Principles Over Code
As artificial intelligence systems rapidly evolve, they present a fundamental paradox for modern society. On one hand, these systems offer unprecedented opportunities to promote human prosperity, sustainable development, and gender equality. On the other, the accelerating pace of technological development brings profound changes that threaten to undermine democratic systems and the preservation of human dignity.
The tension between technological progress and individual safety has created an urgent need for clear, enforceable guardrails. Without a common legal baseline, the risks of digital discrimination, unlawful surveillance, and the erosion of personal autonomy could outweigh the socio-economic benefits AI promises to deliver.
The Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law, CETS 225, represents a globally significant legal framework designed to resolve this tension. It marks a shift from voluntary ethical language toward binding commitments anchored in human rights, democracy, and rule of law.
I. Beyond the Algorithm: The Lifecycle Mandate
The Convention rejects the narrow view that AI should only be regulated at the point of end-user interaction. Article 3 establishes a mandate governing the entire lifecycle of artificial intelligence systems, from initial design and development to use and eventual decommissioning.
From a research and governance perspective, this creates a chain of accountability throughout the AI supply chain. Developers, deployers, and public institutions cannot treat ethics as a final-stage checklist. The legal and technical design choices made early in the lifecycle shape the risks that later appear in society.
Because AI systems can generate predictions, content, recommendations, or decisions that influence physical or virtual environments, human rights safeguards have to begin before deployment.
II. The Blurred Line Between Public and Private Power
The Convention navigates the intersection of state and corporate power by establishing a dual-track scope. It applies to public authorities, while also requiring states to address risks and impacts arising from private actors.
The declaration mechanism matters because it forces signatory nations to explain how they intend to cover private-sector AI activity. That matters in modern governance because many AI systems affecting citizens are built or operated by private providers, even when used inside public services.
III. The Right to Know You’re Talking to a Machine
Transparency in CETS 225 is treated as a prerequisite for individual autonomy and a procedural safeguard. People should be notified, as appropriate for the context, when they are interacting with AI rather than a human.
Transparency is also connected to remedies. A person cannot meaningfully contest an AI-driven harm if they do not know an AI system was involved. The right to know becomes the foundation for the right to act.
IV. The Red Line Provision: Moratoriums and Bans
One of the Convention’s most important features is its recognition that some AI applications may be incompatible with human rights, democracy, or the rule of law. Article 16 requires parties to assess whether moratoriums, bans, or other measures are needed for certain uses.
This moves AI governance beyond risk mitigation into a deeper question: should certain systems be permitted at all? For high-impact surveillance, discriminatory profiling, or systems targeting vulnerable people, this is an essential democratic safeguard.
V. Literacy as a Legal Safeguard
CETS 225 treats education as part of risk and impact management. Article 20 calls for digital literacy and digital skills for all segments of the population, alongside expert skills for those responsible for identifying, assessing, preventing, and mitigating risks.
This matters because AI governance cannot work if citizens, regulators, and risk professionals do not understand the systems influencing decisions, institutions, and digital environments.
Conclusion: Enforcement, Exclusions, and the Shadow of Defence
The true legacy of the Council of Europe AI Convention will be defined by implementation. The Convention encourages safe innovation, but also creates follow-up and reporting mechanisms intended to make state progress visible.
Two major issues remain important for future research: national security and national defence exclusions. The success of the treaty depends on whether the unity sought by the Council of Europe can survive these exclusions, or whether the shadow of defence becomes a loophole that weakens the human rights protections the Convention was designed to protect.