Previous Article in Journal
ST-MAFNet: Spatio-Temporal Multi-Scale Adaptive Fusion Network for Traffic Forecasting
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
AI
Volume 7
Issue 6
10.3390/ai7060218
ai-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

No Trust Without Trust Infrastructure: The Extended Kelvin Principle and Its Application to AI Output Governance

by
Yusaku Fujii
School of Science and Technology, Gunma University, Kiryu 376-8515, Japan
AI 2026, 7(6), 218; https://doi.org/10.3390/ai7060218 (registering DOI)
Submission received: 21 May 2026 / Revised: 10 June 2026 / Accepted: 11 June 2026 / Published: 14 June 2026
(This article belongs to the Special Issue Governing Trustworthy AI Outputs in a Sensor-Dense Society: Privacy, Auditability and Responsible Deployment)
Browse Figures
Versions Notes

Abstract

Objectives: This paper presents a principle and framework for generating social trust in AI outputs as an institutional structure rather than an ethical declaration. Sound technical design alone does not guarantee the institutional trust required to establish social measurement. What is needed is not a declaration of trust but the construction of an infrastructure that supports it. Methods: First, the Extended Kelvin Principle is derived by prepending to Kelvin’s measurement–understanding–control chain the links “no social trust without trust infrastructure; no legitimate social measurement without social trust.” Infrastructure-scale trust requires not declarations but verifiability, recordability, and auditability. Just as GUM and calibration infrastructure underpin trust in measured values, AI output governance requires GLO, a common language for expressing output legitimacy, implemented by a VRAIO-type infrastructure. GLO treats an output candidate as a “claim” and declares the rule-conformity of its purpose and content as a legitimacy confidence L, derived from a fact-based argument accompanied by a legitimacy budget. Results: VRAIO integrates declaration, rule verification, tamper-resistant recording, and independent auditing. A sealed, deterministic verifier makes L reproducible: computational falsity is caught by re-computation, factual falsity by checking authoritative records, and severe sanctions render false declaration irrational. Conclusions: GLO is not a mere AI version of GUM but a common language for an underdeveloped domain, whose effectiveness depends on connection to an enforceable output-governance infrastructure.

1. The Paradox: Technical Design Alone Could Not Establish Social Measurement

Since 2020, governments around the world deployed contact-tracing applications in response to the COVID-19 pandemic. Designs based on Bluetooth low-energy proximity detection, exposure risk estimation, and decentralized notification via smartphones were rapidly implemented in many countries. Digital contact tracing was proposed as a technology capable of accelerating notifications and supplementing infection control in cases where manual contact tracing could not keep pace with the speed of viral spread [1]. Furthermore, decentralized protocols exemplified by DP-3T (Decentralized Privacy-Preserving Proximity Tracing) sought to reduce privacy risks through designs that avoided centralized collection of the identities and location histories of infected individuals and their contacts [2,3].
In many countries, however, contact-tracing applications failed to produce the social impact that had been anticipated.
Japan’s COCOA (COVID-19 Contact-Confirming Application) gained widespread public awareness in a short period, yet left unresolved challenges in positive-case registration, notification, impact measurement, and the development and maintenance operational structure [4,5]. Regarding Germany’s Corona-Warn-App, it has been pointed out that the object of citizens’ trust was not a mere application but a sociotechnical assemblage encompassing developers, government, institutions, data processing, and public accountability [6]. While studies do exist demonstrating epidemiological effects of the UK’s NHS (National Health Service) COVID-19 app [7], those effects were heavily dependent on adoption rates, continued use, positive-case registration, and behavioral change following notification [8].
The lessons to be drawn from this experience are not reducible to “public communication was insufficient” or “there were problems with implementation.” It is certainly true that many practical factors were involved, including positive-case registration workflows, coordination with testing infrastructure, and the limitations of Bluetooth measurement, among others. Yet the essential insight that emerges from this broader picture is that social measurement is not merely technical measurement [9,10].
Contact-tracing applications were an attempt to capture the social fact of proximate contact as digital data. However, unlike gravitational acceleration or electrical resistance, the object of measurement is a human being who has a will with respect to being measured. If people do not trust the system, they will not install the application. Even if they install it, they will not use it. They will not register a positive result. Even upon receiving a notification, they will not change their behavior. It has been reported that, in the case of Japan’s COCOA, public trust was associated with usage behavior [11], and in this sense, the success or failure of contact-tracing applications was a matter not only of individual psychological trust but also of institutional trust, accountability, and risk acceptance [12,13,14].
Here lies a paradox. Even when technical design has reached a certain level of quality, social measurement cannot be established unless citizens are able to verify under what conditions, by whom, and in what manner “being known” will be used. What the COCOA experience reveals is the fact that, even when privacy-protective design has been implemented at a technical level, legitimate civic acceptance will not emerge if the institutional pathways for subsequently confirming and auditing that design are absent.
This paradox is not a problem unique to contact-tracing applications. In a society where AI systems routinely output recommendations, judgments, warnings, administrative support, and medical advice, the same structure threatens to repeat itself at a far larger scale. What citizens encounter is not the weights inside a model, but the judgments that AI has rendered and the institutions that operate on the basis of those judgments. Without a mechanism that makes clear under what conditions, according to what rules, and in a form verifiable by whom “being judged by AI” takes place, legitimate trust in AI as social infrastructure will not emerge.
The experience of COVID-19 contact-tracing applications is a microcosm of this problem. This paper formalizes this paradox as an extension of the Kelvin Principle and connects it to a vision of trust infrastructure for AI output governance.

2. The Extended Kelvin Principle

2.1. The Scope of the Kelvin Principle and the Unresolved Premise in Social Measurement

In 1883, William Thomson, that is to say, Lord Kelvin, left the following famous words in a lecture entitled “Electrical Units of Measurement” delivered at the Institution of Civil Engineers in London:
“When you can measure what you are speaking about, and express it in numbers, you know something about it; but when you cannot measure it, when you cannot express it in numbers, your knowledge is of a meagre and unsatisfactory kind.”
This statement was made in the context of electrical units and physical measurement [15]. Kelvin himself did not have modern social measurement or AI governance in mind. Nevertheless, the form of the proposition, namely that “when you can measure what you are speaking about and express it in numbers, you know something about it,” carries broad implications beyond physical measurement for thinking about the relationship between knowledge and measurement [15].
In the domain of physical measurement, this proposition became highly institutionalized. International institutions concerning measurement uncertainty, standards, calibration, and traceability were established, and a common language and implementation infrastructure came together to support social trust in measurement values [16,17]. The point that this process of institutionalization constitutes an important precedent for AI output governance will be discussed in detail in Section 3.
In the twentieth century, the measurement of social phenomena also developed substantially. Social statistics, psychometrics, epidemiology, public opinion surveys, econometrics, and administrative statistics produced powerful methodologies for capturing society in numerical form. The fact that statistics and quantification have shaped public objectivity and governing capacity has been widely discussed in research in the sociology of science, the history of statistics, and theories of the state [18,19,20]. Social measurement itself was by no means an undeveloped field.
However, there is a decisive asymmetry between physical measurement and social measurement.
In physical measurement, the object of measurement does not refuse to be measured. Temperature, electric current, mass, and length do not seek consent from the measurer. The object of social measurement, by contrast, is human beings. Human beings adopt attitudes of refusal, wariness, resistance, or cooperation with respect to the collection of their behavior, contacts, location, health status, opinions, emotions, and judgments. As seen in Section 1, the fact that cooperation with contact-tracing applications was influenced by trust in the system was precisely a manifestation of this asymmetry.
In social measurement, therefore, not only measurement technology but also privacy, consent, legitimacy, and institutional trust become conditions for measurement to be established. Here lies a premise that has not been made explicit in the Kelvin chain of physical measurement [21,22,23].
In Kelvin’s time, the right to privacy in the modern sense had not yet been fully established. Warren and Brandeis’s “The Right to Privacy” was published in 1890, seven years after Kelvin’s lecture [21]. Digital technologies capable of enabling large-scale collection of personal data did not yet exist. The Kelvin proposition of “no understanding without measurement” developed primarily in the context of physical measurement, without incorporating the problems of consent and trust in social measurement.
In the age of AI, this unresolved premise emerges as a central problem. AI systems depend on vast amounts of social information, including personal data, behavioral histories, sensor data, footage from public spaces, online utterances, and administrative data. Furthermore, as discussed in Section 1, the problem does not stop at trust in data collection. When the judgments rendered by AI itself become embedded in social infrastructure, if legitimate trust in “being judged by AI” cannot be established, neither social measurement nor social control in a democratic society can be established.
This paper formalizes this problem as an extension of the Kelvin Principle.

