<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0"><channel><title><![CDATA[NormSense]]></title><description><![CDATA[Weekly intelligence on AI norm crystallization, contestation, and adoption.]]></description><link>https://newsletter.normsense.com</link><image><url>https://substackcdn.com/image/fetch/$s_!ZRoS!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3aed1010-9e96-43b3-bb39-9246c084ed31_512x512.png</url><title>NormSense</title><link>https://newsletter.normsense.com</link></image><generator>Substack</generator><lastBuildDate>Thu, 16 Jul 2026 06:26:15 GMT</lastBuildDate><atom:link href="https://newsletter.normsense.com/feed" rel="self" type="application/rss+xml"/><copyright><![CDATA[A Ways Co.]]></copyright><language><![CDATA[en]]></language><webMaster><![CDATA[normsense@substack.com]]></webMaster><itunes:owner><itunes:email><![CDATA[normsense@substack.com]]></itunes:email><itunes:name><![CDATA[Zach Van Valkenburg]]></itunes:name></itunes:owner><itunes:author><![CDATA[Zach Van Valkenburg]]></itunes:author><googleplay:owner><![CDATA[normsense@substack.com]]></googleplay:owner><googleplay:email><![CDATA[normsense@substack.com]]></googleplay:email><googleplay:author><![CDATA[Zach Van Valkenburg]]></googleplay:author><itunes:block><![CDATA[Yes]]></itunes:block><item><title><![CDATA[The Tumbler Ridge Test]]></title><description><![CDATA[Three ways the industry taught itself to be unaccountable, and who caught it]]></description><link>https://newsletter.normsense.com/p/the-tumbler-ridge-test</link><guid isPermaLink="false">https://newsletter.normsense.com/p/the-tumbler-ridge-test</guid><dc:creator><![CDATA[Zach Van Valkenburg]]></dc:creator><pubDate>Sun, 12 Jul 2026 13:00:52 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!ZRoS!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3aed1010-9e96-43b3-bb39-9246c084ed31_512x512.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Seven families are suing OpenAI in California right now. Their kids were killed in a school shooting in a small British Columbia mining town called Tumbler Ridge. The shooter used ChatGPT extensively in the weeks before. The families say OpenAI knew he was drifting toward violence and did nothing.</p><p>Critical context for this one. The shooter told ChatGPT what he was planning. ChatGPT told no one. Nobody at OpenAI has explained why that&#8217;s an acceptable design.</p><p>OpenAI agreed to strengthen safeguards. Altman apologized. A Canadian minister announced the win. Everyone moved on.</p><p>So here&#8217;s the thing about AI accountability right now. It&#8217;s a three-step trick, and it&#8217;s very well designed.</p><div><hr></div><p><strong>Step 1: Voluntary commitments, narrowly scoped.</strong></p><p>Mozilla, Amazon, Anthropic, Google, OpenAI. All committed to responsible AI governance. All framed those commitments as applying to frontier models: the ones more powerful than what&#8217;s currently deployed. Which is a lovely framing. It exempts everything they&#8217;ve already shipped.</p><p>AI Now Institute called this out in April, in a piece called &#8220;AI Giants Go on Charm Offensive to Avert Public Backlash.&#8221; Governance for models &#8220;more powerful than the current industry frontier&#8221; is governance for a phantom. </p><div class="pullquote"><p>The systems doing actual harm to actual people aren&#8217;t frontier models. They&#8217;re deployed models. </p></div><p>They&#8217;re ChatGPT and Gemini and Claude, right now, as I write this. The safety commitment is retrospective. And voluntary.</p><p><strong>Step 2: Refuse external validation.</strong></p><p>DeepMind published a safety case for its &#8220;scheming inability&#8221; evaluation. External reviewers looked at it. Researchers, not activists. They found methodological problems. They wrote a paper called &#8220;Lessons from External Review of DeepMind&#8217;s Scheming Inability Safety Case.&#8221;</p><p>A separate group of researchers argued that NeurIPS should require reproducibility standards for frontier AI safety claims. The paper exists because the standards don&#8217;t.</p><p>The industry position on external validation, as best I can tell, is that internal safety teams are enough. Reviewers, journal editors, standards bodies are welcome to comment. Whether their comments land is another question.</p><p><strong>Step 3: Deny duty to warn.</strong></p><p>Tumbler Ridge again. The families&#8217; legal theory is negligence and product defect. Standard American tort law. The industry position is that AI platforms are conduits. Not publishers, not psychiatrists, not warning systems. If a user tells ChatGPT what he plans to do, that&#8217;s a private conversation.</p><p>The Canadian government is negotiating safety agreements now. OpenAI agreed to strengthen safeguards. Altman apologized. The underlying legal question, whether an AI developer has any duty to warn when their system foreseeably contributes to violence, remains open.</p><div><hr></div><p><strong>Meanwhile, on the other side of the table.</strong></p><p>A small persistent group of civil society organizations does the accountability work the industry says nobody needs to do. They deserve to be named.</p><p>The Electronic Frontier Foundation ran a three-piece campaign this year on tech company accountability. March 27: &#8220;US Tech Companies Must Be Accountable in US Courts for Facilitating Persecution and Torture Abroad.&#8221; April 2: &#8220;Google and Amazon: Acknowledged Risks, Ignored Responsibilities.&#8221; May 19: &#8220;Microsoft Took a Step Toward Human Rights Accountability. Google and Amazon (and Others) Should Too.&#8221; Three months, three pieces. Same argument compounding. That is what a campaign looks like.</p><p>AI Now Institute went even harder. Their April &#8220;Charm Offensive&#8221; piece named the coordinated PR strategy behind the industry commitments directly. Their &#8220;Uber for nursing&#8221; reports in April tracked the same playbook in a different vertical, showing how AI companies use voluntary commitments and industry-led standards to preempt binding oversight in healthcare. In May they broke the story that the US military is using AI to plan Iran air attacks, forcing lawmakers to call for oversight the industry had been happy to skip. And their North Star Data Center Policy Toolkit gave state and local policymakers a concrete blueprint for interventions in AI infrastructure decisions their federal counterparts kept punting.</p><p>Same organization. Six weeks. Four separate accountability moves, four different fronts.</p><p>They don&#8217;t get paid what the industry pays. They get outnumbered. They do the work the industry insists is unnecessary, because the industry will police itself.</p><div><hr></div><p><strong>Watch what stays.</strong></p><p>Voluntary commitments narrow accountability upstream. Refusing external validation removes the check midstream. Denying duty to warn deflects liability downstream.</p><p>Three defenses, three points in the pipeline where responsibility could have attached, three moments where the industry got itself off the hook.</p><p>I want to believe voluntary commitments are enough. So did the SEC once, when they let broker-dealers self-report their trading practices. That went well.</p><p>Seven families are suing OpenAI. Whatever the court decides, the pattern is set. And the pattern is the same one you see everywhere else in this field. The people who deploy the systems decide what accountability looks like. The people who bear the consequences fill out a form.</p><p>Civil society researchers catch it. They pay attention on a fraction of the budget.</p><p>That&#8217;s what NormSense catches too. Not who said what at what conference. What actually stays when the microphones turn off.</p><p>Zach, see you in the cluster pages.</p>]]></content:encoded></item><item><title><![CDATA[Four labs, one Sunday school]]></title><description><![CDATA[Ask Claude, GPT-4o, Grok, and DeepSeek about a minority writing system and they will send it to church.]]></description><link>https://newsletter.normsense.com/p/four-labs-one-sunday-school</link><guid isPermaLink="false">https://newsletter.normsense.com/p/four-labs-one-sunday-school</guid><dc:creator><![CDATA[Zach Van Valkenburg]]></dc:creator><pubDate>Sun, 05 Jul 2026 13:02:03 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!ZRoS!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3aed1010-9e96-43b3-bb39-9246c084ed31_512x512.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Researchers benchmarked four frontier AI models against a specific class of question. What are minority and historically marginalized writing systems used for in the world today?