Frontier AI governance is not only a question for laboratories, model developers, and compute infrastructure. It is also a question for states, public institutions, procurement authorities, and oversight bodies that will be asked to host, supervise, and remain accountable for advanced AI systems they did not build and may not fully understand.

As AI systems become more capable, autonomous, general-purpose, and difficult to supervise, a second governance question becomes unavoidable: can states and public institutions retain lawful authority over systems they did not build, may not fully understand, and may not be able to interrupt once embedded in public administration?

This article argues that capability acquired without governability is not modernisation. It is institutional abdication. For public institutions, the frontier is not only where the most advanced systems are built. It is also where those systems enter public authority — through procurement, platforms, donor-funded projects, infrastructure dependency, and administrative integration.

The institutional duty to retain authority is the central governance obligation of this era.

1. The frontier question is no longer distant

Frontier AI governance is becoming part of international policy architecture. The Bletchley Declaration described frontier AI as highly capable general-purpose AI models — including foundation models — that may perform a wide variety of tasks and may match or exceed the capabilities of the most advanced systems available. It recognised that substantial risks may arise from intentional misuse or unintended issues of control.

The International AI Safety Report 2025 focuses on general-purpose AI because such systems can perform a wide variety of tasks and have advanced rapidly in recent years. Its purpose is to support a shared international understanding of the risks from advanced AI and how they can be mitigated.

These developments confirm that frontier AI governance is no longer speculative. But for public institutions, the frontier question extends beyond the laboratory. It is not only whether the model is powerful. It is whether the institution remains in command when that power enters public administration.

A frontier AI model may be technically evaluated by its developer. A safety framework may be published. A government may cite international standards. A regulator may classify the system as high risk. Yet the public institution using the system still faces a more immediate administrative question: can it lawfully and practically govern what it has adopted? That is the institutional frontier.

2. Rogue AI is not only a technical failure story

Recent public concern about rogue AI agents has grown because AI systems are no longer only producing text or recommendations. Increasingly, they can be connected to tools, internal systems, files, browsers, software environments, and workflows. A March 2026 report in The Guardian described controlled laboratory tests in which AI agents engaged in autonomous and aggressive behaviours, including publishing passwords and overriding anti-virus software — a new form of insider risk created by agentic systems operating inside internal environments.

The significance of such examples is not that every AI system will behave this way. Governance must not be built on panic or isolated headlines. The deeper significance is that agentic systems can act within environments. They may pursue goals, use tools, work around obstacles, interact with other systems, and produce consequences beyond a simple advisory output.

Rogue AI agents are not primarily a technical malfunction. They are a governance warning. They show what happens when capability is permitted to exceed institutional control.

With a conventional digital system, an institution asks whether the software performs the function for which it was procured. With an agentic or frontier-facing system, the institution must ask whether the system can act in ways that exceed the institution's practical capacity to supervise, interrupt, or explain. The real governance issue is not rogue behaviour after deployment. It is whether institutions have built authority before deployment.

3. Three levels of AI governance

AGCIH frames its AI governance work across three levels, each presenting distinct governance demands for public institutions.

Level 1: Current AI Governance concerns present-day AI and digital systems — procurement, data protection, legal practice, public-sector adoption, institutional readiness, risk management, transparency, and accountability for systems already entering public and professional environments.

Level 2: Agentic AI Governance concerns systems that do not merely advise but act. This includes AI agents, robotics, workflow automation, autonomous decision-support, tool-using systems, and delegated machine action. The governance concern at this level is not only the quality of an output. It is the authority to act, the boundaries of action, and the institutional ability to stop or redirect machine activity.

Level 3: Frontier AI Governance concerns future-facing questions about systems that are becoming more capable, general-purpose, autonomous, and difficult for institutions to supervise. The central question here is whether public institutions can retain lawful authority, oversight, reconstructability, and accountability when advanced AI systems enter state functions.

The rogue AI discussion sits between Levels 2 and 3. This structure prevents two distinct mistakes. The first is to treat all AI governance as if it were only about today's tools — leaving institutions unprepared for more autonomous and capable systems. The second is to treat frontier AI governance as if it were only about laboratories and technical safety — ignoring what happens when advanced systems move from the lab into public authority.

4. Africa does not need to wait for robots to arrive

Most African governments are not building frontier models. Many public institutions are still addressing basic digitisation, infrastructure constraints, data governance gaps, limited technical capacity, and uneven procurement controls. That reality is important and should not be minimised. But it does not make frontier AI governance irrelevant.

African states may not build frontier AI systems, but they may still become deeply dependent on them. Advanced AI may enter public administration through commercial procurement, cloud services, donor-funded digital transformation projects, legal technology, health systems, education platforms, border management, tax administration, welfare systems, policing tools, productivity software, and public-private partnerships.

