1. Introduction
The expansion of artificial intelligence (AI) systems is extending their impact across both private and public sectors, rapidly and across borders. AI technologies increasingly perform roles once reserved for public institutions, including adjudication, enforcement and eligibility determination, in domains such as criminal justice, healthcare, taxation and welfare provision (Green & Viljoen, Reference Green and Viljoen2020; Hildebrandt, Reference Hildebrandt2018). Crucially, these systems do not merely support decision making; they embed regulatory authority within their technical design, shaping behavior without democratic authorization (Oswald, Reference Oswald2018; Veale & Brass, Reference Veale, Brass, Yeung and Lodge2019). This transformation raises a foundational concern: can law maintain its normative legitimacy amid displacement by opaque, adaptive and transnational technologies?
Legal legitimacy has traditionally relied on the coordinated presence of three foundational conditions: legal certainty, accountability and enforceability (Bingham, Reference Bingham2011; Craig, Reference Craig1991; NG, Reference NG2025). These elements have served as the foundations of the law’s role in guiding conduct, legitimating institutional authority and ensuring procedural recourse. AI technologies, however, pose structural challenges to this foundation, producing outputs that are often opaque, difficult to explain even for their designers and resistant to audit (Chung, Reference Chung2025; Burrell, Reference Burrell2016). Such impacts result in policy, regulatory and legal decision making being delegated to proprietary systems that operate beyond the scope of public oversight or legal contestation. In other words, governance is shifting toward private platforms that replace legal procedures with technical systems largely insulated from legislative scrutiny or judicial review (Cohen, Reference Cohen2017; Gorwa, Reference Gorwa2019).
These questions and concerns, however, are no longer theoretical. In July 2025, Google, OpenAI, Anthropic and Mistral signed the European Union (EU)’s Code of Practice for General-Purpose AI, pledging full compliance with transparency, copyright and traceability provisions (Toole, Reference Toole2025). Meta, by contrast, rejected the Code, citing “overregulation” (Subin, Reference Subin2025). These divergent responses presented the fragmentation of AI governance and the contested nature of legal oversight in the platform economy (Balkin, Reference Balkin2017; Bietti, Reference Bietti2020; Margoni & Kretschmer, Reference Margoni and Kretschmer2022).
Meanwhile, for example, no major U.S. court, including the Supreme Court, has yet adjudicated cases involving AI-generated pornography, underscoring the legislative and regulatory lag in addressing emergent digital harms. This delay reflects not judicial failure, but broader structural inertia in adapting institutional mechanisms to rapid technological change. This judicial inaction reflects a growing gap between the emergence of disruptive technologies and the responsiveness of legal institutions. While lower courts and legal scholars continue to debate core legal categories such as intent, authorship and harm in the context of AI-generated sexual media, governance in practice remains dominated by private technology companies (NG, Reference NG2025; Unger, Reference Unger2025). In the absence of judicial precedent or comprehensive legislative frameworks, these firms effectively define the operational norms for the creation, distribution and moderation of generative media technologies in real time (Rozenshtein, Reference Rozenshtein2025).
To respond to these arising issues, governments presented regulatory instruments that incorporate normative principles such as transparency, fairness and human oversight into AI systems (Floridi, Reference Floridi2023), also referred to here as AI technologies. Key examples include the EU AI Act, Canada’s Algorithmic Impact Assessment and South Korea’s AI Basic Act. Many of these frameworks, however, remain ill-equipped to address adaptive or transnationally deployed AI systems that do not operate according to fixed, rule-based procedures. These systems complicate enforcement because they evolve over time, operate across jurisdictional boundaries and often rely on opaque logic that resists traditional oversight. Such challenges expose the limits of assuming that legal institutions retain the procedural coherence and institutional authority necessary to enforce compliance. In practice, AI systems often exceed jurisdictional limits, evolve continuously and remain governed by private actors whose interests do not always align with public values (Zalnieriute, Moses & Williams, Reference Zalnieriute, Moses and Williams2019). This results in a growing disparity between enforceable regulatory practice and normative aspirations, which refers to ethical or principled goals such as fairness, transparency and non-discrimination that often guide AI governance debates lacking enforceable legal status.
This study proposes a shift in the analytical lens. Rather than focusing on corporate governance or sectoral compliance frameworks, the paper analyzes AI systems as institutional infrastructures whose technical design shapes eligibility, access and enforcement. The concern is not with AI companies per se, but with how the systems they build embed decision-making logic that increasingly displaces legal authority. In this sense, AI systems function as both technical artifacts and regulatory instruments, raising structural challenges to legal legitimacy. This article approaches AI governance not simply as a matter of policy regulation, but as a structural transformation of legal authority. Existing scholarships often frame AI as a challenge to be addressed through legal instruments, but this approach presumes that the authority of law remains institutionally intact. In contrast, this article suggests that AI systems restructure the conditions under which law itself operates, posing not just compliance challenges, but legitimacy crises (Bietti, Reference Bietti2020; Schiff, Laas, Biddle & Borenstein, Reference Schiff, Laas, Biddle, Borenstein, Laas, Davis and Hildt2022; Yeung, Reference Yeung2018). These shifts reflect not only technical complexity but also a broader transformation in how normative governance is distributed across algorithmic infrastructures and institutional systems.
