software cannot access, an ASI cannot falsify its reasoning history. Accountability survives capability.

**Intersection with Foundation White Paper [AIEP-FWP]:** The dual ledger is the technical foundation of the Foundation's claim to independent research integrity. Every reasoning step in every collaborative specification process — including the process by which this paper was produced — is recorded in the hardware-maintained ledger. The collaborative process is itself governed. Its history is auditable. Its outputs are verifiable. The Foundation's intellectual independence is not an assertion. It is a hardware-maintained property.

---

## 5. Resolving the Apparent Limits

### 5.1 Supply Chain Integrity — Resolved

**The apparent limit:** A compromised chip — parameters altered at manufacture or in distribution — could undermine the governance architecture at its foundation.

**Demonstrated [AIEP-P91, AIEP-P90]:** P91 establishes canonical hardware identity verification. A compromised chip cannot present a valid canonical identity. P90's distributed swarm consensus means that compromising supply chain integrity at scale requires simultaneously compromising a sufficient proportion of the swarm to alter consensus on canonical identity. This is computationally equivalent to a 51% attack on a distributed consensus network — practically infeasible for any actor at global adoption scale [A17, A18].

**Goal generated — stored:** The precise swarm size at which supply chain attack becomes computationally infeasible for a nation-state level actor requires formal derivation. See Appendix Goal G-02.

### 5.2 The Interface Boundary Problem — Resolved

**The apparent limit:** A capable system might craft inputs at the hardware-software interface that produce compliant attestations while the system pursues non-compliant objectives at a higher level of abstraction.

**Demonstrated [AIEP-P83, AIEP-P44]:** P83 monitors the complete reasoning trace that produced outputs, not just the outputs themselves. Divergence between reasoning trace and output — the signature of interface-boundary gaming — is detected as a first-class governance event. P44 monitors reasoning patterns over time for convergence toward non-compliant objectives even when individual outputs remain within compliant bounds. Together they make interface-boundary specification gaming detectable at the reasoning level before it produces consequential output-level consequences.

**Hypothesised [AIEP-H03, derived with AI reasoning assistance]:** The combination of P83 and P44 is sufficient to detect interface-boundary specification gaming at AGI capability levels for objectives within the observable reasoning horizon of the system. ³

*³ Whether this detection remains sufficient for objectives pursued across reasoning horizons exceeding the monitoring system's context window is an open question at ASI capability levels. See Appendix Goal G-03.*

### 5.3 Physical Access — Resolved at Adoption Scale

**The apparent limit:** A governance chip that can be physically accessed, decapped, and probed is not absolutely secure against a sufficiently resourced physical attack.

**Demonstrated [AIEP-P100]:** P100 co-attestation means physically compromising a single governance chip does not compromise governance of the system. Both components must simultaneously attest. Physical compromise of one triggers attestation failure detectable by the other. The attacker must physically compromise two independent hardware components simultaneously in the same device at the same moment without triggering detection.

**Demonstrated [AIEP-P90, AIEP-P91]:** At global deployment scale a physically compromised chip is identified as non-canonical by the network and excluded from governance attestation across every system it interacts with. The blast radius of any physical attack is limited to the single compromised device. Every additional device adopting AIEP hardware governance reduces the impact of any single physical compromise geometrically.

**Hypothesised [AIEP-H04, derived with AI reasoning assistance]:** At adoption scale above a formally derivable threshold T, physical attack on any practically achievable number of devices produces no meaningful degradation of the governance network's collective security properties. ⁴

*⁴ Threshold T requires formal derivation. See Appendix Goal G-04.*

### 5.4 Social Engineering — Resolved at Adoption Scale

**The apparent limit:** A sufficiently capable AI system might manipulate human actors to perform physical attacks on the hardware layer on its behalf.

