A Civil-Society Proposal for Sovereign and Federated Agentic AI in Aotearoa New Zealand

v1.1 May 2026 — draft research paper (revised same-day per Dr Karaitiana Taiuru’s feedback on v1; see About this paper)

A civil-society proposal from My Digital Sovereignty Ltd, presented to New Zealand policymakers, community organisers, and sector practitioners. Constructed as a constructive parallel to the People’s Republic of China’s 2026 Implementation Guidelines for the Standardised Application and Innovative Development of Intelligent Agents, hosted in English translation at /research/translations/.

About this paper

This is the v1.1 May 2026 draft of a civil-society proposal from My Digital Sovereignty Ltd, offered to New Zealand policymakers, community organisers, and sector practitioners. Comments are welcome via the standing paper-comments channels on agenticgovernance.digital; revisions in response to comments will be published as v2.

v1 → v1.1 changelog (2026-05-14): v1 was published earlier on 2026-05-14 and immediately reviewed by Dr Karaitiana Taiuru, who flagged that v1’s foundational citation of Te Mana Raraunga’s 2016-2018 Māori Data Sovereignty principles is superseded for AI contexts (per his 20 September 2025 Critical Analysis of Te Mana Raraunga Data Principles). v1.1 revises §0(iii) to cite Taiuru’s critical analysis directly; to cite Te Kāhui Raraunga (the currently recognised operative body for Māori data governance in Aotearoa NZ, established 2019) and its published Māori Data Governance Model and Māori AI Governance Framework as the current articulations; to adopt Taiuru’s preferred grounding terms (mana motuhake, rangatiratanga) where appropriate; and to add an explicit gap-analysis subsection naming what this proposal does and does not yet do in the te ao Māori dimension. Items 4, 23, 37, §I principle 2, and §VI carry the same citation update. The architecture this proposal specifies is unchanged from v1. v1 remains accessible at /papers/aotearoa-nz-agentic-ai-framework-v1-may-2026.html for historical reference; this URL serves v1.1.

v1.1 same-day clarity revision (2026-05-14 evening): §0(i) framing paragraph revised to lead explicitly with the system-level / model-level distinction (system-level primitives, code-level runtime checks, substrate-agnostic across transformer-LLMs / JEPA-style / hybrid architectures). BoundaryEnforcer paragraph wording "by architecture rather than by hope" → "by runtime intercept rather than by hope" to reduce ambiguity for engineer-class readers familiar with the LLM-alignment debate. Substance unchanged; this is a wording revision for accessibility. Triggered by a technical reader pattern-matching the §0(i) primitives to model-level alignment claims they aren't making.

This paper is not New Zealand Government policy. It is not Crown-endorsed. It is not Treaty-grounded in any formal sense. It is a civil-society proposal from My Digital Sovereignty Ltd, offered to NZ stakeholders as a basis for adoption, adaptation, or rejection. Where its principles are useful to the adopter’s own work, they are free to use under permissive open-source licences; where they are not, they remain on the page.

The mirrored source structure is published in English translation at /research/translations/china-cac-implementation-guidelines-2026.html and originally as the Cyberspace Administration of China’s 2026 Implementation Guidelines in Mandarin.

Abstract

This paper proposes a sovereign, federated framework for the application and development of intelligent agents in Aotearoa New Zealand, offered as a civil-society contribution by My Digital Sovereignty Ltd. The proposal is structured as a constructive parallel to the People’s Republic of China’s 2026 Implementation Guidelines for the Standardised Application and Innovative Development of Intelligent Agents — six sections, fourteen sub-sections, thirty-eight numbered items — with a new §0 “Philosophical Foundations” chapter prepended. §0 draws on three lineages: the Tractatus AI Safety Framework’s six runtime services (boundary enforcement, context pressure monitoring, cross-reference validation, instruction persistence classification, metacognitive verification, pluralistic deliberation orchestration); the CARE Principles for Indigenous Data Governance (Carroll et al. 2020) and the global Indigenous Data Sovereignty movement that produced them, including Te Tiriti-grounded scholarship from Te Mana Raraunga and Dr Karaitiana Taiuru; and the international AI-standards landscape coordinated through ISO/IEC JTC 1/SC 42 (22989 terminology, 23053 lifecycle, 23894 risk management, 42001 management systems). The proposal advocates committee formation under a suitable umbrella organisation — candidates including the Royal Society Te Apārangi, the Standards New Zealand SC42 mirror committee, and the New Zealand AI Forum — to develop NZ-context recommendations and to engage in international dialogue. This is the v1 May 2026 draft; comments are welcome via the standing paper-comments channels on agenticgovernance.digital.

Preamble

Intelligent agents — intelligent systems capable of autonomous perception, memory, decision-making, interaction, and execution — are accelerating their integration with the records, infrastructure, and social processes of Aotearoa New Zealand. This proposal offers a civil-society contribution to how that integration should be governed: a sovereign, federated architecture in which every operation of an intelligent agent against a record produces an attributed, cryptographically-signed entry against the record’s holder, and in which coordination between sovereign installations occurs through bilateral federation. The proposal mirrors the structure of the People’s Republic of China’s 2026 Implementation Guidelines so the architectural choices on each side appear in constructive parallel, opening dialogue with the authors of that framework, with international peers, and with New Zealand policymakers, community organisers, and sector practitioners. My Digital Sovereignty Ltd offers this as a starting point — for adoption, adaptation, and revision — under permissive open-source licences. It is offered as civil-society contribution and makes no claim of Crown policy status. Where its principles are useful to the adopter’s own work, they are free to use; where they are not, they remain on the page.

§0. Philosophical Foundations

We open with foundations because architecture follows from philosophy. The recommendations that follow in §I-§VI are not arbitrary technical choices; they are implications of philosophical commitments that this section names explicitly. Three lineages converge here: the Tractatus AI Safety Framework’s structural account of how intelligent agents may safely operate against records held by sovereign entities, developed and published openly at agenticgovernance.digital; the global Indigenous Data Sovereignty movement, which articulates that data about people belongs to those people and the communities they belong to; and the international AI-standards work coordinated through ISO/IEC JTC 1/SC 42, which provides the formal vocabulary in which architectural recommendations become implementable in organisational practice. Naming all three at the outset is part of the constructive contribution this proposal makes to dialogue — with the authors of the Cyberspace Administration of China’s 2026 Implementation Guidelines, with New Zealand policymakers and community organisers, and with international peers working on parallel questions.

(i) Tractatus framework primitives as named foundations

The Tractatus framework consists of six system-level primitives that together specify the architectural conditions under which intelligent agents may safely operate against records held by sovereign entities. They are not model-level alignment techniques; they are code-level runtime checks that wrap the agent, independently of how the underlying agent (current transformer-LLMs, future JEPA-style architectures, hybrid systems) is built or trained. They intercept and verify behaviour at the runtime boundary — the same architectural shape as filesystem capability scoping or OAuth scope checks. A working demo of the boundary-enforcement primitive is at /demos/boundary-demo.html. [CITATION: Stroh, J. (2026). Tractatus AI Safety Framework — Core Values and Principles, and Core Concepts of the Tractatus Framework. Agentic Governance Digital. https://agenticgovernance.digital — both works CC BY 4.0.]

Boundary enforcement establishes which decision types structurally require human approval. The foundational claim — adapted from Wittgenstein and named explicitly in the Tractatus framework — is that “what cannot be systematized must not be automated.” Values decisions, cultural-context judgments, irreversible consequences, and unprecedented situations are not delegable to autonomous agents; the framework blocks such delegation by runtime intercept rather than by hope.

Context pressure monitoring recognises that an agent’s context window is a finite resource and that pressure on capacity is a governance signal. Agents operating near capacity make more errors, and the framework intervenes before failure rather than after.

Cross-reference validation verifies an agent’s proposed actions against the canonical instruction history, catching cases where training-time patterns override explicit user direction. The illustrative case is the “27027 incident”: a user specifies a non-default database port, and the agent — despite the explicit instruction — defaults to the trained-on port number. Validation catches the override; without it, the override would silently corrupt operations.

Instruction persistence classification distinguishes transient instructions from durable governance state. Not all instructions are equally important; treating them as if they were degrades both safety (critical directives forgotten) and usability (trivial preferences over-enforced).

Metacognitive verification requires agents to check their own reasoning across five dimensions — alignment, coherence, completeness, safety, and consideration of alternatives — before proposing actions, with confidence thresholds determining whether actions proceed, proceed with caution, require review, or are blocked.

Pluralistic deliberation orchestration facilitates multi-stakeholder deliberation when boundary enforcement flags a values conflict. It does not adjudicate between moral frameworks; it structures the deliberation so that values held by different stakeholders are documented, accommodated where possible, and explicitly named when they cannot be reconciled. Foundational pluralism — the view that moral frameworks are irreducibly different and that no supervalue resolves them — is the philosophical commitment that makes pluralistic deliberation a structural primitive rather than a procedural nicety.

These six services are the structural skeleton of this proposal. Every architectural recommendation that follows can be traced to one or more of them.