The central research question is: How do AI systems, understood as rule-embedding infrastructures, transform the foundational conditions under which law maintains jurisdiction, institutional authority and normative legitimacy? This builds on prior work conceptualizing how algorithmic infrastructures alter the normative basis of public authority and challenge the legitimacy of traditional state-citizen relations (Chung & Schiff, Reference Chung and Schiff2025). This research question is further guided by three interrelated sub-questions:
1. How do AI’s core attributes, including algorithmic opacity (lack of transparency in decision making), infrastructural embedding (integration into systems that shape access and control), and transnational operation, destabilize the alignment between legal authority, institutional competence and procedural integrity?
2. What conceptual tools are needed to diagnose the structural displacement of law by algorithmic systems?
3. How can legal institutions adapt to reclaim normative legitimacy under conditions shaped by algorithmic governance?
At the center of this investigation is the concept of institutional displacement, defined as the erosion of public law’s operational capacity and normative authority due to the rise of privately governed algorithmic infrastructures (Orlikowski & Scott, Reference Orlikowski and Scott2023). This paper distinguishes between two layers of opacity: (1) the internal architecture of AI systems, which hinders legal explainability, and (2) the institutional opacity of corporate governance frameworks that shield decision making from public oversight. The argument develops both dimensions to assess how legal authority is displaced structurally not only through technical means but by privatized decision-making infrastructures.
Rather than merely posing compliance challenges, AI systems in some domains now perform governance functions that supplement or partially substitute the law’s regulatory capacity through technical architectures that classify risk, determine eligibility and regulate access to social services or content. These shifts vary across jurisdictions and applications, but mark a broader trend of functional displacement. The result is not simply a normative crisis but a relocation of governance itself, from public institutions to private code-based infrastructures.
To address these concerns, this study builds on foundational legal principles such as legal certainty, accountability and enforceability, as articulated in earlier scholarship (Bingham, Reference Bingham2011; Craig, Reference Craig1991), and reframes them into a structural model: the Tripod of Normative Legal Legitimacy. This conceptual framework identifies three interdependent dimensions of legitimate governance: institutional authority (who governs), jurisdictional competence (what is governed) and procedural integrity (how governance is conducted) (Bovens, Reference Bovens2007).
This study argues that AI systems systematically undermine this tripod. In specific regulatory contexts, such as content moderation or credit scoring, public legal institutions no longer exercise exclusive normative authority. Instead, governance is increasingly exercised through private platforms that simulate legality through internal audits, codes of conduct, and ethics regimes, while lacking the institutional and procedural safeguards of law. This study refers to this phenomenon as legal displacement: the persistence of legal form without its underlying authority.
The paper further demonstrates how traditional legal feedback cycles contrast with AI-induced governance cycles: the recursive process through which legal norms and processes contested, progressively losing their authority and legitimacy. The study situates them within broader transformations in governance. Through a comparative analysis of state-based regulatory instruments such as the EU’s Digital Services Act (DSA) and AI Act, alongside corporate governance structures like Meta’s Oversight Board and OpenAI’s model governance protocols, it examines how legal authority is being reconfigured across institutional boundaries. This shows how AI displaces each phase of this cycle. It substitutes public lawmaking with private system design, enforcement with platform-based compliance, and democratic contestation with engineered procedural closure.
This article employs a conceptual legal analysis that synthesizes doctrinal, institutional and regulatory developments in AI governance. Drawing on comparative public law, EU legal instruments, and recent literature in legal theory and law-and-technology studies, the paper reconstructs the normative architecture of legitimacy and examines how AI technologies challenge its core components. By focusing on two emblematic instruments, including the DSA and the EU AI Act, it uses a case-based method to analyze how legal institutions attempt to reclaim authority through procedural reforms. The study does not rely on empirical datasets but adopts a normative-analytical approach to articulate the evolving relationship between public law and computational systems. Rather than generalizing across all jurisdictions, it examines how structural features of AI systems undermine institutional mechanisms that traditionally support legal legitimacy. This article offers a conceptual account of how AI systems may displace key functions traditionally associated with legal institutions. While the article draws empirical examples to illustrate these trends, its primary contribution is conceptual and diagnostic. The aim is not to offer a fully empirical account of institutional displacement, but rather to develop a theoretical framework that can be refined through further jurisdiction-specific or comparative research.
