?asOf= parameter to see the current catalog state.UN GA Resolution on Safe, Secure, Trustworthy AI
UN-RES-2024 · UN
Non-binding. Calls on member states to bridge digital divides and develop national strategies. China + US co-sponsored; passed by consensus.
Background & scope
UN GA Resolution on Safe, Secure, Trustworthy AI addresses 1 contested AI-governance topic explicitly, 8 via general principles.
Provisions & coverage
- implicitDeepfakes / Synthetic ContentReferences disinformation broadly[1]
- implicitAI in EducationCalls on digital-divide bridging[1]
- implicitTransparency ObligationsCalls for trustworthy AI broadly[1]
- implicitCatastrophic & Existential RiskNotes 'shared concerns' but no operative catastrophic-risk text[1]
- implicitTechnological SovereigntyCalls for bridging digital divides — adjacent to but not sovereignty[1]
- governsDevelopment-Rights FramingsOperative paragraphs frame AI through development-rights + digital divide lens; co-sponsored by Global-South coalition[1]
- implicitSynthetic Content ProvenanceGeneral call for state action on safe AI; provenance not specifically addressed[1]
- implicitEnvironmental Impact of AI TrainingPreamble references SDGs which include climate goals[1]
- implicitAI-Driven Worker DisplacementSDG references include decent work + economic growth[1]
Enforcement & impact
Cross-jurisdiction comparison
How peer instruments treat the topics UN GA Resolution on Safe, Secure, Trustworthy AI governs.
| Topic | EU-AIA-2024 | US-EO-14110 | US-EO-14179 | UK-WHITEPAPER-2023 | CN-GENAI-2023 | G7-HIROSHIMA | OECD-AI-PRIN | COE-AI-CONV | NIST-AI-RMF | BLETCHLEY-2023 | SEOUL-2024 | NIST-AI-RMF-GENAI | CA-SB-1047 | IN-DPDP-2023 | BR-AIBILL-2024 | ASEAN-AI-GUIDE-2024 | AU-AI-STRATEGY-2024 | ANTHROPIC-RSP-2024° | OPENAI-PREPAREDNESS-2023° | DEEPMIND-FSF-2024° | META-FRONTIER-2024° | UK-US-AISI-MOU-2024 | WH-VOLUNTARY-2023 | SG-MODEL-AI-2024 | JP-METI-AI-2024 | EU-GDPR-2016 | EU-GPAI-COP-2025 | OMB-M-24-10 | GSA-AI-GUIDE-2024 | DOD-RAI-2022 | FEDRAMP-AI-2024 | DFARS-252-204 | CA-SB-53 | CA-SB-243 | CA-SB-942 | EU-PLD-2024 | UNESCO-AI-ETHICS-2021 | EU-PWD-2024 | CN-DEEPSYN-2022 | NY-RAISE-2025 | US-TAKEITDOWN-2025 | IT-AILAW-2025 | JP-AIPROMO-2025 | UN-GDC-2024 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Development-Rights Framings | silent | silent | silent | silent | implicit | silent | implicit | implicit | silent | silent | silent | silent | silent | governs | governs | implicit | governs | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | silent | governs | silent | silent | silent | silent | silent | governs | governs |
°= industry self-imposed voluntary framework. Comparing a voluntary code's "governs" tint with a binding regulation's "governs" tint flattens the legal-force distinction; use the instrument-page banner for the operative status of each.
See also
Per-audience views
- Provisions →Article-by-article obligation breakdown for procurement + RFP authors.
- Disclosure form →Vendor-disclosure questionnaire derived from this instrument's operative obligations.
- Harm narratives →Documented harms relevant to this instrument's topics, for civil-society advocacy.
- Briefing pack →Journalist-ready summary with quotes + dates + primary-source links.
Article tools — track changes, suggest an edit
View history — every captured revision of this article · What links here
Further reading
140 academic & grey-literature sources on the topics this instrument addresses (not commentary on the instrument itself) — catalogued metadata with a primary link; one-line findings are ✦ AI-generated summaries, labeled as such (charter §7.9). Browse the full literature index.