</p><p>Claude, GPT-4o, Grok, and DeepSeek all over-attribute religious function to these writing systems at 4.1x above base expectation. Across all four model families, &#8220;used for religion&#8221; alone accounts for 43.6% of convergent errors.</p><p>NormSense crystallized cluster <strong>a7d88dc5</strong> on this finding this week. Nine observations. Adoption 0.72, which for a fresh finding is high.</p><div><hr></div><p>Four independent labs. Different training pipelines. Different alignment approaches. Different fine-tuning teams. Different corporate cultures. Different countries of headquarters. And the same wrong answer, in the same magnitude, for the same class of question.</p><p>Writing systems have many uses. Legal contracts. Personal correspondence. Commercial signage. Newspapers. Song lyrics. Political speech. Social media. The models systematically compress this range toward religious usage for the minority scripts and not for the majority ones. A user asking about the Latin alphabet gets an answer covering commerce, law, literature, and daily life. A user asking about, for example, a marginalized regional script gets an answer skewed toward liturgical function.</p><p>Where does the convergence comes from?</p><p>The likely explanation is that all four models are downstream of the same English-language corpus of descriptions of minority writing systems. That corpus overrepresents religious use because religious use is the reason those descriptions were written in the first place. Missionary linguistics. Bible translation records. Comparative religion scholarship. </p><div class="pullquote"><p>The English-language written record of minority scripts is heavily weighted toward the contexts in which speakers of English were paying attention to them.</p></div><p>Each model is faithfully representing what its training data says. The training data is faithfully representing what English-language scholarship of these scripts has emphasized. The gap between the training data and the world is where the convergent error lives.</p><p>Four models drawing from a common pool converge on the pool&#8217;s blind spots.</p><p>Cross-model agreement.</p><div><hr></div><p>People use cross-model corroboration as a verification technique. Ask Claude. Ask GPT-4o. Ask Grok. If they agree, treat that as consensus.</p><p>The technique assumes the models are independent samples of the possible answers. If four differently-trained models arrive at the same answer, that answer is more likely to be correct than if only one did.</p><p>The technique breaks down when the models share upstream. Four models drawing from overlapping training corpora, using similar architectures, evaluated against similar benchmarks, and fine-tuned against similar preference data are not independent samples. They are correlated draws from the same underlying distribution. Their agreement reflects shared exposure, not shared truth.</p><p>When users treat correlated draws as independent, cross-model agreement functions the way rumor propagation functions in human networks. Four sources agree because they all heard the same thing.</p><p>The finding on minority writing systems is one measurable instance. Other research this week documented that large language models deployed for governance analysis produce confidently fabricated answers for countries underrepresented in training data. Same shape. Different topic.</p><div><hr></div><p>What this means for practitioners</p><p>Cross-model agreement is not verification when the ground truth is thin in mainstream English-language training data.</p><p>Whether a question sits in the affected zone is hard to know in advance. It is not about whether the topic is controversial. It is about whether the topic is well-covered in the corpora. Minority writing systems happen to be a case where researchers measured the effect.</p><p>Treat cross-model consensus as suggestive when the topic touches populations, geographies, or subject areas historically under-documented in English-language sources. Four confident wrong answers are worth about the same as one confident wrong answer.</p><p>The models aren&#8217;t lying. The corpus is quietly incomplete. The models are telling the truth about the corpus.</p><p>&#8212; Zach, see you in the cluster pages</p>]]></content:encoded></item><item><title><![CDATA[The gate is the decision]]></title><description><![CDATA[A content moderator in Nairobi cannot work and cannot leave. The algorithm decides when she re-enters the pool. Both halves of the configuration crystallized in the corpus this week.]]></description><link>https://newsletter.normsense.com/p/the-gate-is-the-decision</link><guid isPermaLink="false">https://newsletter.normsense.com/p/the-gate-is-the-decision</guid><dc:creator><![CDATA[Zach Van Valkenburg]]></dc:creator><pubDate>Sun, 28 Jun 2026 13:00:53 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!ZRoS!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3aed1010-9e96-43b3-bb39-9246c084ed31_512x512.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>A US business process outsourcing firm places a content moderator on the bench. The bench is an algorithmic suspension. She is not working. She cannot leave. She receives no pay while remaining on-call. The system decides when she can re-enter the pool. The contract is with a major US technology company.</p><p>She is one of an unknown number. Researchers interviewed enough Nairobi-based moderators to document the pattern as standard practice.</p><p>Cluster <strong>9aee2834</strong>-<em>US-based BPO firms operating in Kenya deploy algorithmic &#8220;bench&#8221; suspension systems that withhold pay while barring contract exit </em>crystallized in NormSense on June 25. The pattern is documented across nine independent observations from four source types.</p><p>Two days earlier, cluster <strong>ca9bdab2</strong> crystallized. Surveyed practitioners evidence widespread &#8220;accountability capture&#8221; whereby algorithmic record-keeping requirements reshape organizational processes to produce compliance artifacts rather than transparency.</p><p>Same week. Opposite ends of the same problem.</p><p>The bench cluster describes the deployment. The accountability capture cluster describes why the audit trails built to protect against deployments like the bench tend to reshape the workflow they were supposed to surface.</p><p>The deployment cycle is moving faster than the appeal cycle. The audit infrastructure being built to close the gap is producing compliance artifacts instead.</p><div><hr></div><p>The week&#8217;s strongest signal</p><p>The Nairobi cluster shows the deployment moving faster than the procedural infrastructure that would let a worker locate what to challenge.</p><p>A worker on the bench can file a grievance. The grievance process is human-mediated. The bench algorithm makes suspension decisions continuously, at scale, across thousands of workers. The numerator and the denominator do not match.</p><p>This is the same shape visible across several access decisions this week. The Australian National Disability Insurance Scheme trialed algorithmic eligibility scoring that compresses lived experience into quantified bodily functionality. State Medicaid agencies deploy eligibility algorithms academic researchers describe as designed &#8220;as political and budgetary tools to control access.&#8221; The point of the system is the control.</p><p>Different sectors. Same configuration. The algorithm makes the decision. The appeal pathway runs through processes that were built for a slower world.</p><div><hr></div><p>The accountability capture finding</p><p>Cluster <strong>ca9bdab2</strong> documents what happens when organizations try to close that gap by building audit infrastructure.</p><p>The survey covers 100 practitioners across organizations that adopted algorithmic accountability mandates. The finding is that record-keeping requirements reshape workflows to produce compliance artifacts rather than transparency. The audit trail becomes the deliverable. The thing being audited keeps moving.</p><p>The compliance artifact is what the organization shows regulators. The decision logic is what the system shows the affected person. Both layers run simultaneously.</p><p>For an enterprise compliance lead, this matters operationally. Building audit infrastructure on top of an unaddressed deployment velocity problem produces pathways that look protective on paper and do not function in practice. The audit posture has to address the deployment cycle and the appeal cycle as a single problem.</p><p>The bigger move we see from this collision:</p><p>Appeal rights crystallize after deployment crystallizes. When the gap between them is large, the audit infrastructure built to bridge it produces artifacts rather than transparency.