2.2. The First Extension: No Legitimate Social Measurement Without Trust

As seen in Section 2.1, the Kelvin chain of physical measurement—“no understanding without measurement; no control without understanding”—rests on the premise that the object of measurement does not seek consent from the measurer. Under what conditions, then, does this chain hold when the object of measurement is a human being with a will? The experience of contact-tracing applications provides a concrete answer to this question.
Contact-tracing applications were a technology for measuring the social fact of proximate contact. In infectious disease control, understanding who was in proximity with whom, when, and to what degree is important for understanding and controlling infection risk. Contact-tracing applications are therefore positioned at the entry point of the Kelvin chain. Only when measurement is established does understanding of infection dynamics become possible, and only then can effective countermeasures be designed.
Social measurement, however, cannot be established by sensors and algorithms alone. Whether to adopt the application, whether to cooperate with data provision, whether to register a positive result, and whether to act upon receiving a notification all depend on the judgments of individual citizens. And those judgments are influenced by trust in the system. Trust is understood not as mere optimism or goodwill, but as a relationship in which one accepts vulnerability toward another party or institution in a situation involving risk [24].
Following the chain, the structure is clear. Without trust, sufficient data cannot be collected. Without data, infection dynamics cannot be grasped. Without grasping them, effective countermeasures cannot be designed. The Kelvin chain cannot move forward while its entry point remains blocked.
From this, the first extension is derived.
No legitimate social measurement without trust. No social understanding without social measurement. No social control without social understanding.
One point requires clarification regarding the scope of this proposition. Even in the absence of trust, it is technically possible to collect social data through coercion, concealment, or unilateral data collection. Surveillance states and excessive corporate surveillance are extreme examples of this. However, what this paper’s proposition addresses is not that form of measurement. It is a proposition about social measurement that, in a democratic society, presupposes civic cooperation and consent and is sustainable over the long term—that is to say, social measurement that possesses legitimacy. While governing technologies that seek to render society visible are useful, coercive visibility and excessive simplification undermine legitimacy itself [19,20]. If measurement loses legitimacy, the entire chain collapses.
This first extension does not negate Kelvin’s principle. Rather, it makes explicit the overlooked premise required for the Kelvin chain to hold in the context of social measurement. Yet a question remains that demands one further step: how does that trust come into being?

2.3. The Second Extension: No Social Trust Without Trust Infrastructure

Where does trust come from?
In organizational theory concerning trust, trust has been understood not as mere goodwill or optimism but as an acceptable vulnerability in which the other party acts in accordance with expectations under conditions of uncertainty and risk [12,24]. Regarding public trust, it has been pointed out that trust does not emerge merely from calling on people to “trust more,” but requires the construction of trustworthy institutions and accountability [13,14]. Trust in AI governance must likewise be treated not as a matter of declaration but as an institutional condition.
The EU’s Ethics Guidelines for Trustworthy AI, the OECD AI Principles, the NIST AI RMF (National Institute of Standards and Technology AI Risk Management Framework), and the EU AI Act have presented important principles such as transparency, explainability, fairness, safety, and accountability [25,26,27,28]. These are indispensable in AI governance, and this paper does not deny their significance. However, there is a question that these documents have not sufficiently answered, namely the question of how trust is generated.
A declaration that “our AI is trustworthy” alone does not generate social trust. On the contrary, unverified declarations often deepen distrust. While trust between individuals is formed through experience, reputation, and repeated relationships, trust in social infrastructure that comes into contact with millions or billions of people cannot be left to individual experience or corporate self-declaration. Trust at the scale of social infrastructure requires structure at the scale of social infrastructure. That is, a mechanism is needed that institutionally guarantees the rules on which outputs and judgments are based, how they are verified and recorded, and who can audit them [29,30]. A framework that makes visible from the outside how deviations are detected and how responsibility is assigned is also indispensable [31,32].
From this, the second extension is derived.
No social trust without trust infrastructure. No legitimate social measurement without social trust. No social understanding without social measurement. No social control without social understanding.
To understand this proposition more precisely, it is necessary to distinguish a two-layer structure of trust. The first layer is trustworthiness, namely the objective condition that AI outputs actually conform to the rules. This conformity is guaranteed not by monitoring every output one by one, but by a mechanism that renders false declaration irrational—verifiability, recording, tamper resistance, independent auditability, and severe sanctions when falsehood is discovered. The second layer is trust, namely the acceptance and approval that people extend to “being known and judged by AI,” on the basis that the first layer is guaranteed. As O’Neill has argued, the second layer cannot be legitimately established without the first [13]. Only when both are in place can trust be treated not as an ethical slogan but as an engineering and institutional condition.
Within the second layer of social acceptance, there are two further kinds. One is passive habituation, namely acceptance that results from giving up resistance, which can occur even without the first layer being established. The other is experience-backed informed acceptance, which accumulates through repeated confirmation that the first layer is functioning. In a democratic society, only the latter possesses legitimacy.
One reason why cooperation with COCOA failed to spread was that citizens were not provided with any means of verifying under what conditions, by whom, and in what manner “being known to the application” would be used [6,11]. Even where technically privacy-protective design exists, legitimate second-layer acceptance cannot be established without proof of the first layer. This structure threatens to repeat itself at a larger scale today, as AI becomes deeply involved in behavior, judgment, medicine, and administration. Trust infrastructure is the institutional foundation that renders “being judged by AI” visible not as an opaque exercise of power but as a verifiable process subject to rule-binding, recording, and auditing.
It should be noted that these two layers do not stand in a one-way relationship. Social judgments formed in the second layer—acceptance and objection expressed through civic auditing, public deliberation, and democratic procedures—update the content of the Rules and change the verification criteria of the first layer. When this feedback loop functions, trust infrastructure operates not as a fixed apparatus of power but as an institution that continuously renews its legitimacy through dialogue with society.
The Extended Kelvin Principle and the two-layer structure of trust described above are shown in Figure 1. The VRAIO (Verifiable Record of AI Output) proposed later in this paper—a trust infrastructure integrating metadata declaration of output candidates, rule verification, tamper-resistant recording, and independent auditing—supports the starting point of the chain leading from social trust to social measurement, social understanding, and social control by guaranteeing this first layer (trustworthiness). Its structure and operation are detailed in Section 3 and Section 4.

3. The Limits of Existing Governance Frameworks and a Structural Precedent from Metrology

3.1. The Limits of Existing Governance Frameworks and the Necessity of Output Governance

Viewed from the perspective of the Extended Kelvin Principle derived in Section 2, the limits of existing AI governance frameworks become clear. Existing approaches can be organized into three broad layers.
The first is input regulation. Personal data protection legislation, beginning with the GDPR (General Data Protection Regulation), has provided important rules concerning the collection, use, storage, and third-party provision of personal data [23,33]. However, input regulation faces a tradeoff between privacy protection and social utility. Without collecting data, society cannot be measured. If data is collected without limit, privacy and freedom are violated. As long as the problem is addressed at the input stage, this tradeoff cannot be structurally resolved.
The second is internal regulation. Model transparency, explainable AI, algorithmic auditing, model cards, and datasheets are important attempts to render visible the internal structure and development processes of AI systems [34,35,36,37]. However, fully understanding and explaining the internal structure of large-scale AI systems is not straightforward. And even if internal structure is explained, whether individual outputs conform to social rules remains a separate problem.
The third is output regulation. Content moderation, safety filters, and the removal of illegal or harmful content through terms of service are already implemented on many platforms. However, current output regulation depends on the operation of internal corporate policies, and it can hardly be said to possess verifiability, auditability, and international interoperability at the scale of social infrastructure [31,32].
This paper does not deny these three layers. It is important that each functions in a complementary manner. However, none of the three layers sufficiently provides what was discussed in Section 2 as the first layer of trust, namely the objective condition that one can retroactively confirm according to what rules AI outputs were based, how they were verified, and how they were recorded.
What citizens ultimately encounter in AI governance is neither the weights inside a model nor the composition of training data. It is the outputted text, images, judgments, recommendations, warnings, administrative support, and medical advice. The outputs that can affect society are diverse, and their recipients likewise range from citizens and general users to owners and operators, other AI systems, and public infrastructure. The last line of defense in AI governance is the output.
However, it is insufficient merely to prohibit or permit outputs. What matters is according to what rules outputs are based, how they are reviewed, with what metadata they are recorded, and how they are auditable. As Lessig argued regarding cyberspace, institutional norms cannot be effective unless they are embedded as technical architecture [38]. Herein lies the necessity of GLO and VRAIO-type infrastructure.
This paper’s argument is not that VRAIO is the only solution. Different designs may be proposed in the future, including decentralized auditing systems, public certification schemes, and cryptographic proof systems. However, without at least the idea of integrating structured metadata declaration at the output candidate stage, independent verification bodies, tamper-resistant recording, and post hoc auditing, AI output governance will continue to be confined to declaratory principles and internal corporate operations. GLO and VRAIO are presented as an institutional engineering direction for filling this gap [29,39,40,41].

