The social contract with AI takes shape inside institutions

AI is already inside. The question is whether your organisation still governs it.

Executive summary

• AI is already being used inside organisations before policy, training and oversight are mature.
• Responsibility is distributed across the state, model providers, individual users and organisations.
• Schools, companies and public institutions are the fourth party in the AI ecosystem.
• Responsible AI implementation is organisational design: roles, data boundaries, checks and repair must fit together.
• Good AI implementation makes organisations more governable, reliable and productive.

1. The blind spot in the AI debate

AI is often governed today as if only three parties exist: the state that makes rules, technology companies that build systems, and the individual user who is expected to act wisely. That is a dangerous simplification. Most AI decisions are not made in parliaments, laboratories or individual minds, but in classrooms, teams, boardrooms, public service desks, work processes and professional communities. That is where the social contract with AI is actually formed.

At the top of the debate, a strategic and philosophical struggle is taking place between governments and the owners of large AI models. States try to determine the rules of the game through legislation, standards and oversight. Model providers such as OpenAI, Anthropic, Google and xAI determine through usage policies, model design, safety filters, product terms and distribution power what can and cannot happen in practice. The European AI Act now places explicit obligations on providers and deployers, including AI literacy for employees and other people who work with AI systems on behalf of organisations. At the same time, the UN advisory body on AI warns of major information asymmetries between AI labs and the rest of the world. [1][2][3]

At the bottom of the debate, the individual user is given a moral task list: do not use AI for plagiarism, do not fall for deepfakes, keep thinking critically, verify output and protect privacy. That is necessary, but insufficient. Individuals cannot be made solely responsible for systems they do not design, cannot audit, often cannot understand and usually use inside an organisational context that determines the conditions.

Practice shows how large that gap is. The Stanford AI Index 2025 reports 233 AI incidents in 2024: an increase of 56.4 percent compared with 2023. [4] A global KPMG study across 47 countries shows that AI has already penetrated work widely: 77 percent of employees say their organisation uses AI and 58 percent use AI regularly themselves, while fewer than half have received training. Only two in five employees report seeing policy or guidelines for generative AI. At the same time, there is non-transparent use, errors and data-leak risk: 57 percent admit non-transparent use, 56 percent report errors caused by AI and 48 percent say they have entered company information into public AI tools. [5]

The problem, then, is not merely that individual users sometimes act unwisely. The problem is that many organisations have not yet built mature social and governance infrastructure around AI. AI is being consumed, but not consciously ordered.

It is striking that public trust already points toward this institutional middle layer. In the same global study, people trust universities, research institutions and healthcare organisations more than governments or Big Tech to develop and use AI in the public interest. At the same time, 70 percent of respondents believe AI regulation is needed. Citizens want more rules and more reliable intermediate layers between themselves and the technology. [5]

Core proposition. The social contract with AI is not formed only by states, Big Tech or individual users, but above all inside the institutional communities where people learn, work and decide together.

2. From classic social contract to polycentric AI governance

This is exactly the terrain of the social contract. For Thomas Hobbes, John Locke and Jean-Jacques Rousseau, the social contract is not about a private transaction, but about how shared dependency can be ordered legitimately: which protections, freedoms, duties and forms of authority people accept in order to live together. A recent RAND perspective applies that tradition explicitly to AI and describes social-contract theory as a useful compass for the social and economic consequences of AI, precisely because technological transitions raise questions about safety, economic opportunity and social resilience. [6]

The most important step in that reinterpretation is that AI governance must not remain stuck in technical model alignment or in a picture of individual users alone. Governance must put the effects of AI on work, communities and relationships at the centre. The social contract with AI is not a contract between one user and one model interface, but a context-bound set of expectations about legitimate use, quality, oversight, correction, protection and responsibility in the environments where people learn, work and receive public services.