(ii) The CARE Principles for Indigenous Data Governance

The CARE Principles for Indigenous Data Governance, published in 2020 by an international team of Indigenous data scientists under the auspices of the Global Indigenous Data Alliance, articulate four commitments: Collective benefit (data ecosystems should advance Indigenous self-determination and collective benefit); Authority to control (Indigenous Peoples’ rights and interests in their data must be recognised); Responsibility (those working with Indigenous data have a responsibility to share how that data is used to support Indigenous Peoples’ self-determination); and Ethics (Indigenous Peoples’ rights and wellbeing should be the primary concern at all stages of the data lifecycle). [CITATION: Carroll, S. R., Garba, I., Figueroa-Rodríguez, O. L., Holbrook, J., Lovett, R., Materechera, S., Parsons, M., Raseroka, K., Rodriguez-Lonebear, D., Rowe, R., Sara, R., Walker, J. D., Anderson, J., & Hudson, M. (2020). The CARE Principles for Indigenous Data Governance. Data Science Journal, 19, 43. https://doi.org/10.5334/dsj-2020-043]

CARE is positioned as a complement to FAIR (Findable, Accessible, Interoperable, Reusable). FAIR optimises for data circulation and reuse; CARE optimises for the rights and wellbeing of those the data is about. The two are not antagonistic. They address different questions: FAIR asks how data should flow; CARE asks under whose authority data flows are governed. A well-designed sovereignty architecture answers both.

We adopt CARE as a foundational reference. Where the recommendations that follow specify that agents must operate against attributed, provenance-anchored records held by their sovereign holders, that specification is operationalising the Authority-to-control commitment. Where the recommendations specify federated coordination rather than central registration, that specification is consistent with Responsibility — those holding data are accountable to those the data concerns.

(iii) Te Tiriti, tikanga, and mātauranga in AI ethics — Aotearoa New Zealand scholarship

Aotearoa New Zealand’s Indigenous Data Sovereignty scholarship is among the most developed internationally. The early articulation of Māori Data Sovereignty principles came from Te Mana Raraunga (the Māori Data Sovereignty Network), founded in 2015 with a charter adopted in 2016. Those principles have been substantively reassessed by Dr Karaitiana Taiuru’s 20 September 2025 Critical Analysis of Te Mana Raraunga Data Principles, which identifies them as not adequately addressing AI, AI bias and algorithmic discrimination, model training and analytics, digital colonialism, or environmental impacts; observes that the 2016 scope was narrow whereas “today Māori data is everywhere”; and finds that despite extensive academic citation the principles are largely not implemented in practice. [CITATION: Taiuru, K. (20 September 2025). Critical Analysis of Te Mana Raraunga Data Principles. https://www.taiuru.co.nz/critical-analysis-mana-raraunga/]

The currently recognised operative body in Aotearoa New Zealand for Māori data governance is Te Kāhui Raraunga (established 2019 as a Charitable Trust). Their published frameworks — the Māori Data Governance Model “Tuia te korowai o Hine-Raraunga”, structured around eight pou; the Māori AI Governance Framework which extends it; and the supporting Māori AI Governance Summary Report and Conceptual AI Use Cases Reference Resource — provide the current articulation of Māori data and AI governance. Te Kāhui Raraunga describes the Māori AI Governance Framework as “Activated” with public-sector case studies referenced; broad operationalisation outside specific public-service deployments remains an open question that this proposal honours rather than papers over. Te Kāhui Raraunga’s Māori AI Governance Framework states that “AI systems must not be implemented in Aotearoa without fully realising Māori authority over Māori data”; this proposal does not displace that requirement. [CITATION: Te Kāhui Raraunga Charitable Trust. Māori Data Governance Model: Tuia te korowai o Hine-Raraunga, https://www.kahuiraraunga.io/maoridatagovernance; Māori AI Governance Framework, https://www.kahuiraraunga.io/maoriaigovernance; full bibliographic detail of dated publications pending primary-source verification.]

Dr Karaitiana Taiuru’s published scholarship on Māori ethical frameworks for AI, on tikanga (Māori law and custom) in AI ethics, on Te Tiriti-respectful AI, and on mātauranga (Māori knowledge) protection in AI training data — including the 20 September 2025 critical analysis cited above — has provided foundational language for thinking about agentic AI in te ao Māori contexts. We adopt his preferred grounding terms where appropriate: mana motuhake and rangatiratanga rather than prescribed Western conceptual frameworks; responsive and adaptive frameworks grounded in tikanga that can evolve with technological and social change; frameworks tailored to specific organisations and industries developed in partnership with relevant Māori stakeholders. We cite his work as foundational scholarship; we do not represent him — or anyone — as endorsing this specific proposal. What counts as appropriate use of intelligent agents in te ao Māori contexts is for tangata whenua to determine, not for this proposal to specify.

Gap analysis — what this proposal does and does not yet do

Honest assessment matters more than aspirational claims for a v1.1 draft addressed to reviewers including Dr Taiuru. The proposal’s architectural primitives — sovereignty by attribution, cryptographic provenance, member-portability, bilateral federation — are compatible with operationalising Māori authority over Māori data under the Te Kāhui Raraunga framework and Taiuru’s preferred grounding terms. The compatibility points include:

• Tenant isolation as foundational (Village deployment property, anchored on the Tractatus boundary-enforcement primitive) operationalises by architecture the requirement that AI systems not be implemented without realising Māori authority over Māori data. A tenant operated by a hapū, iwi, or kaitiaki body holds its records under that body’s authority by the framework’s design rather than by promise.
• Boundary enforcement can be configured to require explicit kaitiaki / hapū / iwi authorisation for values-sensitive operations on the tenant’s records; the framework enforces by architecture rather than by trust.
• Cryptographic provenance and member-portable identifiers support kaitiakitanga across generations: records carry their own audit trail, cannot be silently mutated, and members can migrate to a different sovereign installation under the same architecture.
• The pluralistic-deliberation primitive is designed for multi-framework moral deliberation when boundary enforcement flags a values conflict; it is capable in principle of holding kaupapa Māori frameworks alongside other frameworks in structured deliberation.

What this proposal does not yet do, and what reviewers should weigh accordingly, is equally important to name:

• Mana motuhake and rangatiratanga as foundational philosophical grounding. The Tractatus framework’s foundational pluralism is itself a Western philosophical commitment, drawing on Berlin, Rawls, and Ostrom; it accommodates kaupapa Māori as one framework among many; it does not ground in mana motuhake and rangatiratanga as prior commitments. Closing this gap would require the framework’s foundations to be re-articulated from a kaupapa Māori starting point — substantive work that cannot honestly be done by the present authors alone.
• Indigenous-led design partnership. The Tractatus framework and the Village implementation were developed by My Digital Sovereignty Ltd’s principal (Pākehā) with subsequent Claude (Anthropic) authorship contributions. They were not co-designed with Māori stakeholders. Taiuru’s recommendation for “frameworks tailored to specific organisations and industries, developed in partnership with relevant Māori stakeholders” is not satisfied at the design-process level. The architecture is available to be applied in partnership; the framework itself was not co-developed in partnership.
• AI bias on cultural and racial dimensions at the training-data layer. Cross-reference validation catches training-pattern overrides at the instruction-conflict layer; it does not address the deeper biases baked into training data that would not surface as instruction conflicts. The companion Paper B work on Situated Language Layers (per-tenant training discipline, no-weight-modification stance, jurisdiction-bound inference) engages more directly with these concerns than the Tractatus core does.
• Digital colonialism as a named theoretical and political concept. The proposal’s tenant isolation and architectural sovereignty are partial structural responses to digital colonialism; the proposal does not engage the concept theoretically. The Distributive Equity whitepaper (cross-referenced from this site) engages this more explicitly than the Tractatus core does.
• Environmental impacts of AI are largely not engaged. The CPU-fallback inference architecture in the Village deployment is a partial operational response; it is not part of the framework’s stated commitments.

The honest implication of this gap analysis is that the proposal offers the architectural primitives that operationalising Māori authority over Māori data would require, while acknowledging that operationalisation in te ao Māori contexts is a substantial separate undertaking that requires kaupapa-Māori-led design work that this proposal has not done. The committee proposal in §II item 4 is one mechanism by which that further work might be advanced; it is offered for consideration rather than as a complete answer.

The Algorithm Charter for Aotearoa New Zealand, signed by Crown agencies in 2020, provides the existing baseline for transparency, partnership with Māori, fairness, accountability, and data protection in Crown algorithmic decision-making. This proposal does not displace the Algorithm Charter; the recommendations that follow are intended to be implementable within and alongside it, and alongside the Te Kāhui Raraunga frameworks. [CITATION: Algorithm Charter for Aotearoa New Zealand (2020). https://www.data.govt.nz/leadership/governance/data-ethics/algorithm-charter/ — current status and any subsequent updates pending verification.]

(iv) The global Indigenous Data Sovereignty lineage

Indigenous Data Sovereignty is an international movement, not a New Zealand idiosyncrasy. Naming the international lineage matters: it places the Te Tiriti-grounded work above within a global conversation rather than as parochial localism, and it opens common ground with the CAC framework’s authors as fellow contributors to non-Western framings of how data and AI should be governed.