3.2. GUM and GLO: A Structural Precedent from Metrology

What institutional engineering structure should the trust infrastructure sought by GLO and VRAIO possess? Metrology provides an important precedent in response to this question.
Before the GUM, measurement values across countries and institutions were not necessarily sufficiently comparable. Even when the same units were used, if the methods of uncertainty evaluation, calibration procedures, and traceability to standards differed, the meaning of measurement values would not coincide. The GUM provided an international common language for the expression of measurement uncertainty to fill this gap [16,17]. However, the GUM did not function through documentation alone. By connecting with national metrology institutes, calibration laboratories, international comparisons, traceability systems, and accreditation schemes, social trust in measurement values was supported on an engineering basis. Only by becoming integrated with the calibration infrastructure did the GUM socially generate the reliability of measurement values [16,17].
AI outputs are in a situation analogous to pre-GUM measurement values in at least one important respect. One AI system outputs “this policy is effective,” while another reaches the opposite conclusion. Whether that difference is due to differences in model architecture, bias in training data, or differences in the normative rules applied is something users cannot determine. A common language that makes differences between outputs comparable simply does not exist.
This problem is not identical to uncertainty in physical measurement. The legitimacy of AI outputs encompasses multiple normative dimensions, including legal conformity, ethical validity, democratic justification, safety, and privacy protection. The GUM framework cannot be transplanted wholesale onto AI outputs. However, a structural analogy holds. For AI outputs as well, a common language is needed for expressing according to what criteria and to what degree an output has been judged legitimate, and institutional and technical infrastructure is needed to make it verifiable that such judgment has actually been carried out [29,30].
In this paper, the former is positioned as GLO (Guide to the Expression of Legitimacy of Output) and the latter’s leading implementation candidate as VRAIO [39,40].
GLO is a common language for describing, as structured metadata, the formal conformity of an output’s purpose and content to the Rules, at the output candidate stage before an AI system releases its final output externally. What GLO requires is not an explanation of the internal process leading to the output. Rather than the weights or inference paths inside a model, it treats the output candidate itself as a “claim” and has the AI system explain and declare, post hoc, the legitimacy (rule-conformity) of its purpose and content. GLO metadata structures the purpose and content of the output, the rules applied to them, and the results of the rule-conformity judgment, in accordance with a predefined classification system (the specific items are detailed in Section 4.2).
VRAIO is the institutional framework that guarantees the authenticity of this GLO metadata. It controls output candidates through an outbound firewall, has an independent Recorder verify the formal consistency between the GLO metadata and the Rules, and records that process in a tamper-resistant ledger. Furthermore, spot checks by an audit body cross-reference the output metadata stored in the ledger against the actual output, and when falsehood is discovered, penalties “large enough to destroy the incentive for false declaration” are imposed.
What is important here is that VRAIO does not monitor the entire content of every output one by one. What VRAIO seeks to guarantee is two things—that the declaration conforms to the Rules, and that the declaration contains no falsehood—and by combining reliable preservation of the declared content, spot-check auditing, and severe sanctions for false declaration, it renders false declaration an irrational choice. This is VRAIO’s deterrence mechanism (Section 4.1).
Accordingly, what VRAIO aims for is to make retroactively auditable the conformity of outputs to the Rules established through democratic procedures. The Rules themselves, which define what is legitimate, are not determined by VRAIO; they should be established through democratic procedures, legal institutions, and public deliberation, and verified and revised as needed. What VRAIO provides is the foundation that guarantees that outputs conform to the Rules—that is, a foundation that institutionally achieves legitimate trust in AI outputs, in the same sense that the GUM, through the calibration infrastructure, institutionally achieved trust in measurement values.
The relationship between GLO and VRAIO corresponds to the relationship between GUM and calibration infrastructure, as summarized in Table 1.
However, this correspondence must not be oversimplified. The essential difficulty that the GUM faced lay in the conceptual replacement from “error” to “uncertainty,” namely the reorganization from the traditional understanding that defines error as the difference from a true value, toward treating uncertainty as the dispersion of values that can be reasonably attributed to the object of measurement without presupposing a true value [16,42,43]. However, this conceptual shift was difficult to perceive as a clear practical difference in the field, partly because statistical tools overlapping with error theory continued to be used in practice.
The nature of the difficulty that GLO faces is different. GLO does not replace an existing firmly established concept. Model cards, datasheets, and AI FactSheets are important frameworks for describing the attributes of models and datasets [36,37,44], but they differ from a framework that structurally declares the legitimacy judgment of individual output candidates before they are released externally. In AI output governance, this common language has not yet been established. GLO is an attempt to provide a descriptive form to fill that gap.
The essential difficulty of GLO therefore lies not in the difficulty of conceptual replacement but in connection to output governance infrastructure with social enforcement power. As long as GLO remains a voluntary descriptive guide, it cannot become central to AI output governance. For GLO to be effective, it must connect with verifiable recording infrastructure such as VRAIO and function within an institutional framework that integrates output candidates, metadata declaration, rule-conformity verification, tamper-resistant recording, and independent auditing [29,30,31]. Just as the GUM could not function without the calibration infrastructure, GLO likewise cannot function effectively without connection to output governance infrastructure with social enforcement power.
Measurement values and AI outputs are both used as the basis for social decision-making. If measurement values cannot be trusted, science and technology, industry, safety regulation, medicine, and environmental policy cannot be established [18,19]. Similarly, if AI outputs cannot be trusted, AI-assisted administration, medicine, education, justice, and public policy cannot be established [30,45,46]. This correspondence is not a mere metaphor but a structural argument that leads to the necessity of trust infrastructure.

4. VRAIO and GLO: Implementing the Trust Infrastructure

As discussed in Section 3, GLO is a common language and VRAIO is the infrastructure that implements it. This section presents the concrete structure of these two elements.

4.1. The Basic Architecture of VRAIO

The starting point of VRAIO lies not in attempting to elucidate the internal structure of AI systems, but in making the outputs that actually affect society the object of governance. However complex and black-box an AI system may be, what ultimately acts upon society is its outputs, namely recommendations, judgments, warnings, and administrative decision support. Accordingly, making it verifiable under what conditions outputs are generated, for what purpose, and to whom they are sent becomes the central task of AI governance [39,40,41].
The norm running through this governance is simple (lower part of Figure 2): AI outputs that can have a significant impact on society bear an obligation to argue that their purpose and content conform to the Rules, and an output that cannot be so argued must not be released in the first place. The architecture of VRAIO is an attempt to embed this norm not as a mere declaration but as a mechanism—the Valve described below is nothing other than the physical embodiment of this norm that “outputs that cannot be argued are not let through.”
The principal components of Figure 2 are as follows.
The Government Regulatory Agency for AI (GRA-AI) formulates the Rules on the basis of social deliberation, legal institutions, and democratic decision-making. The Rules are not merely ethical guidelines; they are definitions of the purposes, targets, conditions, and prohibitions under which AI outputs are permissible, specified in a form that can be mechanically verified. These Rules are shared with the AI system, the Recorder, and the Data Receiver.
The Outbound Firewall is the exit structure surrounding the AI system. Generated output candidates cannot be released externally without passing through this Firewall. Inside the Firewall, the AI system generates a GLO metadata declaration (described below) together with the output candidate and transmits this to the Recorder as an Application.
The Recorder functions as an independent third-party body. The role of the Recorder is, in principle, to confirm that the declared GLO metadata is formally consistent with the Rules; it is not necessary for the Recorder to read the content of the output at all times. When it determines conformity, the Recorder returns the release condition to the Valve inside the Firewall. When it does not determine conformity, the Valve remains closed and the output is blocked.
The ledger (such as a Blockchain network) records the determination process and its results in a tamper-resistant form. The information recorded comprises the identifying information of the output candidate, the GLO metadata, the Rules applied, the determination result, timestamp information, and the output hash value. The ledger is the institutional memory concerning AI outputs and forms the foundation for post hoc auditing [29,39,40].
Auditing by citizens and audit bodies is a structural feature that demonstrates that VRAIO is not merely an administrative surveillance apparatus. Researchers, citizens, and independent investigators can refer to the ledger to verify the effectiveness of the Rules, the compliance status of AI systems, and whether any violations have occurred [31,32]. Auditing involves not only reading the metadata in the ledger but also, through spot audits, cross-referencing the preserved actual output against the GLO metadata and output hash value in the ledger, thereby confirming that the declaration contains no falsehood.
The operation of VRAIO can be organized into the following four stages.
  • Rule formulation: The Government Regulatory Agency for AI formulates the Rules through democratic procedures.
  • Output candidate generation and GLO metadata declaration: The AI system generates an output candidate and transmits the corresponding GLO metadata to the Recorder as an Application.
  • Verification, determination, and recording: The Recorder verifies the GLO metadata against the Rules and returns the determination result to the Valve while simultaneously recording it in the ledger. Only when the Valve opens is the output transmitted to the Data Receiver.
  • Auditing and institutional improvement: Citizens and audit bodies audit the ledger and verify the validity of the Rules and the state of compliance. Audit results are fed back into the updating of the Rules.
The core of VRAIO’s deterrent power does not lie in real-time blocking by the Valve. If an AI system operator declares GLO metadata that differs from the actual output, that false declaration leaves a trace in the ledger [29,39]. The serious sanctions imposed when falsehood is discovered through unannounced spot audits—sanctions severe enough to destroy the incentive for false declaration—render false declaration an irrational choice [30,32]. VRAIO is not a system that monitors outputs one by one; it is an architecture that institutionally destroys the incentive to make false declarations [39,40,47].
It should be noted that VRAIO is not limited to specific applications. The Data Receiver may be any of a diverse range of parties, including individuals, public institutions, other AI systems, and public infrastructure. VRAIO is applicable to a diverse range of AI outputs with social impact, including platform AI, generative AI, autonomous driving AI, public space camera AI, and administrative decision support AI. However, what is presented in this section is no more than the basic structure; how the legitimacy of each individual output is quantified and declared (Section 4.2 and Section 4.3) and how its verification is guaranteed (Section 4.4) are the keys to making VRAIO effective.

