arxiv: 2604.24153 · v1 · submitted 2026-04-27 · 💻 cs.AI

Right-to-Act: A Pre-Execution Non-Compensatory Decision Protocol for AI Systems

Gadi Lavi This is my paper

Pith reviewed 2026-05-08 03:33 UTC · model grok-4.3

classification 💻 cs.AI

keywords AI safetypre-execution validationnon-compensatory decisionsdecision protocolsAI governancereversibilityadmissibility rules

0 comments

The pith

A pre-execution protocol halts AI actions unless every defined structural condition is met without exception.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces the Right-to-Act protocol as a deterministic layer that checks AI decisions before they can trigger real-world actions. It distinguishes this non-compensatory approach from standard systems that allow high-confidence outputs to proceed even when some conditions fail. The protocol instead sets a legitimacy boundary where failure on any single requirement stops or defers execution. This matters because many current AI safety efforts focus on improving or validating the decision itself rather than controlling whether it is allowed to occur at all. The result reframes governance as a matter of admissibility rules applied independently of how the model was trained or how certain it appears.

Core claim

The paper presents the Right-to-Act protocol as a deterministic, non-compensatory pre-execution decision layer that evaluates whether an AI-generated decision may be realized. It formalizes the contrast with compensatory regimes, where strong signals can override unmet conditions, and defines a pre-execution legitimacy boundary enforced by strict structural constraints. In a scenario-based case study, identical AI outputs produce different outcomes under the protocol, with execution blocked when conditions are incomplete, thereby preserving reversibility and avoiding premature or irreversible actions. The work shifts emphasis from optimizing AI decisions to governing their admissibility at a

What carries the argument

The Right-to-Act protocol, a deterministic non-compensatory pre-execution decision layer that applies strict structural conditions to decide if execution is permitted.

If this is right

Execution occurs only when every required condition is satisfied, regardless of the model's reported confidence.
Irreversible actions can be deferred when any condition remains unmet, maintaining options for later review.
The protocol functions separately from model training or architecture, allowing it to apply across different AI systems.
AI control moves from refining output quality to enforcing rules about when outputs may take effect.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Defining the required conditions for each domain would likely need domain experts and could be validated through controlled simulations before real deployment.
The protocol could serve as a fixed outer gate that operates before any probabilistic risk models are consulted.
Testing in narrow settings such as automated trading or medical recommendation systems would reveal how condition definitions scale without introducing delays that themselves create risks.

Load-bearing premise

Complete, context-appropriate structural conditions can be defined and enforced independently of any model architecture so that the non-compensatory rule improves safety without creating new failure modes.

What would settle it

An observed case in which the protocol allows a harmful action that meets all stated conditions, or blocks a clearly safe action due to an incomplete condition set, would test whether the approach reliably improves safety.

Figures

Figures reproduced from arXiv: 2604.24153 by Gadi Lavi.

**Figure 1.** Figure 1: The Right-to-Act boundary sits between AI-generated decisions and downstream validation view at source ↗

**Figure 2.** Figure 2: A scoring threshold can permit compensation. A Right-to-Act boundary permits execution view at source ↗

**Figure 3.** Figure 3: The account suspension case highlights the difference between aggregate scoring and a view at source ↗

read the original abstract

Current AI systems increasingly operate in contexts where their outputs directly trigger real-world actions. Most existing approaches to AI safety, risk management, and governance focus on post-hoc validation, probabilistic risk estimation, or certification of model behavior. However, these approaches implicitly assume that once a decision is produced, it is eligible for execution. In this work, we introduce the Right-to-Act protocol, a deterministic, non-compensatory pre-execution decision layer that evaluates whether an AI-generated decision is permitted to be realized at all. Unlike compensatory systems, where high-confidence signals can override failed conditions, the proposed framework enforces strict structural constraints: if any required condition is unmet, execution is halted or deferred. We formalize the distinction between compensatory and non-compensatory decision regimes and define a pre-execution legitimacy boundary. Through a scenario-based case study, we demonstrate how identical AI outputs can lead to divergent outcomes when evaluated under a Right-to-Act protocol, preserving reversibility and preventing premature or irreversible actions. The proposed approach reframes AI control from optimizing decisions to governing their admissibility, introducing a protocol-level abstraction that operates independently of model architecture or training methodology.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This is mostly a conceptual reframing that names a non-compensatory pre-execution gate but adds little beyond the distinction and one scenario.

