中文
AI Graded Governance and Universal Access

accountability chain

Accountability Chain

Document Positioning: This document translates the vision of "those at the top have chains" into a principled framework for responsibility allocation. Specific responsibility proportions, investigation procedures, and compensation standards need to be operationalized according to domain and temporal conditions; this document only sets the principle boundaries.

I. Introduction: Why Responsibility Allocation Is the Most Difficult Institutional Design

When a high-risk threshold holder uses AI to make an incorrect decision, resulting in casualties or property damage, who is responsible?

Simple answer: The operator is responsible. He pressed the button; he made the decision.

But this answer is often wrong, because it ignores the multi-layered structure of responsibility:

  • Operator level: Did he operate according to procedures? Did he detect anomalies in time? Did he actively report?
  • Platform level: Does the AI system itself have defects? Does the algorithm have biases? Did the system provide sufficient warnings?
  • Institutional level: Did the institution provide adequate training? Did it establish effective supervision mechanisms? Did it force operators to work overtime?
  • System design level: Were the assessment standards too lax? Was authority allocation reasonable? Were safety standards sufficient?

If we only punish the operator, we create a scapegoat—the real responsibility is hidden.

If we only punish the platform or institution, we create an illusion of exemption—the operator may have deliberately violated rules or been negligent.

If we punish no one, we create institutional indifference—no one is responsible for the consequences.

Stairway Universalism's responsibility design goal: Establish a layered, traceable, mutually constraining accountability chain, ensuring that responsibility at every level is appropriately pursued, but no single level is treated as the sole scapegoat.

II. Four-Layer Structure of Responsibility

2.1 Layer One: Individual Operator Responsibility

Scope of Responsibility: Whether the operator's behavior in a specific scenario complied with procedures, fulfilled reasonable duty of care, and reported anomalies in a timely manner.

Responsibility Gradient:

  • No responsibility: Strictly operated according to procedures, system had no warnings, reported immediately upon discovering problems
  • Limited responsibility: Minor negligence existed, but the system also failed to provide sufficient verification mechanisms
  • Primary responsibility: Deliberately violated clear procedures, ignored system warnings, concealed and failed to report leading to escalation
  • Full responsibility: Deliberately used the AI system to cause harm, abused authority for personal gain to the detriment of public interest

2.2 Layer Two: Platform and System Responsibility

Scope of Responsibility: Whether the AI system's design, training, and deployment had defects, and whether sufficient safety guarantees were provided.

Responsibility Gradient:

  • No responsibility: System passed safety tests, no known defects during operation, operator error exceeded design expectations
  • Limited responsibility: Known edge-case defects existed but were clearly warned, or design was based on technical levels at the time that could not foresee new risks
  • Primary responsibility: Known but unrepaired major defects existed, training data had systematic biases, design failed to consider critical safety scenarios
  • Full responsibility: Deliberately concealed known defects, refused to repair after receiving multiple incident reports, deliberately designed system to evade regulation

2.3 Layer Three: Institutional Management Responsibility

Scope of Responsibility: Whether institutions (such as hospitals, companies, government departments) established effective management systems, training systems, and supervision mechanisms.

Responsibility Gradient:

  • No responsibility: Established comprehensive training systems and supervision mechanisms, took immediate corrective measures upon discovering problems
  • Limited responsibility: Training system had deficiencies, but operator error was mainly attributable to personal negligence
  • Primary responsibility: Failed to provide adequate training, supervision mechanisms existed in name only, forced operators to work overtime
  • Full responsibility: Deliberately concealed systematic problems, management demanded operators violate safety procedures, destroyed evidence after accidents

2.4 Layer Four: System Design Responsibility

Scope of Responsibility: Whether the stairway system's institutional design itself had defects, creating structural conditions for accidents.

Responsibility Gradient:

  • No responsibility: Assessment standards were considered reasonable at the time, authority allocation complied with risk assessments at the time, accident was an unforeseeable black swan event
  • Limited responsibility: Assessment standards had minor deficiencies, but insufficient to cause the accident
  • Primary responsibility: Assessment standards were too lax leading to insufficiently capable people obtaining high authority, authority allocation was unreasonable (such as allowing a single person to independently operate high-risk systems without dual confirmation), safety standards lagged behind technological development
  • Full responsibility: Deliberately formulated lax standards to cater to specific interest groups, refused reform after receiving multiple accident warnings, deliberately designed institutional loopholes to evade accountability