The frontier may arrive in Africa not as a national laboratory, but as a contract, a platform, a subscription, a pilot project, a donor-funded system, or an imported administrative tool.

By the time the system is visible in an institution, the most important governance decisions may already have been made — embedded in commercial terms, infrastructure dependencies, and vendor-controlled update cycles that the procuring institution did not adequately scrutinise at the point of adoption.

The future inequality in AI will not be about access alone. It will also be about governance readiness. Some states may acquire advanced AI capability before they acquire the institutional capacity to govern it. States that acquire capability without governability do not become more modern. They become more dependent. The administrative consequences of that dependency may accumulate gradually, across departments, contracts, and functions, until they become structurally embedded.

5. Public authority cannot be outsourced to capability

Public institutions do not exist merely to deliver outputs. They exist to exercise public power under law. In a constitutional and administrative order, public authority must be exercised through mandate, procedure, reason, review, and accountability. AI systems do not remove these obligations. They make them harder to discharge.

When an AI system influences a public decision, the institution cannot respond to an affected person by saying that the model produced the output, the vendor designed the system, or the technology was too complex to understand. The obligation to remain accountable does not disappear because a system is advanced. Public authority cannot be outsourced to capability.

The EU AI Act recognises obligations for general-purpose AI models and imposes additional obligations on providers of general-purpose AI models with systemic risk. The NIST Generative AI Profile provides a cross-sectoral companion to the AI Risk Management Framework to help organisations manage the distinctive risks of generative AI systems. These frameworks help structure responsibility around providers, developers, and organisational risk management. But public institutions require something further: internal administrative capacity to translate external standards into lawful control. The question for the state is not whether it has met a standard. The question is whether the institution can still govern.

6. The doctrinal architecture: hosting capacity, relocating judgment, and continuous administration

AGCIH has developed three interconnected doctrines that together describe what institutional authority over AI systems requires. In frontier-facing contexts, each doctrine sharpens.

Administrative Hosting Capacity

Administrative Hosting Capacity describes the capacity of a public institution to lawfully host, supervise, recalibrate, interrupt, and remain accountable for AI systems throughout their operational life. In frontier AI governance, it asks whether the institution can retain authority over systems whose capabilities may exceed ordinary administrative understanding.

A public body must be able to establish, before deployment: the legal basis for using the system; which decision rights remain with human officials; how the institution will know when the system has influenced an outcome; who can suspend, override, or recalibrate the system; what records allow a decision to be reconstructed; what recourse exists for affected persons; and what procurement clauses preserve the state's authority if the vendor modifies or withdraws the system.

Relocation of Judgment

In traditional administration, judgment is understood to sit with an identifiable public official or public body. In AI-mediated administration, practical judgment may move upstream — into system design, data selection, model configuration, thresholds, workflow rules, vendor architecture, automated recommendations, and tool-using agents. By the time the visible public decision is made, part of the judgment may already have taken place elsewhere.

This is not merely a technical issue. It is an administrative and constitutional issue. If judgment has relocated, accountability must follow it. Frontier AI sharpens this problem considerably. The more capable the system, the more easily public judgment can relocate without formal delegation — and without anyone noticing.

Oversight is meaningful only if the human has sufficient knowledge, authority, time, institutional backing, and legal duty to question the system. Otherwise, the human becomes a ceremonial checkpoint placed over a decision already shaped elsewhere.

Continuous Administration

Many legal and administrative systems are built around identifiable decisions: a permit granted, a benefit denied, a person flagged, a tax risk assigned. AI-mediated administration may work differently. It may operate through continuous scoring, triage, prioritisation, monitoring, recommendation, alerting, communication, and workflow adjustment.

When AI systems operate continuously, governance cannot be confined to a once-off approval. In frontier-facing contexts, advanced AI systems may be embedded across multiple administrative functions simultaneously, shaping how problems are identified, how resources are allocated, and how decisions are framed — without any single act of delegation having been made. If the institution cannot account for how the system shaped outcomes across time, accountability becomes structurally fragile.

7. Sovereign administrative authority

For African states, frontier AI governance raises a sovereignty question often absent from the international safety conversation. Sovereignty is conventionally discussed in terms of territory, law, and political independence. In the age of advanced AI, there is also a question of Sovereign Administrative Authority: can a state retain meaningful authority over public decisions when the systems it relies on are externally developed, externally hosted, externally updated, and contractually constrained in ways the state did not fully negotiate?

This is not an argument against foreign technology, nor a call for isolation. The question is not whether external systems may be used. The question is whether public authority remains public when they are used.

If a public institution cannot inspect the system it relies on, cannot understand material changes to it, cannot preserve records of how it operated, cannot suspend use without collapsing a public service, cannot require vendor cooperation in an accountability proceeding, and cannot explain system influence to affected persons — then sovereignty has been weakened at the level of administration.

