The social contract — the implicit agreement between a state and its people to exchange some degree of individual freedom for collective protection and governance — was designed for a world in which states were the dominant concentrations of power. That world is changing. A small number of AI companies now control infrastructure that shapes access to information, employment, credit, healthcare decisions, and public services at a scale no elected government can match. The question is not whether this represents a governance challenge. It is whether we are willing to name what that challenge actually requires.
This is not an abstract concern. It is operational. And for small states — including those across the Caribbean — the exposure is not theoretical. It is already present in every procurement decision, every digital public service, and every strategy document that prioritises AI adoption without auditing AI dependency.
The short answer: The social contract does not defend itself. Six governance obligations determine whether states retain the capacity to hold it.
Obligation 1: Regulate AI Infrastructure Like a Utility
Compute capacity, data centres, and foundational models are no longer commercial products in any ordinary sense. They are infrastructure — the substrate on which consequential decisions are made at population scale. The regulatory frameworks that currently apply to them were designed for consumer technology, not essential services.
Utility regulation imposes access obligations, public interest oversight, and interoperability requirements. It prevents a single provider from becoming the gatekeeper of infrastructure that everyone depends on. Antitrust review, the current default response to AI market concentration, operates on a timeline measured in years — long after structural dependency has been established and switching costs have become prohibitive.
What utility regulation would actually change
Access obligations would prevent essential AI capabilities from being withheld from competitors or from public-sector users on commercial terms. Interoperability requirements would prevent data and model lock-in. Public interest oversight would require transparency about how foundational models are trained, what data they contain, and what risks they carry — before deployment, not after harm is documented.
Obligation 2: Treat Digital Sovereignty as a National Security Issue
Sovereignty is not only a question of territorial borders and legislative authority. It is a question of operational independence — the capacity to govern in practice, not just in principle. A state whose public health system runs on models it cannot inspect, whose immigration decisions are filtered through platforms it cannot audit, and whose financial regulation depends on infrastructure it cannot modify in a crisis has ceded something real, regardless of what its constitution says.
Small states are the most exposed. The cost and complexity of developing domestic AI capability means reliance on foreign providers is structurally almost inevitable. That is a manageable reality — but only if it is named as a dependency risk and addressed explicitly in national AI strategies, rather than treated as an acceptable condition of modernisation.
The test: Could your government continue to function if the three largest AI providers you depend on simultaneously withdrew access or changed their terms? If the answer is no — or unknown — that is a sovereignty gap, not a procurement detail.
Obligation 3: Rewrite Accountability Frameworks So That Someone Is Answerable
Current liability frameworks were not built for algorithmic harm. When an AI system denies a person healthcare coverage based on a risk score they cannot contest, removes their social welfare access based on a fraud detection model trained on biased data, or flags them for law enforcement based on a probabilistic match — the harm is real and the accountability is diffuse.
"The model did it" is not a defence. Neither is "the vendor's terms of service disclaim liability for outputs." The entity that deployed the system, derived benefit from it, and made the decision to use it in a consequential context is the entity that must be answerable. This requires legislative intervention in most jurisdictions — not voluntary commitments from providers, and not guidance documents that create the appearance of accountability without the substance.
For Caribbean jurisdictions already building out data protection frameworks, the path to AI accountability is shorter than it appears. The core principle — that automated processing affecting individuals requires a lawful basis, transparency, and a right to contest — already exists in the architecture of modern data protection law. Extending it to cover consequential AI decisions is a legislative refinement, not a reinvention.
Obligation 4: Treat AI Literacy as a Civic Right
Citizens cannot hold power accountable for systems they do not understand. This is not a novel insight — it is the same argument made for financial literacy when complex financial products became central to everyday life, and for media literacy when information ecosystems became algorithmically curated. The argument applies with equal force to AI.
AI literacy is not the ability to build a model. It is the functional capacity to understand how automated decisions are made, what their limitations are, how to identify when an AI output may be wrong, and how to contest outcomes that affect you. Without it, the procedural rights that good AI governance creates — the right to explanation, the right to human review, the right to appeal — are meaningless to the people who need them most.
What treating AI literacy as a civic right requires
It requires curriculum integration, not optional workshops. It requires plain-language public communication about how AI systems used in public services work. It requires consumer protection that includes the right to understand automated decisions that affect you — not just the right to request a human review after harm has occurred. And it requires institutional honesty about where AI is being used in government, rather than opaque deployment behind neutral-sounding administrative language.
Obligation 5: Small States Must Have a Seat at the Table
The regulatory frameworks being written in Brussels, Washington, and Beijing are not local standards. They are global architectures. The AI Act's extraterritorial provisions, the executive orders shaping US federal AI procurement, the standards emerging from ISO and IEEE — these will govern AI systems deployed worldwide, including in states that contributed nothing to their design and were consulted about none of their tradeoffs.