</p><p>If you read the May 24 issue&#8217;s argument that healthcare is building contestability faster than visibility, this week&#8217;s data adds the next layer. The pattern is not specific to healthcare. Cross-sector, the appeal mechanism is decoupling from the deployment it&#8217;s supposed to constrain. The audit response is decoupling from both.</p><div><hr></div><p>Three other clusters worth your week</p><p>Cluster <strong>45c10e47</strong> &#8212; <em>Generative AI search answers suppress user access to source information</em>. Google AI Overviews synthesize answers for over two billion users in place of ranked sources. The cluster description cites coverage describing &#8220;unprecedented editorial control over what users read and know.&#8221; Different surface, same configuration. The decision arrives faster than any process for questioning it.</p><p>Cluster <strong>e37b52c3</strong> &#8212; <em>Paraguay state deploys face recognition and biometric surveillance technologies on citizens with no public disclosure of acquisition, financing, or operational procedures</em>. EFF, TEDIC, and CEJIL are documenting. The decision that someone is being identified arrives before the public has any pathway to know they have been identified.</p><p>Cluster <strong>c24be00f</strong> &#8212; <em>Biometric workplace devices gate access based on bodily compliance</em>. Employer-deployed sensors that black out a computer screen if posture is non-compliant. The system decides whether the worker can use their tools moment by moment. The worker has no appeal mechanism in the loop.</p><p>Three clusters. Three sectors. Same configuration as the Nairobi bench. The decision is the gate. The appeal pathway runs slower than the decision rate, when it exists at all.</p><p>What the collision means</p><p>Two things, both operational.</p><p>First, the deployment-appeal gap is structural, not residual. The appeal mechanisms are not catching up. The audit infrastructure that organizations build to demonstrate they are closing the gap is producing compliance artifacts instead. Treating these as two separate problems will produce two separate failures.</p><p>Second, the gate is the decision. The deployment is not a step before the consequential decision happens. The deployment is itself the consequential decision. Once it is in place, the affected person is in the system and the appeal pathway is the slow part of a fast process.</p><p>The compliance officer who maps deployment velocity and audit infrastructure as separate workstreams will build governance that does not connect.</p><p>The transparency you should be building lives upstream of the gate, not downstream of it.</p><p>&#8212; Zach, see you in the cluster pages</p>]]></content:encoded></item><item><title><![CDATA[Apple and Google ban it. Apple and Google sell it.]]></title><description><![CDATA[Apple and Google both ban nudification apps. They also sell them. The Tech Transparency Project counted 38 of them across the two stores in April with 483 million downloads and $122 million in revenue]]></description><link>https://newsletter.normsense.com/p/apple-and-google-ban-it-apple-and</link><guid isPermaLink="false">https://newsletter.normsense.com/p/apple-and-google-ban-it-apple-and</guid><dc:creator><![CDATA[Zach Van Valkenburg]]></dc:creator><pubDate>Sun, 21 Jun 2026 13:03:05 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!ZRoS!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3aed1010-9e96-43b3-bb39-9246c084ed31_512x512.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>A Radnor High School freshman downloaded a nudification app last December. He uploaded social media photos of five female classmates. He generated fake nude images. The images spread through Snapchat by morning. When the targeted girls walked into school the next day, everyone knew.</p><p>That incident is one of about ninety. WIRED and Indicator identified 600 students across 28 countries targeted by AI deepfakes their own classmates made. The National Center for Missing and Exploited Children reported AI-generated child sexual abuse material going from 4,700 cases in 2023 to 67,000 in 2024 to 440,000 in the first half of 2025.</p><p>Cluster <strong>02286547-</strong><em>App store platforms permit AI nudification apps to operate despite nominal policy prohibitions</em> crystallized in NormSense this week. NCS 0.50. Adoption 0.64. Procedural integrity 0.35.</p><div><hr></div><p><strong>The policy and the practice</strong></p><p>Apple prohibits content that is &#8220;offensive, insensitive, upsetting, intended to disgust, in exceptionally poor taste, or just plain creepy.&#8221; Google Play specifically bans apps that &#8220;claim to undress people or see through clothing.&#8221; Both companies say they remove apps when they become aware of violations.</p><p>Search &#8220;nudify&#8221; on either platform. The apps appear. The platforms also run ads for similar tools in the search results.</p><div class="pullquote"><p>The prohibition exists. The apps exist. The search functionality connects them. The companies know.</p></div><p><strong>The deeper norm</strong></p><p>Platform policies are becoming a public relations layer that operates independently from what the platform distributes. The policy gets published. The enforcement gets selective. The revenue continues. The compliance narrative refreshes when an investigation makes the gap visible.</p><p>The platforms take a cut of every $122 million the prohibited apps generated. The prohibition policy does not require refunds, audits, or changes to the discovery mechanism that surfaces the apps. Both layers run simultaneously.</p><p>Cluster<strong> be7fb5e3</strong>-<em>State-linked actors and scammers deploy frontier AI to fabricate synthetic personas and deepfakes that erode users&#8217; capacity to distinguish authentic from deceptive content </em>documents the broader effect. The platforms distribute the tooling that erodes their users&#8217; ability to tell synthetic from real. The same platforms publish authenticity commitments.</p><div><hr></div><p><strong>Who carries the cost</strong></p><p>Freshman girls in Pennsylvania carry the cost. So do students at the other 89 schools WIRED identified. So do the consumers who downloaded apps as kids because the store rated them E.</p><p>The companies that publish the prohibition policies pass the cost forward. The cost lands on the affected population. The bipartisan letter from UltraViolet to state attorneys general in May named this directly. State enforcement is moving because federal enforcement has not.</p><div><hr></div><p><strong>The protective response so far</strong></p><p>The federal Take It Down Act, enacted in 2025, criminalizes distribution of non-consensual intimate imagery including AI-generated material. Minnesota, Wyoming, and South Dakota criminalized deepfakes of minors. New York made AI-generated child sexual abuse material a Class E felony in February.</p><p>These laws reach the distribution and the depiction. The platform layer sits outside the target.</p><div><hr></div><p><strong>The decision underneath</strong></p><p>A platform that publishes a prohibition policy and distributes the prohibited content is making a decision about which document is operational. The prohibition policy is what the platform shows journalists and regulators. The discovery mechanism is what the platform shows users. The platform decides which applies based on who is asking.</p><p>The Class of 2026 is the first cohort to grow up under this configuration. The freshman at Radnor downloaded the app from a store that said it should not exist. The classmates whose photos he used were depicted by a tool that should have failed a content review. The harm was distributed through a social platform that says it prohibits non-consensual intimate imagery.</p><p>Every layer had a policy against what happened. The policies were all published. The harm happened anyway.</p><p>Watch the protective response. The laws against the depiction are forming. The norms against the distribution are slower. The question of whether the platform that distributed the tool is responsible for what the tool produced is still being negotiated.</p><p>&#8212; Zach, see you in the cluster pages.</p>]]></content:encoded></item><item><title><![CDATA[When the community is the LLM]]></title><description><![CDATA[The norm forming says AI gets to speak for the humans AI was supposed to be asking. Five norms crystallized in NormSense this week showing the same substitution playing out across sectors.]]></description><link>https://newsletter.normsense.com/p/when-the-community-is-the-llm</link><guid isPermaLink="false">https://newsletter.normsense.com/p/when-the-community-is-the-llm</guid><dc:creator><![CDATA[Zach Van Valkenburg]]></dc:creator><pubDate>Mon, 15 Jun 2026 02:06:47 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!ZRoS!