Who Governs Cyberspace in the age of AI? A Global Stocktake of Cybersecurity Governance
Yannis Kemel
Additional contact information
Yannis Kemel: Harvard University
No 7upyz_v1, SocArXiv from Center for Open Science
Abstract:
Cyberspace is not ungoverned—it is systematically misgoverned. International instruments, national strategies, and voluntary frameworks have proliferated while security outcomes deteriorated. This inversion—more governance, less resilience—is the "Proliferation Paradox." The paper introduces "Governance Debt": the institutional deficit that accumulates when AI-driven technological change outpaces governance adaptation. This debt compounds across three dimensions: Capacity Debt (threat velocity exceeds institutional response cycles), Authority Debt (no enforcement jurisdiction over borderless AI infrastructure), and Legitimacy Debt (governance authority migrates to unaccountable private actors). This paper examines cybersecurity governance in 29 countries. It identifies three institutional models: Integrated Command, Nodal Hybrid, and Fragmented Sectoral. Key finding: institutional architecture predicts operational resilience more consistently than strategy quality or financial investment. The analysis covers 66 governance instruments and reveals four critical weaknesses in how AI challenges current systems: Scale (velocity), Attribution (identity), Dependence (vulnerability to foreign platforms), and Agency (autonomous systems without accountability). The paper calls cloud providers, AI developers, and standards bodies "private leviathans": they exercise sovereign-scale power over cyberspace without democratic mandate or meaningful accountability. Using the OECD Strategic Foresight Toolkit, the paper stress-tests six governance models across four 2030 scenarios. Two extremes fail: total centralization (a Global Cyber Agency) and total market-led governance. The "Adaptive Federated Stack"—a five-layer architecture—distributes authority across existing institutions without creating a new apex body. This model performs across all scenarios and resolves all three Governance Debt dimensions. The central argument: between 2026 and 2030, governance success requires interoperability, not unity.
Date: 2026-05-14
References: Add references at CitEc
Citations:
Downloads: (external link)
https://osf.io/download/6a2db465de71f80b11945087/
Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.
Export reference: BibTeX
RIS (EndNote, ProCite, RefMan)
HTML/Text
Persistent link: https://EconPapers.repec.org/RePEc:osf:socarx:7upyz_v1
DOI: 10.31219/osf.io/7upyz_v1
Access Statistics for this paper
More papers in SocArXiv from Center for Open Science
Bibliographic data for series maintained by OSF ().