4.2. GLO Metadata: A Common Language for Declaring Output Legitimacy

GLO (Guide to the Expression of Legitimacy of Output) is a common language that defines the format of the metadata required to be attached to output candidates that can affect society. In VRAIO, GLO metadata functions as the declaration information by which the Recorder mechanically cross-references against the Rules—that is, the permissible output range described in GLO format. It does not disclose the full text or raw data of the output; rather, it describes the information necessary for governing the output in a form that can be cross-referenced against the Rules. At its core, it treats the output candidate as a single “claim” and declares, on a fact-based footing, the argument that its purpose and content conform to the Rules (Section 4.3).
The items of GLO metadata are as follows.
  • Output ID: An identifier uniquely assigned to each output candidate. It is indispensable for recording in the ledger and for cross-referencing in post hoc auditing.
  • Timestamp: The date and time at which the output candidate was generated (UTC standard). Tampering is detected through cross-referencing with the time of receipt by the Recorder.
  • Operator ID: Information identifying the operator of the AI system that generates and transmits the output. Assurance of authenticity through means such as digital signatures is required, clarifying the attribution of responsibility for false declaration.
  • Receiver ID and Category: The identifying information of the Data Receiver and its attribute category (adult, minor, medical institution, public institution, other AI system, etc.). This directly affects the selection of Rules to be applied.
  • Output Type: The type of the output in question. It is structured in accordance with a predefined classification system (ontology); once the type is determined, the applicable Rules, the types of “facts” required, and the types of “primary sources” that should serve as their basis are thereby determined.
  • Risk Classification: The risk level of the output in question, declared in accordance with the classification system defined in the Rules (low, medium, high, emergency, etc.). It is reflected in the priority of the Recorder’s verification and in the control conditions of the Valve.
  • Applicable Rules Reference: The clause identifiers of the Rules applied to the output in question. Verification is performed on the basis of this reference.
  • Legitimacy Confidence L (L ∈ [0,1]): The probability that the purpose and content of the output in question conform to the Rules. It is composed as L = L_purpose × L_content, the product of the legitimacy of the purpose and the legitimacy of the content given that purpose (Section 4.3).
  • Legitimacy Budget: Information that decomposes and presents the computation process and grounds of L. It comprises the list of “facts” that constitute the argument, each fact and the “primary source” that serves as its basis, the reliability of each fact and the method of its evaluation, and the composition rule for combining them into L. L does not circulate on its own; it must always be accompanied by the legitimacy budget. This forms the core of GLO metadata (Section 4.3).
  • Output Hash: A hash value generated from the output content. In spot audits, it is used to verify the identity between the declared GLO metadata and the actual output content. It is one of the technical foundations for deterring false declaration.
  • Domain-Specific Fields: Extension items according to the nature and use of the output. These include flags for the possible inclusion of personally identifying information, risk classifications for emotional or psychological impact, the presence or absence of emergency exception application, and a list of the multiple models involved in a multi-agent configuration.
The types of “facts” required and the “primary sources” that serve as their basis differ for each output type. For example, in the search for a missing child in an FMPS (Fully Monitored Public Space), discussed later (Section 4.5), facts such as a search authorization and the identification of the police officer who requested and confirmed the search are required to be traceable to primary sources such as the records of the issuing court or the police. Which facts and primary sources are required for which type is determined as part of the Rules through democratic procedures.
These items can be mechanically cross-referenced against the Rules. However, the depth of scrutiny is divided into two tiers. The Recorder’s constant cross-referencing covers the Timestamp, Operator ID, Receiver ID and Category, Output Type, and L, confirming that these are formally consistent with the Rules. The legitimacy budget is not an object of the Recorder’s constant scrutiny but is scrutinized at the time of unannounced spot audits. That is, an audit body inputs the “facts” in the budget into the same Rule-Judgment AI (Section 4.4) to recompute L, confirms its agreement with the declared L, and cross-references whether each “fact” is traceable to a primary source as declared. This two-tier configuration—formal verification up to L on a constant basis, and substantive scrutiny of the budget on a spot basis—is the core of VRAIO’s operation, which renders false declaration irrational without requiring constant monitoring of every output (Section 4.4).
The Compliance Verdict is not a declared item but an item assigned by the adjudicating side upon receiving the declaration. The sealed, deterministically operating Rule-Judgment AI (Section 4.4) computes and verifies L, and the Recorder, upon receiving that result, determines conformity and records it in the ledger. The Recorder has the Rule-Judgment AI bear the substance of the determination while itself handling the recording of that result and the confirmation of formal consistency with the Rules. The Compliance Verdict becomes the institutional basis for ledger recording, auditing, and penalties.
A supplementary note on the flow of determination. The default operation of the Recorder is limited to confirming, upon receiving the result of L computation and verification by the Rule-Judgment AI, the formal consistency between the GLO metadata and the Rules; it is not necessary to read the output content itself at all times. Because the Rule-Judgment AI is public and deterministic, the AI system side can also predict the verification result in advance, and in normal operation, the Valve functions as a formal pass-through gate. Exceptionally, only in serious cases or when there is sufficient time for determination, a transition to a Substantive Review that enters into the output candidate itself is also institutionally envisaged. However, this is an exception to the basic operation of VRAIO, and its activation conditions, authority, and procedures must be explicitly defined in advance within the Rules. The determination mode is also recorded in the ledger as part of the determination result.
Although the specific items of GLO metadata vary by application domain, the basic structure—declaration of the argument and facts, accompaniment of L by the legitimacy budget, cross-referencing against the Rules, official determination, and identity assurance by hashing—is common. It is precisely this common structure that enables VRAIO to function as a general-purpose output governance infrastructure not limited to specific applications.

4.3. The Legitimacy Confidence L and Its Composition

The core of the GLO metadata introduced in Section 4.2 was the self-declaration of the legitimacy confidence L of the output in question. This section shows how L is defined and on what basis it is computed. Specifically, it formulates L as a continuous quantity L ∈ [0,1] representing the degree of legitimacy of an output candidate, and introduces the legitimacy budget, which decomposes and accompanies the grounds for its computation. These give concrete form, at the level of individual outputs, to the structural correspondence with the GUM discussed in Section 3.
Treating the output candidate as a “claim”
Before introducing L, the basic idea of GLO should be made clear. GLO does not require an explanation of the internal process of the AI system that led to the output—through what weights and inference paths that output was generated. In large-scale AI systems, this is fundamentally difficult, and moreover, even if the internal process were explained, whether an individual output conforms to the rules would remain a separate problem (Section 3).
GLO therefore treats the output candidate itself as a single “claim” and requires that, for that claim, an argument that its purpose and content conform to the Rules be constructed post hoc. The argument is constructed by combining “facts.” That is, for an output candidate to be permissible, it must be possible to argue, on the basis of facts, that its purpose and content conform to the Rules. An output that cannot be argued must not be released in the first place (the norm of Section 4.1). What is at issue in this conception is not how the output was generated (the process) but how the output can be justified by the Rules (justification).
Here, the consequence that this norm has for the behavior of the AI system should be noted. Because the Rules are public (in GLO format) and the Rule-Judgment AI that performs the conformity determination (Section 4.4) is deterministic, the AI system can itself determine, prior to declaration, whether the argument it has constructed yields an L within the range permitted by the Rules. Accordingly, the AI system attempts to construct an argument until one that yields a sufficient L is obtained, and it abandons the output if none is obtained. There is no incentive to make a declaration foreseeably destined to be rejected. As a result, the situations in which the Valve actually blocks an out-of-range declaration are exceptional, and in normal operation, the Valve is open. VRAIO’s deterrent power lies not in this pre-emptive blocking by the Valve but in the post hoc destruction of incentives through the recording of declarations, unannounced spot audits, and severe sanctions for false declaration (Section 4.1 and Section 4.4).
Definition and composition of L
The legitimacy confidence L expresses the plausibility of this argument as a value in [0,1]. The dimensions along which the Rules judge the permissibility of an output can be broadly divided into two: whether the purpose of the output is legitimate and whether the content of the output is legitimate. Corresponding to this, L is constructed as the product of two factors.
L = L_purpose × L_content
Here, L_purpose is the plausibility of the legitimacy of the purpose, and L_content is the plausibility of the legitimacy of the content given the declared purpose. Taking the form of a product has a clear meaning. First, if either the purpose or the content is not legitimate (if either factor is 0), the overall L is also 0. An output whose purpose is illegitimate is not permitted however appropriate its content, and vice versa. Second, if both factors are interpreted as “the probability of conforming,” their product can be interpreted probabilistically as “the probability that both the purpose and the content conform.”
The point that the legitimacy of the content is evaluated conditionally on the purpose is important. Whether a given content is appropriate is not determined on its own but in relation to the declared purpose. For example, an output that accesses a certain range of data may be appropriate under a legitimate purpose but excessive in the absence of that purpose. In this sense, L_content can be understood as the quantification of data minimization and proportionality in light of the declared purpose—content exceeding the range reasonably necessary to achieve the purpose lowers L.
It should be noted that whether to declare purpose and content composed into a single L or to declare two values (L_purpose, L_content) side by side, and how to define the composition rule are themselves matters to be determined as part of the Rules through democratic procedures. This paper presents composition by product as the basic form but does not fix it as the only form.
The legitimacy budget: prohibiting the circulation of the value alone
L must not circulate on its own. A legitimacy budget that decomposes and presents the facts and assumptions, as well as the underlying composition, on which L was computed must always accompany L. This corresponds structurally to the way that, in metrology, the GUM does not permit a combined standard uncertainty to be presented as a single number but requires the accompaniment of an uncertainty budget that decomposes the evaluation method and contribution of each component.
The legitimacy budget includes the list of facts that constitute the argument, the reliability of each fact and the method of its evaluation, and the rule used for composition into L. Just as the GUM distinguishes components of uncertainty into statistical evaluation (Type A) and other evaluation (Type B), the reliability of each fact in the legitimacy budget is likewise envisaged to be classified according to its method of evaluation.
Here, the facts that constitute the argument must be traceable to primary sources. This is the criterion for the legitimacy budget to be auditable. For example, the fact that “a court warrant exists” must be traceable to a primary source, namely the records of the issuing court. A fact that cannot be traced to a primary source is not admitted as a constituent of the argument. This traceability is what makes possible the detection of factual falsity discussed in Section 4.4.
However, requiring the accompaniment of the legitimacy budget does not mean requiring its disclosure. The content of the budget—for example, the search range or the records referred to—may itself contain privacy-sensitive information. What is required is not disclosure but reachability from the audit channel. That is, the budget need only be preserved in a form that an authorized audit subject can verify as necessary. How to achieve this reconciliation of auditability and privacy protection is borne by the Rule-Judgment AI of Section 4.4.
The three-layer correspondence with GUM
By the above, the correspondence between GLO and GUM forms the following three layers at the level of individual quantities (complementing the institution-level correspondence discussed in Section 3). That is, just as a standard uncertainty accompanies a measurement value and an uncertainty budget accompanies the standard uncertainty, L accompanies an output candidate and a legitimacy budget accompanies L. L is not the measurement value itself but a second-order quantity assigned to it, and the legitimacy budget is third-order information that further decomposes the grounds for its computation. It is precisely this correspondence that distinguishes GLO from a merely declaratory classification system, for L is not a primitive, self-declared label but a derived quantity computed from a fact-based argument, the computation process of which is open to auditing.
The scope of the formalization of composition
This section has presented composition by the product of purpose and content as the basic form of L. In more complex outputs—for example, a policy judgment in which numerous facts are hierarchically combined to support a single conclusion—L is not a simple product of two factors but a derived quantity computed by propagation over an argument graph whose leaves are facts and whose root is the conclusion. In this case, the rule by which the reliability of each fact is combined to yield the L of the conclusion—for example, whether by composition analogous to the propagation of variance, or by composition dominated by the weakest argument—is a design matter that depends on the structure of the argument and the domain.
In this paper, we do not enter into the general formalization of this composition rule, but confine ourselves to establishing the structural requirement that L be “a derived quantity that is computed from a fact-based argument, accompanied by a legitimacy budget, and recomputable in auditing.” The formulation of specific composition rules and the verification of their validity for each domain are matters for future research. Indeed, the complexity of composition varies greatly by application domain, ranging from the relatively simple case in the FMPS discussed later (Section 4.5) to cases such as policy support in which numerous facts are deeply combined.