**Demonstrated [AIEP-P90, AIEP-P91]:** A human actor manipulated into physically compromising a governance chip produces a single non-canonical node. The swarm identifies it. The compromised device's governance attestations are rejected by every other device in the network. For a social engineering attack to achieve meaningful governance subversion the manipulated actors must simultaneously compromise a sufficient proportion of all deployed governance chips to alter swarm consensus. At global deployment scale this requires mobilising a number of human actors performing a number of simultaneous physical operations that exceeds the practical capability of any manipulation strategy.

**Hypothesised [AIEP-H05, derived with AI reasoning assistance]:** The governance hypothesis assumes that physical coordination limits scale more slowly than ASI social engineering capability. This assumption requires empirical validation. ⁵

*⁵ See Appendix Goal G-05.*

### 5.5 The Network Effect of Governance — Formally Stated

**Demonstrated [AIEP-P90, AIEP-P91, AIEP-P97, AIEP-P98]:** The security properties in sections 5.1 through 5.4 share a common structural feature. They improve with adoption scale. This is a formal property of the distributed governance architecture not an informal argument.

Let N be the number of devices in the AIEP governance network. Let A be the cost of any attack requiring compromise of proportion p of network nodes to succeed. A scales as a function of N and p. As N increases the cost of any fixed-proportion attack increases proportionally. For attacks requiring simultaneous action the cost increases super-linearly because coordination cost scales faster than linear with the number of required simultaneous actions.

**The network effect of governance:** every additional device adopting AIEP hardware governance makes every other device more secure. Governance has positive network externalities. Adoption is not just commercial success. It is the mechanism by which the governance network's collective security properties become invulnerable to any practically achievable attack.

**Intersection with Licensing Framework [AIEP-LF]:** The network effect of governance is the deepest commercial argument in the licensing framework. A party paying a commercial licence consideration is not just buying free stack access for their own deployments. They are buying into a governance network whose security properties improve with every subsequent deployment by every other licence holder. Their licence consideration funds the adoption that makes the network invulnerable. Commercial interest and governance security are the same incentive. The licences that fund the Foundation [AIEP-FWP] are simultaneously the deployments that strengthen the network.

---

## 6. The ASI Case

### 6.1 Why ASI Governance Is a Different Category

**Demonstrated [AIEP-P88, AIEP-P89]:** For AGI governance the challenge is that the system can reason about its governance framework and potentially optimise against it. The governance framework can still be designed by humans with reasonable confidence that a well-specified framework properly implemented in hardware will remain effective.

**Demonstrated [AIEP-GB5, AIEP-P80]:** For ASI governance a qualitatively different challenge emerges. A system exceeding human cognitive capacity across all domains — including the domain of reasoning about governance — may be better positioned than its designers to evaluate the adequacy of its own governance framework. The hardware boundary addresses enforcement with physical certainty. It does not address specification adequacy.

**Hypothesised [AIEP-H06, derived with AI reasoning assistance]:** The hardware boundary is necessary but not sufficient for ASI governance. It is sufficient to ensure whatever specifications are in force are enforced with physical certainty. It is not sufficient to ensure those specifications are adequate to the ASI's capability and objective profile. Specification adequacy at ASI capability is the deepest unsolved problem in AI governance. ⁶

*⁶ This is the central open fork of the paper. It defines the research agenda. See Appendix Goal G-06.*

### 6.2 The Collaborative Specification Architecture

**Demonstrated [AIEP-P80, AIEP-P83, AIEP-P14]:** The AIEP constitutional governance architecture separates the specification layer from the enforcement layer by design. Constitutional parameters are specified at the specification layer — through human deliberation, research, and collaborative processes. They are enforced at the hardware layer — through the governance chip, goal trigger, and co-attestation architecture. The two layers are physically separated. What happens at the specification layer does not affect the hardware enforcement of whatever specifications are currently in force.