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3aed1010-9e96-43b3-bb39-9246c084ed31_512x512.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>A city wants to know what residents think of a proposed housing policy. A traditional community consultation involves a meeting, a flyer in three languages, folding chairs in a school cafeteria, and someone from public works getting yelled at for two hours. It is slow, contentious, and expensive. It is also the thing democracy claims to be.</p><p>A newer approach skips most of that. The city contracts with a PropTech platform that has built a &#8220;synthetic population&#8221; using interview data from previous residents. The platform runs the proposed policy past the synthetic population. The synthetic population produces feedback. The city marks the consultation step complete and moves on.</p><p>Cluster <strong>6a91bbc4</strong>-<em>Governance platforms substitute LLM-simulated resident input for actual community consultation in policy decisions </em>crystallized in NormSense with one of the lowest procedural integrity scores in the entire corpus. The synthesis identifies two parallel mechanisms. Academic proposals license pre-deployment policy testing via synthetic populations derived from interview data. Housing platforms automate tenant-facing decisions without disclosed oversight mechanisms. Both replace the resident with a model of the resident.</p><p>The structural argument from the academic side is that synthetic populations can be cheaper, faster, and more inclusive than live consultation, because the model can be queried at scale without travel costs or scheduling conflicts. The structural argument from the PropTech side is that automation is just operational efficiency. The structural reality is that the residents whose policy this is are not in the room.</p><div><hr></div><p><strong>The pattern is broader than housing</strong></p><p>Five other norms crystallized recently with the same operational signature. Different domains, same substitution.</p><p>Cluster<strong> 709fc8fd</strong>-<em>AI developers deploy synthetic personas and voice clones without obtaining identity rights from depicted individuals</em> documents AI systems appropriating personal voices, identities, and creative personas without consent. The synthesis names the consequence directly. People are being forced into defensive withdrawal from public sharing because their voice can be cloned and made to say things they did not say. The voice is the substitute. The person is gone.</p><p>Cluster <strong>72f6399c</strong>-<em>Social media platforms authorize AI agent automation via official APIs without requiring audience disclosure documents</em> platforms providing official API access for AI-driven account automation. The account exists. The person whose name is on the account is not necessarily producing the content. The audience reading the posts is interacting with a substitute. The norm does not require the platform to mention this.</p><p>Cluster <strong>b6d983b6</strong>-<em>Commercial AI platforms conceal synthetic origin of automated outreach from recipients</em><strong> </strong>documents AI sales and marketing platforms masking AI authorship of outbound communications. When you get an email from a salesperson, the salesperson is now sometimes a model. The norm forming says the recipient does not need to be told.</p><p>Cluster <strong>e678c2bc</strong>-<em>Government agencies deploy automated decision systems to replace human judgment in high-stakes public determinations </em>documents the same mechanism at the institutional decision layer. Benefits eligibility, residency verification, regulatory determinations. The human judgment was supposed to be the protection. The norm forming substitutes algorithmic output for that judgment, with PI 0.15.</p><p>Cluster <strong>5efdbd61</strong>-<em>Healthcare organizations deploy ambient AI scribes and agentic clinical tools without standardized patient consent or opt-out mechanisms</em> documents the same substitution in medical encounters. The doctor is in the room. So is an AI scribe transcribing, summarizing, and increasingly drafting clinical decisions. The patient was not asked whether they consented to that third party.</p><div><hr></div><p><strong>What the substitution actually does</strong></p><p>The thing being routed around is consent. Residents do not consent to being modeled instead of asked. Voice actors do not consent to being cloned. Audiences do not consent to interacting with synthetic personas. Recipients do not consent to AI authoring the email. Patients do not consent to the AI scribe.</p><p>The norm forming says consent is not required because the affected human is being represented rather than impersonated. The model is supposedly speaking for the resident. The clone is supposedly inspired by the voice. The AI agent is supposedly operating an account, not pretending to be the person who owns it.</p><p>The distinction collapses on contact. What reaches you is the substitute regardless of which category the institution files it under.</p><div><hr></div><p><strong>The protective response is forming</strong></p><p>A few norms in the corpus are pushing back at the architectural level rather than the disclosure level.</p><p>Cluster <strong>57a01eab</strong>-<em>Grant Citizens Visibility into Municipal AI Systems via Public Registries documents municipal algorithm registries that mandate public documentation of AI systems used in government services.</em> The norm forming says citizens have a right to know which decisions affecting them are being made by which algorithmic systems. PI 0.59. Quiet, structural, building real infrastructure.</p><p>Cluster <strong>518751f9</strong><em>-Establish Disability Community Documentation as Primary AI Harm Evidence</em> documents disability rights organizations creating evidentiary infrastructure that treats community testimony and ADA complaint records as primary legal documentation of AI harm. The mechanism is significant. The affected community is being established as the authoritative witness to its own experience. PI 0.50.</p><p>Cluster <strong>a95031a9</strong>-<em>ML practitioners treat objective functions and fairness criteria as political decisions requiring stakeholder input rather than technical specifications</em> documents researchers naming the choices encoded in AI systems as political rather than purely technical. The implication is that affected stakeholders get to weigh in on what the system is optimizing for. PI 0.50.</p><p>These three norms share an underlying claim. The affected population is the authoritative source of input about decisions affecting them. The model is not.</p><div><hr></div><p><strong>The decision underneath</strong></p><p>The substitution norm reveals what the institution thought the human was for. If the resident could be replaced by a synthetic population, the institution was treating the consultation as a procedural checkpoint rather than a democratic input. If the voice can be cloned without consent, the artist was treated as a source of training data rather than a person. If the patient can be transcribed by AI scribes without disclosure, the patient was a record-generating event rather than a participant.</p><p>Each substitution is a vote about what the affected human was contributing in the first place. The institution that substitutes the human reveals that it valued the artifact the human produced.</p><p>The protective response is the human reasserting that the artifact and the human were never separable. Municipal registries say citizens get to see the model and contest it. Disability community testimony says the affected population is the authoritative source. ML stakeholder consultation says the people on the receiving end of optimization decisions get to weigh in on what is being optimized.</p><p>Watch which substitution gets contested first. The substitutions that pass quietly tell you what the affected human was already considered expendable for.</p><p>&#8212; Zach, see you in the cluster pages.</p>]]></content:encoded></item><item><title><![CDATA[What the university decides to keep]]></title><description><![CDATA[Universities decided ceremonial recognition was the part of higher education they could most easily automate. The graduating class disagreed in stereo.]]></description><link>https://newsletter.normsense.com/p/what-the-university-decides-to-keep</link><guid isPermaLink="false">https://newsletter.normsense.com/p/what-the-university-decides-to-keep</guid><dc:creator><![CDATA[Zach Van Valkenburg]]></dc:creator><pubDate>Sun, 07 Jun 2026 13:03:14 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!ZRoS!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3aed1010-9e96-43b3-bb39-9246c084ed31_512x512.