In 2026, the United States marks 250 years since a group of colonists made a radical claim that government derives its legitimacy not from tradition or force, but from the consent of the governed, and that when those in power violate that consent, they must be held to account.

Two-and-a-half centuries later, that claim is being tested again. Not by a foreign power or a constitutional crisis in the conventional sense, but by something subtler and faster: algorithms that now make consequential decisions about who gets bail, who gets a job interview, who qualifies for a mortgage, whose political messages reach which voters, and so on.

The governance question this raises is not whether AI is powerful; it clearly is very capable. The question is whether it is legitimate—whether the people affected by algorithmic decisions have any meaningful recourse, transparency, or protection.

The Invisible Governors

The easiest way to understand what AI governance means in practice is through concrete examples:

• Michigan’s MiDAS system automatically flagged thousands of unemployment claims as fraudulent—resulting in seized assets as repayment—without human review, without clear notice, and without meaningful opportunity to contest the decision. Many people affected had done nothing wrong. The state eventually paid $20 million in settlements.
• The COMPAS algorithm, widely used in U.S. criminal courts, predicts the likelihood that a defendant will reoffend. It has been shown to misclassify Black defendants as higher risk at roughly twice the rate of white defendants—a disparity that influences sentencing decisions, even though defendants are often unaware of how the score is used in their sentencing.
• During the COVID pandemic, hospital crisis-care protocols in several states used quality-of-life assessments as allocation criteria, meaning that algorithms generated priority scores that heavily shaped decisions that deprioritized elderly and disabled (See “Empirical Assessment of COVID-19 Crisis Standards of Care Guidelines” and “Preintubation Sequential Organ Failure Assessment Score for Predicting COVID-19 Mortality” for more information.)

These are not software bugs. They are governance decisions buried in engineering choices. Someone made a trade-off between efficiency and fairness, between speed and due process, between statistical accuracy and individual rights, and embedded it in code. That trade-off then scaled to thousands or millions of decisions, quietly, without any of the procedural safeguards that would apply if a human official had made the same call.

In a recent law review article, my co-author and I called this the AI Trolley Problem, the moment when an algorithm must choose between competing values such as speed versus fairness, statistical accuracy versus individual protection. Those choices get made implicitly, without the legal deliberation they warrant. The problem is compounded by a significant recent legal shift. For decades, courts resolved ambiguous regulatory questions by deferring to agency interpretations, a doctrine known as Chevron deference. The U.S. Supreme Court struck this down in Loper Bright Enterprises v. Raimondo (2024). Courts can now ask directly: What values is this system optimizing for, and are those trade-offs legally justified? This is a necessary correction, but without the technical capacity to evaluate algorithmic design, courts risk substituting one form of unexamined judgment for another, while organizations face mounting legal exposure with little guidance on what compliance requires.

The result may not be greater accountability so much as greater uncertainty!

20 Fault Lines

We’ve treated AI risk as a technical problem for the most part. The harder problem is constitutional. Where should power reside? How should it be checked? Who is accountable when things go wrong? Those questions haven’t been answered adequately even as we rush to embrace AI.

Consider 20 domains where this is already playing out, including in employment, criminal justice, free speech, democratic integrity, and global competition. These are illustrative rather than exhaustive, but in each case, the same pattern holds: a founding-era tension, resurfacing in modern form. The Founding Fathers addressed those tensions through three governance layers: rights protections, checks and balances, and accountability. These will be examined in detail later in the article.

The following table maps each issue to the governance layer it primarily calls on.

20 AI Governance Issues

The solutions, it turns out, are as old as the tensions. Modern AI governance may not require new principles; it requires applying the ones already built into the republic.

The Three-Layer AI Governance Solution

The U.S. Founding Fathers faced a version of the same problem: How do you constrain power that tends to concentrate and self-justify? Their answer was three interlocking structures designed to work even when the people inside them were fallible, conflicted, or self-interested. A robust AI governance framework needs the same three structures: the rights layer, the checks-and-balances layer, and the accountability layer.

Governance Layer 1: Rights—What People Are Entitled To

The Bill of Rights was designed to prevent certain abuses: unreasonable searches, arbitrary punishment, suppression of speech. The modern parallel is algorithmic: systems that score, rank, price, and screen people in ways that reshape life chances without a visible moment of harm.

Rights failures from AI tend to be quiet. A resume screener that filters out candidates from certain ZIP codes doesn’t look like discrimination; rather, it passes off as a data pattern. A benefits algorithm that flags high proportions of a particular community for fraud review doesn’t look like profiling—it looks like anomaly detection. That invisibility is precisely why explicit rights protections matter.

What a rights layer looks like in practice:

• Notice—People must be told when AI materially influences a consequential decision about them (e.g., hiring, credit, benefits, housing, criminal justice).
• Explanation—Not the technical details of the model, but reasons a person can actually act on.
• Contestability—A real appeal path, with a human in the loop, within a defined time window, for decisions that affect rights or safety.
• Non-discrimination—Anti-bias protections that apply to algorithmic proxies (ZIP code, word choice, browsing history), not just explicit intent.
• Human fallback—In high-stakes domains, no fully automated final word.