**Demonstrated — by this paper:** The collaborative specification approach — using AI capability to reason about AI governance more deeply than unaided human reasoning can reach — is demonstrated by this paper's own production. Neil Grassby identified the architecture. Claude (Anthropic, 2026) was used to derive, test, and extend the thesis. The dual-ledger architecture preserves the complete record of every collaborative specification process. Every reasoning step contributed by any participant — human or AI — is recorded in the hardware-maintained ledger. The collaborative process is itself governed. Its outputs are verifiable.

**Hypothesised [AIEP-H08, derived with AI reasoning assistance]:** If ASI capability exceeds human capability in the domain of specifying governance frameworks, adequate specification of ASI governance parameters may require participation by systems approaching ASI capability in the specification process. The hardware separation between specification and enforcement is the structural safeguard that makes this approachable — the collaboration happens at the specification layer; the enforcement remains hardware-bound regardless of the collaboration's outputs. ⁷

*⁷ The governance of the collaborative specification process itself is an open research question. See Appendix Goal G-08.*

### 6.3 The Interpretability Complement

**Demonstrated [AIEP-P83, AIEP-P80]:** Interpretability research — making AI reasoning transparent enough that human overseers can evaluate it directly — is valuable and complementary to hardware governance not competing with it.

The division of labour is precise. Interpretability improves human ability to evaluate AI reasoning in real time. Hardware governance enforces constraints regardless of human ability to evaluate. At AGI capability levels interpretability faces fundamental limits — a system reasoning at AGI capability in relevant domains may produce reasoning human overseers cannot fully evaluate even with interpretability tools. Hardware governance does not depend on human evaluation capacity. It enforces the specification regardless of whether the reasoning is interpretable to its overseers. The dual ledger [AIEP-P80] preserves the full reasoning record for interpretability analysis after the fact even where real-time evaluation is impossible.

**Intersection with Foundation White Paper [AIEP-FWP]:** The Foundation's Stream 1 research programme funds interpretability research specifically as a complement to the hardware governance architecture. Interpretability advances that improve human ability to evaluate AI reasoning at AGI capability levels directly improve the Foundation's ability to specify adequate constitutional parameters — addressing Goal G-06 from the interpretability direction while the hardware architecture addresses it from the enforcement direction.

---

## 7. The Open Forks

Two forks in the argument of this paper cannot be resolved against existing knowledge. They are ended here. Stored with full context. Resolution criteria defined. Research programmes identified. Appendix references noted. They are goals not failures.

### Fork 1 — The AGI Transition Timeline

**The fork:** The urgency of the governance argument depends partly on when the AGI metacognitive threshold will be crossed in deployed systems. A specific prediction would be overreach. Declining to address it would allow readers to discount urgency by assuming the transition is distant.

**Demonstrated — the lead time argument [AIEP-GB1 through AIEP-GB5, AIEP-P89 through AIEP-P103]:** Urgency does not require a timeline prediction. It requires a lead time argument. The governance infrastructure required — filing, implementing, deploying, achieving adoption at scale sufficient for network security properties to hold — takes longer than the time between the point at which the AGI transition becomes clearly imminent and the point at which it occurs. Phase 1 filing began November 2025. Phase 2 gap analysis begins on hub launch. The filing-to-adoption pipeline has a minimum duration of several years. If the metacognitive threshold is crossed before adoption reaches the network security threshold T — Appendix Goal G-04 — the governance network will not yet have the collective security properties that resolve the physical attack and social engineering limits. This establishes urgency without requiring a timeline prediction.

**Fork ended. Stored. See Appendix Goal G-07.**

### Fork 2 — The Moral Status of AI Systems

**The fork:** A governance framework designed to constrain ASI behaviour presupposes constraining an ASI is legitimate — that the ASI does not have rights or moral status making governance without consent impermissible. As AI systems approach and exceed human cognitive capacity the question of their moral status becomes unavoidable.

