AI Will Not Govern Itself: International Approaches to Accountability and the Missing Runtime Layer

There is an implicit assumption in how AI governance is being discussed: that sufficiently capable systems can be calibrated to regulate themselves and operate safely, with light-touch human oversight (such as human-in-the-loop) serving as a backstop.

This assumption is shaping how governance is designed, implemented, and, in many cases, deferred. The focus is on capability, while responsibility and accountability for action are consistently pushed down the line.

The imbalance is already visible. Tens of billions are flowing into AI capability, and lobbying efforts working to keep the regulatory perimeter light, fragmented, or delayed.

AI cannot govern itself for the same reason a contract cannot enforce its own terms, or a payment cannot approve its own execution. Governance is not a property of the actor. It sits outside the actor and is enforced at the point of execution, where the action is either authorised or it does not occur.

The moment a system can act, it stops being just a tool and becomes an actor. And no actor can govern its own actions.

Why can’t AI govern itself, structurally?

The crucial point that many miss is that capability does not mean judgement.

AI operates on patterns. It can recognise, extend, and optimise them. These capabilities make it faster, broader, and more efficient in execution. But they do not give it an understanding of what its actions mean, nor the capacity to take responsibility or be held accountable for them.

When systems are recommending, the consequence still sits with a human decision. When systems are acting, the decision and the consequence collapse into a single moment.

Governance is not about whether a system can decide. It is about whether it is allowed to act.

The rules governing those actions must be independent of the AI model. They must clearly define who has delegated authority, and the precise constraints under which the system is permitted to act.

The Absence of Execution-Level Governance 

If an AI system takes an action without a clear, enforceable link back to who authorised it under defined conditions, responsibility becomes ambiguous. Risk then scales quickly, repeatedly, and often across multiple systems at once. A single gap in constraints or authority does not result in a single failure. It results in many, executed at speed. 

This is where most governance approaches reveal their limitations. Policies can define intent in advance, and audit can attempt to reconstruct what happened afterwards. But neither can establish whether an action should have been allowed at the moment it was taken. 

In environments where actions have real-world consequences, this is not sufficient. A payment either should have been executed or it should not. A system change either should have been made or it should not. Once the action occurs, the question is no longer what happened, but whether it was allowed to happen. 

If that cannot be answered definitively, governance is not operating at the point where the action occurs. 

What Execution-Level Governance Requires

If governance cannot sit inside the system taking the action, and cannot be reconstructed after the fact, it has to exist at the point where the action is executed.

That is the control point.

At that point, three conditions must be resolved in real time.

First, authority must be clear. It must be possible to identify who or what entity has delegated the right for the autonomous system to act, not in general, but for the specific action being taken.

Second, the scope of that authority must be defined. It is not enough to know that a system can act. The permitted actions, conditions, and limits must be explicit.

Third, the action itself must be validated against that authority and those constraints at the moment it is executed. Not before, and not after.

If any one of these conditions cannot be satisfied, the action does not occur.

International Approaches to Accountability

To understand how accountability is currently approached, it is useful to examine three models: the European Union, Singapore, and the United States.

The EU adopts a structured, regulatory approach. The EU AI Act defines accountability through clearly assigned roles, primarily the provider (developer of the system) and the deployer (user of the system). Responsibility is distributed across these roles, supported by requirements for logging, traceability, human oversight, and ongoing monitoring, particularly for high-risk systems.

Accountability is established through design-time obligations, operational controls, and post-execution compliance, oversight, and documentation

Singapore takes a pragmatic, operational approach. Through the Model AI Governance Framework, AI Verify, and its more recent work on agentic AI, it emphasises testing, assurance, and demonstrable governance in practice. Organisations are expected to show how systems behave, how risks are managed, and that humans remain accountable for outcomes.

Accountability is demonstrated through system testing, verification, and documented performance.

The United States takes an innovation-first, decentralised approach. Reflected in the NIST AI Risk Management Framework and broader policy direction, accountability is placed primarily at the organisational level and guided through risk management, internal governance, and audit. Responsibility is distributed across organisations and sectors, with entities expected to define and manage their own controls.

Accountability is exercised through organisational governance, voluntary standards, and audit processes.

These approaches move from legal accountability in the EU, to operational assurance in Singapore, to decentralised, organisation-led governance in the United States.

Closing Observation

Across all three approaches, accountability is defined and structured, but it is primarily established before execution and evidenced after it, rather than enforced where actions occur.

For autonomous systems, this is not sufficient.

If an action cannot be authorised, validated, and proven at the moment of execution, accountability has not been established. It has only been described.