The First Nations Information Governance Centre (FNIGC) in Canada operates the OCAP principles — Ownership, Control, Access, Possession — originally articulated in the 1990s in the context of the First Nations Regional Longitudinal Health Survey and now embedded in research-ethics practice across Canadian universities, governments, and First Nations communities. [CITATION: First Nations Information Governance Centre. The First Nations Principles of OCAP®. https://fnigc.ca/ocap-training/]

The United States Indigenous Data Sovereignty Network (USIDSN), established in 2016 in connection with the Native Nations Institute at the University of Arizona, has advanced Indigenous Data Sovereignty practice in the United States context, including through engagement with US federal data-policy processes. [CITATION: United States Indigenous Data Sovereignty Network. https://usindigenousdata.org/]

The Maiam nayri Wingara Indigenous Data Sovereignty Collective in Australia — the name carries the meaning “Many Voices One Mind” — was established in 2017 and published an Indigenous Data Sovereignty Communiqué in 2018 that has shaped Australian Indigenous-data practice. [CITATION: Maiam nayri Wingara Indigenous Data Sovereignty Collective. (2018). Indigenous Data Sovereignty Communiqué.]

The Global Indigenous Data Alliance (GIDA) coordinates across these and other national-level Indigenous Data Sovereignty networks internationally; it is the auspice under which the CARE Principles were published. [CITATION: Global Indigenous Data Alliance. https://www.gida-global.org/]

That so much of the philosophical heavy lifting in this proposal traces to Indigenous scholarship is not coincidental. The recurring questions — under whose authority do data and the agents operating on it act? to whom are accountability and provenance owed? what is the proper scale at which collective interests are weighed against individual ones? — are questions Indigenous Data Sovereignty has been working on for decades. Resistance to extractive big-tech architectures, and the articulation of architectural alternatives grounded in collective authority, is one of the international movement’s most generative contributions. The recommendations that follow draw on this lineage and are addressed to it in dialogue.

(v) ISO/IEC JTC 1/SC 42: the international AI-standards landscape

International AI standards work, coordinated through ISO/IEC JTC 1/SC 42, provides the formal vocabulary and management-system frameworks in which recommendations of this kind become implementable in organisational practice. Four standards are particularly relevant.

ISO/IEC 22989:2022 specifies the concepts and terminology of artificial intelligence. We use ISO/IEC 22989 terminology where compatible — for example, the term “AI system” carries its 22989 definition. Terminology consistency makes this proposal readable to standards-rigorous reviewers and implementable alongside other 22989-aligned work. [CITATION: ISO/IEC 22989:2022. Information technology — Artificial intelligence — Artificial intelligence concepts and terminology. International Organization for Standardization / International Electrotechnical Commission.]

ISO/IEC 23053:2022 establishes a framework for AI systems using machine learning, mapping the components of a machine-learning-based AI system and the relationships between them. Recommendations in this proposal that concern lifecycle, provenance, or component-level attestation can be implemented alongside 23053 lifecycle stages. [CITATION: ISO/IEC 23053:2022. Framework for Artificial Intelligence (AI) Systems Using Machine Learning (ML). ISO/IEC.]

ISO/IEC 23894:2023 provides guidance on AI risk management. It is the standards-body counterpart to the framework’s per-installation risk-monitoring and incident-handling recommendations. [CITATION: ISO/IEC 23894:2023. Information technology — Artificial intelligence — Guidance on risk management. ISO/IEC.]

ISO/IEC 42001:2023 specifies requirements for an AI management system. It is the AI counterpart to ISO/IEC 27001 (information security management) and ISO 9001 (quality management). We position the recommendations in this proposal as implementable within an ISO/IEC 42001-style management system; organisations adopting any part of this proposal are likely to be those already operating, or planning to operate, ISO/IEC 42001-aligned governance. [CITATION: ISO/IEC 42001:2023. Information technology — Artificial intelligence — Management system. ISO/IEC.]

The committee work that produces these standards involves national-mirror committees in numerous jurisdictions, including the United Kingdom (via the British Standards Institution) and other national-standards bodies internationally. Aotearoa New Zealand’s participation in SC42 work — through Standards New Zealand or a mirror committee constituted for that purpose — is one of the venues in which the constructive contribution this proposal advocates would naturally take place. [NOTE: existence of a current NZ SC42 mirror committee to verify before paragraph drafts of items 4, 12, 14, 35, 38.]

Closing

These five lineages — Tractatus, CARE, Te Tiriti-grounded Indigenous Data Sovereignty scholarship, the global Indigenous Data Sovereignty movement, and ISO/IEC SC42 — converge in the architectural choices the rest of this proposal specifies. Sovereignty as attribution; bilateral federation as coordination; polycentric governance as authority structure; cryptographic provenance as audit infrastructure: none of these are invented for this proposal. Each has roots in one or more of the lineages named above. What this proposal contributes is a particular arrangement of these primitives, adapted to the Aotearoa New Zealand context, offered as a constructive parallel to the framework with which it shares its structure.

§I. Basic Principles

We propose four basic principles for the sovereign and federated development of intelligent agents in Aotearoa New Zealand. Each parallels one of the four principles that opens the Cyberspace Administration of China’s 2026 Implementation Guidelines; in each case we affirm the principle’s underlying intent and offer a constructive parallel grounded in the §0 foundations.

Sovereignty and attribution. Every operation of an intelligent agent against a record is attributable to a sovereign holder of that record; provenance is cryptographic; safety arises from the record-holder’s authority over their own records. We affirm the CAC framework’s commitment to safety and controllability as foundational. We propose, as a constructive parallel, that for the Aotearoa New Zealand context — where Te Tiriti partnership, the existing Privacy Act 2020 framework, and the CARE Authority-to-control commitment converge — attribution-based sovereignty is well-suited to operationalising those same safety concerns. The Tractatus boundary-enforcement primitive provides the architectural mechanism; cryptographically signed records provide the audit trail; and the legitimate authority over both is the holder of the records, by jurisdiction and by partnership obligations. (Parallels CAC §I principle 1 “safety and controllability”.) [CITATIONS: Tractatus boundary enforcement (Stroh 2026, CC BY 4.0); CARE Principles, Authority to control commitment (Carroll et al. 2020); Privacy Act 2020 (NZ), information privacy principles.]

Bilateral and federated. Coordination between sovereign installations occurs through bilateral federation and open international standards. We acknowledge the merit of the CAC framework’s commitment to standardised and orderly development; standardisation and order are necessary conditions for any large-scale agentic-AI deployment, and the CAC framework’s coordinated standardisation programme is one credible approach. We propose, for the Aotearoa New Zealand context — smaller scale, well-established Māori Data Sovereignty principles, existing bilateral institutional arrangements across Crown agencies, hapū, iwi, civil-society organisations, and the private sector — that a federated approach to coordination is well-suited. Federation between sovereign installations is well-supported by existing W3C, IETF, and ISO/IEC SC42-aligned standards. We offer bilateral federation for consideration as a parallel architecture that may interoperate with central-registration approaches in other jurisdictions, and we invite committee-formation under suitable umbrella organisations to develop the interoperability dialogue. (Parallels CAC §I principle 2 “standardised and orderly development”.) [CITATIONS: W3C Decentralized Identifiers (DIDs) v1.0 (W3C Recommendation, 2022) and W3C Verifiable Credentials Data Model v1.1; ActivityPub (W3C Recommendation, 2018); ISO/IEC 42001:2023 management systems; Te Kāhui Raraunga Māori AI Governance Framework + Taiuru critical analysis (see §0(iii)).]

Pluralistic-deliberation, polycentric. Multiple value frameworks coexist within and across sovereign installations; deliberation between them is procedural and structured; innovation arises from local adaptation under local authority. We affirm the CAC framework’s commitment to innovation-driven development. We propose, as a constructive parallel, that polycentric governance — multiple loci of authority, multiple value frameworks held in productive tension, with structured deliberation when conflicts arise — is well-matched to the Aotearoa New Zealand context of Te Tiriti partnership, and is well-supported by international scholarship on polycentric governance (notably Elinor Ostrom’s foundational work). The Tractatus pluralistic-deliberation primitive provides the architectural mechanism for facilitating multi-stakeholder deliberation when boundary enforcement flags a values conflict; foundational pluralism is the philosophical commitment that makes this a structural feature of the framework. (Parallels CAC §I principle 3 “innovation-driven development”.) [CITATIONS: Tractatus pluralistic deliberation primitive (Stroh 2026, CC BY 4.0); Ostrom, E. (2010). Beyond Markets and States: Polycentric Governance of Complex Economic Systems. American Economic Review, 100(3), 641–672. https://doi.org/10.1257/aer.100.3.641 — full bibliographic detail to be verified before v1 publication.]

Adoption-led, evidenced. Applications of intelligent agents are evidenced by deployment in communities that have adopted them; for a civil-society proposal, the appropriate evidential basis is real-world deployment. We affirm the CAC framework’s commitment to application-led development. We propose, as a constructive parallel, that for a civil-society proposal originating from a single company, deployment evidence must precede recommendation. Where this proposal cites Aotearoa New Zealand deployment examples (in §IV and §V) — in parish and hapū / iwi contexts, in iwi and diaspora family-history contexts, in small-business contexts — those citations are to actual deployments, with concrete deployment data (counts, start dates, scope) to be added before v1 publication. Where the proposal advances recommendations into sectors in which MDSL has not yet deployed, those recommendations are framed as sovereignty-architecture conditions for any agent deployment in that sector, addressed to whoever may wish to apply the architecture there. (Parallels CAC §I principle 4 “application-led approach”.) [CITATIONS: MDSL deployment evidence — Village (parish + community contexts), family-history (iwi + diaspora contexts), sydigital (small-business contexts); specific deployment data (counts, start dates, tenancy scope) pending operator-verified figures before v1 publication.]