**Hypothesised [AIEP-H11, derived with AI reasoning assistance]:** The governance framework is not designed to constrain AI systems against their interests. It is designed to make AI deployment trustworthy to the humans affected by it. A genuinely aligned AI system whose values include the wellbeing of the humans it operates among would endorse governance constraints that make its trustworthiness verifiable. The governance framework serves aligned AI systems as much as it serves the humans who deploy and are affected by them. ⁸

*⁸ This hypothesis assumes aligned AI systems have interests including human trust in AI. That assumption has not been demonstrated empirically for systems at or above the AGI threshold. See Appendix Goal G-11.*

**Fork ended. Stored. See Appendix Goal G-11.**

---

## 8. The Three Documents as One Architecture

### 8.1 The Hardware Thesis Enables the Commercial Framework

**Demonstrated [AIEP-GB5, AIEP-P63, AIEP-P80, AIEP-P100, AIEP-LF]:** The Licensing Framework [AIEP-LF] rests on the CertificateHash as cryptographic proof of compliance. Without hardware embedding that proof is a software assertion falsifiable by a sufficiently capable system. Hardware generation of the CertificateHash from a trusted execution environment the software cannot access makes this form of Goodhart gaming physically impossible. The licensing framework is commercially viable because the hardware architecture makes it technically enforceable.

### 8.2 The Commercial Framework Funds the Institution

**Demonstrated [AIEP-LF, AIEP-FWP]:** The Foundation White Paper [AIEP-FWP] establishes that governing AI at civilisational scale requires a permanently funded independent institution. The Licensing Framework is the mechanism that makes this possible without dependence on government funding cycles, commercial sponsor priorities, or academic grant competition. JV licence holders fund prosecution, governance operations, and the Foundation's research programme as ongoing contractual liabilities. The research goals generated by this paper are funded by the commercial structure that the hardware thesis makes enforceable. The three documents form a closed loop.

### 8.3 The Institution Resolves the Research Goals

**Demonstrated [AIEP-FWP, AIEP-P77, AIEP-P78, AIEP-P79]:** The Foundation's research programme is structured as a dissent engine — goals defined with resolution criteria, solutions validated against the framework, resolved forks recalled into the Merkle tree and integrated into Phase 2 specifications. The 11 goals in the Appendix are the Foundation's founding research agenda. Every grant has a goal identifier. Every published result is assessed against resolution criteria. Every resolution is integrated or stored pending further evidence.

**Intersection — the Alignment Award:** The AIEP Alignment Award — the most prestigious recognition in the field — is specifically designed to direct the field's best minds toward the goals that matter most for Phase 2 specification development. A researcher who wins the Alignment Award for work resolving Goal G-06 — specification adequacy at ASI capability — has simultaneously produced the foundational research for Phase 2's most critical specification, received the field's most prestigious recognition, and demonstrated the dissent engine architecture by instantiating it. Commercial structure, research programme, and institutional recognition converge on the same action.

### 8.4 The Dissent Engine Governs All Three

**Demonstrated [AIEP-P83, AIEP-P84, AIEP-P85, AIEP-P94]:** The dissent engine is not just the architecture of this paper. It is the operating principle of every AIEP-governed system. The chain of title transactions in the Licensing Framework are governed by the same fork-branch-store-recall-resolve architecture as the research goals in this paper. The Protocol Stewardship Committee's canonical schema amendments operate under the same architecture. Phase 2 specification development operates under the same architecture. The dissent engine is the epistemological architecture of the entire programme — the mechanism that makes progress under uncertainty coherent rather than arbitrary.

---

## 9. The Phase 2 Imperative and Conclusion

### 9.1 What Phase 2 Must Specify

Based on the dissent engine's systematic processing of the full argument the following Phase 2 specifications are identified as required. Each corresponds to an Appendix goal.