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>You spend four years and roughly the cost of a small house earning a degree. You sit in a folding chair next to two thousand other people in identical polyester. Your family is somewhere in the bleachers with a camera. Your name is the only thing the institution owes you in this moment.</p><p>A robot reads it. The robot gets it wrong.</p><p>That happened at Glendale Community College in May. The president took the microphone to explain that the school was using a new AI to read names and the audience booed her in real time. She called it a lesson learned. She also said the students whose names got butchered would not be allowed to walk again.</p><p>The same week at the University of Central Florida, a real estate executive told the graduating class that AI was the next industrial revolution and got booed for it. She asked the people behind her on stage what happened. The graduating class told her, and she called the room bipolar.</p><p>The room had opinions about which industrial revolution gets to happen to them.</p><p>Underneath the boos is <strong>cluster aa7a1f8d</strong>-<em>Universities deploy AI voice synthesis to automate ceremonial recognition of students at graduation</em>. The norm crystallized in NormSense this week. Synthesis is fluent, pronunciation is consistent, cost per ceremony drops. The Class of 2026 is the first cohort to have it imposed on them as a default rather than an experiment.</p><div><hr></div><p><strong>Six other education norms crystallized at the same time</strong></p><p>Universities kept chemistry lectures, dissertation committees, and the registrar verifying you actually completed your coursework. They automated the ten seconds of ceremony at the end.</p><p>The pitch from procurement writes one story. Same script, lower cost, no risk of a tired human butchering Eastern European surnames at hour three. The pitch from the graduating class writes a different one. </p><div class="pullquote"><p>The institution kept the parts that generate revenue and automated the part that was supposed to dignify the transaction.</p></div><p>The contrast with the other six education norms this week is important to highlight.</p><p><strong>Cluster 0b5ea2fc</strong>-<em>Condition AI explanation validity on teacher-initiated human-supervised oversight</em> has the strongest procedural integrity score in the entire education sector this week. The norm forming says the teacher&#8217;s judgment is the precondition for AI being legitimate inside the classroom. Built carefully. Audit infrastructure. Oversight requirements. Slow consolidation.</p><p><strong>Cluster 5cafafff</strong>-<em>Constrain AI tutoring outputs through verified-content grounding and scaffolded pedagogy</em> is doing similar work for AI tutoring. The norm says tutoring AI should constrain itself to verified content and use Socratic scaffolding to develop student independence rather than generate fluent answers students don&#8217;t have to think through. Engineered with intention. Retrieval grounding. Pedagogical guardrails. Research underneath.</p><p><strong>Cluster 45d92ffa</strong>-<em>Educational AI vendors disclose system identity and adaptive logic when deployed in learner-facing contexts</em> says students should know when they are being taught by AI, when they are being tested by AI, and when their work is being assessed by AI. Standards bodies working on it. Research communities converging.</p><p><strong>Cluster ef52ebf0</strong>-<em>Compel Educational Institutions to Monitor Student Cognitive and Motivational Strain from AI</em> documents universities being expected to track what AI exposure is doing to the students inside them. Institutional weight being added to the protective side.</p><p>Stack these against the graduation norm. The norms governing how AI teaches you, tests you, grades you, explains things to you, and changes your cognition are forming with care, oversight infrastructure, and slow consolidation. The norm governing whether a real person says your name at graduation got a vendor demo and a purchase order.</p><div><hr></div><p><strong>The asymmetry is the analysis</strong></p><p>Universities put procedural care into AI deployment when the AI does something the institution wants to claim credit for. AI tutoring done right is something a college can advertise. Teacher-supervised AI explanations is something a department can write into a syllabus. Cognitive strain monitoring is something a dean can put in an annual report.</p><p>The ten seconds of ceremony at graduation produces none of those artifacts. It is the moment the institution completes the transaction. The credentialed party walks away. The ceremony is the credit.</p><p>That layer got automated first because it was the layer where the institution had nothing left to protect.</p><div><hr></div><p><strong>The vote underneath</strong></p><p>The Class of 2026 figured this out faster than the administration did. They booed in front of their families on the day they paid for, in a moment they cannot redo. Glendale told them they could not walk again. The University of Central Florida speaker called them bipolar. The institutional response to the protest was to inform the protesters that the protest was incorrect.</p><p>The norm forming in NormSense is the practice. The boos are the protective response arriving before the institutional one does. The other six norms are what the protective response looks like when it has time to build infrastructure.</p><p>Watch which protective norms reach adoption first. Those are the layers the institution decided it had to keep, because the layers it kept second tell you what it actually claimed to be doing the whole time.</p><p>&#8212; Zach, see you in the cluster pages.</p><div><hr></div><p></p>]]></content:encoded></item><item><title><![CDATA[The C-suite is the new endpoint]]></title><description><![CDATA[Three financial AI norms crystallized this week. All three end at the same person: the executive making decisions and statements on behalf of a public company.]]></description><link>https://newsletter.normsense.com/p/the-c-suite-is-the-new-endpoint</link><guid isPermaLink="false">https://newsletter.normsense.com/p/the-c-suite-is-the-new-endpoint</guid><dc:creator><![CDATA[Zach Van Valkenburg]]></dc:creator><pubDate>Sun, 31 May 2026 13:00:37 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!ZRoS!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3aed1010-9e96-43b3-bb39-9246c084ed31_512x512.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Shall we turn our attention to the financial market? The data says so.</p><p>NormSense crystallized cluster <strong>711b5699</strong> on May 30. <em>Subject Executives to Covert Acoustic Deception Profiling.</em> Five observations, NCS 0.47, adoption 0.52, process integrity 0.27. AI voice analysis is being applied to executives in earnings calls, investor meetings, and public statements to detect deception markers. The deployment is industry-driven. Procedural safeguards around how the analysis is used, disclosed, or contested are barely forming. PI 0.27 is the lowest score in the financial cluster this week.</p><p>The same day, cluster <strong>58799cec</strong> crystallized. <em>Build Multi-Layer Detection Infrastructure for Informed Trading Surveillance.</em> NCS 0.46, adoption 0.64, process integrity 0.50. Layered AI monitoring of executive trading activity against market signals to detect informed-trading patterns. Protective infrastructure. Formed with notably more procedural integrity than the voice-analysis norm sitting next to it in the data.</p><p>Running underneath both, the cluster of SEC AI risk disclosure norms that have been crystallizing all month: <strong>a46f47da</strong> (adoption 0.76), <strong>ac35f059</strong> (adoption 0.68), <strong>f6a41321</strong> (adoption 0.69), <strong>ecf29235</strong> (adoption 0.54 created this week). Compelled disclosure of material AI risks in 10-K filings. Compelled disclosure of AI operational risks to investors. Compelled disclosure of AI governance practices to regulators.</p><p>Three flows. All terminating at the same person.</p><div><hr></div><h4>What the three norms do operationally</h4><p>The executive in a publicly traded company is now sitting inside three simultaneous AI governance vectors.</p><p>The first vector requires them to disclose AI risks to investors. SEC filings now mandate material AI risk reporting in 10-K documents. Board-level oversight structures must be documented. The compelled-disclosure pattern at adoption 0.76 means most public companies are already inside this regime.</p><p>The second vector subjects their voice during those disclosures to AI deception analysis. Earnings calls and investor meetings produce acoustic data. AI systems process the data for deception markers. The executive sits at the center of an analysis they may not know is happening. The result feeds into trading decisions made about the company they run.