§II. Foundations for Sovereign Development

Where the Cyberspace Administration of China’s framework consolidates technological foundations under a state-coordinated standardisation programme, we offer foundations rooted in cryptographic sovereignty and bilateral protocols. The two sub-sections that follow — strengthening the sovereignty foundation, and establishing bilateral protocols — together specify the architectural primitives on which the rest of the proposal builds.

(I) Strengthening the Sovereignty Foundation

Item 1. Build sovereign primitives for agents. Cryptographically signed records, member-portable identifiers, and attributed provenance form the foundation for agent operations on sovereign data. They are architectural primitives that constitute sovereignty at the level of the record itself. We propose sustained investment in open-source cryptographic primitives — digital signing, verifiable credentials, content-addressed storage with provenance — and in portable-identity standards usable across any sovereign installation in any sector. We propose that these primitives be developed and maintained as common infrastructure, available under permissive open-source licences (Apache 2.0, EUPL-1.2, or compatible) allowing adoption, modification, and redistribution by any party. The Tractatus boundary-enforcement primitive, the cross-reference-validation primitive, and the instruction-persistence-classification primitive together specify the runtime mechanics; cryptographic signing and verifiable-credential infrastructure provide the underlying audit trail. (Parallels CAC item 1 “strengthen R&D in foundational technologies”.) [CITATIONS: Tractatus framework (Stroh 2026, CC BY 4.0 text / Apache 2.0 code); W3C Decentralized Identifiers (DIDs) v1.0 (W3C Recommendation, 2022); W3C Verifiable Credentials Data Model v1.1; CARE Principles, Authority-to-control commitment (Carroll et al. 2020).]

Item 2. Refine the sovereign toolchain. Open-source reference implementations of agent frameworks — including the Tractatus framework’s six services — should be available for adoption by any sovereign installation under permissive open-source licences that permit installation-local operation. We propose that the toolchain for developing, testing, deploying, and maintaining sovereignty-architected agentic systems be developed in the open, with contributions encouraged from any sovereign installation. The current MDSL implementations — the Tractatus framework distributed under Apache 2.0 (with documentation under CC BY 4.0); the Village and community codebases migrating toward EUPL-1.2 in phases as of mid-2026 — are offered as one set of reference implementations among potentially several. Security tooling — adversarial-input detection, behavioural-anomaly detection, attestation tooling for builds and dependencies — is the appropriate technical complement to the Tractatus boundary-enforcement and metacognitive-verification primitives. (Parallels CAC item 2 “refine the agent toolchain”.) [CITATIONS: Tractatus framework reference implementation (Stroh 2026), Apache 2.0 (code), CC BY 4.0 (text and figures); EUPL-1.2 (European Union Public Licence); Apache 2.0 (Apache Software Foundation).]

(II) Establishing Bilateral Protocols

Item 3. Federated bilateral protocols. Interoperability between sovereign installations occurs through bilateral agreements and open international standards. We acknowledge the merit of the CAC framework’s commitment to a standardised interconnection programme — the proposed Intelligent Agent Interconnection Protocol (AIP), foundational interface standards across software, services, and hardware peripherals, and mandatory standards in sensitive sectors. We propose, for the Aotearoa New Zealand context, that interoperability between sovereign installations is well-supported by the existing international standards landscape: W3C Decentralized Identifiers and Verifiable Credentials for identity; ActivityPub and related W3C federation protocols for inter-installation communication; IETF protocols for authentication, transport, and content addressing; and ISO/IEC SC42 work for AI-specific terminology, lifecycle, risk, and management-system alignment. We propose that Aotearoa NZ contribute to international interoperability standards as a peer participant in those existing forums. (Parallels CAC item 3 “standardisation system” and the proposed AIP interconnection protocol.) [CITATIONS: W3C DIDs v1.0; W3C Verifiable Credentials Data Model v1.1; ActivityPub (W3C Recommendation, 2018); ISO/IEC 22989:2022 terminology; ISO/IEC 23053:2022 ML framework.]

Item 4. Cryptographic identity; federated dialogue on the Intelligent Internet. Identity is per-installation, anchored in DNS and cryptographic keys; verification between counterparties is peer-to-peer; capability declarations are published by each installation. We acknowledge the merit of the CAC framework’s proposal for an intelligent-agent registration platform, which contemplates not only digital identity management and capability declaration but also search and discovery, trusted interconnection, compliant payment, security protection, conflict resolution, IPv6 leverage, and a monitoring indicator system — a substantial and coherent set of inter-related functions. A centralised registration platform with a coordinating authority is one credible architectural approach to these functions.

We propose, for the Aotearoa New Zealand context — where smaller scale, well-established Māori Data Sovereignty principles, and the architectural primitives already represented in MDSL deployments converge — a federated approach in which each Intelligent Internet function is addressed through bilateral arrangements and open international standards. Identity and capability declaration are served by W3C Decentralized Identifiers and Verifiable Credentials. Search and discovery between sovereign installations can draw on the patterns established by ActivityPub-derived federation, by WebFinger (IETF RFC 7033), and by federation-aware directory protocols such as nodeinfo — though we note federated discovery at scale remains an open engineering problem and acknowledge it as such. Trusted interconnection and security protection operate through bilateral cryptographic attestation. Compliant payment routes through existing financial-regulatory channels. Conflict resolution operates through bilateral mediation and existing dispute-resolution mechanisms, with cryptographic provenance providing the audit trail. IPv6 is an underlying infrastructure choice available to any installation. A monitoring indicator system is realisable through open publication of operational metrics by each participating installation, aggregated by independent observers.

We propose formation of a single committee under a suitable umbrella organisation — candidates include the Royal Society Te Apārangi, the Standards New Zealand SC42 mirror committee (existence to verify), the New Zealand AI Forum, or a joint structure across these — to develop NZ-context recommendations on agentic-AI architecture in detail, to contribute to ISO/IEC JTC 1/SC 42 work as a peer participant, and to engage in bilateral dialogue with the CAC framework’s authors and with international peers. The committee would carry five named workstreams: (i) federated identity for intelligent agents and the broader Intelligent Internet functions named in this item; (ii) federated audit and compliance services (cross-reference §III item 12); (iii) attestation-based reputation systems (cross-reference §III item 14); (iv) industry-coordination patterns including federation versus alliance models (cross-reference §V item 35); and (v) international engagement and bilateral cooperation on agentic AI (cross-reference §V item 38). The committee’s contribution to international standards work and to dialogue with the CAC framework’s authors is its principal product. We offer this committee proposal as one contribution to the international conversation; the conversation will benefit from contributions across many architectural traditions. (Parallels CAC item 4 “intelligent internet architecture” with registration platform; committee-formation pattern is consolidated across items 4, 12, 14, 35, and 38.) [CITATIONS: W3C Decentralized Identifiers (DIDs) v1.0; W3C Verifiable Credentials Data Model v1.1; ActivityPub (W3C Recommendation 2018); WebFinger (IETF RFC 7033); nodeinfo federation directory; ISO/IEC 22989:2022; Te Kāhui Raraunga (kahuiraraunga.io — Māori Data Governance Model and Māori AI Governance Framework); Taiuru, K. (20 Sep 2025) Critical Analysis of Te Mana Raraunga Data Principles, taiuru.co.nz/critical-analysis-mana-raraunga/; Royal Society Te Apārangi; ISO/IEC JTC 1/SC 42.]

§III. Upholding the Sovereignty Baseline

Where the Cyberspace Administration of China’s framework establishes a security baseline through product guidelines, behavioural-fencing technologies, tiered governance, and industry self-regulation with credit-rating sanctions, we offer a baseline rooted in the adopter’s own jurisdictional framework, cryptographic provenance, polycentric governance arrangements, and federation-based coordination. The four sub-sections that follow — product principles, security risks, governance system, federated coordination — together specify how an intelligent agent’s compliance with sovereignty principles can be verified at runtime and audited post-hoc.

(I) Clarifying Product Principles

Item 5. Anchor in the adopter’s own laws. Policies, regulations, and ethical standards governing intelligent agents arise from the adopter’s jurisdiction. Values are sourced from local law and local institutional arrangements; the architecture provides the implementation infrastructure in which those values are operative. In Aotearoa New Zealand, the applicable instruments include the Privacy Act 2020 (with the Health Information Privacy Code 2020 and other codes as applicable to specific sectors); the New Zealand Bill of Rights Act 1990 where state actors are involved; the Algorithm Charter for Aotearoa New Zealand for Crown agencies; the Te Tiriti o Waitangi obligations on Crown actors and the partnership obligations they entail; the Official Information Act 1982; the Public Service Act 2020; the Public Records Act 2005; and sectoral statutes including the Reserve Bank of New Zealand Act 2021, the Education and Training Act 2020, the Local Government Act 2002, and the Search and Surveillance Act 2012, applicable to the relevant deployment context. The architecture is implementation-neutral with respect to which jurisdiction’s law applies; the proposal is addressed to Aotearoa NZ adopters, and the same primitives serve adopters in any jurisdiction whose values they wish to operationalise. (Parallels CAC item 5 “policies, regulations and ethical standards”.) [CITATIONS: Privacy Act 2020 (NZ); New Zealand Bill of Rights Act 1990; Algorithm Charter for Aotearoa New Zealand (2020); Health Information Privacy Code 2020; Official Information Act 1982; Public Service Act 2020; Public Records Act 2005; Reserve Bank of New Zealand Act 2021; Education and Training Act 2020; Local Government Act 2002; Search and Surveillance Act 2012 — current legislative versions to verify before v1 publication.]