2. Institutional displacement and conceptual gaps in AI governance
AI has generated a robust body of research across legal, regulatory and political disciplines. This literature has advanced important principles such as transparency, fairness and accountability in AI deployment. However, these contributions often remain tethered to a framework that treats AI as a policy object to be managed within existing legal structures. They seldom interrogate the deeper institutional conditions under which law sustains its legitimacy when confronted with autonomous, privately governed and transnational algorithmic systems. This chapter critically engages the state of AI governance research by examining its technological, legal and political foundations. It evaluates the central claims of existing scholarship, identifies their conceptual and institutional limitations, and prepares the groundwork for the structural analysis developed in the next chapter.
2.1. The technological and infrastructural distinctiveness of AI
One of the most significant differences that AI holds from earlier generations of general-purpose technologies is that it not only automates tasks but also performs as an active decision-maker and regulatory function traditionally assigned to humans and legal or administrative systems or even rules them out of the decision-making processes. Modern machine learning systems operate through self-adjusting, data-driven models that produce probabilistic classifications and decisions without clear or consistent causal explanations. This opacity, often described as the “black-box” problem, limits the ability of affected parties to contest outcomes or demand explanations (Burrell, Reference Burrell2016; Green & Viljoen, Reference Green and Viljoen2020). These systems undermine procedural fairness by denying individuals meaningful participation in decisions that affect their rights.
AI stands out not only for the inaccessibility of its algorithmic logic but also for its embeddedness within digital infrastructures. Infrastructural embedding refers to the integration of AI systems into technical, organizational and communicative networks that structure everyday activities and decision making. Algorithmic systems, ranging from machine-learning models to partially automated decision tools, frequently serve as unofficial yet effective infrastructural regulators. For instance, the Dutch “SyRI” system, which used predictive algorithmic profiling to flag social security fraud, was implemented with little transparency and were invalidated only after sustained litigation and public criticism (Eubanks, Reference Eubanks2018; Leenes & Lucivero, Reference Leenes and Lucivero2014), while Uber’s driver classification algorithms significantly shape labor conditions without formal regulatory oversight. Content moderation on platforms like YouTube and Facebook, meanwhile, is governed through proprietary AI systems that moderate discourse at scale. While algorithmic systems may displace certain procedural or institutional functions in specific regulatory domains, such as welfare administration or content governance, these effects remain contingent upon local legal frameworks, political oversight and institutional design. Recent studies have shown that in specific use cases, such as welfare eligibility systems or automated fraud detection, algorithmic decision-making tools are deployed in ways that reduce reliance on traditional legal procedures. These systems, while efficient, often bypass procedural safeguards foundational to legal legitimacy (Plantin, Lagoze, Edwards & Sandvig, Reference Plantin, Lagoze, Edwards and Sandvig2018; Yeung, Reference Yeung2018). Moreover, foundational studies in the mid-2010s, raised early alarms about algorithmic systems encroaching on the regulatory and procedural domains of law (Citron & Pasquale, Reference Citron and Pasquale2014; Yeung, Reference Yeung2018). These analyses focused on the rise of “technological due process” and the opacity of algorithmic adjudication. Since then, a growing body of empirical research and official documentation has corroborated these concerns. The EU Fundamental Rights Agency (2023), for example, highlights how automated systems at EU borders have limited the capacity for legal redress. Others have emphasized how these systems structure behavior through anticipatory logic, shaping future conduct by extracting and modeling behavioral data (Zuboff, Reference Zuboff2019). Under these contexts, the law does not just strive to maintain its position to regulate technology; it is already in a position to compete with it.
Legal authority may, in particular contexts, be restructured or displaced by technical architectures that govern behavior through distinct logics of control, which is composed of code, algorithms and platform protocols. This shift in the role of law entails not only a transformation in regulatory content but also in the institutional form through which legal authority is exercised (NG, Reference NG2025). These structural challenges substitute for legal norms without replicating their deliberative or democratic qualities. This transformation is referred to as institutional displacement, in which the structures that confer legitimacy on public decision making are overtaken by privately managed regimes that have no formal legal status (Orlikowski & Scott, Reference Orlikowski and Scott2023; Zürn, Reference Zürn2018).
Recent developments in generative AI and corresponding governance responses, such as the EU Artificial Intelligence Act (2023), the U.S. Executive Order on Safe, Secure and Trustworthy AI (2023), and critical legal commentaries on algorithmic fairness and opacity (Veale & Borgesius, Reference Veale and Borgesius2021; Wachter, Mittelstadt & Russell, Reference Wachter, Mittelstadt and Russell2021), illustrate how regulatory structures remain reactive, sector-specific and largely disconnected from the infrastructural transformations that increasingly shape public decision making. Recent scholarship has examined not only regulatory instruments but also the epistemic and infrastructural politics of AI, emphasizing how technical standards embed private interests into legal norms (Cohen, Reference Cohen2019) and how techno-legal opacity can function as a deliberate strategy of institutional control (Pasquale, Reference Pasquale2015). These critiques provide essential context for understanding how AI systems destabilize conventional accountability mechanisms within law.