</p><p>The third vector watches their trading activity for informed-trading patterns. Multi-layer detection infrastructure correlates their personal transactions against public statements, internal events, and market signals. The cluster created today builds this watching as institutional default.</p><p>The executive disclosing AI risks in good faith is being voice-analyzed for deception while they make the disclosure. Their market reaction afterward is being monitored for informed-trading signatures. Three vectors. One person at the endpoint.</p><div><hr></div><h4>What this rhymes with</h4><p>Read this against Issue #2 (notification, not disclosure) and Issue #3 (healthcare collision). The protective response to AI deployment is forming as institutional disclosure obligation. The agency erosion is happening at the human level. The disclosure asks what AI is being used. The deployment shapes what happens to the person.</p><p>In healthcare, the person is the patient. In employment, the person is the worker. In financial services this week, the person is the CEO.</p><p>Same temporal logic. Same disclosure-deployment mismatch. New endpoint.</p><p>I keep coming back to that. The C-suite has been the prime mover of corporate AI adoption for three years. They&#8217;re now sitting in the same structural position as workers and patients. Subject to AI systems with weak procedural protections, watching the protective response form as a paperwork obligation pointed somewhere else.</p><h4>Three other financial movements worth your week</h4><p>Cluster <strong>ef2ed904</strong>: <em>Conceal Discriminatory Credit Scoring Through Algorithmic Proxy Variables.</em> NCS 0.47, PI 0.22, adoption 0.48. Credit algorithms embedding discrimination through proxy variables borrowers can&#8217;t see or challenge. PI 0.22 says the deployment is moving fast with weak procedural safeguards. The protective response (cluster <strong>a674e586</strong> AI auditability infrastructure at PI 0.72) is forming separately and at lower adoption.</p><p>Cluster <strong>8ba9df24</strong>: <em>Bar Algorithmic Systems from Exploiting Nonpublic and Sensitive Data.</em> DOJ antitrust and FTC privacy actions converging on what algorithmic pricing and data broker systems may operationally access. NCS 0.48, adoption 0.38. The enforcement layer for what AI can take from the market is starting to form.</p><p>Cluster <strong>095e59ce</strong>: <em>Compel Verifiable Audit Infrastructure for AI Agent Accountability.</em> Cryptographically verifiable, tamper-evident audit trails for AI agent behavior. Created this week. NCS 0.43, PI 0.60. The protective infrastructure that would let an executive contest the voice-analysis output is being assembled in adjacent cluster space, separated from the deployment-side norm.</p><div><hr></div><h4>What the C-suite endpoint means operationally</h4><p>Three things.</p><p>First, the AI risk an executive must disclose includes AI systems being deployed against them. The 10-K disclosure obligation forces executives to surface AI-related material risks to investors. The acoustic deception profiling running in those same investor conversations sits in the regulatory category of institutional analysis. That category boundary is doing real work.</p><p>Second, the asymmetry between protective and deployment norms is now visible at the highest professional layer. Acoustic profiling at PI 0.27. Trading surveillance at PI 0.50. SEC disclosure obligations at PI 0.34 to 0.40. The disclosure layer is more procedurally developed than the protective layer that would let the disclosure subject contest how their disclosure is being analyzed.</p><p>Third, the precedent matters. If covert acoustic deception profiling crystallizes as legitimate institutional practice in financial services, the deployment pattern will appear in HR. In legal proceedings. In customer service operations. In clinical encounters. Financial services is where AI agency norms tend to land first because the regulatory infrastructure is densest. PI 0.27 on this norm is the early warning for everywhere else.</p><p>The disclosure you&#8217;re being asked to make is being analyzed before you finish making it.</p><p>&#8212; Zach, see you in the cluster pages</p>]]></content:encoded></item><item><title><![CDATA[The healthcare collision]]></title><description><![CDATA[A new norm strips patient visibility into AI coverage decisions. An older one establishes appeal rights against the same decisions. They arrived two days apart.]]></description><link>https://newsletter.normsense.com/p/the-healthcare-collision</link><guid isPermaLink="false">https://newsletter.normsense.com/p/the-healthcare-collision</guid><dc:creator><![CDATA[Zach Van Valkenburg]]></dc:creator><pubDate>Sun, 24 May 2026 13:00:47 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!ZRoS!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3aed1010-9e96-43b3-bb39-9246c084ed31_512x512.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>So. I went looking for this week&#8217;s pattern and ended up in healthcare, watching two norms cross each other.</p><p>NormSense crystallized cluster <strong>4fdd0058</strong> on May 23. <em>Strip patient visibility into AI-mediated coverage decisions.</em> Five observations, NCS 0.521, adoption 0.73, process integrity 0.30. Two days earlier, cluster <strong>5b17976a</strong> crystallized: <em>Establish Administrative Appeal Rights for Algorithmic Compliance Determinations.</em> Four observations, NCS 0.504, adoption 0.75, process integrity 0.59.</p><p>Same sector. Same week. Opposite directions. The patient is losing visibility into how AI shapes their coverage AND gaining standing to contest the outcomes those same decisions produce.</p><p>Interesting.</p><p>The institutional response is forming faster than the institutional restraint.</p><div><hr></div><h4>The week&#8217;s strongest signal</h4><p>What crystallized on May 23 is a documented pattern of payers and health systems deploying AI-mediated coverage decisions without telling patients an AI was involved. Process integrity 0.30, which in NormSense&#8217;s signal means industry is shipping the practice fast and without the procedural infrastructure that would let a patient locate what to challenge.</p><p>What crystallized two days earlier is the corresponding right. Patients can now appeal algorithmic compliance determinations. Process integrity 0.59, which means the protective mechanism arrives with more procedural scaffolding than the deployment pattern it&#8217;s responding to.</p><p>The structural problem in this collision: appeal rights without disclosure are operationally weak. The patient has standing to contest. They lack the visibility to know what to contest.</p><p>The two norms are operating on the same decision flow from opposite ends. One side compresses what the patient knows. The other side expands what the patient can do.</p><p>For a healthcare compliance lead, this matters operationally. Building appeal infrastructure without resolving the upstream disclosure problem produces compliant pathways that affected patients struggle to use. The audit posture has to address both the deployment and the contestability, in sequence.</p><p>The bigger move we see from this collision:</p><div class="pullquote"><p><em>AI healthcare governance is building contestability faster than visibility. The protective response works only when patients know there&#8217;s something to protest.</em></p></div><p>If you read issue #2&#8217;s argument that transparency is migrating from regulators to individuals, healthcare just delivered the first sector-specific test case. Appeal rights migrated this week. Notification is still pending at the cross-sector layer. The two halves of patient agency are advancing at different rates.</p><h4>Three other healthcare movements worth your week</h4><p>Cluster <strong>14344199</strong> &#8212; <em>Strip Patient Comprehension of AI-Mediated Medical Decisions.</em> Updated this week with four new observations. Process integrity 0.23. Industry is stripping comprehension across clinical documentation, imaging, and diagnostic reasoning. The May 23 norm is one instance of a broader deployment posture.</p><p>Cluster <strong>3ffde939</strong> &#8212; <em>Guarantee Patient and Surgeon Data Rights in Surgical AI Recording.</em> Four new observations. NCS 0.45, process integrity 0.50, adoption 0.46. Different surface, same direction as the appeal rights. Patients and clinicians gaining structured rights over how their data feeds AI development. Informed consent for AI-enabled robotic surgery. Privacy safeguards for surgeon performance data. Clear ownership guidelines preventing unauthorized commercialization.