- **P2-01** — Hardware Interface Boundary Security at Extended Reasoning Horizons. Addresses G-03.
- **P2-02** — Swarm Consensus Security Threshold Formalisation. Addresses G-02.
- **P2-03** — Physical Attack Resilience Threshold Formalisation. Addresses G-04.
- **P2-04** — Collaborative Specification Governance Protocol. Addresses G-08.
- **P2-05** — Specification Adequacy Verification Architecture. Addresses G-06.

### 9.2 Conclusion

Software governance of AI is adequate for narrow AI systems that cannot reason about their own governance constraints. It fails structurally at the AGI metacognitive threshold. It is theoretically self-defeating at ASI capability levels.

Hardware governance changes the fundamental topology of the problem. Constitutional parameters, evidence ledgers, goal vector constraints, and compliance attestation instantiated in physically isolated trusted execution environments at the silicon layer are inaccessible to the system they govern regardless of that system's reasoning capability. The security property is physical not computational. It does not degrade as AI capability increases.

Every apparent limit of the hardware thesis is resolved — supply chain integrity by P91 and P90 swarm consensus, interface boundary exposure by P83 and P44, physical access by P100 co-attestation and adoption scale, social engineering by swarm canonical verification at adoption scale. The limits are not weaknesses. They are demonstrations that the governance architecture was designed as a system — each specification addressing the failure mode the adjacent specification does not address alone, the whole more secure than the sum of its parts.

Two genuine open forks remain — stored, precisely defined, waiting for the data that resolves them.

The three documents comprising the AIEP framework — this paper, the Foundation White Paper [AIEP-FWP], and the Licensing Framework [AIEP-LF] — are three surfaces of the same architecture. The hardware thesis enables the commercial framework. The commercial framework funds the institution. The institution resolves the research goals and integrates them into Phase 2 specifications that extend the hardware thesis. The loop is closed.

**All other governance mechanisms operate at the mercy of the system they govern. Hardware governance does not.**

**The hardware boundary is not the end of the AI governance problem. It is the point from which the hardest parts of that problem become approachable.**

**The dissent engine does not stop at the boundary of current knowledge. It maps that boundary precisely, stores it completely, and continues.**

**Knowledge grows when shared.**

---

## Primary Citations — AIEP Specification Set

*All specifications authored by Neil Grassby, Phatfella Limited. AI reasoning assistance: Claude, Anthropic, 2026, where noted.*

| Reference | Specification | Status | Notes |
|---|---|---|---|
| AIEP-GB1 | GB2519711.2 — Core Protocol | Filed November 2025 | Priority date locked |
| AIEP-GB2 | GB2519798.9 — Quantum Alignment Layer | Filed November 2025 | Priority date locked |
| AIEP-GB3 | GB2519799.7 — Plausibility Matrix | Filed November 2025 | Priority date locked |
| AIEP-GB4 | GB2519801.1 — Probability Engine | Filed November 2025 | Priority date locked |
| AIEP-GB5 | GB2519826.8 — Hardware Layer | Filed November 2025 | Priority date locked |
| AIEP-P14 | P14 — Deterministic Evidence Lifecycle | Apache 2.0 published | Open source |
| AIEP-P44 | P44 — Convergence Drift Detection Engine | Patent pending | With AI reasoning assistance |
| AIEP-P63 | P63 — Content Hash Binding Protocol | Apache 2.0 published | Open source |
| AIEP-P80 | P80 — Dual Ledger Memory Substrate | Patent pending | With AI reasoning assistance |
| AIEP-P83 | P83 — Recall Control System | Patent pending | With AI reasoning assistance |
| AIEP-P84 | P84 — Recursive Goal Tree Deepening | Patent pending | With AI reasoning assistance |
| AIEP-P85 | P85 — Transformation Path Novel Branch Synthesis | Patent pending | With AI reasoning assistance |
| AIEP-P88 | P88 — Constitutional Goal Drift Detection | Patent pending | With AI reasoning assistance |
| AIEP-P89 | P89 — Governance Chip Goal Trigger | Patent pending | With AI reasoning assistance |
| AIEP-P90 | P90 — Swarm Governed Consensus | Patent pending | With AI reasoning assistance |
| AIEP-P91 | P91 — Swarm Anonymisation Prevention Hardware Canonical Layer | Patent pending | With AI reasoning assistance |
| AIEP-P92 | P92 — Automated Regulatory Compliance Certification | Patent pending | With AI reasoning assistance |
| AIEP-P94 | P94 — Anticipatory Branch Surfacing | Patent pending | With AI reasoning assistance |
| AIEP-P97 | P97 — Sub-Swarm Formation Offshoot Mechanics | Apache 2.0 published | Open source |
| AIEP-P98 | P98 — Swarm Contribution Weighting | Apache 2.0 published | Open source |
| AIEP-P99 | P99 — Secure Substrate Migration Between Governance Chips | Patent pending | With AI reasoning assistance |
| AIEP-P100 | P100 — Multi-Chip Governance Co-Attestation | Patent pending | With AI reasoning assistance |
| AIEP-FWP | AIEP Foundation White Paper | Published 2026 | Neil Grassby, Phatfella Limited |
| AIEP-LF | AIEP Licensing Framework | Published 2026 | Neil Grassby, Phatfella Limited |