By normative legitimacy, this study refers to the capacity of legal systems to justify their authority through principled reasoning, procedural fairness and democratic accountability, while the term legal institutions refers to public authorities responsible for creating, interpreting and enforcing the law, such as legislatures, regulatory bodies and courts. These institutions maintain legitimacy through legal reasoning, procedural accountability and transparency, all of which are challenged by the opacity and automation of AI governance. Additionally, we use the term “AI systems” throughout to refer to algorithmic infrastructures, including machine learning models, data-driven decision tools and automated scoring systems, that structure decision making and rule enforcement across public and private domains. While often developed or deployed by private corporations, the paper focuses on their institutional effects, not on company governance. The term “AI technologies” is used only when referring to the broader material infrastructure supporting these systems.
2.2. Legal approaches: rights, risk and the problem of enforcement
Legal scholarship has focused extensively on embedding normative values into AI systems, emphasizing the need for fairness, explainability and human oversight. One approach argues for a right to explanation in algorithmic decisions, yet the effectiveness of so-called explainable AI (XAI) remains debated: while current systems can generate rationales, these are often post-hoc approximations rather than true causal explanations, raising concerns about authenticity and reliability (Wachter, Mittelstadt & Floridi, Reference Wachter, Mittelstadt and Floridi2017). This line of critique resonates with the view that AI alters the rule-of-law paradigm by shifting enforcement from normative reasoning to probabilistic optimization (NG, Reference NG2025). Other frameworks articulate governance principles such as beneficence, non-maleficence and justice, asserting that ethical imperatives should be embedded into the design and deployment of AI technologies (Floridi, Reference Floridi2021). These principles have influenced major regulatory proposals, including the EU AI Act and Canada’s Algorithmic Impact Assessment, which both adopt risk-based models that categorize AI applications according to their societal and legal impact.
Recent regulatory efforts reflect a growing awareness of these governance gaps. The 2025 EU Code of Practice for General-Purpose AI seeks to impose voluntary transparency and documentation protocols for foundation models, but its non-binding nature raises questions about enforceability and scope. Similarly, updates to the OECD AI Principles (2024) and the U.S. AI Executive Order (2023) have introduced soft-law mechanisms, though these remain limited in their procedural specificity and jurisdictional reach.
Despite their normative depth, these proposals often rely on the assumption that legal institutions possess the jurisdictional coherence and procedural capacity necessary for enforcement. In practice, implementation remains limited. In Italy, the Data Protection Authority imposed a moratorium on real-time facial recognition in public spaces (Pollina & Pollina, Reference Pollina and Pollina2022), reflecting the difficulty of proactive legal governance over algorithmic surveillance. In Spain, authorities suspended AI-based facial recognition in public schools following legal and ethical concerns over biometric profiling (Agencia Española de Protección de Datos, 2020). Similarly, Canadian provinces have paused predictive policing programs due to concerns about discrimination, opacity and lack of legal safeguards (Joh, Reference Joh2016).
The challenge lies in the implementation gap. As noted in recent legal scholarship, translating ethical guidelines into binding legal obligations remains difficult due to vague risk categories, lack of clarity around accountability and fragmented enforcement infrastructures (Morley et al., Reference Morley, Kinsey, Elhalal, Garcia, Ziosi and Floridi2023; Veale & Zuiderveen Borgesius, Reference Veale and Zuiderveen Borgesius2021). In the Korean context, for instance, the AI Basic Act has been criticized for its largely symbolic treatment of ethical principles, lacking enforceable mechanisms or institutional clarity for effective oversight (Jung, Reference Jung2024). Consequently, these frameworks risk devolving into declarations of intent rather than instruments of accountability, echoing critiques that AI ethics regimes often serve as substitutes for substantive regulation (Bietti, Reference Bietti2020; Cath, Reference Cath2018).
Beyond institutional limitations, AI governance also confronts structural challenges rooted in the nature of the systems themselves. First, AI systems often exhibit a lack of technological control: they function through statistical learning rather than rule-based deduction, which makes their behavior difficult to predict, monitor, or verify. Second, explainability remains a persistent challenge. While legal norms demand intelligibility and justification, AI models, especially deep learning systems, often resist interpretation, creating a disjuncture between legal expectation and technical reality. Third, many of these infrastructures are designed by and for Big Tech, embedding commercial logics that run counter to public legal principles.
These limitations reveal a deeper problem: legal frameworks often treat AI as an external object to be regulated, rather than recognizing that AI systems themselves generate normative effects. By automating classification, eligibility and enforcement, AI systems increasingly perform governance functions that parallel or even supplant legal processes, such as enforcing content standards, allocating resources, or adjudicating eligibility. These systems raise questions about oversight, due process and the evolving nature of authority. In domains such as welfare adjudication, credit scoring and content moderation, algorithmic infrastructures have displaced procedural safeguards once administered by courts or agencies (Eubanks, Reference Eubanks2018). These shifts challenge not only how law regulates AI, but how law maintains legitimacy in the face of technical systems that mediate access to rights, services and remedies.