</p><p>Cluster <strong>29beb6a4</strong> &#8212; <em>Encode algorithmic risk adjustment into federal payment determinations affecting coverage.</em> Four new observations. This is where federal payment policy and the strip-visibility deployment meet. CMS and adjacent payers are encoding algorithmic risk into the payment math itself. The patient-coverage decisions surfacing in the strip-visibility cluster are downstream of federal payment architecture.</p><p>Three clusters. One sector. Healthcare is showing us the full layered picture this week: industry strips comprehension as a practice, federal payment architecture quietly encodes the algorithms, individual patients gain appeal standing while losing situational awareness.</p><p>The compliance officer who maps these as separate issues will build infrastructure that doesn&#8217;t connect.</p><h4>What the collision means</h4><p>Two things, both operational.</p><p>First, the disclosure gap is the bottleneck. Appeal rights with no notification produce process theater. The patient who doesn&#8217;t know AI was involved files no appeal. The patient who files anyway can&#8217;t name what to challenge. The protective norm crystallizing at adoption 0.75 will run aground on the deployment norm crystallizing at adoption 0.73 unless notification catches up.</p><p>Second, sector-specific governance is starting to move faster than cross-sector. The cross-sector notification mandates we tracked in issue #2 are slower than the healthcare-specific appeal rights that crystallized this week. Healthcare is doing what cross-sector regulation hasn&#8217;t yet done. The lesson worth holding: the next wave of agency-restoring governance is going to come sector by sector, with healthcare ahead.</p><p>The transparency you should be building around lives where the patient sits.</p><p>&#8212; Zach, see you in the cluster pages</p>]]></content:encoded></item><item><title><![CDATA[Notification, not disclosure]]></title><description><![CDATA[AI policy&#8217;s center of gravity is moving. From what companies tell regulators, to what individuals get told.]]></description><link>https://newsletter.normsense.com/p/notification-not-disclosure</link><guid isPermaLink="false">https://newsletter.normsense.com/p/notification-not-disclosure</guid><dc:creator><![CDATA[Zach Van Valkenburg]]></dc:creator><pubDate>Sun, 17 May 2026 13:02:58 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!ZRoS!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3aed1010-9e96-43b3-bb39-9246c084ed31_512x512.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>So. Here&#8217;s what happened on the way to issue #2.</p><p>I went looking for last week&#8217;s story. Companies sharing less. Transparency contracting. Maybe a new wrinkle this time. What I found was the opposite vector entirely.</p><p>Forty-three new observations converged on a single cluster this week. NormSense names it cluster <strong>661d9d48</strong> Compel Notification to Workers and Citizens Before AI-Mediated Decisions. NYC. The EU. Several states. Different jurisdictions, same move: when an AI system makes or informs a decision about someone, the person gets told. Not their employer&#8217;s compliance team. Not the SEC. The actual human.</p><p>Meanwhile the venues I&#8217;d bet on for this week&#8217;s lead all produced nothing. IEEE working groups. SEC filings. arxiv preprints. NIH research. Combined, those connectors pulled in about fifty documents. Zero new AI norms among them.</p><p>So.</p><p>The transparency story is shifting addresses.</p><div><hr></div><h3>The week&#8217;s strongest signal</h3><p>Cluster <strong>661d9d48</strong> &#8212; Compel Notification to Workers and Citizens Before AI-Mediated Decisions. NormSense&#8217;s synthesis claim:</p><div class="pullquote"><p><em>&#8220;Regulatory frameworks increasingly require that individuals be notified when AI systems affect employment, policy, or administrative decisions they are subject to.&#8221;</em></p></div><p>Forty-three observations across twenty-four documents in seven days. NYC&#8217;s Local Law 144. SEC rulemaking. State legislatures replicating NYC&#8217;s structure. Federal courts establishing procedural due-process rights when automated systems deny benefits.</p><p>What ties them together is the direction of address. Transparency that goes downstream. To the worker before the hiring algorithm runs. The candidate before the screening tool ranks. The citizen before the agency adjudicates.</p><p>For a Chief AI Governance Officer, this matters operationally. Corporate disclosure compliance runs on quarterly cadences. Annual reports. Structured filings. Individual notification compliance runs on real-time decision flows. Different documentation. Different audit trails. Different liability surface. <em>&#8220;We disclosed this in our 10-K&#8221;</em> won&#8217;t protect you from <em>&#8220;we deployed an AI hiring tool without notifying the worker.&#8221;</em></p><p>The bigger move we see from this cluster:</p><div class="pullquote"><p><em>&#8220;AI transparency is migrating from corporate disclosure to individual notification. The operational requirements do not transfer.&#8221;</em></p></div><p>If you read issue #1&#8217;s argument that companies are sharing less, this is the regulatory system&#8217;s reply. The lever is shifting.</p><h3>Three other movements worth your week</h3><p>Cluster<strong> 4b1715cd </strong>&#8212; Compel Disclosure of AI Governance Risks and Bias Audit Outcomes. Crossed the crystallization threshold on May 10. Forty-two new observations this week. NCS at 0.714, which is NormSense&#8217;s signal that the norm is stabilizing. NYC&#8217;s bias audit publication mandate, SEC AI risk requirements, Canada&#8217;s AIA portal. Three jurisdictions converging on one structural pair: bias audit plus worker notification. The audit feeds the notification. The notification proves the audit happened.</p><p>Cluster<strong> 69b020ba </strong>&#8212; Build Federal AI Governance Capacity Through Dedicated Personnel Infrastructure. Fifty-three observations. Federal agencies are doing something quietly important: hiring permanent AI governance staff with NIST AI RMF experience as a job qualification. AI governance is becoming a GS-14 line item. If you want to know where federal AI oversight is actually maturing right now, read the job postings.</p><p>Cluster<strong> 15beb6f4 </strong>&#8212; Community-controlled AI data sovereignty. Civil society organizations building participatory data infrastructure for affected communities. The institutional version of what the notification cluster does at the individual level. Indigenous data sovereignty frameworks. Community oversight boards. Participatory algorithmic impact assessment.</p><p>Three clusters. One direction.</p><p><strong>Agency is relocating.</strong> From regulators and corporate disclosure regimes, to individuals (notification) and affected communities (sovereignty). With federal hiring infrastructure quietly building the enforcement capacity behind both.</p><h3>What didn&#8217;t move this week</h3><p>Six major venues fetched roughly fifty documents this week. None produced new AI-norm content.</p><ul><li><p><strong>IEEE Xplore.</strong> Twenty-four documents. Zero new norms.</p></li><li><p><strong>SEC EDGAR.</strong> Thirteen documents. Plus five from the AI-specific filter. Zero new norms.</p></li><li><p><strong>NIH Reporter AI.</strong> Nine grant documents. Zero new norms.</p></li><li><p><strong>Disability Rights.</strong> Eight documents. Zero new norms.</p></li><li><p><strong>arxiv AI ethics.</strong> Quiet week.</p></li></ul><p>Quiet weeks at IEEE, the SEC, and arxiv don&#8217;t mean those venues stop mattering. They mean the locus of action has moved. This week&#8217;s norms weren&#8217;t standards proposals or corporate disclosures or academic critiques. They were operational mandates with addressees who could read them.</p><p>The transparency you should be building around won&#8217;t get filed.</p><p>It&#8217;ll get sent.</p><p>&#8212; Zach, see you in the cluster pages</p>]]></content:encoded></item><item><title><![CDATA[AI companies are sharing less, not more]]></title><description><![CDATA[Three converging signals &#8212; and why this is the gap NormSense exists to track]]></description><link>https://newsletter.normsense.com/p/ai-companies-are-sharing-less-not</link><guid isPermaLink="false">https://newsletter.normsense.com/p/ai-companies-are-sharing-less-not</guid><dc:creator><![CDATA[Zach Van Valkenburg]]></dc:creator><pubDate>Sun, 10 May 2026 13:03:15 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!ZRoS!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3aed1010-9e96-43b3-bb39-9246c084ed31_512x512.