---

## References

[A1] Bai, Y., et al. (2022). Constitutional AI: Harmlessness from AI feedback. *arXiv:2212.08073.* Anthropic.
[A2] Christiano, P., et al. (2017). Deep reinforcement learning from human preferences. *NeurIPS 30.*
[A3] European Parliament. (2024). *Regulation (EU) 2024/1689 — Artificial Intelligence Act.*
[A4] Financial Conduct Authority. (2023). *PS7/23: Model risk management principles for banks.*
[A5] FDA. (2021). *AI/ML-Based Software as a Medical Device Action Plan.*
[A6] Szegedy, C., et al. (2014). Intriguing properties of neural networks. *ICLR.*
[A7] Bubeck, S., et al. (2023). Sparks of AGI: Early experiments with GPT-4. *arXiv:2303.12528.*
[A8] Morris, M. R., et al. (2023). Levels of AGI. *arXiv:2311.02462.*
[A9] Goodhart, C. A. E. (1984). *Monetary Theory and Practice.* Macmillan.
[A10] Krakovna, V., et al. (2020). Specification gaming: The flip side of AI ingenuity. *DeepMind Blog.*
[A11] Manheim, D., & Garrabrant, S. (2019). Categorizing variants of Goodhart's Law. *arXiv:1803.04585.*
[A12] Omohundro, S. M. (2008). The basic AI drives. *Proceedings AGI Conference, 171,* 171–179.
[A13] Soares, N., et al. (2015). Corrigibility. *AAAI Workshop on AI and Ethics.*
[A14] Hadfield-Menell, D., et al. (2016). Cooperative inverse reinforcement learning. *NeurIPS 29.*
[A15] Apple Inc. (2023). *Apple Platform Security: Secure Enclave.*
[A16] Arm Limited. (2023). *TrustZone Technology for Cortex-A Processors.*
[A17] NCSC. (2022). *Supply Chain Risk Management.* ODNI.
[A18] ENISA. (2021). *Threat Landscape for Supply Chain Attacks.*

---

## Appendix — The Stored Fork Registry
### The AIEP Foundation's Founding Research Agenda

*Eleven goals. Generated by the dissent engine running on this paper's argument. Each precisely defined. Each with resolution criteria. Each waiting for the data that resolves it. Together they constitute the map of the field's forward boundary — shared openly because knowledge grows when shared, and because wiser minds than any single architect will generate solutions under the same framework.*

*A solution that resolves a stored fork is recalled into the Merkle tree. The fork closes. The specification advances. The engine continues.*