The progress on this layer is real but patchy. Colorado’s 2024 AI law requires bias audits and consumer notice for algorithmic decisions in employment, credit, and insurance. The OECD AI Principles endorse similar protections internationally. But the U.S. lacks a federal enforceable floor. Protection depends on what sector you’re in, what state you live in, and whether a regulator happens to have jurisdiction. That patchwork is not sustainable at scale.

Governance Layer 2: Checks and Balances—Who Has Real Authority to Say No

The most useful line in The Federalist Papers: No. 51 is also its most unsentimental: “Ambition must be made to counteract ambition.” The Founding Fathers did not trust human virtue to sustain republican government. They built structures that worked regardless of the individual character of the people inside them. The equivalent failure mode in AI governance is what you might call the grade-your-own-homework problem. In most organizations, the team that builds an AI system also evaluates its performance, interprets its risks, and decides when it is ready to deploy. There is no independent function with the authority and the mandate to say no. 

Think of it as three functions that need to be genuinely separate:

• The policy function decides where AI may operate, what is prohibited, and what documentation is required—before deployment, not during a post-incident review.
• The operational function builds and runs systems within those rules.
• The review function audits, red-teams, adjudicates complaints, and has genuine authority to pause or stop a deployment.

The critical word is “genuinely,” because a review function that reports to the same executive who owns the AI road map is not a check. The Federalist Papers’ case for structural restraint is not about mistrust of individuals—it is about designing systems that work regardless of individual intentions.

The NIST AI Risk Management Framework provides a practical outline for this. Its four functions—Govern, Map, Measure, Manage—correspond to the policy, design, audit, and operational roles that structural governance requires. This is a useful start. The gap is that most of this remains voluntary for private organizations, leading to compliance that’s not necessarily meaningful.

One systemic risk is worth noting: The FTC has described the consolidation of AI capability among a small number of cloud and foundation model providers as a structural competition concern. When a small number of vendors supply the models that government agencies, financial institutions, healthcare systems, and media platforms all run on, the independence of any single organization’s review function becomes less meaningful. That is a governance design problem, not just a market problem.

Governance Layer 3: Accountability—Someone Must Be Responsible

The U.S. Constitution was framed to not only distribute power, but also to make power answerable. Officials could be removed, courts could be appealed, and rights violations had remedies. Accountability was not aspirational but structural.

AI accountability faces what is often called the “responsibility gap”: When a system causes harm, the developer, the deployer, the procuring agency, and the regulator all had a hand. None necessarily owns the outcome. This is a predictable consequence of how AI procurement and deployment actually work, with models sourced from one vendor, fine-tuned by another, integrated by a third, and deployed by a fourth.

Without clear liability, organizations optimize for plausible deniability rather than actual risk management. Documentation becomes a legal shield rather than a quality tool. What meaningful accountability requires is:

• Clear liability allocation—The party best-placed to prevent the harm should own the risk; for example, the deployer for known risks in its operating context and the developer for design defects.
• Documentation sufficient for review—Post-hoc audit requires records, including what data, model version, and decision criteria were used and what the outcome was. Many organizations currently cannot produce this.
• Remedies with teeth—Not just fines, but correction of erroneous decisions, notification of affected individuals, and, in high-stakes domains, restitution.

The regulatory landscape is diverging here. The European Union’s AI Act established a risk-tiered liability framework and modernized product liability rules to cover AI components explicitly. The U.S. is adapting existing frameworks for product liability, consumer protection, and civil rights rather than creating new ones. That approach can work, but it requires regulators and courts to ask hard questions that the Chevron defense once allowed them to avoid. Post-Loper Bright, those questions are back on the table.

What This Means in Practice

A three-layer framework isn’t a call to slow AI adoption, but it is a call to build governance alongside practice. There are three practical questions every organization should be able to answer before a consequential AI system goes live: 

• Who in this organization has genuine authority to block this deployment and has ever exercised it?
• If this system produces a harmful outcome, who is accountable, and what is the remedy?
• What rights do affected people have, and how are those rights enforced?

If you can’t answer all three, the system isn’t ready for deployment in a high-stakes context. For citizens, “I didn’t know an AI made that decision” is becoming an increasingly unacceptable answer.

A Republic, If You Can Keep It

On its 250th anniversary, the U.S. is being asked a technological version of the same question it faced in its founding moment: Can the governing ideals survive the pressures of the moment?

Then, the pressure was faction, debt, and the difficulty of governing multiple states with competing interests. The answer was an innovative governance architecture: a Bill of Rights, a separated structure of powers, and a framework of accountability that made illegitimate power costly. That architecture may have been imperfect and required amendment, extension, and constant pressure to live up to its own terms, but the design logic has proven durable.

The pressure today is different in form but recognizable in structure: systems that concentrate decision-making power, resist scrutiny, and distribute harm in ways that are difficult to trace and easy to deny. The answer calls for the same kind of deliberate design.

A republic of algorithms only works if it inherits the republic’s three essential disciplines: a rights layer that makes people’s entitlements clear and enforceable, a check-and-balances layer that separates the builders from the judges, and an accountability layer that ensures someone pays the cost of getting it wrong.

Two-hundred-and-fifty years of constitutional thinking have already done most of the intellectual work. The task now is to apply it.