Cybersecurity and Cyber Warfare Studies Open access

Who Governs Cyberspace in the age of AI? A Global Stocktake of Cybersecurity Governance

YANNIS KEMEL

Jun 13, 2026

Abstract

Abstract

Cyberspace is not ungoverned—it is systematically misgoverned. International instruments, national strategies, and voluntary frameworks have proliferated while security outcomes deteriorated. This inversion—more governance, less resilience—is the "Proliferation Paradox." The paper introduces "Governance Debt": the institutional deficit that accumulates when AI-driven technological change outpaces governance adaptation. This debt compounds across three dimensions: Capacity Debt (threat velocity exceeds institutional response cycles), Authority Debt (no enforcement jurisdiction over borderless AI infrastructure), and Legitimacy Debt (governance authority migrates to unaccountable private actors).This paper examines cybersecurity governance in 29 countries. It identifies three institutional models: Integrated Command, Nodal Hybrid, and Fragmented Sectoral. Key finding: institutional architecture predicts operational resilience more consistently than strategy quality or financial investment. The analysis covers 66 governance instruments and reveals four critical weaknesses in how AI challenges current systems: Scale (velocity), Attribution (identity), Dependence (vulnerability to foreign platforms), and Agency (autonomous systems without accountability). The paper calls cloud providers, AI developers, and standards bodies "private leviathans": they exercise sovereign-scale power over cyberspace without democratic mandate or meaningful accountability.Using the OECD Strategic Foresight Toolkit, the paper stress-tests six governance models across four 2030 scenarios. Two extremes fail: total centralization (a Global Cyber Agency) and total market-led governance. The "Adaptive Federated Stack"—a five-layer architecture—distributes authority across existing institutions without creating a new apex body. This model performs across all scenarios and resolves all three Governance Debt dimensions. The central argument: between 2026 and 2030, governance success requires interoperability, not unity.

Direct answer

What can I do from this paper page?

Use this page to scan "Who Governs Cyberspace in the age of AI? A Global Stocktake of Cybersecurity Governance" quickly: start with the summary and abstract, then check the authors, source, topics, and related papers. From here, open Scollr to follow Cybersecurity and Cyber Warfare Studies research, save the paper, or map adjacent work.

Authors

Researchers on this paper

YANNIS KEMEL

first | ORCID 0009-0003-1178-4437

Research areas

Follow related topics

Citation

BibTeX

@article{KEMEL2026Governs,
  title = {Who Governs Cyberspace in the age of AI? A Global Stocktake of Cybersecurity Governance},
  author = {YANNIS KEMEL},
  year = {2026},
  doi = {10.31235/osf.io/7upyz_v1},
  url = {https://doi.org/10.31235/osf.io/7upyz_v1}
}

FAQ

Using this paper in a discovery workflow

How do I find related work for this paper?

Use the related papers and topic links on this page as starting points. In Scollr, you can also open the paper and build a literature map around its references, citing papers, and related work.

How can I keep up with new Cybersecurity and Cyber Warfare Studies research papers?

Follow Cybersecurity and Cyber Warfare Studies research in Scollr. New papers from the topic flow into a personalized feed, and you can save useful studies to revisit later.

Can I cite this paper from this page?

This page includes a static BibTeX block for Who Governs Cyberspace in the age of AI? A Global Stocktake of Cybersecurity Governance. Always verify the DOI, source, and publication details against the publisher record before submitting a manuscript.

Follow this research in Scollr

Follow the topics and authors behind this paper, save useful studies, and build a literature map when you are ready to go deeper.

Get the app