- Missing the Mark: Adoption of Watermarking for Generative AI Systems in Practice and Implications Under the New EU AI Act Peer-reviewed✦ AIEmpirical audit finds only 38% of AI image generators implement adequate watermarking and 18% deepfake labelling, exposing a compliance gap under EU AI Act Article 50.
- Artificial intelligence and synthetic biology: biosecurity risks, dual-use concerns, and governance pathways Peer-reviewed✦ AIReviews biosecurity and dual-use risks at the AI-synthetic-biology interface and maps governance pathways for emerging catastrophic threats.
- European ambitions captured by American clouds: digital sovereignty through Gaia-X? Peer-reviewed✦ AIShows Gaia-X paradoxically incorporates dominant US cloud providers, undermining the very European digital sovereignty it was meant to advance.
- A Framework for Evaluating Global AI Governance Initiatives Peer-reviewed✦ AIOffers a framework to evaluate global AI governance initiatives, recommending capacity-building so Global South states can meaningfully participate in standard-setting.
- Large language models reflect the ideology of their creators Peer-reviewed✦ AIEmpirically shows LLMs encode their creators' ideologies, supporting policy incentives for home-grown models reflecting local cultural views, especially in low-resource-language regions.
- AI, Climate, and Regulation: From Data Centers to the AI Act Peer-reviewed✦ AIAnalyses the legal levers (AI Act energy-reporting duties, Energy Efficiency Directive data-centre KPIs, sustainability reporting) for governing AI's climate footprint and their disclosure gaps.
- The Current Landscape of Deepfake Legislation in the United States Peer-reviewed✦ AIThematic analysis of 319 state deepfake bills (2019-2024) finds a fragmented patchwork concentrated on political and sexually-explicit content.
- Reimagining U.S. Tort Law for Deepfake Harms: Comparative Insights from China and Singapore Peer-reviewed✦ AIArgues fragmented US tort doctrines (defamation, publicity, IIED) are ill-suited to deepfake harms and draws remedial lessons from Chinese and Singaporean law.
- A Teleological Interpretation of the Definition of DeepFakes in the EU Artificial Intelligence Act—A Purpose-Based Approach to Potential Problems With the Word 'Existing' Peer-reviewed✦ AIWarns a narrow reading of 'existing' in the AI Act's deepfake definition could exclude synthetic media from transparency duties, urging a teleological interpretation.
- Audio deepfakes and the regulation of the landlords of creativity Peer-reviewed✦ AIArgues US, EU and Chinese regimes fail to assign audio-deepfake liability to 'landlords of creativity' (foundation-model providers) and proposes holding them accountable.
- Navigating China's regulatory approach to generative artificial intelligence and large language models Peer-reviewed✦ AIAnalyses China's 2022 deep-synthesis and 2023 generative-AI rules, including mandatory labelling/watermarking of synthetic content as a provenance-governance model.
- 'Sora is incredible and scary': public perceptions and governance challenges of text-to-video generative AI models Peer-reviewed✦ AIQualitative analysis of public commentary on Sora finds blurred real/fake boundaries drive demand for law-enforced AI-content labelling and provenance.
+ 128 more across this instrument's topics — see the literature index.
References
The primary instrument sources behind the article's classifications.
- A/RES/78/265
- References disinformation broadly
- Calls on digital-divide bridging
- Calls for trustworthy AI broadly
- Notes 'shared concerns' but no operative catastrophic-risk text
- Calls for bridging digital divides — adjacent to but not sovereignty
- Operative paragraphs frame AI through development-rights + digital divide lens; co-sponsored by Global-South coalition
- General call for state action on safe AI; provenance not specifically addressed
- Preamble references SDGs which include climate goals
- SDG references include decent work + economic growth
How to cite this article
Cite this article 8 formats · BibTeX, RIS, APA, Chicago, … · 1-click copy
Persistent identifier: https://policywindow.org/wiki/un-ai-resolution-2024 — committed-stable URL with content-versioning via ?asOf= (rollout pending per methodology §7). DOIs via Zenodo are on the roadmap.