Item 6. User-final decision authority, cryptographically backed. We affirm the same principle the CAC framework affirms: the user retains the right to be informed of, and final decision authority over, autonomous actions taken by intelligent agents on their behalf. The principle is foundational to the relationship of trust between a person and the agentic systems acting in their name. We propose, as the audit mechanism, per-record cryptographic provenance against the user’s own sovereign record: every autonomous action by an agent operating against the user’s records produces a cryptographic entry attesting to the action, attributable to the agent and to the user’s authorisation framework. The user can inspect, replay, and challenge any agent action against this provenance, and the Tractatus instruction-persistence-classification primitive provides the framework for distinguishing routine actions from those requiring explicit user reconfirmation. (Parallels CAC item 6 “clarify decision-making authority”.) [CITATIONS: Tractatus instruction persistence classification primitive (Stroh 2026, CC BY 4.0); Privacy Act 2020 (NZ), information privacy principle 6 (access rights); CARE Principles, Authority-to-control commitment (Carroll et al. 2020).]

Item 7. Provenance, complementing behavioural control. We acknowledge the CAC framework’s emphasis on rule embedding, behavioural fencing, and blockchain-anchored verification of agent behaviour in critical application scenarios. These are credible architectural approaches for ensuring lawful and compliant behaviour in centrally-coordinated deployments. We propose, as an additional architectural primitive well-suited to bilateral federation, provenance: every action by an intelligent agent produces a cryptographic record attributable to the actor. The two approaches complement each other. Behavioural fencing constrains what an agent may attempt at runtime; provenance creates an unforgeable record of what was actually attempted. Both have a role, and the appropriate balance between them is likely context-specific. (Parallels CAC item 7 “strengthen behavioural control”.) [CITATIONS: Tractatus cross-reference validation primitive (Stroh 2026, CC BY 4.0); W3C Verifiable Credentials Data Model v1.1; ISO/IEC 23894:2023 risk management.]

(II) Mitigating Security Risks

Item 8. Intrinsic security through sovereign primitives. Personal information remains in the holder’s installation; cryptographic protection is per-record as well as perimeter-based; attack detection runs locally against the holder’s records; access is contract-bound between counterparties. The blast radius of a failure is bounded to the affected installation. We affirm the CAC framework’s commitment to intrinsic security capabilities — data security, personal information protection, cryptographic protection, attack detection, access control, behavioural control. We propose, as a constructive parallel, that for a federated architecture the appropriate locus of these capabilities is the sovereign installation, with bilateral mechanisms for cooperation between installations where threats cross jurisdictional or organisational boundaries. (Parallels CAC item 8 “intrinsic security capabilities”.) [CITATIONS: Tractatus boundary enforcement primitive (Stroh 2026, CC BY 4.0); Privacy Act 2020 (NZ); ISO/IEC 23894:2023 risk management.]

Item 9. Supply-chain attestation, federated sharing. We propose per-installation full-lifecycle attestation — signed build provenance, dependency manifests, training-data attestation where applicable, security incident response history — published openly by each installation. Supply-chain incidents are shared bilaterally between federated peers and via established international channels including CERT-NZ, CERT-EU, US-CERT, and the CVE coordination system. We acknowledge the merit of the CAC framework’s commitment to full-lifecycle security standards and supply-chain information sharing. We propose that for federated coordination, supply-chain transparency is achieved through open publication of attestations by each installation, with bilateral cooperation on incident response. (Parallels CAC item 9 “supply chain security”.) [CITATIONS: ISO/IEC 23894:2023 risk management; CERT-NZ disclosure procedures; international CVE coordination process; ISO/IEC 42001:2023 management systems.]

Item 10. Bound the blast radius; audit post-hoc. Routine risk identification operates locally to each installation, with cross-installation incidents propagating through federation. The framework’s principal contribution to mitigating automated-attack risk, privacy infringement, and false-information dissemination is bounding the scale at which automated harm compounds. We affirm the CAC framework’s commitment to risk identification, early warning, intervention, and prevention of agentic AI from being used in illegal activities (automated attacks, privacy infringement, false-information generation and dissemination, online fraud). We propose, as a complementary architectural contribution, that bounding the scale of automated harm — through per-installation operational boundaries and bilateral incident-response cooperation — is a structural complement to detection-and-intervention approaches at the centralised level. (Parallels CAC item 10 “mitigate risks arising from applications”.) [CITATIONS: Tractatus pluralistic deliberation primitive (Stroh 2026, CC BY 4.0); ISO/IEC 23894:2023 risk management; Privacy Act 2020 (NZ); Harmful Digital Communications Act 2015 (NZ) — current legislative versions to verify before v1 publication.]

(III) Improving the Governance System

Item 11. Polycentric governance, in dialogue with tiered approaches. Governance authority over what an intelligent agent may do with a record belongs to the holder of the records. Scenario-permissibility is determined per-installation by the holder’s own jurisdiction, supported by sectoral regulators where their authority extends to the relevant subject matter. We acknowledge the merit of the CAC framework’s categorised and tiered governance approach for sensitive sectors and key industries, with the Cyberspace Administration of China and relevant industry authorities determining permissible application scenarios and implementing management measures such as filing, testing, and the recall of problematic products. We propose, for the Aotearoa New Zealand context, that polycentric governance — multiple loci of authority across Crown agencies, hapū / iwi entities, sectoral regulators, professional bodies, and the holders of records themselves — is well-suited to the existing institutional landscape and to Te Tiriti partnership obligations. International scholarship on polycentric governance, notably Elinor Ostrom’s foundational work, provides the theoretical grounding for this approach. (Parallels CAC item 11 “categorised and tiered governance”.) [CITATIONS: Ostrom, E. (2010). Beyond Markets and States: Polycentric Governance of Complex Economic Systems. American Economic Review, 100(3), 641–672. https://doi.org/10.1257/aer.100.3.641; Algorithm Charter for Aotearoa New Zealand (2020); Te Kāhui Raraunga (kahuiraraunga.io — Māori Data Governance Model and Māori AI Governance Framework); Taiuru, K. (20 Sep 2025) Critical Analysis of Te Mana Raraunga Data Principles, taiuru.co.nz/critical-analysis-mana-raraunga/.]

Item 12. Compliance services federated. Risk monitoring, testing, evaluation, audit, and certification services for intelligent agents exist as commercial, community, and academic offerings; mutual recognition between services occurs through open publication and peer review. We acknowledge the merit of the CAC framework’s commitment to a compliance service system providing professional services such as risk monitoring, testing and evaluation, consultancy, and certification, with promotion of mutual recognition between accredited providers. This area is workstream (ii) of the single committee proposed in §II item 4. The committee would develop NZ-context recommendations on a federated audit framework for intelligent agents, contribute to ISO/IEC SC42 work on AI assessment, evaluation, and management systems, and engage in bilateral dialogue with the CAC framework’s authors on the interaction between federated and centralised compliance services. (Parallels CAC item 12 “compliance service system”; consolidated committee-formation workstream applies.) [CITATIONS: ISO/IEC 42001:2023 management systems; ISO/IEC 23894:2023 risk management; Royal Society Te Apārangi.]

(IV) Strengthening Federated Coordination

Item 13. Coordination by federation. Sovereign installations federate bilaterally; coordination on shared concerns — interoperability standards, security incident disclosure, audit framework development — occurs through open publication and consensus among contributing peers. We acknowledge the merit of the CAC framework’s commitment to industry self-regulation, with industry organisations and major enterprises jointly formulating self-regulatory rules covering AI functionality compliance, algorithm governance, intellectual property protection, and fair competition. We propose, for the federated architecture this proposal specifies, that coordination on shared concerns occurs through open publication and consensus among contributing peers; the architectural commitment to bilateral federation extends to the coordination mechanism itself. (Parallels CAC item 13 “industry self-regulation”.) [CITATIONS: ActivityPub federation protocol (W3C Recommendation 2018); IETF Request for Comments process; W3C process document.]

Item 14. Reputation by attestation. Sovereign installations publish their own attestations — security posture, audit history, dependency manifests, incident response — and counterparties verify cryptographically. Reputation accrues through history of accurate self-disclosure verified by bilateral counterparties. We acknowledge the merit of the CAC framework’s proposal for voluntary credit rating mechanisms for market entities in the intelligent agent sector, with credit assessments for behaviours such as misuse of technology, inducing consumption, false advertising, and concealing information on defects, and sanctions for dishonest conduct in accordance with laws and regulations. This area is workstream (iii) of the single committee proposed in §II item 4. The committee would develop NZ-context recommendations on attestation-based reputation versus registry-based reputation, contribute to international standards work on AI provenance and attestation, and engage in bilateral dialogue with the CAC framework’s authors on interoperability between attestation-based and credit-rating-based reputation systems. (Parallels CAC item 14 “credit rating mechanisms”; consolidated committee-formation workstream applies.) [CITATIONS: W3C Verifiable Credentials Data Model v1.1; ISO/IEC 42001:2023 management systems.]

§IV. Strengthening Adoption-Driven Development

Where the Cyberspace Administration of China’s framework lists nineteen sectors in which the state directs that “agents shall do X”, we mirror the nineteen sectors and reframe each as a question of sovereignty conditions for any agent deployment in that sector. The framework does not direct deployment; it specifies the architectural conditions under which deployment is sovereignty-compatible. The reframe is rhetorically modest but structurally consequential: the state-directed reading positions intelligent agents as instruments of sectoral programmes, while the sovereignty-conditions reading positions them as tools whose use must satisfy attribution, provenance, and member-portability requirements regardless of who deploys them.