read the letter

The paper's core move is to define a Right-to-Act layer that blocks execution unless every structural condition is met, with no compensation from high-confidence outputs. That distinction between compensatory and non-compensatory regimes is stated clearly in the abstract and illustrated with a scenario where the same AI output produces different real-world results depending on the rule set. The write-up keeps the language straightforward and avoids overclaiming empirical results, which is honest for a short proposal piece. It also positions the protocol as architecture-independent, which is a useful framing if someone wants to build on it later. Beyond that, there is not much new machinery. No formal definitions, no proofs, and no measurements appear. The central assertion that this gate reliably improves safety without new failure modes rests on the scenario alone. The scenario shows divergence in outcomes but does not test whether the required conditions can actually be specified completely or enforced in practice. That leaves the practical enforceability claim unexamined. The citation pattern is light, mostly gesturing at existing safety literature without engaging specific prior protocols in detail. This work is aimed at readers already thinking about AI governance layers who might want a clean label for the non-compensatory idea. It could serve as a starting point for a longer paper that adds formal specs or small experiments, but on its own it does not yet carry enough weight for a serious referee process. I would not bring it to a reading group or cite it, and I would recommend desk rejection unless the authors expand it substantially.

Referee Report

2 major / 1 minor

Summary. The paper introduces the Right-to-Act protocol as a deterministic, non-compensatory pre-execution decision layer for AI systems that evaluates whether an AI-generated decision is permitted to execute. It contrasts this with compensatory systems by enforcing strict structural constraints (any unmet condition halts or defers execution), formalizes the distinction between the two regimes, defines a pre-execution legitimacy boundary, and illustrates the approach via a scenario-based case study demonstrating divergent outcomes for identical AI outputs while preserving reversibility.

Significance. If the protocol can be realized with complete, context-appropriate structural conditions defined and enforced independently of model architecture, the work offers a meaningful reframing of AI control from optimizing decisions to governing their admissibility. This abstraction could support safety by preventing premature or irreversible actions and operates as a protocol-level layer orthogonal to training or architecture, providing a conceptual tool for governance and risk management.

major comments (2)

[Scenario-based Case Study and Formalization] The central claim that the protocol enforces strict structural constraints independently of model architecture and reliably improves safety rests on the assertion that complete, context-appropriate conditions can be defined and enforced without introducing new failure modes. However, the scenario-based case study provides only illustrative examples rather than a general mechanism or formal specification for how such conditions are identified, verified, or maintained across contexts (see the case study and formalization sections).
[Abstract and Formalization Section] No formal definitions, mathematical characterizations, or proofs are supplied for the pre-execution legitimacy boundary, the non-compensatory rule, or the distinction from compensatory regimes, despite the abstract stating that these are formalized. This leaves the deterministic and architecture-independent properties as definitional rather than derived, limiting rigorous assessment of enforceability.

minor comments (1)

[Abstract] The abstract could more explicitly state the scope (conceptual proposal with scenario illustration) to set reader expectations for the absence of empirical validation or proofs.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and detailed feedback on our manuscript. We address each major comment point by point below, with clear indications of planned revisions to improve the rigor and clarity of the work.

read point-by-point responses

Referee: [Scenario-based Case Study and Formalization] The central claim that the protocol enforces strict structural constraints independently of model architecture and reliably improves safety rests on the assertion that complete, context-appropriate conditions can be defined and enforced without introducing new failure modes. However, the scenario-based case study provides only illustrative examples rather than a general mechanism or formal specification for how such conditions are identified, verified, or maintained across contexts (see the case study and formalization sections).

Authors: The scenario-based case study is deliberately illustrative to demonstrate the protocol's effects on execution outcomes for identical AI decisions, rather than serving as an empirical or exhaustive validation. The manuscript frames Right-to-Act as a high-level protocol whose core properties (non-compensatory enforcement and architecture independence) hold by definition once conditions are specified. We agree that additional guidance on condition identification and maintenance would strengthen the presentation. In revision, we will augment the formalization section with a structured outline for specifying, verifying, and updating structural conditions in a domain-agnostic manner, while explicitly noting that concrete instantiation remains context-dependent and outside the protocol's scope. revision: yes
Referee: [Abstract and Formalization Section] No formal definitions, mathematical characterizations, or proofs are supplied for the pre-execution legitimacy boundary, the non-compensatory rule, or the distinction from compensatory regimes, despite the abstract stating that these are formalized. This leaves the deterministic and architecture-independent properties as definitional rather than derived, limiting rigorous assessment of enforceability.