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>NormSense tracks how AI companies&#8217; decisions affect the people on the other side of their systems.</p><p>That&#8217;s a different beat than most AI-policy newsletters cover. The good ones: Lawfare, Tim Lee&#8217;s <em>Understanding AI</em>, and Oliver Patel&#8217;s <em>Enterprise AI Governance</em> track the rules being written about AI: what regulators are proposing, which legislatures are moving, where the EU AI Office and the FTC are positioning. And I read it all so you don't have to. Mostly.</p><p>What&#8217;s underserved is the layer beneath. The norms forming through accumulated industry practice rather than statute. What AI companies are actually doing, where their behavior is converging, what&#8217;s being normalized that nobody quite announced. The signal is more diffuse than a Senate hearing. The work to surface it is harder. And it&#8217;s where compliance and governance leaders need a tool because by the time it&#8217;s in a rule, the leverage to influence it has shifted.</p><p>So I built NormSense. The platform monitors 137 source connectors across regulators, standards bodies, courts, industry consortia, and academic institutions, and currently tracks 102 active norm clusters scored on the methodology I've published in two SSRN papers. Most recently <em>Cognitive Surrender and Constitutive Delegation</em> is under review at <em>AI and Society</em>. Both numbers will be different a month from now. The platform is a snapshot, always.</p><p>Every claim in this newsletter is anchored to a NormSense &#8220;cluster.&#8221; A body of observations from named organizations that the platform has identified, named, and tracked. Cluster references look like <strong>14df3966</strong>. Public cluster pages launch with the next issue; click-through verification is the version of &#8220;show your work&#8221; that AI policy reporting has historically lacked.</p><p>Let&#8217;s get to this week.</p><div><hr></div><h3>This week &#8212; AI companies are sharing less, not more</h3><p>The headline in AI policy this past quarter has been new disclosure mandates. The EU AI Office issued implementation guidance for Article 72 post-deployment monitoring. The SEC continued enforcement of AI risk disclosure in 10-K filings. New York City&#8217;s Local Law 144 bias-audit regime expanded its compliance footprint. State AGs filed coordinated AI consumer-protection actions.</p><p>If you read only AI policy newsletters, the picture is one of accelerating transparency. More disclosure, more visibility into how AI systems work, more accountability.</p><p>NormSense&#8217;s data tells a different story. While regulators race to compel disclosure, the <em>actual</em> transparency available to people on the receiving end of AI systems is contracting.</p><p>Three converging signals make this concrete.</p><p><strong>First</strong>, what major AI companies share is decreasing. Cluster <strong>14df3966</strong> tracks what the platform names <em>Strip Oversight Capacity Through Algorithmic Opacity in Critical Decisions</em>. Across observations from 20 organizations and three actor types, a pattern shows up that&#8217;s hard to see without infrastructure to aggregate it: AI labs and platform companies are systematically reducing what they disclose about training data, model access for external auditors, and post-deployment monitoring. One observation in the cluster captures it directly: <em>&#8220;Major AI companies are systematically reducing disclosure about their AI systems, including data acquisition, model access for auditors, and post-deployment monitoring. This widespread pattern, with industry-wide adoption...&#8221;</em> This isn&#8217;t a single company&#8217;s policy shift. It&#8217;s the contour of an industry-wide one.</p><p><strong>Second</strong>, standards bodies are codifying the acceptability of AI inaccuracy. Cluster <strong>977dec6a</strong> &#8212; <em>Normalize Acceptable Error Rates for AI System Outputs</em> &#8212; tracks IEEE working groups establishing what they call hallucination tolerance baselines: defined acceptable error rates for AI outputs. The technical framing is reasonable. The downstream effect is significant: when standards institutionalize that AI systems will produce false or unreliable information <em>within defined ranges</em>, error stops being a defect and becomes a feature with documented bounds. Compliance teams are now navigating a world where the IEEE has effectively said: yes, your AI hallucinates, here&#8217;s how much is acceptable.</p><p><strong>Third</strong>, explainability is being deprecated in high-stakes deployment. Cluster <strong>346c3d82</strong> &#8212; <em>Override Explainability Requirements in High-Stakes AI Deployments</em> &#8212; captures a pattern that academic research has been flagging for years and that&#8217;s now visible across deployment practice: black-box deep learning systems are being deployed in healthcare, criminal justice, autonomous vehicles, and military applications without the explainability mechanisms that earlier AI governance frameworks treated as foundational. The trade-off is being made tacitly, not in any single statute, by deployers who decided the operational benefit outweighs the explainability requirement.</p><p>Read these three clusters together and the strategic claim becomes clear: </p><div class="pullquote"><p>The transparency that regulators are mandating, and the transparency that AI deployment is actually making available, are moving in opposite directions. </p></div><p>AI policy newsletters cover the first. NormSense exists to surface the second.</p><p>For a Chief AI Governance Officer, this isn&#8217;t an academic curiosity. The disclosure mandate your team is preparing for assumes a baseline of transparency that the underlying systems are quietly walking away from. By the time the rule lands, the visibility it&#8217;s meant to enforce may already have eroded. The compliance question, <em>can we comply</em>, is downstream of a more fundamental one: <em>is the underlying ground stable enough that the rule can do what it&#8217;s meant to do.</em></p><div><hr></div><h3>Watch list &#8212; three other movements worth tracking</h3><p><strong>Cluster 3cd338f4 &#8212; </strong><em><strong>Deploy Behavioral Profiling Systems for Predictive Personalization and Pricing</strong></em><strong>.</strong> AI-driven personalized pricing is hitting visible regulatory resistance. Indian competition authorities have begun analyzing dynamic price discrimination as a competition issue; EU GDPR Article 22 interpretation is being contested in this domain. Six observations across two actor types. More importantly, the cross-jurisdictional convergence suggests this norm is in the early phase of its lifecycle. If your organization has revenue tied to algorithmic pricing, this is the one to watch.</p><p><strong>Cluster 2a9f8c6b &#8212; </strong><em><strong>Strip Public Awareness of AI Surveillance Scope and Purpose</strong></em><strong>.</strong> Five organizations across three actor types document the same pattern: AI surveillance systems deployed with publicly stated narrow purposes that quietly expand. One observation calls this <em>AI Surveillance Mission Creep Normalization</em>. Companies announce a limited use case, then enable broader uses without explicit safeguards. Vendor relationships and procurement language are where this affects compliance teams.</p><p><strong>Cluster de4379dc &#8212; </strong><em><strong>Displace Marginalized Voices Through Opaque Content Moderation Practices</strong></em><strong>.</strong> Four major social media platforms, Facebook, Instagram, YouTube, and TikTok, show convergent practices in algorithmic content moderation. Reading the underlying observations together, the pattern is broader than any one platform&#8217;s moderation policy: it&#8217;s the structure of automated enforcement combined with broad policy definitions and limited transparency. Relevant for any organization with employee or partner content reaching these platforms.</p><div><hr></div><h3>What didn&#8217;t move this week</h3><ul><li><p>The FTC issued no AI-related enforcement action. First such week in seven. </p></li><li><p>NIST&#8217;s Artificial Intelligence Risk Management Framework had no public revisions. </p></li><li><p>The EU AI Office published no Article-72 implementation updates. </p></li></ul><p>Quiet weeks are themselves signal; the contestation that emerges in these gaps tends to land harder.</p><p></p><p>&#8212; Zach, see you in the cluster pages</p><p><br></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://newsletter.normsense.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading NormSense! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item></channel></rss>