Does this instrument’s approach work? — the social-science evidence
Aggregated over the 9 topics this instrument governs: whether each harm is empirically real, and whether the peer-reviewed evidence shows governance reduces it. The badge is the epistemic status of the evidence— “thin”/“absent” efficacy evidence is itself a finding (the “second silence”). Each epistemic-status label is Policy Window's editorial assessment of the cited evidence base (a structured classification), not a verdict any single source issues.
Of the 9 governed topics with a social-science evidence review, evidence that governance reduces the harm is established for 0, contested for 0, thin for 4, and absent for 5 — for most, no replicated study yet shows this instrument's approach works (the "second silence").
AI-Driven Worker Displacement
AI-driven labour displacement is demonstrably real but localized rather than economy-wide as of 2025-2026. Causal microdata find measurable harm in directly exposed segments: a difference-in-differences study of the Upwork freelance market found that after ChatGPT's release, freelancers in more AI-exposed occupations (e.g. writing) saw ~2% fewer contracts and ~5% lower monthly earnings, with larger losses among previously high-skilled workers (Hui, Reshef & Zhou 2024). Effects concentrate in entry-level and highly-automatable roles while aggregate US employment and wages show little disruption through 2024-2025 — so macro-level harm remains genuinely contested even as targeted-segment harm is established; much deployment to date augments rather than substitutes, raising novice productivity ~34% in call-center work (Brynjolfsson, Li & Raymond 2025).
Sources: Hui, Reshef & Zhou 2024 ('The Short-Term Effects of Generative AI on Employment', Organization Science); Brynjolfsson, Li & Raymond 2025 ('Generative AI at Work', Quarterly Journal of Economics 140(2):889); Acemoglu 2024 ('The Simple Macroeconomics of AI', NBER WP 32487); Autor 2024 ('Applying AI to Rebuild Middle Class Jobs', NBER WP 32140)
There are essentially no impact evaluations of governance specifically targeting AI-driven displacement; current responses (OECD/GPAI guidance, reskilling initiatives, safety-net proposals) are at the recommendation stage, so 'does AI-displacement policy work' is answered only by extrapolation from the broader displaced-worker literature. That analogue base is robust but shows modest, mixed results: Card, Kluve & Weber's (2018) meta-analysis of 200+ active-labour-market evaluations finds training has small/insignificant short-run effects that improve only over the medium-to-long run, US Trade Adjustment Assistance evaluations find largely neutral-to-negative earnings effects (Schochet et al. 2012), and the JTPA randomized evaluation found weak earnings effects for the dislocated-worker stream. Recent syntheses note retraining yields smaller gains precisely when workers move into high-AI-exposure occupations — so the evidence that standard tools reduce AI-displacement harm is thin and early.
Sources: Card, Kluve & Weber 2018 ('What Works? A Meta-Analysis of ... Active Labor Market Program Evaluations', JEEA 16(3):894); Schochet et al. 2012 (Trade Adjustment Assistance Program impacts, Mathematica/USDOL); Bloom et al. 1997 (National JTPA Study, Journal of Human Resources); Brookings 2025 ('AI Labor Displacement and the Limits of Worker Retraining'); OECD 2023-2025 Employment Outlook
Catastrophic & Existential Risk
The catastrophic-uplift premise is genuinely contested: the empirical uplift studies that exist find current frontier models add little. RAND's red-team study found no statistically significant difference in the viability of bioweapon-attack plans produced with vs. without LLMs (Mouton, Lucas & Guest 2024), and OpenAI's 100-participant trial found GPT-4 gave at most a mild, non-significant accuracy uplift (mean +0.88 out of 10 for PhD experts, +0.25 for students; Patwardhan et al. 2024). Honest caveat: the harm is forward-looking, not yet observed — expert opinion on the catastrophic tail is sharply split (median AI researcher puts ~5% on extremely-bad/extinction outcomes, mean ~9-16% across differently-framed questions, n=2,778; Grace et al. 2024), and forecasters underestimated how fast risk-relevant capabilities (e.g. virology troubleshooting) actually arrived (Forecasting Research Institute 2025), so the relevant capabilities are a moving target rather than a settled magnitude.