This is not a new problem for small states. It is the same structural dynamic that applies to financial regulation, trade rules, and environmental standards. What is different about AI is the speed of deployment and the depth of dependency. Rules written without the participation of small states will not adequately account for their specific exposures — limited regulatory capacity, high dependency on foreign providers, smaller datasets that make domestic model training unviable, and governance institutions that were not designed to oversee algorithmic systems.
Silence in these processes is functional consent. Engagement through regional blocs, advocacy for impact assessments that explicitly address small state effects, and investment in domestic AI governance capacity — including advisory expertise that can audit and assess AI systems independently — are the minimum requirements for informed participation.
Obligation 6: Civil Society as the New Check and Balance
Institutions that struggle to understand the problem cannot be the primary defence against it. This is not a criticism — it is an observation about institutional timelines and technical complexity. Legislatures operate on multi-year cycles. Regulators are resourced to police frameworks that already exist. Courts interpret law that has not yet caught up with the systems before them.
The check on AI power that actually operates in real time is civil society: the researchers who audit systems, the journalists who document harm, the advocacy organisations that aggregate individual complaints into visible patterns, and the individuals who refuse to accept algorithmic decisions without contest. These are not supplementary mechanisms. They are currently the primary ones.
Governments that want functional AI governance should be investing in civil society capacity — independent research infrastructure, whistleblower protections for algorithmic harm, public interest litigation funding, and media that has the technical capability to scrutinise AI systems rather than simply report on them.
What This Means Practically
Rousseau's insight was not that the social contract was desirable. It was that it was necessary — that without it, the vacuum fills with something worse. The question for AI governance is the same: not whether we want accountability, transparency, and distributed power, but whether we are willing to build the institutional infrastructure that makes those things real before the alternative has fully arrived.
None of the obligations above require inventing new principles. Utility regulation, sovereignty protection, liability attribution, civic literacy, multilateral engagement, and independent oversight are established governance tools. What they require is application — with urgency, specificity, and the recognition that the window for shaping these systems on terms that serve the public interest is narrowing, not widening.
For organisations operating in this environment — whether they are building AI systems, deploying them, or subject to their outputs — the practical starting point is the same: understand what you are depending on, understand who is accountable if it fails, and build the internal governance capacity to answer both questions honestly. That work begins at the organisational level, but it is not confined there.
Frequently Asked Questions
What does it mean to regulate AI infrastructure like a utility?
Regulating AI infrastructure like a utility means treating compute capacity, data centres, and foundational models as essential public infrastructure rather than ordinary commercial products. This would impose access obligations, public interest oversight, and interoperability requirements on dominant AI providers — similar to how electricity grids and telecommunications networks are governed — rather than relying on antitrust reviews that arrive years after market power has already been consolidated and switching costs have become prohibitive.
Why is digital sovereignty a national security issue for small states?
Digital sovereignty becomes a national security issue when a state's critical public services — healthcare, social welfare, border management, financial regulation — depend on AI systems owned, controlled, and auditable only by foreign private actors. Small states that cannot inspect, modify, or replace those systems in a crisis have ceded operational sovereignty. AI national strategies that address only adoption, without addressing dependency risk, are incomplete security plans.
Who is accountable when an AI system causes harm?
Accountability for AI-caused harm must follow the harm itself. "The model did it" is not a sufficient defence when an automated system denies someone healthcare, flags them for law enforcement, or removes them from public services. The entity that deployed the system, derived benefit from it, and made the decision to use it in a consequential context must be answerable — regardless of whether the underlying model was built by a third party. Current liability frameworks in most jurisdictions are inadequate for this and require legislative intervention, not voluntary provider commitments.
What is AI literacy and why should it be treated as a civic right?
AI literacy is the functional capacity to understand how automated decisions are made, what their limitations are, and how to contest outcomes they produce. It is a civic right because citizens cannot hold power accountable for systems they do not understand. The procedural rights that good AI governance creates — explanation, human review, appeal — are meaningless to people who lack the literacy to invoke them. Governments should treat AI literacy with the same institutional urgency as financial literacy: curriculum integration, plain-language public communication, and consumer protection that includes the right to understand automated decisions affecting you.
How should small states engage in global AI policy processes?
Small states must treat global AI policy as a foreign policy and national security issue, not a technical afterthought. The regulatory frameworks being developed in the EU, the US, and China will govern AI systems used worldwide — including in states that had no input into their design. Silence in those processes is functional consent. Small states should engage through regional blocs, advocate for extraterritorial impact assessments that account for small state exposures, and build domestic AI governance capacity — including independent advisory expertise — that allows them to audit AI systems and participate in policy debates on informed terms.