Education policy points in the same direction. UNESCO guidance on generative AI refers to the need to renew the social contract for education in light of new technology. That implies that AI is not merely a tool or a threat, but a force that changes the relationship between student, teacher, institution, knowledge and assessment. [9]

The governance language that fits best here is polycentric governance. In the work of Elinor Ostrom, the false choice between “the market” and “the state” disappears. Collective goods are often governed by multiple, partly autonomous but mutually dependent decision centres at different scales. AI is such a polycentric issue. The benefits and risks are shared, the context differs by domain, and no single central actor can specify all local trade-offs in advance. [7]

That is why a polycentric interpretation of the social contract with AI makes more sense than an exclusive focus on legislation or model providers. The state sets frameworks, model owners build and limit systems, individuals use AI, but institutional communities translate AI into concrete practices. That is precisely where legitimacy arises, legitimacy that cannot be derived from an abstract principle or a product term alone.

3. The four-party model

This blind spot creates an assignment: designing the institutional social contract with AI. That contract can be understood as a four-party model. Each party has its own power, its own limits and its own responsibility.

Party	Responsibility	Typical risk
Government	Rights, duties, oversight and public norms	Legislation lags behind and remains generic
Model owners	Model architecture, access, filters and policies	Private incentives do not coincide with public value
Individuals	Daily use in work, learning and communication	Too little insight, power and support
Institutional communities	Context, rules, tool choice, training, oversight and repair	Shadow AI, arbitrariness and unclear responsibility

The Intelligence Covenant Institute concentrates its work on that fourth layer. Schools, companies and public organisations are not passive deployers of technology. They are the professional and social context in which AI is actually used and legitimised. They decide which tools may be used, which data may or may not be entered, when human review is needed, how errors are repaired, how employees are trained and how students, citizens, customers or workers are protected.

Anyone who skips this level leaves the main governance problem unnamed. AI use then emerges through accidental experiments, individual skill, vendor defaults and implicit norms. That is weak governance and poor commercial practice. Organisations that do not order AI face not only ethical risks, but also loss of quality, data leaks, inequality, loss of trust and missed productivity gains.

4. Why schools, governments and companies are the fourth party

Education

In education, the meso level is almost literally visible. An OECD report shows that, at the beginning of 2024, countries were mainly working with non-binding guidelines, while decisions at school level by teachers and school leaders largely determine whether and how generative AI enters the classroom. In half of the jurisdictions studied, schools are explicitly responsible for their own rules. [8]

UNESCO goes further: in the absence of national regulation, privacy and validation often remain underdeveloped. Educational institutions must assess generative AI for ethical and pedagogical suitability, and human capacity and collective action are decisive for effective solutions. From that perspective, AI self-reliance is not only a skill of students or teachers, but an institutional characteristic of the school. Does it have rules, pedagogy, assessment forms, validation procedures and professional support that put AI in service of learning? [9]

A school without an AI framework gets plagiarism panic, unequal use and unclear assessment norms. A school with AI self-reliance redesigns assessment, teaches students to reflect on AI output, makes agreements about source use, validates tools and professionalises teachers. There, the social contract with AI is not formed in abstraction, but in pedagogical practice.

Public sector

The same holds in the public sector. AI can make governments more productive, responsive and accountable, but adoption is held back by skills shortages, legacy systems, data challenges and governance problems. European and international policy reports stress that legislation and programmes alone are not enough: governments must build competences, methods and governance practices to create public value with AI in practice. [15]

Responsible AI use in a municipality, inspectorate or implementing agency is therefore not primarily a matter of “is it allowed by law?”. It is a matter of institutional competence: defining public value, limiting data use, documenting decisions, organising human review, arranging objection and repair routes, and protecting citizens’ trust.

Business

In companies, the meso level is even more visible. The KPMG data show that AI is already widely used while training, policy and transparency lag behind. Anyone who addresses only the individual misses the real actor that can channel use: the organisation that does or does not organise frameworks, role division, tool choice, training and oversight. [5]

For companies, this is not only a compliance issue. Shadow AI, data leaks, inconsistent output, unclear ownership and insufficient training slow down productive adoption of AI. An organisation with clear guardrails can experiment faster. An organisation that trains employees gets more value from tools. An organisation that manages data and quality risks can scale AI more safely. An organisation that makes human responsibility explicit builds trust among employees, customers and regulators.

5. Responsible AI implementation is organisational design

In recent years it has become clear that AI ethics does not suffer from a shortage of principles, but from a principle-implementation gap. Almost everyone can agree with values such as fairness, transparency, privacy, accountability and human oversight. The difficult question is: who does what, when, with which authority, based on which information, and with which repair mechanism if something goes wrong?