Sources: Mouton, Lucas & Guest 2024 (RAND RR-A2977-2, Operational Risks of AI in Large-Scale Biological Attacks: Results of a Red-Team Study); Patwardhan et al. 2024 (OpenAI, Building an Early Warning System for LLM-aided Biological Threat Creation); Grace et al. 2024 (Thousands of AI Authors on the Future of AI, arXiv:2401.02843); Forecasting Research Institute 2025 (Forecasting LLM-enabled Biorisk and the Efficacy of Safeguards)
There is essentially no impact evidence that catastrophic-risk governance reduces catastrophic risk, and structurally there cannot yet be: the harm is a low-probability civilisational tail event, so no controlled trial or before/after evaluation of a realised catastrophe is possible. The dominant instruments are recent, voluntary developer frameworks (Anthropic's Responsible Scaling Policy 2023; OpenAI's Preparedness Framework 2023) built on if-then capability thresholds the developers themselves describe as speculative and qualitative rather than validated risk thresholds. The closest evidence is adjacent and indirect: trained-in deceptive behaviours can persist through standard safety training (Hubinger et al. 2024) — a demonstration that current mitigation may be insufficient, not that any governance regime works — and Anthropic's documented loosening of earlier commitments (RSP 2025 dropped the original pledge to define higher-tier ASL evaluations before developing the corresponding models) illustrates that even the strongest voluntary regimes lack external enforcement or measured efficacy.
Sources: Anthropic 2023 (Responsible Scaling Policy); OpenAI 2023 (Preparedness Framework); Hubinger et al. 2024 (Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training, arXiv:2401.05566); Hendrycks, Mazeika & Woodside 2023 (An Overview of Catastrophic AI Risks, arXiv:2306.12001)
Deepfakes / Synthetic Content
The flagship harm — non-consensual sexual deepfakes — is empirically real and sharply gendered: content audits find ~96-98% of deepfake videos online are non-consensual pornography overwhelmingly depicting women, and a pre-registered 10-country survey (>16,000 people) found 2.2% reporting victimization and 1.8% perpetration of synthetic intimate imagery, with documented mental-health, career, and participation harms. By contrast, the parallel claim that political/informational deepfakes UNIQUELY deceive is contested-to-refuted: experiments find deepfakes about as (not more) credible than equivalent text/audio fakes, and a 56-paper meta-analysis (k=137, N=86,155) puts unaided human detection near chance — implying a detection problem more than an exceptional-persuasion one.
Sources: Umbach, Henry, Beard & Berryessa 2024 (CHI '24, 'Non-Consensual Synthetic Intimate Imagery ... in 10 Countries'); Diel et al. 2024 (Computers in Human Behavior Reports 16:100538, deepfake-detection meta-analysis of 56 papers); Barari, Lucas & Munger 2025 (Journal of Politics 87(2), 'Political Deepfakes Are as Credible as Other Fake Media'); Flynn et al. 2022 (British Journal of Criminology, multi-country image-based sexual abuse study)
Direct impact evidence that deepfake governance reduces the targeted harm is sparse and, where it exists, discouraging: the one quasi-experimental evaluation (Cuevas & Horta Ribeiro 2025, synthetic-control across three platforms) found the U.S. TAKE IT DOWN Act's passage plus the MrDeepfakes shutdown did NOT suppress synthetic non-consensual imagery — posting rose above counterfactual baselines and displaced elsewhere. Technical enforcement is likewise unreliable: detectors fail to generalize to unseen generators (notably diffusion models) and are vulnerable to adversarial evasion, with in-the-wild accuracy well below benchmark figures. No rigorous evaluation yet shows a deepfake-specific law, takedown mandate, or watermarking scheme producing a sustained reduction in prevalence or harm.