III. Principles of Responsibility Allocation

3.1 Responsibility Matrix Principle

When an accident occurs, responsibility proportions at each level are determined by an independent investigation panel based on evidence:

  • Responsibility proportion at each level is independently determined
  • Responsibility at each level can be established simultaneously across different dimensions; a single aggregate cap cannot offset the responsibility of platforms, institutions, or system designers
  • If a level is determined to have "no responsibility," its responsibility proportion does not automatically transfer to other levels (avoiding scapegoat logic)

3.2 Investigation Procedure Principle

Step One: Fact Investigation

  • Establish an independent investigation panel, including technical experts, legal experts, ethical experts, institutional management experts, and citizen representatives
  • Investigation scope: operation logs, system code, training records, management systems, system design documents

Step Two: Responsibility Hearing

  • Representatives from each level attend the hearing, with the right to submit evidence, cross-examine, and present mitigating factors
  • Hearing records are made public (de-identified)

Step Three: Responsibility Determination

  • The investigation panel determines responsibility proportions at each level based on evidence and the hearing
  • Determinations must be in writing with reasoning
  • Must obtain supermajority approval

Step Four: Execution and Appeal

  • Responsibility determinations take effect within a limited time after execution
  • Each level has the right to appeal to an independent arbitration committee

3.3 Joint Liability Principle

At the civil compensation level:

  • Compensation liability at each level is independently calculated, but the total does not exceed a reasonable multiple of actual losses
  • Excess amounts serve as punitive damages, used for public funds (such as AI safety research funds)

At the administrative and criminal responsibility level:

  • Responsibility at each level is independently pursued
  • Even if civil compensation has been paid, administrative and criminal responsibility can still be pursued

IV. "Scapegoat" Prevention Mechanisms

4.1 Individual Scapegoat Prevention

Prohibition of "full responsibility transferred to individual":

  • If the investigation determines that the platform or institution has "primary responsibility" or "full responsibility," even if the individual operator also has fault, the platform and institution cannot demand the individual bear more than their responsibility proportion
  • Individual operator compensation liability has an upper limit (such as not exceeding a reasonable multiple of annual income), preventing lifelong debt from a single accident

"Whistleblower" Protection:

  • If an individual operator actively reports system defects or institutional problems (even if this exposes their own minor negligence), their responsibility can be mitigated or exempted
  • Whistleblowers must not be retaliated against (such as dismissal, salary reduction, ostracism) for reporting problems

4.2 Platform Scapegoat Prevention

"Standard Reasonableness" Review:

  • If the platform argues "we operated according to institutional standards, the standards themselves have problems," the investigation panel must review:
    • Were the standards reasonable at the time?
    • Did the platform discover defects in the standards but not report them?
    • Did the platform exploit loopholes in the standards?

Platforms Cannot Claim Full Exemption Based on Standards:

  • Even if standards have defects, if the platform discovered defects but took no action (such as adding extra safety checks, reporting to regulatory authorities), the platform still bears limited responsibility

4.3 System Scapegoat Prevention

"Institutional Legitimacy" Review:

  • The investigation panel must review: Does the institutional design have "foreseeable defects"?
  • If institutional defects were foreseeable (such as scholars or practitioners having already issued warnings, but system designers did not adopt them), system designers bear primary responsibility
  • If institutional defects were unforeseeable (such as entirely new technical risks), system designers bear limited responsibility or no responsibility

"Good Faith Executor" Protection:

  • If individuals or platforms strictly operated according to the system at the time, and institutional defects were unforeseeable, individuals or platforms can be determined as "good faith executors," with mitigated or exempted responsibility
  • But "good faith executors" cannot exploit institutional defects for personal gain

V. Summary

The accountability chain design follows one core principle: Just responsibility allocation is not about finding the sole culprit, but ensuring that every layer bears its due share.

Individual operators are responsible for their specific actions; platforms are responsible for their system defects; institutions are responsible for their management systems; system designers are responsible for their institutional defects. No layer can be fully exempted, and no layer should bear the burden alone.

This design is not perfect. It may have high investigation costs, subjective determination standards, and complex cross-institutional allocation. But its transparency and multi-layered constraint make scapegoat phenomena detectable, questionable, and correctable.

Institutional engineering honesty: We are designing an accountability chain where "no one can be fully exempted, but no one needs to bear everything alone," rather than a binary choice of "either the individual takes the blame, or no one is responsible." The former can be corrected; the latter is inherently unjust.