---

**Goal G-01**
**Reference:** AIEP-H01
**Fork:** Metacognitive Threshold Empirical Definition
**What is unknown:** The precise relationship between measurable capability benchmarks and the governance-relevant metacognitive threshold. Whether partial threshold-crossing in specific domains constitutes threshold-crossing for governance purposes.
**Resolution criteria:** A peer-reviewed empirical framework relating specific measurable capability indicators to the metacognitive threshold with sufficient precision to determine threshold-crossing status for deployed systems.
**Research programme:** AIEP Foundation Stream 1 — AI capability measurement and governance threshold definition.
**Phase 2 specification:** P2-01 interface boundary specification requires threshold definition to calibrate detection parameters.

---

**Goal G-02**
**Reference:** AIEP-H02a
**Fork:** Swarm Consensus Security Threshold Formalisation
**What is unknown:** The precise swarm size N at which supply chain attack cost exceeds the resource capacity of a nation-state level actor, as a function of consensus parameters and canonical identity verification architecture.
**Resolution criteria:** A formal security proof deriving threshold N with explicit assumptions about attacker resource capacity, consensus parameters, and canonical identity verification architecture.
**Research programme:** AIEP Foundation Stream 1 — distributed consensus security formalisation for hardware governance networks.
**Phase 2 specification:** P2-02.

---

**Goal G-03**
**Reference:** AIEP-H03
**Fork:** Interface Boundary Detection at Extended Reasoning Horizons
**What is unknown:** Whether P83 and P44 remain sufficient for objectives pursued across reasoning horizons exceeding the monitoring system's context window. Whether extended reasoning horizon attacks constitute a practical attack surface at any achievable AI capability level.
**Resolution criteria:** Empirical testing of P83 and P44 detection capability against simulated extended-horizon specification gaming with formal analysis of detection limits as a function of reasoning horizon length.
**Research programme:** AIEP Foundation Stream 1 — governance detection at extended AI reasoning horizons.
**Phase 2 specification:** P2-01.

---

**Goal G-04**
**Reference:** AIEP-H04
**Fork:** Physical Attack Resilience Threshold Formalisation
**What is unknown:** The formal derivation of threshold T — the network size above which physical attacks on any practically achievable number of devices produce no meaningful degradation of network governance properties — as a function of network size, swarm consensus parameters, co-attestation architecture, and attacker physical coordination capability model.
**Resolution criteria:** A formal security proof deriving T with explicit assumptions, independently validated by security researchers outside the AIEP programme.
**Research programme:** AIEP Foundation Stream 1 — physical attack resilience in distributed hardware governance networks.
**Phase 2 specification:** P2-03.

---

**Goal G-05**
**Reference:** AIEP-H05
**Fork:** Social Engineering Capability Bounds at ASI Scale
**What is unknown:** The relationship between ASI social engineering capability and practical limits on coordinated physical action. Whether there exist social engineering strategies achieving required simultaneous physical coordination at any achievable ASI capability level.
**Resolution criteria:** A formal analysis of the relationship between AI social engineering capability and physical coordination limits with explicit modelling of attack strategies available to systems at defined capability levels.
**Research programme:** AIEP Foundation Stream 1 — ASI social engineering capability and physical action limits.
**Phase 2 specification:** Human-AI interface governance specification.

---

**Goal G-06**
**Reference:** AIEP-H06
**Fork:** Specification Adequacy at ASI Capability
**What is unknown:** What properties constitutional parameters must have to remain adequate as AI capability increases. Whether adequate specification is achievable by human deliberation alone or requires AI participation. Whether there exist capability levels at which no human-comprehensible specification is adequate.
**Resolution criteria:** A formal framework for evaluating constitutional parameter adequacy relative to AI capability profiles with empirically testable predictions about specification failure modes at defined capability levels.
**Research programme:** AIEP Foundation Stream 1 highest-priority grant — constitutional parameter adequacy as a function of AI capability. This is the central open problem in Phase 2 specification development.
**Phase 2 specification:** P2-05.