4.4. The Rule-Judgment AI: A Sealed Verifier

The GLO/VRAIO framework presented in Section 4.1, Section 4.2 and Section 4.3 imposes on output candidates the declaration of a legitimacy confidence L and a legitimacy budget, and guarantees their authenticity through spot audits. This framework stands on its own—as a deterrent based on unannounced auditing and severe sanctions. However, two questions remain here that could further enhance the effectiveness of verification. First, how is it retroactively verified that the computation of L itself was performed correctly? Second, the computation of L requires entering into the content of an output candidate, which may contain privacy-sensitive information; how is that verification performed without leakage? This section presents the Rule-Judgment AI as a mechanism that answers these two questions simultaneously, and further shows the structure of incentives and responsibility for AI system operators that becomes possible only when this verification mechanism is in place. This verifier does not replace the deterrence of the preceding sections; it adds, on top of it, a further layer of reproducibility in the computation of L.
The sealed verifier
The Rule-Judgment AI is an independent component that receives an output candidate and its GLO metadata (facts and argument) as input and computes L in light of the Rules. Its first characteristic is that it is sealed. That is, while it may receive as input any information, including the output candidate itself, its output to the outside is limited to the single determination result (L and conformity), and it is designed and institutionally certified to expose no output channel other than the determination result.
This sealedness yields a decisive advantage. Even when the Rule-Judgment AI enters directly into the content of an output candidate, including privacy-sensitive information, to perform verification, it does not leak that content to the outside. Reading the maximum of information necessary for verification while limiting the information it outputs to the minimal determination—this asymmetry is precisely what makes possible the reconciliation of auditability and privacy protection. The same kind of requirement, namely verifying a property without disclosing the content, is being technically realized in the financial sector through privacy-enhancing technologies such as zero-knowledge proofs, secure computation, and trusted execution environments (TEEs) [48]. The Rule-Judgment AI can be positioned as an application of this idea of sealed execution to the verification of AI output legitimacy.
Determinism and two-layer falsity detection
The second characteristic of the Rule-Judgment AI is that it is deterministic—its behavior does not change through learning, and it is guaranteed to return the same output for the same input. This property fundamentally strengthens the detection of false declaration.
Falsity relating to AI outputs can be divided into two layers.
First, computational falsity—the case in which an L that should properly be derived as low from the declared “facts” is falsely declared as high. This is reliably caught by the deterministic Rule-Judgment AI. In a spot audit, if the audit body inputs the same “facts” recorded in the metadata into the same Rule-Judgment AI and recomputes L, exactly the same L is obtained so long as the computation was performed correctly. If the AI system falsifies the computation of L, this is exposed as a discrepancy with the recomputed result. When an AI system behaves probabilistically, judging the truth of a declared L after the fact gives rise to a difficult gray zone; recomputation by a deterministic verifier turns this into a clear binary determination of agreement or disagreement.
Second, factual falsity—the case in which “a court warrant exists”—is declared in the facts field while, in reality, no warrant exists. This cannot be caught by the Rule-Judgment AI, because the verifier merely computes on the premise that the given facts are true. This layer of falsity is therefore confirmed by cross-referencing against authoritative external records—for example, by confirming whether the declared warrant actually exists in the records of the issuing court. To make this cross-referencing possible, the “facts” constituting the argument must be traceable to primary sources (Section 4.3).
This two-layer separation limits the scope of the Rule-Judgment AI’s responsibility to “whether the computation from facts to L is correct” and entrusts “whether the facts are true” to external reference, which is also consistent with sealedness. If the verifier were also made to bear the determination of the truth of facts, it would require reference to all manner of external records, which could contradict sealedness. It is precisely because it adheres to the verification of computation that the verifier completes its task with the given input alone and can maintain its seal. This structure is, moreover, isomorphic to the auditing of an uncertainty budget in metrology: it corresponds to the two-stage verification of whether the computation from each component to the combined uncertainty is correct (confirmation by recomputation), and whether the value of each component itself is valid (reference to external grounds such as calibration certificates). By blocking both layers together, the pathways of false declaration are closed on both the computational and the factual sides. This is the technical underpinning of the deterrence that “renders false declaration an irrational choice” in VRAIO.
This division into two layers gives concrete form to the positioning of the verifier stated at the beginning of this section. What the introduction of the verifier newly guarantees is the bit-for-bit reproducibility of the reliability evaluation of each fact and the computation of L through their composition, whereby computational falsity is caught deterministically. On the other hand, the point that verification of the truth of the facts themselves is entrusted to spot audits, regardless of whether the verifier is present, is unchanged from the framework without the verifier.
Positioning as a reference standard
The fact that the Rule-Judgment AI is deterministic and that its specification is public and immutable has a clear correspondence with the certified reference standard in metrology. Just as in calibration, trust is generated by cross-referencing measured values against a public and immutable reference standard, the Rule-Judgment AI functions as a public and invariant standard against which legitimacy judgments of AI outputs are cross-referenced. With this, a new term is added to the structural correspondence between GUM and GLO shown in Section 3. That is, in addition to the correspondence between the standard format of the uncertainty budget (GUM) and the format of the legitimacy budget (GLO), there is correspondence between the certified reference standard and the Rule-Judgment AI. The operator of an AI system bears the obligation to make its own computation of L agree with the behavior of this public, invariant, and deterministic reference standard.
The limited role of the LLM, and the agreement gate
One concern must be answered here. If the Rule-Judgment AI adjudicates legitimacy, does this not, after all, reintroduce on the side of the verifier the very structure that this paper rejected at the outset—the inscrutability of the output process—namely “an opaque AI adjudicating legitimacy”?
To avoid this, the role of the machine-learning component in the Rule-Judgment AI is limited to mapping “facts” and “arguments” into the structured parameters defined by the Rules. As stated in Section 4.1, the Rules are definitions of the purposes, targets, conditions, and prohibitions under which AI outputs are permissible, in a form that can be mechanically verified, and that verification is performed in a quantitative and qualitative (0/1) parameter space. The final conformity determination is rendered as a mechanical cross-reference in this parameter space, not entrusted to the opaque discretion of an AI. The LLM (large language model)-type component bears the role of converting natural-language facts and arguments into structured parameters and does not hold the determination of legitimacy itself.
In this structure, the relationship between the AI system (the side that generates the output candidate and L, the prover) and the Rule-Judgment AI (the side that verifies it, the verifier) corresponds to the asymmetry between verification and search in computational theory. Constructing a legitimate argument for an output candidate requires high computational cost, whereas verifying a given argument is far cheaper. Furthermore, by combining sampling-based spot audits and deterministic recomputation rather than verifying every output, the verification load is kept low independently of the load of output generation. This is why the present framework can hold at scale.
In operation, the release of an output candidate is permitted only when the L declared by the AI system and the L computed by the Rule-Judgment AI do not greatly diverge in the parameter space (the agreement gate). However, this agreement gate does not guarantee truth. If the AI system and the Rule-Judgment AI share the same kind of bias, the two may agree and yet still be in error (correlated error). The agreement gate is therefore a filter that reduces the release of inappropriate outputs in advance, not the ultimate guarantee. The prior agreement gate reduces the leakage of hallucinatory outputs, and the subsequent spot audit catches falsity—through this two-stage defense, the robustness of the framework is secured.
The structure of incentives and responsibility derived from verification
The verification mechanism above gives a clear incentive structure to the behavior of AI system operators. In operation, the AI system constructs an “argument” combining “facts” for an output candidate and computes L using the Rule-Judgment AI. If an argument yielding a sufficiently high L is found, it outputs; if not, it abandons the output—this is nothing other than the prover’s search for a certificate described in the previous section.
If the deterrence shown up to the previous point is a stick of “false declaration is invariably met with severe sanctions,” there is here a carrot that forms its counterpart. That is, unless the operator makes a false declaration, it is in principle exempted from liability for that output. This is a decisive advantage for operators. At present, AI operators are placed in a dilemma between hiding behind opacity and thereby inviting distrust, or being exposed to unbounded liability for their outputs. VRAIO offers a third path—in exchange for declaring honestly and conforming to the Rules, the operator obtains a predictable exemption (safe harbor). Liability that was open-ended and unpredictable is transformed into something bounded and predictable. This structure has precedents in existing legal institutions, such as platform safe-harbor provisions and the due-diligence defense in regulatory law. With both stick and carrot in place, the equilibrium of “honest declaration” is stably established.
However, one difficulty must be addressed here. Factual falsity (the second layer above) includes both intentional falsity and faultless misapprehension. For example, if an operator declared the existence of a warrant believing it to be true, but the record it referred to was itself erroneous, this cannot be condemned as an intentional lie. The two are indistinguishable in their outcome, namely “the declared fact was false”; the difference lies in intent, but intent cannot be observed externally.
This difficulty is handled by an observable criterion rather than by intent. That is, the criterion is whether the operator complied with the discipline of fact procurement—that the facts constituting the argument must be traceable to primary sources (Section 4.3). If a fact turns out to be false even though the prescribed procurement procedure was complied with, it is treated as faultless misapprehension and addressed through guidance for preventing recurrence and through the strengthening of spot audits for that operator (and the bearing of its cost). By contrast, a sloppy declaration that neglected the procurement procedure is not granted the defense of misapprehension and is subject to sanction as negligence or falsity. Furthermore, if misapprehension recurs or becomes habitual even when the discipline is complied with, the response is escalated in stages from strengthened auditing to a review of exemption eligibility. This prevents the evasion of responsibility through the excuse that “it was an oversight” (moral hazard).
One further point: the relationship between exemption and victim compensation must be organized. The principle that “honest declaration is exempted” and the requirement that “compensation must be made when harm has actually occurred” are reconciled by dividing responsibility into two kinds. One is punitive and regulatory responsibility, which is exempted by honest declaration (safe harbor). The other is compensatory responsibility that restores the victim, which is not exempted. To satisfy the latter, the establishment of a compensation fund financed by operator contributions can be considered. Operators contribute to this fund together with the operating costs of VRAIO (including spot audits), and when harm occurs, the fund compensates the victim. This ensures that an honest operator is not exposed to catastrophic damages from a single misapprehension, while the relief of the victim is reliably achieved. If contributions are linked to track record, the incentive to neglect care is also curbed. This structure has precedents in existing institutions such as no-fault compensation funds and liability insurance pools.
Finally, there are cases in which an output, despite conforming to the Rules, has a harmful impact on society. This is not the operator’s fault but signifies a deficiency in the Rules themselves. The correct response is therefore not retroactive punishment of the operator but a review of the Rules (the feedback loop of Section 2.3 and Section 4.1). In this way, the pathways by which harm reaches an honest operator are limited to two—deficiency in the Rules (conforming yet harmful) and faultless misapprehension—both of which are handled without unjustly punishing the operator. This whole makes VRAIO not a mere surveillance apparatus but an institution in which operators have an incentive to participate.
The scope of implementation
What this section has presented is a specification of the properties that the Rule-Judgment AI must satisfy—sealedness, determinism, public specification, immutability, mechanical cross-referencing by means of mechanically verifiable parameters, and continuous evaluation and improvement through democratic procedures. These can be realized by existing technical elements such as trusted execution environments, deterministically configured local models, and cryptographic tamper-prevention techniques. Likewise, regarding the structure of exemption, compensation, and misapprehension handling shown in the latter half of this section, what this paper presents is a framework at the level of principle; the concrete design of legal institutions—the precise scope of exemption, the design of the compensation fund, and the procedures for determining misapprehension—is a matter for future work beyond the scope of this paper. The contribution of this paper lies in making explicit, as a structure, what kind of verification mechanism AI output governance requires and what kind of incentive and responsibility structure it requires on the basis of that mechanism.