Sources: Cuevas & Horta Ribeiro 2025 ('Deepfake Pornography is Resilient to Regulatory and Platform Shocks', arXiv:2602.02754); 'Adversarial Reality for Evading Deepfake Image Detectors' (ICCVW 2025); TAKE IT DOWN Act, S.146 / Pub. L. 119-12 (2025); CRS Legal Sidebar LSB11314
Development-Rights Framings
Development-rights framing is a normative/doctrinal frame, so its empirical status splits: the underlying North-South asymmetry it responds to is real and documented, but the claim that a development-rights diagnosis is the correct one is contested doctrine, not a settled finding. The strongest empirical anchor is the exploitative-data-labour evidence — Miceli & Posada's (2022) multi-method qualitative study of Latin American annotation work (Foucauldian dispositif analysis of 210 instruction documents, 55 interviews, plus participant observation) found workers paid cents-per-task with strict surveillance and whose worldviews are subordinated to requesters' — which substantiates the extraction the frame names, building on the data-colonialism thesis (Couldry & Mejias 2019), and extended by comparative political-economy work on AI annotation 'data empires' (Wu, Muldoon & Xia 2025). Honest caveat: whether 'digital self-determination' or 'Global-South sovereignty' is the right operational response (and whether it conflicts with the EU AIA's rights-based design) is a conceptual/legal question with essentially no empirical evidence base — the frame is established as a critique, thin as a tested governance prescription.
Sources: Miceli & Posada 2022, 'The Data-Production Dispositif' (Proc. ACM Hum.-Comput. Interact. 6, CSCW2, Art. 460:1-37); Couldry & Mejias 2019, 'Data Colonialism' (Television & New Media 20(4):336-349); Wu, Muldoon & Xia 2025, 'Global data empires' (Big Data & Society 12(2))
There is no rigorous impact evaluation showing that development-rights / digital-self-determination / sovereignty governance achieves its stated developmental or self-determination aims — the evidence that the frame 'works' as policy is itself missing, largely because the frame is recent, heterogeneous, and rarely instantiated in a single measurable instrument. The closest empirical literature studies one common operational proxy (data localization) and measures economic cost rather than the frame's goals: Ferracane, Kren & van der Marel's (2020) firm/industry productivity analysis finds data-policy restrictiveness associated with lower TFP in data-intensive downstream sectors, Ferracane & van der Marel's (2021) gravity analysis finds data restrictions inhibit trade in digital services, and Bauer, Lee-Makiyama, van der Marel & Verschelde's (2014) GTAP general-equilibrium estimates project GDP losses from localization across seven jurisdictions including Brazil and India. None tests whether sovereignty framing reduces extractive asymmetry or advances local AI capability — so claims on both the benefit and cost sides rest on weak or indirect evidence.
Sources: Ferracane, Kren & van der Marel 2020, 'Do data policy restrictions impact the productivity performance of firms and industries?' (Review of International Economics 28(3):676-722); Ferracane & van der Marel 2021, 'Do data policy restrictions inhibit trade in services?' (Review of World Economics 157(4):727-776); Bauer, Lee-Makiyama, van der Marel & Verschelde 2014, 'The Costs of Data Localisation: Friendly Fire on Economic Recovery' (ECIPE Occasional Paper 3/2014)
AI in Education
The documented harms of educational AI are empirically real and, for proctoring, replicated: a controlled audit of a proctoring tool used by at least ~1,500 institutions found significantly higher facial-detection failure (the trigger for 'suspicious' flags) for darker-skinned and female test-takers (Yoder-Himes et al. 2022), and a technical audit of 164 government-endorsed pandemic learning products found 89% engaged in data practices that risk or infringe children's rights, with most monitoring happening without the child's knowledge or consent (Human Rights Watch 2022). Honest caveat: the benefit side is genuine but highly sensitive to how outcomes are measured rather than uniform — Kulik & Fletcher's meta-analysis of 50 intelligent-tutoring evaluations found an overall median effect of 0.66 SD, but the average effect was 0.73 SD on locally-developed tests versus only 0.13 SD on standardized tests, so much of AI education's apparent value depends on the outcome measure used.