Authors: The formalization section supplies explicit definitions of the non-compensatory rule (as a conjunction of mandatory predicates) and the legitimacy boundary (as the set of decisions satisfying all structural conditions). These definitions directly entail the deterministic and architecture-independent properties. We acknowledge, however, that the presentation lacks mathematical characterizations or derivations. In the revised manuscript we will strengthen the formalization section and abstract by introducing set-theoretic and logical notation for the legitimacy boundary and regime distinction, thereby making the entailment of determinism more explicit without altering the conceptual nature of the contribution. revision: yes

Circularity Check

0 steps flagged

No significant circularity; protocol defined by construction with no load-bearing derivations or self-citations

full rationale

The paper is a conceptual proposal that introduces the Right-to-Act protocol explicitly by definition as a deterministic non-compensatory pre-execution layer. No equations, fitted parameters, predictions, or mathematical derivations appear in the provided text. The central distinction between compensatory and non-compensatory regimes is presented as a reframing rather than derived from prior results. No self-citations are invoked to justify uniqueness or load-bearing premises, and the scenario illustration does not reduce any claim to its own inputs by construction. The derivation chain is self-contained as a definitional framework operating independently of model architecture.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 1 invented entities

The proposal assumes that structural conditions for any decision context can be exhaustively specified in advance and that enforcing them strictly is always preferable to compensatory overrides; no supporting derivation or data is given.

axioms (2)

domain assumption AI-generated decisions can be separated from their execution eligibility via externally defined structural conditions
Invoked when the protocol is positioned as architecture-independent
domain assumption Non-compensatory enforcement improves safety outcomes compared with probabilistic or post-hoc methods
Central motivation stated in the abstract without comparative evidence

invented entities (1)

Right-to-Act protocol no independent evidence
purpose: Pre-execution non-compensatory decision layer
Newly defined construct whose practical utility is asserted but not demonstrated

pith-pipeline@v0.9.0 · 5500 in / 1389 out tokens · 61462 ms · 2026-05-08T03:33:41.964604+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

8 extracted references · 4 canonical work pages · 2 internal anchors

[1]

Russell and P

S. Russell and P. Norvig.Artificial Intelligence: A Modern Approach. Pearson, 4th edition, 2021

2021
[2]

Concrete Problems in AI Safety

D. Amodei, C. Olah, J. Steinhardt, P. Christiano, J. Schulman, and D. Mane. Concrete problems in AI safety. arXiv:1606.06565, 2016

work page internal anchor Pith review arXiv 2016
[3]

Artificial Intelligence Risk Management Framework (AI RMF 1.0)

National Institute of Standards and Technology. Artificial Intelligence Risk Management Framework (AI RMF 1.0). NIST AI 100-1, 2023

2023
[4]

Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act)

European Parliament and Council of the European Union. Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). Official Journal of the European Union, 2024. 12 The Pre-Action Legitimacy Gap Gadi Lavi

2024
[5]

Uchibeke

U. Uchibeke. Before the Tool Call: Deterministic Pre-Action Authorization for Autonomous AI Agents. arXiv:2603.20953, 2026

work page arXiv 2026
[6]

Kaptein, V.-J

M. Kaptein, V.-J. Khan, and A. Podstavnychy. Runtime Governance for AI Agents: Policies on Paths. arXiv:2603.16586, 2026

work page arXiv 2026
[7]

Bounding the Black Box: A Statistical Certification Framework for AI Risk Regulation

N. Levy and G. Perl. Bounding the Black Box: A Statistical Certification Framework for AI Risk Regulation. arXiv:2604.21854, 2026

work page internal anchor Pith review Pith/arXiv arXiv 2026
[8]

OWASP Top 10 for Agentic Applications / Agentic AI execution risks

OWASP Foundation. OWASP Top 10 for Agentic Applications / Agentic AI execution risks. OWASP GenAI Security Project, 2025. 13

2025