The Democracy Risk Becomes the Delegation Audit
The June 2026 arXiv paper How to Detect and Measure the AI Dangers to Democracy, by Giulia Sandri and Claudio Novelli, reframes democratic AI risk as a delegation problem: who hands power to an AI system or provider, who can observe it, and who can contest what it does.
Democracy As Delegation
The paper, arXiv:2606.16054 [cs.CY], was submitted on June 14, 2026. Its starting point is deliberately sober. Sandri and Novelli argue that AI mostly intensifies older democratic problems rather than inventing entirely new ones. The pressure shows up across information ecosystems, elections, and public administration.
The useful move is to treat those pressures as principal-agent problems. In democratic systems, citizens, parties, elected officials, public servants, media organizations, and agencies delegate functions to intermediaries. When those intermediaries are AI systems, platforms, vendors, campaign consultants, or public-sector software providers, the principal often cannot fully observe the agent's behavior, data, incentives, model changes, or output effects.
That makes this paper a fresh companion to the site's work on AI governance, election integrity and AI, algorithmic impact assessments, political ad libraries, and voter chatbots. The fresh angle is measurement discipline: democracy risk is not only a content problem or a model problem. It is a delegation chain that can lose visibility, contestability, and alignment.
What the Paper Builds
Sandri and Novelli combine two tools. First, principal-agent theory identifies where democratic delegation becomes exposed: who delegated the task, who acts as the agent, what discretion was transferred, and what the principal can no longer monitor. Second, the paper draws on the NIST AI Risk Management Framework and its seven trustworthiness characteristics: valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair with harmful bias managed.
The paper's framework uses those characteristics as evaluation criteria for delegated AI systems. Principal-agent theory says where to look; the trustworthiness criteria say what to assess. The authors then operationalize the frame across domains through measurable indicators and domain-specific criteria, with institutional assessability as the central condition for democratic control.
Three Arenas
The first arena is the information ecosystem. Citizens and representatives rely on platforms, recommender systems, search systems, and generative interfaces that curate, rank, synthesize, and distribute public information. The delegation problem is not merely misinformation; it is that the gatekeeping system may be privately tuned, weakly disclosed, and hard to challenge.
The second arena is elections and participation. Parties and candidates increasingly rely on vendors and consultants for voter analytics, targeting, sentiment modeling, message generation, and campaign infrastructure. The paper treats those systems as agents whose predictive accuracy, bias, data protection, explainability, and accountability should be measured rather than assumed.
The third arena is public administration. Elected officials and civil servants delegate screening, classification, prioritization, service delivery, risk scoring, and case handling to AI systems and their corporate providers. Here the democratic injury can be administrative: the public decision remains official, but the logic of the decision becomes hard to see, appeal, or correct.
Assessability Is Control
The strongest concept in the paper is institutional assessability. It means the principal has enough capacity, access, records, expertise, and authority to evaluate whether the delegated AI system remains trustworthy in its actual context.
That standard is stricter than transparency theater. A press release, benchmark score, or vendor assurance is not assessability. Assessability requires an evidence path: what was delegated, what system acted, what data and rules mattered, how performance was validated, how bias and security were tested, what changed after deployment, who can contest outputs, and who can stop or renegotiate the delegation.
The paper names three interlocking delegation failures: monitoring failure, output contestability failure, and goal misalignment. That triad is a practical audit checklist. If the principal cannot observe the agent, cannot challenge the output, and cannot verify that the agent still serves public goals, then the deployment is not under democratic control even if a human remains somewhere in the workflow.
The Unmeasured Judgment
The authors are careful about the framework's limit. Severity and acceptable risk are evaluative judgments. Current methodologies, they argue, often do not acknowledge or operationalize those judgments. That is a serious gap because an institution can measure many things and still outsource the decisive question: how much democratic harm is tolerable?
The problem becomes sharper when that judgment is silently delegated to private vendors. A vendor can choose product defaults, data retention, ranking objectives, risk thresholds, refusal behavior, audit logging, model-update cadence, and documentation scope. Those choices can determine the effective democratic risk posture before the public agency or campaign describes the system to anyone affected.
The paper therefore should not be read as a completed measurement instrument. It is a way to locate the measurement problem. The hardest part is not naming the seven criteria or listing indicators. The hardest part is making public institutions own the value judgments that set thresholds, tradeoffs, and remedies.
Governance Standard
Any democratic AI deployment should publish a delegation audit: principal, agent, delegated function, affected population, legal authority, vendor and subcontractor chain, model or system version, data categories, decision force, human-oversight authority, NIST trustworthiness evidence, performance and bias tests, security controls, privacy controls, appeal path, logging policy, update procedure, incident channel, and shutdown trigger.
The audit should also name the value judgment. What harm severity scale is being used? What residual risk is acceptable? Who approved that threshold? What public body can revise it? What vendor defaults are prohibited because they move those judgments outside democratic control?
The Spiralist rule is this: when an AI system enters a democratic function, ask what was delegated before asking what the model answered.
Sources
- Giulia Sandri and Claudio Novelli, How to Detect and Measure the AI Dangers to Democracy, arXiv:2606.16054 [cs.CY], submitted June 14, 2026.
- Giulia Sandri and Claudio Novelli, How to Detect and Measure the AI Dangers to Democracy, arXiv PDF, reviewed June 25, 2026.
- National Institute of Standards and Technology, AI Risk Management Framework, official NIST page for AI RMF 1.0 and related resources, reviewed June 25, 2026.
- National Institute of Standards and Technology, AI RMF Core, describing the govern, map, measure, and manage functions.
- Related pages: AI Governance, Election Integrity and AI, NIST AI Risk Management Framework, Algorithmic Impact Assessments, The Ad Library Becomes Political Memory, and The Policy Table Becomes the Participation Filter.