Author
Listed:
- KEMEL, YANNIS
(Harvard University)
Abstract
Cyberspace is not ungoverned—it is systematically misgoverned. International instruments, national strategies, and voluntary frameworks have proliferated while security outcomes deteriorated. This inversion—more governance, less resilience—is the "Proliferation Paradox." The paper introduces "Governance Debt": the institutional deficit that accumulates when AI-driven technological change outpaces governance adaptation. This debt compounds across three dimensions: Capacity Debt (threat velocity exceeds institutional response cycles), Authority Debt (no enforcement jurisdiction over borderless AI infrastructure), and Legitimacy Debt (governance authority migrates to unaccountable private actors). This paper examines cybersecurity governance in 29 countries. It identifies three institutional models: Integrated Command, Nodal Hybrid, and Fragmented Sectoral. Key finding: institutional architecture predicts operational resilience more consistently than strategy quality or financial investment. The analysis covers 66 governance instruments and reveals four critical weaknesses in how AI challenges current systems: Scale (velocity), Attribution (identity), Dependence (vulnerability to foreign platforms), and Agency (autonomous systems without accountability). The paper calls cloud providers, AI developers, and standards bodies "private leviathans": they exercise sovereign-scale power over cyberspace without democratic mandate or meaningful accountability. Using the OECD Strategic Foresight Toolkit, the paper stress-tests six governance models across four 2030 scenarios. Two extremes fail: total centralization (a Global Cyber Agency) and total market-led governance. The "Adaptive Federated Stack"—a five-layer architecture—distributes authority across existing institutions without creating a new apex body. This model performs across all scenarios and resolves all three Governance Debt dimensions. The central argument: between 2026 and 2030, governance success requires interoperability, not unity.
Suggested Citation
Kemel, Yannis, 2026.
"Who Governs Cyberspace in the age of AI? A Global Stocktake of Cybersecurity Governance,"
SocArXiv
7upyz_v1, Center for Open Science.
Handle:
RePEc:osf:socarx:7upyz_v1
DOI: 10.31219/osf.io/7upyz_v1
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:osf:socarx:7upyz_v1. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: OSF (email available below). General contact details of provider: https://arabixiv.org .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.
Printed from https://ideas.repec.org/p/osf/socarx/7upyz_v1.html