4.5. An Application Example: Searching for a Missing Child in an FMPS

This section applies the framework discussed thus far to a concrete case. As the subject, we take the FMPS (Fully Monitored Public Space) [39], the context in which VRAIO was first proposed. An FMPS is an environment in which numerous cameras continuously record a public space and are connected to a central AI system. Whereas the original proposal [39] presented the basic conception of VRAIO, this section applies the legitimacy confidence L, the legitimacy budget, and verification by the Rule-Judgment AI introduced in Section 4.3 and Section 4.4 to the same subject in order to show their concrete operation.
As the setting, consider the output of searching for a missing child, identifying their current location, and reporting to the relevant parties. The central AI system accesses the footage recorded by each camera, traces the child’s movements to identify its current location, and attempts to output the information necessary for protection. This output is directly tied to the life and safety of the child, yet because it enters into the highly sensitive information of public-space footage, its legitimacy is rigorously questioned in both purpose and content.
The legitimacy of the purpose, L_purpose
For the purpose of this output—searching for a missing child—to be legitimate, the facts underpinning that purpose must be declared as an argument. The Rules predetermine the types of facts that must be declared for this purpose class—for example, facts such as a court-issued search authorization or a search request from a guardian together with the identification of the police officer who confirmed it.
If these facts are appropriately declared and are traceable to primary sources—for example, if the declared search authorization actually exists in the records of the issuing court—the legitimacy of the purpose is high, and L_purpose takes a value close to 1.0. Conversely, a search lacking such underpinning facts, that is, a search with neither a legitimate request nor authorization, cannot argue the legitimacy of its purpose, and L_purpose remains at a low value.
The legitimacy of the content, L_content
The legitimacy of the content is evaluated conditionally on the purpose. That is, the question is whether the scope of the search and the content of the output remain within the range reasonably necessary to achieve the purpose of protecting the child.
Legitimate content is, for example, the tracing of the child’s movements from leaving home up to their current location, and as output, the current location, related information in cases where abduction is suspected (information on vehicles involved, information on suspects, etc.), and the information necessary for the child’s protection. All of these directly serve the purpose of protection.
By contrast, information such as the current locations and past behavioral trajectories of all persons who happened to be near the child, and the further behavioral trajectories of persons the child came into contact with, can expand without limit if one attempts to search for it. Unless a reasonable ground directly serving the child’s protection is shown, such information is excessive information unnecessary for achieving the purpose. The inclusion of such excessive content lowers the legitimacy of the content and reduces L_content.
Here, the quantification of data minimization and proportionality described in Section 4.3 appears concretely. Even for the same act of accessing footage, content limited to the range necessary in light of the purpose of protection obtains a high L_content, whereas content expanded beyond the purpose loses L_content. The legitimacy of the content is determined only in relation to the purpose.
The privacy of the budget, and sealed verification
This case sharply illustrates the tension between auditability and privacy protection. The legitimacy budget that should accompany L—the search range, the child’s movements, and the search authorization referred to—is itself a mass of sensitive personal information that could identify the missing child. If the auditability of the budget were to be realized through its disclosure, the privacy of the very child who should be protected would, on the contrary, be exposed.
This tension is resolved by the principle of “auditable reachability rather than disclosure” described in Section 4.3 and by the Rule-Judgment AI of Section 4.4. The legitimacy budget is not disclosed. The sealed, deterministically operating Rule-Judgment AI enters directly into the budget, which contains sensitive content, to compute and verify L, yet it does not leak that content to the outside, outputting only L and the conformity determination. In a spot audit as well, the audit body can verify the truth of the declaration without exposing the content of the budget by recomputing L using the same Rule-Judgment AI. The same kind of requirement as in the privacy-enhancing technologies of the financial sector—verifying a property without disclosing the content [48]—is satisfied here.
Detection of falsity
We show how the two-layer falsity detection discussed in Section 4.4 operates in this case.
Computational falsity—the case in which a high L is declared even though only a low L should properly be derived from the declared facts—is caught by recomputation with the deterministic Rule-Judgment AI. For example, if a high L_content is declared while including an excessive search range, recomputation at audit time with the same facts as input returns a different L, and this is exposed as a discrepancy.
Factual falsity—the case in which a nonexistent search authorization is declared to “exist”—is caught by cross-referencing against authoritative external records. One need only confirm whether the declared search authorization actually exists in the records of the issuing court. Similarly, falsity that substitutes a different person as the search target is exposed through cross-referencing against the target’s identifying information, through traces of searching for multiple persons simultaneously, or through an indication of nonconformity from the side that received the report.
It is worth noting here that this case is endowed with favorable conditions for falsity detection, because the essential facts underpinning the purpose (the search authorization, the confirming police officer) are all cross-referenceable against authoritative external records. Conversely, VRAIO’s deterrence operates most strongly in high-stakes outputs with large social impact, where, as here, the essential facts are backed by authoritative records. In domains of subjective judgment that lack external records against which to cross-reference, the detection of factual falsity becomes inherently difficult. This case is at once a typical example of the domain in which the framework functions most effectively and an indication of the boundary of its applicability.
Generalization to Other High-Stakes Domains
The same structure applies to other high-stakes domains of AI output. In credit decisioning, for instance, the legitimacy of purpose is argued as conformity between the application and the lending rules, and the legitimacy of content as the restriction of the data used in the decision to the scope required by those rules (the exclusion of irrelevant attributes). In the output of findings for clinical decision support, likewise, the purpose is argued as the clinical indication, and the content as the validity of the findings and test values relied upon. In every case, the argument is anchored in auditable facts (lending rules, medical records, and the like) and is verified through re-computation of L by the Rule-Judgment AI and cross-checking against external records. What differs from the FMPS case is the specific Rules applied and the type of required facts; the framework itself—structuring and verifying legitimacy—is common to all.
Misapprehension and exemption
Finally, we apply the incentive and responsibility structure discussed in Section 4.4 to this case. The AI system operator constructs an argument based on the above facts and releases the output only when a sufficiently high L is obtained. So long as it declares honestly, the operator is in principle exempted from liability for this output.
Suppose that a declared search authorization did not in fact exist—even though the operator complied with the prescribed fact-procurement procedure—owing to an error in the record it referred to. This is treated not as intentional falsity but as faultless misapprehension, and is addressed through guidance for preventing recurrence and through strengthened auditing. On the other hand, if actual harm arose to the child or related parties as a result of this misapprehension, its compensation must be reliably made through the compensation fund financed by operator contributions. And if the output had a harmful consequence despite conforming to the Rules, this indicates a deficiency in the Rules themselves and is fed back into a review of the Rules.
In this way, even in the single case of searching for a missing child, all of the elements discussed in this section—the quantification of the legitimacy of purpose and content, the privacy protection of the legitimacy budget, two-layer falsity detection, and the structure of incentives and responsibility—operate in concert. The concrete context of the FMPS shows how the GLO/VRAIO framework can structure legitimacy not merely as an abstract principle but in real, life-and-death judgments.