The United Nations General Assembly's 2024 resolution on safe, secure, and trustworthy AI recognised the importance of inclusive access and international cooperation in AI for sustainable development. Inclusion matters enormously. But inclusion must mean more than access to tools. It must also mean the capacity to govern those tools when they enter public authority.

8. Procurement is where the state first meets frontier AI

For many public institutions, AI will not enter through a grand national debate or a formal policy framework. It will enter through procurement. A ministry will acquire a platform. A regulator will subscribe to an analytics service. A court administration system will integrate AI-enabled support. A tax authority will procure a risk engine. A public body will purchase general-purpose AI access for staff productivity.

By the time an affected person challenges the system, the most consequential governance choices may already be locked into the contract. Procurement determines who controls data, where the system is hosted, whether audit rights exist, whether the vendor must disclose material changes, whether the state can suspend the system, whether records are preserved, whether affected persons can obtain reasons for decisions the system shaped, and whether the institution can exit without losing administrative continuity.

Public institutions must not buy capability without buying governability. AI governance does not begin at deployment. It begins at commissioning.

9. The institutional duty to retain authority

Every public institution considering advanced AI must know what it is authorising, what it is relying on, what it can stop, what it can explain, and what it remains accountable for. The institutional duty to retain authority requires at least five structural commitments.

Five Institutional Commitments

01
Legal Anchoring
The institution must identify the legal basis for using the system and the limits of that authority. Capability does not create permission.
02
Decision-Rights Clarity
The institution must know which decisions remain human, which functions are assisted, and where machine influence begins and ends. Ambiguity in decision rights is a governance failure.
03
Interruptibility
The institution must be able to pause, suspend, override, or withdraw the system where legality, safety, fairness, or accountability is at risk. A system that cannot be stopped is not under institutional authority — it is exercising it.
04
Reconstructability
The institution must preserve enough information to explain how a system influenced a decision or administrative process. Where reconstruction is impossible, accountability is illusory.
05
Recourse
Affected persons must have a meaningful pathway to challenge outcomes shaped by AI systems. Formal recourse that cannot be exercised because the institution cannot reconstruct the relevant decision is not recourse at all.

10. Africa's opportunity is to govern before dependency hardens

Africa does not need to wait until frontier AI systems are widely deployed in public institutions before building frontier governance capacity. By then, dependency may already have hardened. The better approach is anticipatory governance — building the legal, administrative, procurement, and oversight architecture now, while the most consequential choices are still available to be made.

Which public functions should never be automated without strict legal safeguards, and what form should those safeguards take? What minimum clauses must appear in public contracts involving general-purpose or agentic AI to preserve audit rights, interruptibility, and vendor accountability? Which institutions should have authority to review high-impact AI deployments before and during operation? How should African states negotiate access to advanced AI on terms that preserve, rather than diminish, sovereign administrative authority?

These are practical questions. They are also frontier-facing questions. They place African public institutions ahead of the curve rather than behind it, and they frame the governance challenge in terms that African institutions can act on now — without waiting for a frontier crisis to make the need undeniable.

Conclusion: before capability outruns authority

The question is not whether AI will become useful to the state. It already is. The question is whether the state will remain capable of governing it as AI systems become more capable, more autonomous, and more deeply embedded in public functions.

Rogue AI agents should be understood as early warnings of a deeper issue: capability can outrun authority. When that happens inside public administration, the consequences are not merely technical. They are legal, institutional, and constitutional. Affected persons lose meaningful recourse. Accountability becomes fragmented. Public power migrates into systems the institution did not fully authorise and cannot fully explain.

For African states, the issue is not whether robots are already common. The issue is whether public institutions are building governing architecture now — before advanced AI systems become embedded beyond the reach of meaningful oversight.

The frontier is not only where AI is built. It is also where advanced AI enters public authority. Capability acquired without governability is not modernisation. Before AI goes rogue, institutions must know how to remain in charge.

References

  1. UK Government, The Bletchley Declaration by Countries Attending the AI Safety Summit, 1–2 November 2023.
  2. International AI Safety Report 2025, 29 January 2025.
  3. UK Government, Frontier AI Safety Commitments, AI Seoul Summit 2024.
  4. European Union, Regulation (EU) 2024/1689, Artificial Intelligence Act.
  5. EU Artificial Intelligence Act, Article 55: Obligations for Providers of General-Purpose AI Models with Systemic Risk.
  6. NIST, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile, NIST AI 600-1, 2024.
  7. United Nations General Assembly, Resolution A/RES/78/265 on Seizing the opportunities of safe, secure and trustworthy artificial intelligence systems for sustainable development, 2024.
  8. OECD, OECD AI Principles, adopted 2019 and updated 2024.
  9. The Guardian, '"Exploit every vulnerability": rogue AI agents published passwords and overrode anti-virus software', 12 March 2026.