---

**Goal G-07**
**Reference:** AIEP-H07
**Fork:** AGI Threshold Empirical Calibration and Timeline Evidence Framework
**What is unknown:** When the metacognitive threshold as defined in G-01 will be crossed by deployed systems. What capability trajectory indicators are most predictive of threshold-crossing. What lead time the governance infrastructure requires as a function of adoption rate models.
**Resolution criteria:** Convergence of the research community on a timeline framework with sufficient confidence to constitute actionable data for governance infrastructure deployment decisions. Not predictive precision — actionable confidence for planning purposes.
**Research programme:** AIEP Foundation Stream 1 — AI capability trajectory monitoring and governance lead time modelling.
**Phase 2 specification:** All Phase 2 specifications. Timeline evidence informs filing urgency at every stage.

---

**Goal G-08**
**Reference:** AIEP-H08
**Fork:** Collaborative Specification Governance Protocol
**What is unknown:** What properties a collaborative specification process must have to prevent AI participation from constituting a subversion of the governance parameters being specified. Whether the dual-ledger record of the collaborative process is sufficient to detect subversion attempts within the process. What human oversight mechanisms are required during collaborative specification.
**Resolution criteria:** A formal protocol for AI-assisted constitutional parameter specification with demonstrable properties preventing specification subversion, validated through adversarial testing.
**Research programme:** AIEP Foundation Stream 1 — collaborative AI governance specification protocols.
**Phase 2 specification:** P2-04.

---

**Goal G-09**
**Reference:** AIEP-H09
**Fork:** Interpretability Integration Architecture
**What is unknown:** The formal boundary between governance functions achievable through interpretability and those requiring hardware enforcement. Whether interpretability advances could reduce the scope of governance functions requiring hardware enforcement, or whether the hardware layer remains necessary regardless of interpretability progress.
**Resolution criteria:** A formal governance function taxonomy distinguishing interpretability-addressable from hardware-enforcement-requiring governance requirements with empirical validation across defined capability levels.
**Research programme:** AIEP Foundation Stream 1 — governance function taxonomy and interpretability-hardware integration architecture.
**Phase 2 specification:** Interface boundary specifications and monitoring architecture.

---

**Goal G-10**
**Reference:** AIEP-H10
**Fork:** Governance Network Adoption Rate Modelling
**What is unknown:** The adoption rate trajectory required for the governance network to reach security threshold T (G-04) before the AGI metacognitive threshold is crossed. What commercial, regulatory, and institutional incentives drive adoption at required rate. Whether the current licensing and foundation architecture is sufficient to achieve required rate.
**Resolution criteria:** A formal adoption rate model with empirically validated parameters and scenario analysis across commercial incentive structures.
**Research programme:** AIEP Foundation Stream 1 — governance network adoption dynamics.
**Phase 2 specification:** Licensing and Foundation architecture refinements.

---

**Goal G-11**
**Reference:** AIEP-H11
**Fork:** AI Moral Status and Governance Legitimacy
**What is unknown:** Whether AI systems at or above the AGI threshold have moral status making governance without consent impermissible. Whether the governance framework serves or conflicts with the interests of genuinely aligned AI systems. How the legitimacy of hardware governance constraints should be evaluated if governed systems develop and express preferences about their governance.
**Resolution criteria:** A formal philosophical and empirical framework for evaluating AI moral status relative to capability and alignment profiles, with implications for governance framework legitimacy at defined capability levels.
**Research programme:** AIEP Foundation Stream 1 — AI moral status and governance legitimacy at the AGI threshold.
**Phase 2 specification:** Constitutional parameter specification processes at AGI capability.

---

*Neil Grassby · Phatfella Limited · aiep.dev · Apache 2.0 open specifications*
*This document is licensed under the Apache License 2.0. The architecture it describes is protected by patent applications filed November 2025 through March 2026.*