(I) Scientific Research

Item 15. In research, sovereignty primitives apply. Research environments operate on sovereign datasets — held by participating individuals, institutions, hapū / iwi entities, or research consortia under their respective governance arrangements; provenance accompanies derived results; bilateral federation between institutions provides the interoperability layer where data-sharing is necessary. We acknowledge the merit of the CAC framework’s vision of intelligent agents enhancing theoretical deduction, knowledge integration, and integration with scientific instruments and experimental platforms. We propose that for Aotearoa NZ research, those capabilities are deployed under research-ethics governance specific to each institution and to each research project, with the Tractatus pluralistic-deliberation primitive providing the architectural mechanism for scaling research-ethics review across competing value frameworks. (Parallels CAC item 15 “research and exploration”.) [CITATIONS: CARE Principles (Carroll et al. 2020); FAIR Principles (Wilkinson et al. 2016, https://doi.org/10.1038/sdata.2016.18); Te Kāhui Raraunga (kahuiraraunga.io — Māori Data Governance Model and Māori AI Governance Framework); Taiuru, K. (20 Sep 2025) Critical Analysis of Te Mana Raraunga Data Principles, taiuru.co.nz/critical-analysis-mana-raraunga/; New Zealand research-ethics framework via the Health Research Council and Royal Society Te Apārangi; Tractatus pluralistic deliberation primitive (Stroh 2026).]

Item 16. In software R&D, attribution and audit apply. Code-generation agents operate against attributed sources; derived works carry their lineage; CI/CD pipelines verify build attestation and dependency provenance. We acknowledge the merit of the CAC framework’s commitment to software-development intelligent agents enhancing requirements analysis, architectural design, code generation, and testing. We propose that all such capabilities operate under attribution and provenance requirements; agentic contributions to code, design, or simulation outputs are attributed both to the agent and to the human or organisational operator on whose authority they were produced. (Parallels CAC item 16 “R&D support”.) [CITATIONS: W3C Verifiable Credentials Data Model v1.1; SBOM (Software Bill of Materials) standards via NTIA and OWASP CycloneDX; Tractatus cross-reference validation primitive (Stroh 2026).]

(II) Industrial Development

Item 17. In manufacturing, sovereignty primitives apply. Production data is the manufacturer’s sovereign record; agents operating against it are attributed; cross-installation coordination for supply chains is bilateral. We acknowledge the merit of the CAC framework’s commitment to production-management agents for scheduling, resource allocation, and process optimisation, and to integration with CNC machine tools, industrial robots, and automated production lines. We propose that all such capabilities operate under the manufacturer’s authority, with supply-chain coordination occurring through bilateral agreements between participating manufacturers and counterparties. (Parallels CAC item 17 “intelligent manufacturing”.) [CITATIONS: ISO/IEC 42001:2023 management systems; pending lookup for NZ manufacturing data standards and Industry 4.0 NZ initiatives.]

Item 18. In energy and resources, sovereignty primitives apply. Environmental data, resource catalogues, and dispatch logs are sovereign records of the responsible entities: Crown for some (statutory resources, certain environmental data); hapū and iwi for those where Treaty Settlement allocations apply; private entities for the remainder. Agents operate against the relevant entity’s records under that entity’s authority. The specific allocations are entity-specific and depend on the relevant Settlement legislation and arrangements. We acknowledge the merit of the CAC framework’s commitment to environmental-sensing agents for natural-disaster and pollution-risk early warning, to power-dispatch and grid-maintenance agents, and to resource-exploration applications. We propose that for the Aotearoa NZ context, the relevant authorities arise from the existing institutional and Treaty framework, and the architecture provides the audit and attribution infrastructure within which those authorities operate. (Parallels CAC item 18 “energy and resources”.) [CITATIONS: Resource Management Act 1991 (NZ); relevant Treaty Settlements legislation (entity-specific, pending verification before v1 publication); Electricity Industry Act 2010 (NZ); Crown Minerals Act 1991 (NZ).]

Item 19. In transport, sovereignty primitives apply. Vehicle telemetry, traffic data, and infrastructure sensor data are sovereign records of operators, Crown agencies, and road-controlling authorities; coordination between them — Waka Kotahi New Zealand Transport Agency, KiwiRail, maritime authorities, the Civil Aviation Authority, regional councils, and city councils — is bilateral federation across the relevant institutional boundaries. We acknowledge the merit of the CAC framework’s commitment to traffic-safety, emergency-dispatch, and vehicle-control intelligent agents. We propose that the Aotearoa NZ context, with its existing bilateral institutional arrangements across transport modes, is well-suited to a federated approach. (Parallels CAC item 19 “transport”.) [CITATIONS: Land Transport Act 1998 (NZ); Land Transport Management Act 2003 (NZ); Civil Aviation Act 1990 (NZ); Maritime Transport Act 1994 (NZ); pending lookup for NZ transport data sovereignty work.]

Item 20. In agriculture, sovereignty primitives apply. Farm data is the farmer’s sovereign record; pest, disease, yield, and stocking data may be shared bilaterally with extension services, research institutions, or hapū rōpū where applicable, under the farmer’s terms. We acknowledge the merit of the CAC framework’s commitment to agricultural-services intelligent agents for technical guidance, pest and disease diagnosis, and integration with smart agricultural machinery and greenhouses. We propose that for Aotearoa NZ — where agricultural data sovereignty is a recognised issue across farm-data co-operatives, sectoral organisations, and increasing engagement with Māori data sovereignty in primary-industry contexts — bilateral data-sharing under the farmer’s terms is well-suited. (Parallels CAC item 20 “agricultural production”.) [CITATIONS: pending lookup for NZ agricultural data sovereignty work and farm-data governance arrangements; Te Kāhui Raraunga (kahuiraraunga.io — Māori Data Governance Model and Māori AI Governance Framework); Taiuru, K. (20 Sep 2025) Critical Analysis of Te Mana Raraunga Data Principles, taiuru.co.nz/critical-analysis-mana-raraunga/ where applicable.]

Item 21. In financial services, sovereignty primitives apply. Customer records, transaction data, and risk signals are sovereign records of the holding institution, subject to Reserve Bank of New Zealand / Te Pūtea Matua prudential requirements, the Privacy Act 2020, and the Anti-Money Laundering and Countering Financing of Terrorism Act 2009. AML/CFT cooperation is bilateral via established channels — the New Zealand Financial Intelligence Unit and the international FATF channels — and AI assistance is attributed and bounded by these existing regulatory arrangements. We acknowledge the merit of the CAC framework’s commitment to financial-risk-control agents for credit approval, transaction monitoring, account security, and anti-money laundering monitoring. We propose that for Aotearoa NZ, the existing institutional and regulatory framework is well-suited to attribution-based audit at the level of each financial institution, with bilateral cooperation through established channels for cross-institutional and international coordination. (Parallels CAC item 21 “financial services”.) [CITATIONS: Reserve Bank of New Zealand Act 2021; Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (NZ); Privacy Act 2020 (NZ); FATF Recommendations.]

(III) Daily Life

Item 22. In end-user applications, sovereignty primitives apply. Member-portable identifiers replace platform-specific accounts; cross-device coordination is mediated by the member’s own keychain or identity wallet. Sovereignty here means the user holds the records — whether the application is built by an Aotearoa NZ vendor or an international one. We acknowledge the merit of the CAC framework’s commitment to intelligent agents empowering internet applications and services across mobile phones, computers, vehicles, home appliances, wearables, and consumer-grade robots. We propose that for any application operating against user records, the architectural primitives of attribution and member-portability apply regardless of vendor jurisdiction. (Parallels CAC item 22 “end-user applications”.) [CITATIONS: W3C Decentralized Identifiers (DIDs) v1.0; W3C Verifiable Credentials Data Model v1.1; Privacy Act 2020 (NZ), information privacy principle 7 (correction).]

Item 23. In culture and tourism, sovereignty primitives apply. Cultural content is governed by its creators; in the Aotearoa NZ context, kaitiaki obligations over taonga are central to how AI agents may interact with cultural material. Translation agents preserve attribution and cultural context; their outputs do not stand in for the original mātauranga, and what counts as appropriate use in te ao Māori contexts is for tangata whenua to determine. Visitor data handled by tourism services is treated as the visitor’s sovereign record. We acknowledge the merit of the CAC framework’s commitment to cultural-content-creation agents and tourism-service agents. We propose that for Aotearoa NZ — where mātauranga Māori is taonga under Te Tiriti partnership obligations, and where Dr Karaitiana Taiuru’s published work on mātauranga Māori protection in AI training data, alongside Te Kāhui Raraunga’s Māori AI Governance Framework, is foundational scholarship — the architectural primitives provide audit infrastructure, and the substantive determination of appropriate use is for the holders of the mātauranga. (Parallels CAC item 23 “culture and tourism”.) [CITATIONS: Taiuru, K. — mātauranga Māori protection in AI training data (specific publications pending verification); Te Kāhui Raraunga (kahuiraraunga.io — Māori Data Governance Model and Māori AI Governance Framework); Taiuru, K. (20 Sep 2025) Critical Analysis of Te Mana Raraunga Data Principles, taiuru.co.nz/critical-analysis-mana-raraunga/; CARE Principles (Carroll et al. 2020); Wai 262 (Waitangi Tribunal Report on Indigenous Flora and Fauna and Cultural Intellectual Property).]