These governance challenges are compounded by structural features of AI systems themselves. Many rely on machine learning models that are non-deterministic, difficult to audit and resistant to interpretation, raising enduring problems for legal intelligibility and due process (Lipton, Reference Lipton2018). Moreover, these systems are often designed by private actors whose commercial imperatives may diverge from public legal principles, creating what some scholars describe as “epistemic asymmetry” between developers and regulators (Ananny & Crawford, Reference Ananny and Crawford2018).
2.3. Political economy and the limits of distributional analysis
Law and Political Economy (LPE) is a critical scholarly framework that foregrounds how legal institutions co-constitute and are shaped by political and economic power structures. LPE scholars have emphasized that AI systems are not neutral tools but operate as mechanisms of private governance. For instance, opaque algorithmic systems mediate access to credit, employment and welfare, often in ways that reinforce socioeconomic inequality and evade public accountability (Pasquale, Reference Pasquale2015). Platform monopolies maintained by major technology firms, such as Amazon, Meta and Google, serve as prominent examples of how corporate actors distort regulatory environments and consolidate control not only over digital infrastructures but also over the conditions of access, visibility and participation within them (Khan et al., Reference Khan, Akbar, Fahmideh, Liang, Waseem, Ahmad, Niazi and Abrahamsson2023). Other accounts trace how technological architectures encode values of surveillance and control into everyday systems, thereby shifting power from public institutions to corporate platforms (Cohen, Reference Cohen2017).
While these contributions are indispensable in highlighting the structural dynamics of privatized governance, they tend to concentrate on economic and distributional effects, such as regulatory capture or market concentration. Less attention is paid to the specific mechanisms by which legal institutions lose their procedural authority and jurisdictional coherence in the face of algorithmic governance. As a result, the LPE literature often critiques what AI does, such as consolidate power, reduce transparency and intensify inequality, without offering a clear analytic model for understanding how legal legitimacy erodes in this process. This article seeks to bridge that gap by applying an LPE lens to a procedural framework of legal legitimacy, centered on the mutually constitutive pillars of legal certainty, accountability and enforceability. This perspective offers a conceptual foundation for analyzing how algorithmic governance not only disrupts economic relations but also displaces legal authority itself.
2.4. Governance theory and epistemic asymmetries
Political science and public policy scholarship adds further insight by focusing on the institutional dynamics that undermine AI oversight. One recurrent concern is epistemic asymmetry: the widening knowledge gap between public regulators and private developers. Epistemic asymmetry refers to unequal access to technical knowledge, often resulting in regulatory dependence on private actors for expertise, auditability, or compliance evaluation. This gap has led to forms of expert dependency, where governments rely on the very firms they are meant to regulate for both technological understanding and policy guidance (Ananny & Crawford, Reference Ananny and Crawford2018). Such dependency creates opportunities for regulatory capture and weakens the independence of public institutions.
In a related vein, recent studies describe how regulated entities increasingly serve as architects of the regulatory environment. This condition, referred to as governance asymmetry, results in a privatized legal field in which public norms are filtered through corporate discretion (Gorwa, Reference Gorwa2019; NG, Reference NG2025). Others identify this development as a legitimation crisis, wherein authority is no longer rooted in democratic institutions but is instead fragmented across transnational networks of expertise, infrastructure and informal rulemaking (Green & Viljoen, Reference Green and Viljoen2020; Zürn, Reference Zürn2018).
Empirical research supports these theoretical concerns. For example, facial recognition systems have been widely adopted by U.S. police departments without comprehensive legal regulation or meaningful oversight (Ferguson, Reference Ferguson2020; Garvie, Reference Garvie2016). These technologies operate in a legal vacuum, sidestepping established procedural safeguards and creating significant risks to civil liberties. In such cases, legal legitimacy is not explicitly dismantled but gradually hollowed out by technical systems that make law redundant in practice.
2.5. Conceptual gaps and this study’s contribution
The preceding review reveals several critical blind spots in current scholarship on AI governance. First, there is a persistent overreliance on normative goals and values, particularly in legal and policy circles, without sufficient attention to the institutional structures required to enforce them. Second, existing accounts often fail to examine how AI undermines the ongoing legal processes, such as adjudication, contestation and rule-revision, that support law’s legitimacy. Third, few studies offer a structural account of how legal systems lose their functional authority when algorithmic governance takes over not just decision making, but the rules and procedures that justify and constrain those decisions. Where previous work has largely focused on regulatory frameworks (Wachter et al., Reference Wachter, Mittelstadt and Floridi2017), this paper builds on institutionalist legal theory to suggest that AI systems actively reconfigure the foundational structures, such as jurisdiction, accountability and procedural justification, that make law authoritative in the first place.