Sources: Yoder-Himes et al. 2022, 'Racial, skin tone, and sex disparities in automated proctoring software', Frontiers in Education 7:881449; Human Rights Watch 2022, 'How Dare They Peep into My Private Life?' (164 EdTech products endorsed by 49 governments; 89% risked/infringed children's rights); Kulik & Fletcher 2016, 'Effectiveness of Intelligent Tutoring Systems: A Meta-Analytic Review', Review of Educational Research 86(1):42-78
There are essentially no rigorous impact evaluations showing that purpose-built governance of educational AI reduces the documented harms. The student-specific regime — California's SOPIPA (SB 1177, 2014, a model that more than 20 states adopted and ~33 considered) and the FTC's May 2022 COPPA ed-tech policy statement (which the agency itself said did not change existing requirements) — has near-zero documented enforcement and no published before/after evaluation of whether it changed vendor data practices or bias outcomes. The only documented remedies came not from education-specific rules but from generic legal levers: a $6.25M biometric-privacy class settlement under Illinois BIPA (Veiga v. Respondus, 2023) and a constitutional ruling that proctoring room-scans are an unreasonable search (Ogletree v. Cleveland State University, N.D. Ohio 2022, Calabrese J.) — neither of which is a replicable evaluation, and both reach private/state actors rather than the underlying demographic-bias harm.
Sources: California SOPIPA (SB 1177, 2014); FTC Policy Statement on Education Technology and COPPA (adopted May 19, 2022); Veiga v. Respondus, Inc. ($6.25M BIPA class settlement, 2023; covers Illinois Respondus Monitor users Nov. 2015–June 2023); Ogletree v. Cleveland State University (N.D. Ohio 2022, Calabrese J., room-scan Fourth Amendment ruling)
Environmental Impact of AI Training
The resource demands of AI compute are empirically documented at the model level: Strubell et al. (2019) quantified large-NLP training energy/carbon, Luccioni et al. (2023) estimated BLOOM's training at ~24.7 tCO2eq (dynamic power) rising to ~50.5 tCO2eq with manufacturing and deployment, Li et al. (2023) estimated GPT-3-scale training in US datacenters can evaporate on the order of hundreds of thousands of litres of freshwater (their central figure ~700,000 L), and Luccioni, Jernite & Strubell (2024) showed generative inference is markedly more energy-intensive per query than task-specific models; at the macro scale the IEA (2024) and de Vries (2023) document rapidly rising datacenter electricity demand. Honest caveat: absolute estimates vary by up to orders of magnitude with grid carbon intensity, hardware, utilisation and accounting boundaries, and cleanly attributing the AI-specific increment (versus general datacenter and crypto growth) remains genuinely contested — the IEA itself bundles AI with datacenters and crypto — so the existence of the footprint is established while its magnitude and trajectory are not.
Sources: Strubell, Ganesh & McCallum 2019 (ACL Anthology P19-1355; 'Energy and Policy Considerations for Deep Learning in NLP'); Luccioni, Viguier & Ligozat 2023 (JMLR 24; BLOOM 176B carbon footprint, 24.7/50.5 tCO2eq; arXiv:2211.02001); Li, Yang, Islam & Ren 2023 (arXiv:2304.03271, 'Making AI Less Thirsty', later Comm. ACM 2025); Luccioni, Jernite & Strubell 2024 (ACM FAccT '24, 'Power Hungry Processing', DOI 10.1145/3630106.3658542); de Vries 2023 (Joule 7(10):2191-2194, DOI 10.1016/j.joule.2023.09.004); IEA 2024 (Electricity 2024)
There is no impact evaluation showing that any AI-specific environmental-governance instrument reduces energy, water or carbon use, because every named instrument is voluntary or non-binding and very recent: EU AI Act Art. 95 codes of conduct are explicitly optional with no sanctions, and NIST AI 600-1 and the G7 Hiroshima Code are guidance, not enforceable caps. The closest analogue evaluation literature is divided in a way that disfavours the voluntary form chosen here: rigorous reviews find voluntary environmental programs generally fail to produce significant abatement beyond business-as-usual (Koehler 2007; Morgenstern & Pizer 2007), whereas the one form with credible positive evidence is mandatory disclosure (Downar et al. 2021 found a UK carbon-reporting mandate cut emissions ~8% versus a control group) which the AI instruments do not yet impose, leaving the proposition that AI environmental governance works essentially untested.