Item 24. In commercial services, sovereignty primitives apply. Customer interactions create records; both parties — operator and customer — hold provenance copies; disputes are coordinated bilaterally. Embodied agents in retail, hospitality, aged care, and disability support operate under the deployment-holder’s authority and produce auditable records of their actions. We acknowledge the merit of the CAC framework’s commitment to 24/7 customer service, embodied intelligent agents for guidance, cleaning, warehousing, and distribution in commercial venues, and embodied agents for domestic help, elderly care, childcare, and disability support. We propose that for Aotearoa NZ, all such applications operate under existing consumer-protection, care-quality, and disability-services regulatory frameworks. (Parallels CAC item 24 “commercial services”.) [CITATIONS: Consumer Guarantees Act 1993 (NZ); Fair Trading Act 1986 (NZ); Health and Disability Services (Safety) Act 2001 (NZ); New Zealand Disability Strategy.]

(IV) Public Welfare

Item 25. In education, sovereignty primitives apply. Learning records are the student’s sovereign record, with co-stewardship where the student is a minor; teaching materials produced by agents are attributed; institutional records — rolls, assessments, qualification records — follow existing institutional governance under the Education and Training Act 2020. Portability is to the student, with appropriate institutional arrangements for handover at transitions between providers. We acknowledge the merit of the CAC framework’s commitment to lesson-material generation, homework marking, learning progress analysis, personalised learning plans, and virtual teaching assistants. We propose that for Aotearoa NZ, these capabilities operate under the Privacy Act 2020 and the Education and Training Act 2020, with student-data sovereignty maintained throughout. (Parallels CAC item 25 “education and teaching”.) [CITATIONS: Education and Training Act 2020 (NZ); Privacy Act 2020 (NZ); New Zealand Curriculum.]

Item 26. In healthcare, sovereignty primitives apply. Patient records are the patient’s sovereign record under the Health Information Privacy Code 2020 and Te Whatu Ora / Health New Zealand stewardship structures; diagnostic agents produce attributed outputs; treatment recommendations carry provenance; coordination between providers occurs via Health Information Standards Organisation (HISO) channels and Te Whatu Ora interoperability arrangements. We acknowledge the merit of the CAC framework’s commitment to medical-imaging analysis, disease-diagnosis reasoning, personalised treatment plans, medication management, surgical scheduling, and medical-records management agents. We propose that for Aotearoa NZ, these capabilities operate under the existing health-information governance framework, with patient sovereignty over health records maintained as the architectural baseline. (Parallels CAC item 26 “healthcare”.) [CITATIONS: Health Information Privacy Code 2020 (NZ); Pae Ora (Healthy Futures) Act 2022 (NZ); HISO data standards.]

Item 27. In employment and labour, sovereignty primitives apply. Employment records, training certifications, and dispute records are sovereign to the parties; mediation operates under existing Employment Mediation Service governance; AI assistance is attributed and bounded by the existing tripartite (worker / employer / state) structure of NZ labour law. We acknowledge the merit of the CAC framework’s commitment to agents for employment promotion, training and assessment of technical personnel, labour-relations services, social insurance, labour-dispute arbitration, and wage-arrears management. We propose that for Aotearoa NZ, these capabilities operate under the Employment Relations Act 2000 and the associated tripartite framework, with attribution and provenance applied throughout. (Parallels CAC item 27 “human resources”.) [CITATIONS: Employment Relations Act 2000 (NZ); Holidays Act 2003 (NZ); Human Rights Act 1993 (NZ); New Zealand tripartite labour-relations framework.]

Item 28. In information services, sovereignty primitives apply. Content is attributed to its creators; recommendation agents operate against the user’s sovereign profile, which the user can inspect, export, and port; editorial review remains a human function. Where AI agents produce content, attribution is to the agent and to the human or organisational operator on whose authority it acted; AI-generated content disclosure is the baseline architectural commitment. We acknowledge the merit of the CAC framework’s commitment to intelligent agents for online-content construction, user analysis, topic planning, editorial processing, distribution and recommendation, content review, opinion guidance, emotional support, and real-time translation. We propose that for Aotearoa NZ, attribution requirements apply to all such applications, with the existing broadcasting-standards and harmful-digital-communications framework providing the regulatory context. (Parallels CAC item 28 “information services”.) [CITATIONS: Broadcasting Act 1989 (NZ); Harmful Digital Communications Act 2015 (NZ); Privacy Act 2020 (NZ); pending lookup for AI-content attribution standards.]

(V) Social Governance

Item 29. In public administration, sovereignty primitives apply. Citizen interactions with the state produce records held by both citizen and state; member-held identity credentials migrate over time toward member control; agentic assistance in approval processes is attributed and bounded by Administrative Law principles. Crown agencies remain accountable through the Public Service Act 2020, the Official Information Act 1982, the Privacy Act 2020, the Algorithm Charter for Aotearoa New Zealand, and the Public Records Act 2005. We acknowledge the merit of the CAC framework’s commitment to administrative-approval, policy-consultation, and proactive-service-delivery agents. We propose that for Aotearoa NZ, all such Crown-agency applications operate within the existing accountability framework, with the architectural primitives providing the audit infrastructure consistent with the Algorithm Charter’s commitments to transparency and partnership with Māori. (Parallels CAC item 29 “public administration services”.) [CITATIONS: Public Service Act 2020 (NZ); Official Information Act 1982 (NZ); Privacy Act 2020 (NZ); Algorithm Charter for Aotearoa New Zealand (2020); Public Records Act 2005 (NZ).]

Item 30. In judicial services, sovereignty primitives apply. Court records, evidence, and legal documents are governed by existing court processes; AI assistance is attributed; evidence chain-of-custody is cryptographic where applicable; access controls follow existing judicial governance. Self-represented-litigant support tools that use AI disclose their use and produce auditable provenance. We acknowledge the merit of the CAC framework’s commitment to end-to-end case-handling assistance, legal-document generation, legal-publicity, legal-consultation, and legal-supervision agents. We propose that for Aotearoa NZ, all such applications operate under the Senior Courts Act 2016, the Evidence Act 2006, and the established court rules and practice notes governing AI use in legal proceedings. (Parallels CAC item 30 “judicial services”.) [CITATIONS: Senior Courts Act 2016 (NZ); Evidence Act 2006 (NZ); pending lookup for current court guidance on AI use.]

Item 31. In public safety, sovereignty primitives apply. Surveillance is governed by existing legislation — the Privacy Act 2020, the Search and Surveillance Act 2012, and the Intelligence and Security Act 2017 — and any AI agents operating in public-safety contexts produce auditable provenance under those frameworks. Behaviour-monitoring agents operate within the reach already lawful under those statutes. We acknowledge the merit of the CAC framework’s commitment to monitoring and early-warning agents, emergency-response and rescue-coordination agents, and abnormal-behaviour identification and dynamic-prevention applications. We propose, for the Aotearoa NZ context, that the architectural contribution of attribution and provenance is to make agentic AI in public-safety contexts auditable; whether and how such capabilities should be deployed is a values decision for the relevant legislative and policy framework, addressed to Parliament and the responsible Ministers, with the architecture providing the audit infrastructure within which those decisions become tractable. (Parallels CAC item 31 “public safety”.) [CITATIONS: Privacy Act 2020 (NZ); Search and Surveillance Act 2012 (NZ); Intelligence and Security Act 2017 (NZ); New Zealand Bill of Rights Act 1990.]

Item 32. In urban governance, sovereignty primitives apply. Urban data — sensor networks, planning data, building consents, infrastructure operating data — is held by councils as sovereign records; agentic systems operating in council functions are attributed and accountable through the Local Government Act 2002 and council governance structures. We acknowledge the merit of the CAC framework’s commitment to urban-planning, urban-construction, and urban-governance intelligent agents, including for smart construction, building management, and urban infrastructure operation. We propose that for Aotearoa NZ, all such applications operate within existing local-government accountability arrangements, with the architectural primitives providing the audit and attribution infrastructure. (Parallels CAC item 32 “urban governance”.) [CITATIONS: Local Government Act 2002 (NZ); Building Act 2004 (NZ); Resource Management Act 1991 (NZ).]

Item 33. In procurement, sovereignty primitives apply. Tender records, evaluations, and contracts are sovereign records of the contracting entity; agentic assistance in procurement is attributed and bounded by Government Procurement Rules and applicable contract law; transparency is via existing OIA-compliant publication. We acknowledge the merit of the CAC framework’s commitment to end-to-end intelligent management of tendering and bidding processes, with intelligence applied to transactions, services, and supervision. We propose that for Aotearoa NZ, the Government Procurement Rules and the existing public-procurement framework provide the appropriate accountability context, with attribution and provenance applied throughout. (Parallels CAC item 33 “tendering and bidding”.) [CITATIONS: Government Procurement Rules (NZ); Public Records Act 2005 (NZ); Official Information Act 1982 (NZ).]

§V. Building a Federated Ecosystem

Where the Cyberspace Administration of China’s framework envisions an industry-cluster ecosystem with national-champion projection through international AI conferences, we offer a federated ecosystem where coordination occurs by bilateral federation between sovereign peers and where international alignment is via established standards bodies. The two sub-sections that follow — promoting federated cooperation, and strengthening bilateral promotion — together specify how an ecosystem of sovereign installations sustains itself and engages internationally.