That is why responsible AI implementation must be understood as organisational design. It is not only about policy or compliance, but about arranging roles, routines, decision rights, data boundaries, training, evaluation and feedback. An organisation that takes AI seriously must know which use cases exist, who owns them, which data are used, which risks are acceptable, how outputs are checked, how employees are trained and how incidents are reported and resolved.

In the literature, this aligns with Responsible AI Governance as a combination of structural, relational and procedural practices. Structural governance concerns boards, roles, policy and ownership. Relational governance concerns trust, stakeholder involvement and feedback. Procedural governance concerns impact assessments, audits, monitoring, escalation and decommissioning. This three-part distinction forms the basis for a practical implementation method. [10]

The NIST AI Risk Management Framework shows what such a design looks like. According to that framework, governance must run through the entire AI life cycle and throughout the organisation: with transparent work processes, clear responsibilities, training, diverse teams, stakeholder feedback, monitoring, incident recognition, supply-chain policy and safe decommissioning of systems. Strong governance also sets the tone for an organisation’s risk culture and connects the technical side of AI with mission, values and risk tolerance. [11]

The OECD Due Diligence Guidance for Responsible AI confirms this shift. Enterprises must formulate policy for their own operations and business relationships, set up cross-functional groups, involve external expertise, integrate feedback from procurement, sales, compliance and HR, assess risks iteratively and maintain contingency plans for incidents and decommissioning. Responsible AI implementation is therefore not an ethical appendix, but a governance and organisational core function. [12]

6. The Covenant Model

To make this vision practical, the Institute introduces the Institutional Covenant Model, in short: the Covenant Model. It helps organisations design their own social contract with AI. It consists of seven layers.

Context. Determine where AI is used and which public, professional or commercial value is central.

Inventory. Map AI tools, AI functions, shadow AI and relevant suppliers.

Norms. Formulate what responsible use means in this specific context.

Guardrails. Set data boundaries, tool choice, human control, documentation and escalation.

AI self-reliance. Train students, employees or professionals in critical, safe and productive AI use.

Checks and balances. Organise monitoring, incident review, bias checks, privacy assessment and feedback loops.

Repair and learning. Provide objection, correction, decommissioning and periodic review of policy and practice.

The Covenant Model makes visible that responsible AI implementation is not a standalone workshop. It is a process in which the institutional community determines how AI may change its practice, and under which conditions that change is legitimate.

7. AI self-reliance is institutional capacity

The Institute deliberately uses the concept of AI self-reliance more broadly than individual AI literacy. Of course people must learn to prompt, check output, assess sources, recognise data risks and understand ethical dilemmas. But individual skill is insufficient if the environment does not provide clear norms, safe tools, good assessment or escalation paths.

Stanford Teaching Commons distinguishes, among other things, functional, ethical, rhetorical and pedagogical literacy in AI literacy. That distinction is useful, but we translate it into a more institutional practice: AI self-reliance is the capacity of people and organisations to use AI critically, safely, fairly and productively within the context in which they learn, work and decide. [17]

AI self-reliance therefore exists at three levels. For students it means understanding what AI is, what it can and cannot do, how to work honestly, how to cite sources and how to preserve one’s own thinking. For professionals it means working effectively and safely with AI without data leaks, blind trust or unclear responsibility. For organisations it means building institutional capacity through policy, training, tool choice, oversight and evaluation.

In this way, AI self-reliance becomes a bridge between social responsibility and commercial relevance. Schools need it to keep education fair and future-proof. Governments need it to protect public value and trust. Companies need it to scale AI productively and safely.

8. Good AI implementation makes better organisations

The central claim is that good AI implementation is not only morally desirable, but functionally superior. Good AI implementation makes better organisations. That applies in education, government and business.

An OECD productivity review shows that generative AI can increase productivity, innovation and entrepreneurship, but only when organisations build new competences and adapt their processes, strategy and work design in order to use the technology well. In a large field study among customer service workers, AI assistance led to roughly 14 to 15 percent higher productivity. [13][14] The message is therefore not that AI automatically generates returns, but that organisations only capture the gains when they embed the technology institutionally.