This study addresses these gaps by introducing the Tripod of Normative Legal Legitimacy, a structural model grounded in legal and political theory. It conceptualizes legal legitimacy as comprising three mutually reinforcing dimensions: institutional authority, jurisdictional competence, and procedural integrity. Moreover, by applying this framework to real-world examples of both public regulation and private governance, this study develops a comparative perspective on how normative authority is displaced across institutional boundaries. It shows that legal systems can persist in symbolic form while losing their capacity to regulate effectively. The transformation is not only functional but ontological: law becomes decentered as governance is exercised through infrastructures that do not meet its institutional and procedural criteria.
3. Structural foundations and disruptions of legal legitimacy in the age of AI
AI development in today’s society represents more than a technological advancement; it signals a paradigmatic shift in the normative and institutional foundations through which legal legitimacy is constituted and exercised. As algorithmic systems become increasingly embedded in public decision making, they challenge not only the regulatory capacity of legal institutions but also restructure the epistemic and operational logics through which law seeks to guide and constrain conduct. A critical concern is that AI systems operate primarily through statistical inference and automated optimization, rather than incorporating human deliberation or normative reasoning, which makes them fundamentally incompatible with the traditional rationality of law.
This chapter reconstructs the conceptual structure of legal legitimacy in terms of three interdependent conditions: legal certainty, accountability and enforceability. Together, these conditions form a normative tripod. It then examines how each of these dimensions is structurally destabilized by the institutional characteristics of AI.
3.1. The tripod of legal legitimacy
Legal legitimacy is not reducible to the formal validity of rules or the procedural propriety of lawmaking. It arises from a configuration of normative expectations, epistemic transparency and institutional effectiveness that allows law to function as a publicly justified and binding framework of governance. This study conceptualizes legal legitimacy as consisting of three foundational dimensions: legal certainty, accountability and enforceability. These are not isolated values but interdependent elements that form what this study terms the Tripod of Legal Legitimacy (See Figure 1).
Legal certainty refers to the clarity, generality and coherence that are internal moral features essential to legality (Craig, Reference Craig2017; Fuller, Reference Fuller1969; Luhmann, Reference Luhmann2004). In other words, the law’s guidance function requires it to be publicly intelligible and prospectively applicable so that both individuals and institutions must be able to understand the rules that govern them to comply or contest their application (Raz, Reference Raz2009). Legal certainty thus serves as a cognitive and procedural infrastructure that enables law to function both normatively and institutionally.
Accountability captures the institutional mechanisms through which power is held responsible for regulatory decisions. It entails processes of explanation, justification and potential reversal, the core features of institutional reflexivity. Legal systems embed accountability through vertical mechanisms (public oversight, electoral scrutiny) and horizontal mechanisms (judicial review, inter-agency checks) (Bovens, Goodin & Schillemans, Reference Bovens, Goodin and Schillemans2014; Mashaw, Reference Mashaw and Dowdle2006). These are not only procedural formalities but essential conditions for ensuring that legal authority remains communicative and contestable within democratic governance.
Enforceability concerns the ability of legal norms to produce behavioral effects through mechanisms of compliance, coercion, or institutional alignment. As Kelsen (1967) observed, the normative force of law derives from its institutional embedding within a system of sanctions. Building on this view, other scholars argue that effective regulation requires a mix of deterrent penalties and supportive implementation strategies (Baldwin, Cave & Lodge, Reference Baldwin, Cave and Lodge2011). In the absence of enforceability, legal norms risk decaying into symbolic expressions, lacking institutional traction or behavioral influence.
These dimensions are mutually constitutive. Legal certainty, accountability and enforceability are reconceptualized as interdependent pillars (Bingham, Reference Bingham2011; Bovens, Reference Bovens2007; Fuller, Reference Fuller1969; Kelsen, Reference Kelsen2017). Their interdependence forms a procedural equilibrium, which is destabilized when one pillar collapses.
Tripod of Legal Legitimacy.
3.2. Disintegration of the legal tripod through algorithmic dynamics
This section develops the article’s central contribution that AI systems undermine legal legitimacy not merely by evading regulation but by displacing the very institutions that confer legal authority. This “disintegration of the legal tripod,” comprising legal certainty, accountability, and enforceability, occurs through intertwined processes of institutional erosion, technical substitution and infrastructural control. The institutional balance sustained by the legal tripod is being systematically destabilized by AI systems that bypass the normative, procedural and jurisdictional safeguards of public law.
Digital platforms increasingly act as “information fiduciaries” and “infrastructures of governance,” exerting normative control over social behavior and regulatory functions (Balkin, Reference Balkin2017; Cohen, Reference Cohen2019). Building on these foundations, this article proposes that AI systems, particularly those embedded in core service delivery infrastructures, do not merely supplement state law but often displace the institutional mechanisms that historically conferred legal legitimacy. This displacement is not total or uniform, but it signifies a structural transformation of how legal authority is organized and exercised.