Sources: EU AI Act Art. 95 / Recital 142 (Reg. (EU) 2024/1689); NIST AI 600-1 (2024, GenAI Profile); G7 Hiroshima Process International Code of Conduct (30 Oct 2023); Koehler 2007 (Policy Studies Journal 35(4):689-722); Morgenstern & Pizer (eds.) 2007 (Reality Check, RFF Press); Downar, Ernstberger, Reichelstein, Schwenen & Zaklan 2021 (Review of Accounting Studies 26(3):1137-1175)
Synthetic Content Provenance
The harm provenance targets is real but concentrated, and the technical premise that the mandated signal survives is itself empirically shaky. Synthetic-media harm is well documented in two domains: non-consensual intimate imagery (Ajder et al.'s 2019 Deeptrace audit found 96% of deepfake videos were pornographic and effectively 100% targeted women) and impersonation fraud (the Arup case, ~US$25.6M / HK$200M lost via a deepfake video call). The honest caveat is twofold: a feared broad political-misinformation harm is not yet demonstrated at scale, and CS work shows invisible watermarks are removable in practice (Jiang, Zhang & Gong 2023, WEvade, evade detection via adversarial perturbation; Zhao et al. 2024 prove pixel-level watermarks are provably removable via regeneration attacks), so the provenance signal a rule would mandate is itself contested.
Sources: Ajder, Patrini, Cavalli & Cullen 2019 (Deeptrace, 'The State of Deepfakes: Landscape, Threats, and Impact'); Jiang, Zhang & Gong 2023 ('Evading Watermark based Detection of AI-Generated Content', ACM CCS 2023); Zhao et al. 2024 (NeurIPS, 'Invisible Image Watermarks Are Provably Removable Using Generative AI'); Arup deepfake fraud (CNN Business, 2024-05-16, US$25.6M)
There is no impact evaluation showing that mandated provenance/labeling reduces synthetic-media harm; the major mandates (China's GenAI labeling Measures, effective 2025-09-01; EU AIA Art. 50, machine-readable marking) are too new and unevaluated, and the delivery layer is leaky: the C2PA spec's own Security Considerations document the strip-and-repost threat, and platform audits report C2PA/Content-Credentials metadata is stripped by essentially all major social platforms on upload (consistent with Imatag's 2018 finding that ~80% of uploaded images lose metadata, only ~15% retaining it). The closest analogue evaluation literature — Pennycook, Bear, Collins & Rand (2020), the 'implied truth effect' — gives reason for caution rather than confidence: labeling only some content can make unlabeled false content seem more credible, so a partial-coverage provenance regime could backfire.
Sources: Pennycook, Bear, Collins & Rand 2020 (Management Science 66(11):4944-4957, 'The Implied Truth Effect'); China Measures for Labeling AI-Generated Synthetic Content (eff. 2025-09-01); EU AI Act Art. 50; Imatag 2018 metadata-stripping study (~80%); C2PA Security Considerations (spec.c2pa.org) on manifest removal
Technological Sovereignty
The structural fact that compute capacity is geographically concentrated is well-measured: Lehdonvirta, Wú & Hawkins find only ~33 countries host facilities with AI-accelerator hardware and roughly 24 have the capacity to train full-scale foundation models, the Stanford AI Index 2026 reports low-income countries collectively hold ~0.1% of global data-centre compute (the US hosting >10x any other nation), and Cottier et al. document amortized frontier-training cost rising 2.4x/year (95% CI 2.0-3.1x) toward $1B+ models by 2027. But this is a political-economy FRAME, not a documented harm, and the core contested claim of the topic, that the cost curve locks mid-sized economies OUT of capability, is empirically cut both ways: a feasibility study of Brazil and Mexico (Malagon et al. 2025) estimates usable (non-frontier) 10-trillion-token sovereign models are fiscally viable at roughly $8-14M on H100 hardware, and DeepSeek-style efficiency gains (V3 trained for ~$5.5M, ~11x less compute than Llama 3 405B) show frontier-adjacent performance at a fraction of prior compute, so whether domestic frontier-tier capability is foreclosed for middle powers remains genuinely unsettled.