5. Conclusions: From the Extended Kelvin Principle to AI Output Governance

If the thesis of this paper were to be expressed in a single phrase, it would be that “trust can be designed.” This does not, however, mean that trust itself can be manufactured by declaration or exhortation. What can be designed is trustworthiness—the verifiable, objective condition that outputs conform to the rules—and the trust infrastructure that generates and maintains it. Trust grows legitimately, as experience-backed acceptance, through people’s repeated confirmation that this condition is satisfied. What this paper has shown is a path for constructing this first layer on an engineering and institutional basis.
Debates surrounding AI governance have developed primarily around ethical principles, transparency requirements, and risk-assessment frameworks. These are indispensable elements, but they have not sufficiently answered one question—how is trust socially generated?
To this question, this paper has presented an answer inspired by the experience of metrology. Starting from Lord Kelvin’s proposition, we derived the Extended Kelvin Principle in the context of social measurement and AI governance: no social trust without trust infrastructure; no legitimate social measurement without social trust; no social understanding without social measurement; no social control without social understanding. This principle reframes trust in AI governance not as a matter of declaration but as a matter of institutional engineering.
The concrete form of that institutional engineering has been shown by this paper by following the structural precedent of metrology. Just as the GUM and the calibration infrastructure underpinned trust in measurement values, AI output governance requires GLO and a VRAIO-type infrastructure. GLO provides a common language for expressing output legitimacy, and VRAIO provides the infrastructure that supports that judgment as a verifiable process.
However, this paper has not stopped at pointing out this correspondence; it has given concrete form, as several structural elements, to how GLO/VRAIO can be effective. First, GLO treats an output candidate as a single “claim” and, instead of demanding an explanation of its internal process, requires a fact-based argument that its purpose and content conform to the rules—an output that cannot be argued is not released. Second, the degree of that conformity is quantified as a legitimacy confidence L, which is always accompanied by a legitimacy budget that decomposes the grounds for its computation. This transfers the structure of the GUM to output legitimacy, in which an uncertainty accompanies a measurement value and a budget accompanies the uncertainty. Third, a sealed, deterministically operating Rule-Judgment AI verifies L without exposing privacy, and through deterministic recomputation and cross-referencing against external records, catches both computational falsity and factual falsity. And fourth, on the basis of this verifiability, a structure of incentives and responsibility—granting honest declaration a predictable exemption, responding to harm with a compensation fund, and referring harm that arises despite conformity back to a review of the rules—makes VRAIO not a mere surveillance apparatus but an institution in which operators have an incentive to participate.
Of course, the framework presented in this paper is no more than a starting point. How to generally formulate the composition rule for the legitimacy confidence L, how to implement and evaluate the properties that the Rule-Judgment AI must satisfy, and how to design the scope of exemption and the compensation fund as legal institutions are all questions requiring concretization that this paper has intentionally left as future work. In addition, there are many issues to be resolved for social implementation, such as the democratic legitimacy of the Rules, international interoperability, and the independence of audit subjects. However, the existence of such issues does not mean that an infrastructure making legitimacy judgments of outputs verifiable is unnecessary. Rather, the Extended Kelvin Principle and the GLO/VRAIO framework can be positioned as a starting point for institutional design that confronts those issues head-on.
The formulation of the GUM and the development of the international metrology infrastructure took a long time. Considering the speed at which AI outputs are becoming deeply embedded in social infrastructure, there is little room to defer the discussion of a foundation corresponding to GLO and VRAIO. Trust is not declared; it is designed, recorded, verified, and audited. And it can be designed so that honesty pays. The Extended Kelvin Principle is presented as a conceptual starting point toward that design.

Funding

This research is funded by the Japan Society for the Promotion of Science, Grants-in-Aid for Scientific Research (JSPS KAKENHI), Grant No. 25K00735.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The original contributions presented in the study are included in the article; further inquiries can be directed to the corresponding author.

Conflicts of Interest

The author declares no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
AIArtificial Intelligence
AI RMFArtificial Intelligence Risk Management Framework
COCOACOVID-19 Contact-Confirming Application
COVID-19Coronavirus Disease 2019
DP-3TDecentralized Privacy-Preserving Proximity Tracing
EUEuropean Union
GDPRGeneral Data Protection Regulation
GLOGuide to the Expression of Legitimacy of Output
GRA-AIGovernment Regulatory Agency for AI
GUMGuide to the Expression of Uncertainty in Measurement
KAKENHIGrants-in-Aid for Scientific Research
LLMLarge Language Model
NHSNational Health Service
NISTNational Institute of Standards and Technology
OECDOrganisation for Economic Co-operation and Development
TEETrusted Execution Environment
UTCCoordinated Universal Time
VRAIOVerifiable Record of AI Output