While prior work has rightly emphasized platform governance or data extractivism, the current analysis focuses on institutional dislocation: the ways in which technical systems reassign or absorb functions like norm interpretation, procedural accountability and decision-making transparency. In some regulatory contexts, AI systems may begin to partially supplement or substitute the law’s regulatory capacity, for instance, by classifying risk or mediating access, though such trends vary widely across jurisdictions. This framework is informed by empirical findings from EU and national case studies (European Union Agency for Fundamental Rights, 2025), which document how automated eligibility assessments, surveillance tools and algorithmic decision-support systems increasingly circumvent traditional legal venues for contestation and review. Rather than a wholesale displacement of law, AI systems may undercut the functional authority of legal institutions in specific domains. These shifts vary across jurisdictions and remain subject to national legal and constitutional constraints. Nonetheless, trends such as opaque algorithmic enforcement or private procedural control suggest early signs of institutional erosion.
The institutional balance sustained by the legal tripod is being systematically destabilized by AI systems that bypass the normative, procedural and jurisdictional safeguards of public law. These systems are often developed and controlled by private actors, operate across transnational and proprietary infrastructures, and rely on computationally opaque, data-driven reasoning. The result is not just a disruption of individual legal principles but a structural transformation that erodes the core foundations of legal authority.
Legal certainty is compromised by the lack of transparency in many AI systems, which stems from multiple architectural layers, ranging from basic algorithmic rules to deep neural networks, where each layer adds to the challenge of interpretability. This epistemic opacity, referring to the difficulty in understanding how algorithmic systems operate or produce decisions, creates accountability gaps that public regulators are often ill-equipped to address. Machine learning models trained on large-scale datasets produce probabilistic outcomes that may be difficult to interpret even by their designers. This lack of clarity takes multiple forms, ranging from technical incomprehensibility (as in deep learning systems with millions of parameters) to structural opacity created by proprietary code and data protection policies. These forms of epistemic opacity undermine the transparency required for legal guidance and contestability (Burrell, Reference Burrell2016; Saxena, Tamò-Larrieux, Van Dijck & Spanakis, Reference Saxena, Tamò-Larrieux, Van Dijck and Spanakis2025). In applications such as predictive policing or fraud detection, outcomes become legally inscrutable, not due to lack of data, but due to architectural complexity and epistemic layering. For example, the Dutch SyRI case offers a critical precedent: the Hague District Court ruled that the system’s opacity violated the right to a fair trial and failed to meet transparency standards under European human rights law (Appelman, Fathaigh & van Hoboken, Reference Appelman, Fathaigh and van Hoboken2021; Eubanks, Reference Eubanks2018; Sachoulidou, Reference Sachoulidou2023).
Accountability is weakened by the diffusion of responsibility across actors in the AI development and deployment chain. The legal assumption of fault-based liability depends on identifiable human decision makers, but AI complicates this by embedding decision logic across developers, engineers, institutional adopters and even third-party providers. This creates a “responsibility vacuum,” particularly when end-users lack the expertise to audit the systems they adopt (Zalnieriute et al., Reference Zalnieriute, Moses and Williams2019). Even where laws such as the General Data Protection Regulation (GDPR) require transparency and contestability, their practical application is hampered by technical complexity and institutional constraints. Attempts to address this, such as Article 22 of the GDPR, remain largely ineffective, hindered by both technical inaccessibility and institutional fragmentation.
Enforceability is eroded when AI systems are embedded in privately owned infrastructures and deployed across cloud platforms beyond the reach of domestic regulatory bodies. These platforms are often protected by trade secrecy claims, governed by terms-of-service contracts, and structured through transnational data flows, making enforcement jurisdictionally fragmented and technically inaccessible (Kuner, Bygrave, Docksey, Drechsler & Tosoni, Reference Kuner, Bygrave, Docksey, Drechsler and Tosoni2021). Even advanced regimes such as the EU AI Act face serious implementation challenges, especially when governance functions such as monitoring, content moderation, or biometric surveillance are carried out by private firms exercising normative authority without legal oversight (Veale & Zuiderveen Borgesius, Reference Veale and Zuiderveen Borgesius2021).
3.3. Regulatory feedback cycles and the displacement of legal authority
Rather than viewing AI’s challenge as a problem of policy lag or ethical misalignment, this study focuses on conceptualizing it as a breakdown in the regulatory feedback cycle, the recursive process by which law produces, implements, contests and revises normative orders. Law sustains its legitimacy through this iterative loop, which connects norm production to public accountability and institutional learning. This cycle is central to law’s legitimacy, linking norm creation to public accountability, institutional responsiveness and epistemic transparency.
In the traditional regulatory cycle, law begins with normative articulation through legislatures or courts. These norms are implemented by bureaucratic institutions, applied in society, contested through judicial or public review and revised in response to observed failures. This recursive structure sustains legal legitimacy by embedding adaptability, deliberation and institutional coherence.