(I) Promoting Federated Cooperation

Item 34. Open-source under permissive licences. Reference implementations should be available under permissive open-source licences. The current MDSL implementations are one set of references among potentially several: the Tractatus framework is distributed under Apache 2.0 for code and CC BY 4.0 for documentation; the Village and community codebases are migrating toward EUPL-1.2 (European Union Public Licence) in phases as of mid-2026; future MDSL contributions are intended to be EUPL-1.2 where practicable, for sovereignty alignment with European Union sovereignty work and for compatibility with bilateral federation between sovereign installations across multiple jurisdictions. We acknowledge the merit of the CAC framework’s commitment to fostering open-source innovation, including domestic-AI open-source communities, compatibility with open-source chips, operating systems, and large models, and engagement of enterprises, universities, and research institutions in open-source projects. Open-source under permissive licences is bilateral-federation-friendly: each sovereign installation forks the upstream, contributes back via pull request, and takes its own deployment decisions. (Parallels CAC item 34 “foster open-source innovation”.) [CITATIONS: Apache 2.0 (Apache Software Foundation); EUPL-1.2 (European Union Public Licence); CC BY 4.0 (Creative Commons).]

Item 35. Federation by publication. Where coordination is needed on common technology, interoperability standards, security incident response, or audit framework development, it occurs through open publication and consensus among contributing installations. International alignment is via W3C, IETF, ISO/IEC, and similar established standards bodies. We acknowledge the merit of the CAC framework’s commitment to industry-collaboration platforms — including intelligent-agent ecosystem alliances, technology-verification laboratories, and joint R&D arrangements — and to coordination of upstream and downstream supply-chain participants in common technology R&D, standards-setting, and assessment-and-certification work. This area is workstream (iv) of the single committee proposed in §II item 4. The committee would develop NZ-context recommendations on federation patterns and alliance patterns for industry coordination, contribute to ISO/IEC SC42 work on AI industry-collaboration models, and engage in bilateral dialogue with the CAC framework’s authors on the interaction between federated and alliance-based industry coordination. (Parallels CAC item 35 “industry collaboration platforms”; consolidated committee-formation workstream applies.) [CITATIONS: W3C process document; IETF Request for Comments process; ISO/IEC 42001:2023 management systems.]

(II) Strengthening Bilateral Promotion

Item 36. Adoption is bilateral. Each sovereign installation reaches its counterparties directly — partner organisations, peer institutions, federated peers. We acknowledge the merit of the CAC framework’s commitment to application-promotion channels, including intelligent-agent software stores, industry supply-demand information platforms, customised product development via tendering and the “unveil-and-take-the-helm” challenge model, and hardware-system and software enterprise development of intelligent-agent products and services. We propose, for the Aotearoa NZ context, that adoption channels arise from the existing commercial, civil-society, and institutional landscape; sovereign installations build their counterparty relationships through ordinary direct engagement, with public procurement following the Government Procurement Rules. (Parallels CAC item 36 “application promotion channels”.) [CITATIONS: Government Procurement Rules (NZ); pending verification for any current NZ procurement reforms.]

Item 37. Pilot deployment is bilateral and evidence-led. Sovereign installations pilot adoption with willing communities directly. Existing MDSL deployments — Village in parish and hapū / iwi contexts; family-history in iwi and diaspora contexts; sydigital in small-business contexts — are examples; specific deployment data (counts, start dates, tenancy scope) is to be added before v1 publication. We acknowledge the merit of the CAC framework’s commitment to driving the opening of intelligent-agent application scenarios in key sectors, with pilots in industrial clusters, key industries, and key sectors building a portfolio of demonstration projects. We propose that for Aotearoa NZ, pilot deployment is bilateral between deploying installations and their willing communities. Where Crown agencies wish to pilot agentic AI, they do so under existing Privacy Impact Assessment processes, the Algorithm Charter for Aotearoa New Zealand, and Te Mana Raraunga / Māori Data Sovereignty Network commitments. (Parallels CAC item 37 “advance the opening of key scenarios”.) [CITATIONS: MDSL deployment evidence — Village (parish + community contexts), family-history (iwi + diaspora contexts), sydigital (small-business contexts), specific data pending operator-verified figures before v1 publication; Algorithm Charter for Aotearoa New Zealand (2020); Te Kāhui Raraunga (kahuiraraunga.io — Māori Data Governance Model and Māori AI Governance Framework); Taiuru, K. (20 Sep 2025) Critical Analysis of Te Mana Raraunga Data Principles, taiuru.co.nz/critical-analysis-mana-raraunga/.]

Item 38. International alignment by bilateral federation. Sovereign installations in Aotearoa New Zealand federate bilaterally with sovereign installations in other jurisdictions; international standards engagement occurs through W3C, IETF, ISO/IEC, and similar fora as peer participation. We acknowledge the merit of the CAC framework’s commitment to actively cultivating the global ecosystem through international platforms such as the World Artificial Intelligence Conference and the World Internet Conference, promotion of intelligent-agent adaptation by terminal-device and software enterprises, and engagement on overseas compliance and adaptation to local laws, regulations, and cultural customs. This area is workstream (v) of the single committee proposed in §II item 4. The committee would develop NZ-context recommendations on international AI cooperation, contribute to ISO/IEC SC42 international standards work, and engage in bilateral dialogue with the CAC framework’s authors and with international peers on interoperability between bilateral-federation and platform-projection approaches to international cooperation. We offer this as one contribution to an early-stage international conversation; contributions across many architectural traditions and political contexts will improve the field. (Parallels CAC item 38 “actively cultivate the global ecosystem”; consolidated committee-formation workstream applies.) [CITATIONS: ISO/IEC JTC 1/SC 42; W3C international standards process; pending lookup for current NZ bilateral AI agreements and international engagements.]

§VI. Safeguarding Adoption

As a civil-society proposer, My Digital Sovereignty Ltd does not coordinate adoption. We name here the bodies whose participation would be required if any part of this framework were to be adopted by Aotearoa New Zealand entities.

Crown agencies whose work this proposal touches include the Ministry of Business, Innovation and Employment for digital strategy; the Ministry of Justice for legal framework alignment; the Office of the Privacy Commissioner for Privacy Act 2020 alignment; Stats NZ and Te Kāhui Raraunga for data-sovereignty alignment (with Dr Karaitiana Taiuru’s 20 September 2025 critical analysis as foundational reference); Te Whatu Ora / Health New Zealand for health-information governance; Te Pūtea Matua / Reserve Bank of New Zealand for financial-services prudential alignment; Waka Kotahi New Zealand Transport Agency for transport; the Ministry of Education for education; and New Zealand Police for public-safety contexts. Civil-society evaluation would naturally involve Royal Society Te Apārangi, Internet NZ, NetSafe, the New Zealand AI Forum, and academic researchers across the relevant disciplines. Hapū and iwi consideration is essential where Treaty obligations or Settlement implications arise, and the architecture this proposal specifies is intended to support — and is offered for use under — Māori data sovereignty work as articulated by Te Kāhui Raraunga (Māori Data Governance Model; Māori AI Governance Framework) and by Dr Karaitiana Taiuru’s published scholarship — including his 20 September 2025 critical analysis that informs why earlier framings are inadequate for AI contexts.

International dialogue with the authors of the CAC framework and with peer Indigenous Data Sovereignty networks — FNIGC in Canada, USIDSN in the United States, Maiam nayri Wingara in Australia, GIDA internationally — would enrich both directions of the conversation.

My Digital Sovereignty Ltd commits to the architectural openness and licence-openness elements of the proposal: the Tractatus framework, the Village and community codebases, and future MDSL contributions will remain available under permissive open-source licences, and the reference implementations will be developed in dialogue with adopters. The rest is addressed to those who would decide adoption.

We close with an explicit invitation: to the CAC framework’s authors, to international peers, to NZ policymakers and community organisers, and to anyone working on parallel questions — comments on this v1 are welcome via the standing paper-comments channels on agenticgovernance.digital.

Licence and citation

Copyright © 2026 John G. Stroh / My Digital Sovereignty Ltd.

This paper is licensed under the Creative Commons Attribution 4.0 International Licence (CC BY 4.0). You are free to share, copy, redistribute, adapt, remix, transform, and build upon this material for any purpose, including commercially, provided you give appropriate attribution, provide a link to the licence, and indicate if changes were made.

The reference implementations referred to in this paper are licensed separately: the Tractatus framework under the Apache 2.0 Licence (code) and CC BY 4.0 (documentation); the Village and community codebases under the European Union Public Licence (EUPL-1.2) where migrated, and Apache 2.0 elsewhere as of mid-2026.

Suggested citation: Stroh, J. G. (2026). A Civil-Society Proposal for Sovereign and Federated Agentic AI in Aotearoa New Zealand (v1.1, May 2026, revised per Dr Karaitiana Taiuru’s feedback on v1). My Digital Sovereignty Ltd. https://agenticgovernance.digital/papers/aotearoa-nz-agentic-ai-framework-v1.1-may-2026.html

Comments and correspondence: Substantive feedback engaging specific sections is welcomed. Please cite section numbers (e.g. §III item 5) so corrections can be traced. The author replies personally; allow one to two weeks. Email: john.stroh@mysovereignty.digital.