In the public sector, that conclusion is even more explicit. AI integration is a sociotechnical phenomenon: governments must learn to manage interdependencies between technology, routines, people and structures. The benefits are realised only when organisational form, governance and culture develop alongside the technology. The same applies in education, where human capacity and collective action, not technology itself, are decisive. [9][15]

Responsible implementation also increases trust and reduces friction. People trust AI sooner when monitoring, human oversight, accountability, policy, training, standards and independent assurance are present. Executives increasingly connect Responsible AI with ROI, efficiency and innovation. [5][16] The thesis is therefore not a moral slogan, but a plausible theory of organisations: good implementation reduces hidden use, clarifies responsibility, protects quality and data, and makes adoption scalable.

Central claim. Responsible AI is not a brake on innovation. It is the condition for scalable adoption. Good AI implementation makes better organisations.

9. The role of the Institute

The Intelligence Covenant Institute works as a foundation, think tank and publication platform for the social contract with AI at the institutional level. It writes, researches, gathers evidence and develops the Covenant Model into a workable framework for schools, companies and public organisations. The practical translation, in the form of briefings, organisational scans and implementation sprints, takes place through NIC Advisory B.V., the separate commercial implementation practice.

We deliberately choose the meso level. Do not wait for perfect legislation. Do not rely on the good intentions of founders. Do not place the full burden on individual users. Instead, help schools, companies, public organisations and professional communities take their own responsibility. That is where the civic task of AI governance lies.

For schools, this means that AI self-reliance must always be connected to institutional rules: clear agreements about source use, assessment, evidence, teacher professionalisation, student protection and validation of tools. For public organisations, it means embedding public value, explainability, objection and repair routes, privacy by design, human oversight and documentation in processes. For companies, it means that usage policy, approved tools, data boundaries, role redesign, training, incident review and value measurement become part of strategy and leadership, not isolated workshops or individual goodwill.

10. Demonstrable impact

To keep the claim “Good AI implementation makes better organisations” credible, the Institute must not only inspire but also measure. Impact means something different in every sector, but the logic is always the same: make visible what previously remained implicit.

In business, indicators include the number of inventoried and approved AI use cases, the share of employees with demonstrable AI training, the reduction of shadow AI use, time savings per validated process, the decline in errors and data risks, and the trust of employees and customers. Compliance readiness and auditability belong there as well: not as ends in themselves, but as evidence that the organisation takes its own covenant seriously.

In education, the yardstick shifts to pedagogical outcomes. The relevant questions concern demonstrable AI literacy among students, teacher competence in working with and redesigning around AI, a clear assessment and source policy that replaces plagiarism panic with reflection, and the availability of validated, safe tools. The question is not whether students use AI, but whether the school teaches them to think better because of it.

In the public sector, what matters most is what citizens and peer governments can notice: explainability of AI use, working objection and repair routes, documentation levels for decisions, privacy impact, demonstrable public value and accessibility. Here, AI becomes governable when citizens can reach a human being, challenge a decision and understand the policy.

By making impact visible in this way, the work stays away from symbolic ethics. The core question is not whether organisations have a beautiful AI policy, but whether they function demonstrably better, more reliably and more effectively through responsible AI use.

11. Conclusion

The social contract with AI is not written only in Brussels, Washington, Silicon Valley or the interface of a chatbot. It takes shape every day inside institutions: in the classroom, on the work floor, in the boardroom, at the service desk and in professional practice. There people decide together whether AI becomes an instrument of alienation, arbitrariness and dependency, or an instrument of learning, productivity, public value and trust.

The point is clear. AI must not only be responsible because that is morally right. AI must be implemented responsibly because good implementation makes better organisations. The social contract with AI begins in the community where people learn, work and decide together.

AI is already inside. The question is whether your organisation still governs it.

Editorial note

This essay is based on public sources and is editorially maintained by Stichting The Intelligence Covenant Institute. The text is published under the responsibility of Robert Mekking and may have been prepared or edited with AI assistance. The English version is a working translation of the Dutch foundational essay. Material corrections are made visible. Corrections or source questions can be sent to info@icinstitute.eu.