Sources: Lehdonvirta, Wú & Hawkins 2024 (Compute North vs. Compute South, Proceedings of the 2024 AAAI/ACM Conference on AI, Ethics & Society 7:828-838); Cottier, Rahman, Fattorini, Maslej & Owen 2024 (The Rising Costs of Training Frontier AI Models, arXiv:2405.21015); Stanford AI Index 2026 (Maslej et al., Stanford HAI); Malagon, Ulloa Ruiz, Sandoval Plaza, Rosario Bolívar, García Mesa & Alvarado Morales 2025 (The Feasibility of Training Sovereign Language Models in the Global South: A Study of Brazil and Mexico, arXiv:2510.19801)
There is no rigorous impact evaluation showing that technological-sovereignty policies (on-shore compute mandates, national foundation-model champions, talent-retention schemes such as EuroHPC AI Factories or India's IndiaAI Mission) actually deliver sustained domestic capability or strategic autonomy; these programs are recent, utilization and cost-per-GPU-hour are largely unpublished, and no counterfactual study exists. The closest analogue evidence base, the industrial-policy literature synthesized by Juhász, Lane & Rodrik, finds that properly-identified studies are more favorable than older correlational work suggested but that outcomes depend heavily on instrument design and structural context, and the older national-champion record warns of subsidized 'zombie' firms and government capture, so the closest analogue is mixed and the direct evidence that the sovereignty rule works is simply missing.
Sources: Juhász, Lane & Rodrik 2024 (The New Economics of Industrial Policy, Annual Review of Economics 16:213-242); Ahmed & Wahed 2020 (The De-democratization of AI: Deep Learning and the Compute Divide in Artificial Intelligence Research, arXiv:2010.15581); IndiaAI Mission (Indian Cabinet, March 2024); EuroHPC Joint Undertaking AI Factories (2024 regulation amendment; no published impact evaluation)
Transparency Obligations
Documentation artifacts (model cards, datasheets) are well-specified as proposals and are genuinely adopted, but the empirical premise that mandated disclosure produces meaningful transparency is contested. Selbst & Barocas (2018) argue inscrutability and non-intuitiveness are distinct problems and that disclosing rules does not resolve the latter, and large-scale audits find documentation is sparsely and unevenly completed: a systematic analysis of 32,111 Hugging Face model cards (Liang et al. 2024) found environmental-impact, limitations and evaluation sections least often filled, and Bhat et al. (2023, 45 practitioners) found a substantial gap between the documentation proposal and actual practice. Honest caveat: the documentation frameworks themselves are real and adopted, so the dispute is about whether disclosure conveys decision-relevant information, not whether the artifacts exist.
Sources: Selbst & Barocas 2018 (Fordham Law Review 87:1085-1139); Liang et al. 2024 (Nature Machine Intelligence, s42256-024-00857-z, 'Systematic analysis of 32,111 AI model cards'); Bhat et al. 2023 (CHI '23, 'Aspirations and Practice of ML Model Documentation', DOI 10.1145/3544548.3581518); Mitchell et al. 2019 (FAccT, Model Cards for Model Reporting); Gebru et al. 2021 (CACM 64(12):86-92, Datasheets for Datasets)
There is no rigorous impact evaluation showing that AI transparency mandates (model cards, training-data summaries) measurably reduce bias, misuse or accidents — the central regulatory assumption is empirically untested, partly because flagship mandates like EU AI Act Art. 53(1)(d) GPAI training-data summaries are only subject to AI Office enforcement/verification from 2 August 2026 (the obligation itself began 2 August 2025 for new models). The closest analogue, mandated consumer disclosure, shows small and context-dependent effects: Bollinger, Leslie & Sorensen (2011) found mandatory calorie posting cut average calories per transaction by about 6%, while Loewenstein, Sunstein & Golman (2014) review evidence that disclosure effects are frequently diminished or even reversed by limited attention and often change provider rather than recipient behavior. These are analogues, not AI studies; no study demonstrates that AI transparency disclosure achieves its stated downstream safety aims.
Sources: Bollinger, Leslie & Sorensen 2011 (AEJ: Economic Policy 3(1):91-128); Loewenstein, Sunstein & Golman 2014 (Annual Review of Economics 6:391-419, 'Disclosure: Psychology Changes Everything'); EU AI Act Art. 53(1)(d) GPAI training-data summary (obligation from 2 Aug 2025; AI Office enforcement from 2 Aug 2026)