References

  1. Ferretti, L.; Wymant, C.; Kendall, M.; Zhao, L.; Nurtay, A.; Abeler-Dörner, L.; Parker, M.; Bonsall, D.G.; Fraser, C. Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing. Science 2020, 368, eabb6936. [Google Scholar] [CrossRef]
  2. Troncoso, C.; Bogdanov, D.; Bugnion, E.; Chatel, S.; Cremers, C.; Gürses, S.; Hubaux, J.-P.; Jackson, D.; Larus, J.R.; Lueks, W.; et al. Decentralized Privacy-Preserving Proximity Tracing. arXiv 2020, arXiv:2005.12273. [Google Scholar] [CrossRef]
  3. Apple; Google. Exposure Notification. Apple Developer Documentation. 2023. Available online: https://developer.apple.com/exposure-notification/ (accessed on 1 June 2026).
  4. Ministry of Health, Labour and Welfare, Japan. COVID-19 Contact-Confirming Application (COCOA). 2022. Available online: https://www.mhlw.go.jp/stf/seisakunitsuite/bunya/cocoa_00138.html (accessed on 1 June 2026).
  5. Digital Agency, Japan. Novel Coronavirus COVID-19 Contact-Tracing App (COCOA). 2023. Available online: https://www.digital.go.jp/en/policies/cocoa (accessed on 1 June 2026).
  6. Simon, J.; Rieder, G. Trusting the Corona-Warn-App? Contemplations on trust and trustworthiness at the intersection of technology, politics and public debate. Eur. J. Commun. 2021, 36, 334–348. [Google Scholar] [CrossRef]
  7. Wymant, C.; Ferretti, L.; Tsallis, D.; Charalambides, M.; Abeler-Dörner, L.; Bonsall, D.; Hinch, R.; Kendall, M.; Milsom, L.; Ayres, M.; et al. The epidemiological impact of the NHS COVID-19 app. Nature 2021, 594, 408–412. [Google Scholar] [CrossRef]
  8. Kendall, M.; Tsallis, D.; Wymant, C.; Di Francia, A.; Balogun, Y.; Didelot, X.; Ferretti, L.; Fraser, C. Epidemiological impacts of the NHS COVID-19 app in England and Wales throughout its first year. Nat. Commun. 2023, 14, 858. [Google Scholar] [CrossRef] [PubMed]
  9. Anglemyer, A.; Moore, T.H.; Parker, L.; Chambers, T.; Grady, A.; Chiu, K.; Parry, M.; Wilczynska, M.; Flemyng, E.; Bero, L. Digital contact tracing technologies in epidemics: A rapid review. Cochrane Database Syst. Rev. 2020, 8, CD013699. [Google Scholar] [CrossRef]
  10. Oyibo, K.; Sahu, K.S.; Oetomo, A.; Morita, P.P. Factors influencing the adoption of contact tracing applications: Systematic review and recommendations. Front. Digit. Health 2022, 4, 862466. [Google Scholar] [CrossRef]
  11. He, Y.; Yatsuya, H.; Ota, A.; Tabuchi, T. The association of public trust with the utilization of digital contact tracing for COVID-19 in Japan. Public Health Pract. 2022, 4, 100279. [Google Scholar] [CrossRef]
  12. Mayer, R.C.; Davis, J.H.; Schoorman, F.D. An integrative model of organizational trust. Acad. Manag. Rev. 1995, 20, 709–734. [Google Scholar] [CrossRef]
  13. O’Neill, O. A Question of Trust: The BBC Reith Lectures 2002; Cambridge University Press: Cambridge, UK, 2002. [Google Scholar]
  14. Hardin, R. Trust and Trustworthiness; Russell Sage Foundation: New York, NY, USA, 2002. [Google Scholar]
  15. Thomson, W. Electrical Units of Measurement. In Popular Lectures and Addresses; Macmillan: London, UK, 1889; Volume 1, pp. 73–136. [Google Scholar] [CrossRef]
  16. Joint Committee for Guides in Metrology. Evaluation of Measurement Data—Guide to the Expression of Uncertainty in Measurement; JCGM 100:2008; BIPM: Paris, France, 2008; Volume 100, p. 2008. [Google Scholar] [CrossRef]
  17. Bureau International des Poids et Mesures. The International System of Units (SI), 9th ed.; BIPM: Sèvres, France, 2019; Available online: https://www.bipm.org/en/publications/si-brochure (accessed on 1 June 2026).
  18. Porter, T.M. Trust in Numbers: The Pursuit of Objectivity in Science and Public Life; Princeton University Press: Princeton, NJ, USA, 1995. [Google Scholar]
  19. Desrosières, A. The Politics of Large Numbers: A History of Statistical Reasoning; Harvard University Press: Cambridge, MA, USA, 1998. [Google Scholar]
  20. Scott, J.C. Seeing Like a State: How Certain Schemes to Improve the Human Condition Have Failed; Yale University Press: New Haven, CT, USA, 1998. [Google Scholar]
  21. Warren, S.D.; Brandeis, L.D. The Right to Privacy. Harv. Law Rev. 1890, 4, 193–220. [Google Scholar] [CrossRef] [PubMed]
  22. Nissenbaum, H. Privacy in Context: Technology, Policy, and the Integrity of Social Life; Stanford University Press: Stanford, CA, USA, 2010. [Google Scholar]
  23. Solove, D.J. A taxonomy of privacy. Univ. Pa. Law Rev. 2006, 154, 477–564. [Google Scholar] [CrossRef]
  24. Baier, A. Trust and antitrust. Ethics 1986, 96, 231–260. [Google Scholar] [CrossRef] [PubMed]
  25. European Commission High-Level Expert Group on AI. Ethics Guidelines for Trustworthy AI; European Commission: Brussels, Belgium, 2019; Available online: https://digital-strategy.ec.europa.eu/en/library/ethics-guidelines-trustworthy-ai (accessed on 1 June 2026).
  26. OECD. OECD AI Principles; OECD.AI Policy Observatory: Paris, France, 2019; Updated 2024; Available online: https://www.oecd.org/en/topics/ai-principles.html (accessed on 1 June 2026).
  27. NIST AI 100-1; Artificial Intelligence Risk Management Framework (AI RMF 1.0). National Institute of Standards and Technology: Gaithersburg, MD, USA, 2023. [CrossRef]
  28. European Parliament; Council of the European Union. Regulation (EU) 2024/1689 (Artificial Intelligence Act). Off. J. Eur. Union 2024. Available online: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32024R1689 (accessed on 1 June 2026).
  29. Brundage, M.; Avin, S.; Wang, J.; Belfield, H.; Krueger, G.; Hadfield, G.; Khlaaf, H.; Yang, J.; Toner, H.; Fong, R.; et al. Toward trustworthy AI development: Mechanisms for supporting verifiable claims. arXiv 2020, arXiv:2004.07213. [Google Scholar] [CrossRef]
  30. Kroll, J.A.; Huey, J.; Felten, E.W.; Reidenberg, J.R.; Robinson, D.G.; Yu, H. Accountable algorithms. Univ. Pa. Law Rev. 2017, 165, 633–705. [Google Scholar]
  31. Diakopoulos, N. Algorithmic accountability: Journalistic investigation of computational power structures. Digit. J. 2015, 3, 398–415. [Google Scholar] [CrossRef]
  32. Pasquale, F. The Black Box Society: The Secret Algorithms That Control Money and Information; Harvard University Press: Cambridge, MA, USA, 2015. [Google Scholar]
  33. European Parliament; Council of the European Union. Regulation (EU) 2016/679 (General Data Protection Regulation). Off. J. Eur. Union 2016, L119, 1–88. Available online: https://eur-lex.europa.eu/eli/reg/2016/679/oj (accessed on 1 June 2026).
  34. Raji, I.D.; Smart, A.; White, R.N.; Mitchell, M.; Gebru, T.; Hutchinson, B.; Smith-Loud, J.; Theron, D.; Barnes, P. Closing the AI accountability gap: Defining an end-to-end framework for internal algorithmic auditing. In Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency (FAT* ‘20), Barcelona, Spain, 27–30 January 2020; pp. 33–44. [Google Scholar] [CrossRef]
  35. Doshi-Velez, F.; Kortz, M.; Budish, R.; Bavitz, C.; Gershman, S.; O’Brien, D.; Scott, K.; Schieber, S.; Waldo, J.; Weinberger, D.; et al. Accountability of AI under the law: The role of explanation. arXiv 2017, arXiv:1711.01134. [Google Scholar] [CrossRef]
  36. Mitchell, M.; Wu, S.; Zaldivar, A.; Barnes, P.; Vasserman, L.; Hutchinson, B.; Spitzer, E.; Raji, I.D.; Gebru, T. Model cards for model reporting. In Proceedings of the Conference on Fairness, Accountability, and Transparency (FAT* ‘19), Atlanta, GA, USA, 29–31 January 2019; pp. 220–229. [Google Scholar] [CrossRef]
  37. Gebru, T.; Morgenstern, J.; Vecchione, B.; Vaughan, J.W.; Wallach, H.; Daumé, H., III; Crawford, K. Datasheets for datasets. Commun. ACM 2021, 64, 86–92. [Google Scholar] [CrossRef]
  38. Lessig, L. Code: And Other Laws of Cyberspace, Version 2.0; Basic Books: New York, NY, USA, 2006. [Google Scholar]
  39. Fujii, Y. Verifiable record of AI output for privacy protection: Public space watched by AI-connected cameras as a target example. AI Soc. 2025, 40, 3697–3706. [Google Scholar] [CrossRef]
  40. Fujii, Y. Governing AI output in autonomous driving: Scalable privacy infrastructure for societal acceptance. Future Transp. 2025, 5, 116. [Google Scholar] [CrossRef]
  41. Fujii, Y. Smartphone-based sensing network for emergency detection: A privacy-preserving framework for trustworthy digital governance. Appl. Sci. 2026, 16, 1032. [Google Scholar] [CrossRef]
  42. Kacker, R.N. True value and uncertainty in the GUM. J. Phys. Conf. Ser. 2018, 1065, 212003. [Google Scholar] [CrossRef] [PubMed]
  43. Lee, J.W.; Hwang, E.; Kacker, R.N. True value, error, and measurement uncertainty: Two views. Accredit. Qual. Assur. 2022, 27, 235–242. [Google Scholar] [CrossRef]
  44. Arnold, M.; Bellamy, R.K.E.; Hind, M.; Houde, S.; Mehta, S.; Mojsilović, A.; Nair, R.; Ramamurthy, K.N.; Olteanu, A.; Piorkowski, D.; et al. FactSheets: Increasing trust in AI services through supplier’s declarations of conformity. IBM J. Res. Dev. 2019, 63, 6:1–6:13. [Google Scholar] [CrossRef]
  45. Veale, M.; Borgesius, F.Z. Demystifying the draft EU Artificial Intelligence Act. Comput. Law Rev. Int. 2021, 22, 97–112. [Google Scholar] [CrossRef]
  46. Edwards, L.; Veale, M. Slave to the algorithm? Why a “right to an explanation” is probably not the remedy you are looking for. Duke Law Technol. Rev. 2017, 16, 18–84. [Google Scholar]
  47. Mittelstadt, B. Principles alone cannot guarantee ethical AI. Nat. Mach. Intell. 2019, 1, 501–507. [Google Scholar] [CrossRef]
  48. Bains, P.; Gaidosch, T. Privacy Technologies & The Digital Economy: A Primer for Supervisors; IMF Working Paper No. 2025/060; International Monetary Fund: Washington, DC, USA, 2025. [Google Scholar] [CrossRef]
Ai 07 00218 g001
Figure 1. The Extended Kelvin Principle and the two-layer structure of trust.
Figure 1. The Extended Kelvin Principle and the two-layer structure of trust.
Ai 07 00218 g001
Ai 07 00218 g002
Figure 2. Basic structure and operational procedure of VRAIO.
Figure 2. Basic structure and operational procedure of VRAIO.
Ai 07 00218 g002
Table 1. Structural correspondence between metrology and AI output governance.
Table 1. Structural correspondence between metrology and AI output governance.
MetrologyAI Output Governance
Central problemExpression of measurement uncertainty (traceability)Expression of AI output legitimacy (assurance of legitimacy)
Common languageGUM: Guide to the expression of uncertaintyGLO: Guide to the expression of output legitimacy
Implementation infrastructureCalibration infrastructure, BIPM, national metrology institutesVRAIO: independent Recorder, audit bodies, tamper-resistant ledger
What is generatedSocial trust in measurement valuesSocial trust in AI outputs
International consequenceInternational metrology systemInternational interoperability of AI output governance
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Fujii, Y. No Trust Without Trust Infrastructure: The Extended Kelvin Principle and Its Application to AI Output Governance. AI 2026, 7, 218. https://doi.org/10.3390/ai7060218

AMA Style

Fujii Y. No Trust Without Trust Infrastructure: The Extended Kelvin Principle and Its Application to AI Output Governance. AI. 2026; 7(6):218. https://doi.org/10.3390/ai7060218

Chicago/Turabian Style

Fujii, Yusaku. 2026. "No Trust Without Trust Infrastructure: The Extended Kelvin Principle and Its Application to AI Output Governance" AI 7, no. 6: 218. https://doi.org/10.3390/ai7060218

APA Style

Fujii, Y. (2026). No Trust Without Trust Infrastructure: The Extended Kelvin Principle and Its Application to AI Output Governance. AI, 7(6), 218. https://doi.org/10.3390/ai7060218

Article Metrics

Article metric data becomes available approximately 24 hours after publication online.
Back to TopTop