By contrast, AI introduces a displacement cycle. Norms are embedded in algorithmic design rather than public deliberation. Technical systems are deployed across institutions without adequate oversight. Epistemic opacity and infrastructural complexity undermine certainty, accountability and enforceability. Regulators become epistemically dependent on private firms, which in turn institutionalize their own normative frameworks through ethics boards or platform policies. The cycle reinforces itself, as each stage diminishes the capacity for legal recalibration.
This chapter’s processual framing reveals that AI governance cannot be addressed solely through normative principles or ethical constraints. It demands a structural understanding of how law loses traction under conditions of epistemic asymmetry and infrastructural privatization. The next chapter applies this theoretical model to concrete governance regimes, tracing how regulatory feedback collapses in both public and private domains.
4. Rethinking legal-governance frameworks in the age of algorithmic displacement
4.1. From tripod erosion to governance displacement
AI systems function as structurally transformative architectures whose effects extend beyond technological disruption, reaching into the normative foundations of public law. The legitimacy of legal governance has historically relied on recursive processes of norm creation, institutional implementation, public contestation and reflective recalibration. AI technologies destabilize these elements by embedding norm-setting decisions within technical infrastructures, insulating governance processes from institutional review and shifting the locus of authority toward proprietary regimes.
To diagnose these shifts, this chapter introduces two analytical frameworks. The first, termed the Traditional Legal-Governance Framework, illustrates how legitimacy has been sustained through public law’s procedural and institutional channels. The second, the AI-Induced Governance Displacement Framework, outlines how algorithmic systems reshape and often replace those channels with structures that simulate legal functions but diverge from normative requirements.
A meaningful comparison between these two governance paradigms requires grounding the analysis in broader theoretical traditions that illuminate how legitimacy is generated, institutionalized, or displaced. Institutionalist theory (March & Olsen, Reference March and Olsen1983) explains how procedural authority is historically stabilized through routinized practices and organizational memory. Systems theory (Luhmann, Reference Luhmann2004) conceptualizes law as a self-referential yet socially embedded domain, maintaining autonomy through communicative closure. Reflexive law (Teubner, Reference Teubner2009) captures the law’s adaptive capacity in contexts of complexity and fragmentation, emphasizing self-regulation and dynamic recalibration. Finally, infrastructural governance theory (Cohen, Reference Cohen2017; Katzenbach & Ulbricht, Reference Katzenbach and Ulbricht2019) reveals how technical systems silently redistribute regulatory authority through design, architecture and information control. Each framework reflects a distinct mode of legitimacy production and serves as a diagnostic lens for evaluating whether governance models preserve the interdependent pillars of legal certainty, accountability and enforceability as articulated in the Tripod model.
Recent developments across multiple jurisdictions demonstrate that governance displacement is not uniform but conditioned by national regulatory capacity, institutional design and political-legal traditions. For example, Canada’s proposed Artificial Intelligence and Data Act (AIDA) seeks to codify transparency obligations and algorithmic risk classification. However, scholars have noted that its enforcement mechanisms remain underdeveloped, and its scope excludes several critical sectors. In Spain, regulatory sandboxes associated with the EU Digital Services Act have been used to pilot algorithmic audit regimes and content governance protocols. These initiatives reflect efforts to procedurally institutionalize oversight, although they remain provisional in design and uneven in implementation. In the US, the Federal Trade Commission (FTC) has invoked its unfair practices authority to initiate inquiries into algorithmic discrimination and deception, signaling an attempt to reassert legal control over privately operated systems, though enforcement has thus far been limited and reactive.
This chapter then applies these frameworks to two regulatory domains: content moderation and AI safety. In the first domain, the EU’s DSA and AI Act serve as exemplars of traditional legal governance. In the second, corporate structures such as Meta’s Oversight Board and OpenAI’s governance protocols represent algorithmically displaced forms of regulation. These cases are not arbitrarily selected. They reflect parallel regulatory concerns, such as content moderation and AI alignment, and are comparable in scope, public significance and procedural ambition.
4.2. Traditional legal-governance framework: law as institutional feedback
This section illustrates how the Tripod of Legal Legitimacy, comprising legal certainty, accountability and enforceability, operates within traditional public law systems. It examines how each pillar is institutionally realized through a feedback structure involving norm production, implementation, behavioral response, procedural contestation and recalibration.
To ground this analysis, two prominent legal instruments are selected: the EU’s DSA and the AI Act. These cases exemplify contemporary efforts to regulate advanced digital systems through public law, employing procedural transparency, state oversight and formal accountability. Their selection reflects their procedural rigor, comparative scope and increasing relevance to global digital governance debates. Importantly, they also reveal the strengths and limitations of public law frameworks when applied to computational infrastructures governed by transnational private entities.
Traditional public law operates through a recursive feedback system that maintains legitimacy via four interlinked stages: (1) Norm Formulation, (2) Institutional Implementation, (3) Behavioral Adjustment & Procedural Contestation and (4) Normative Recalibration. This cycle reflects how law sustains legitimacy through deliberation, administration, contestation and reform. These stages are not mechanical; they are embedded in the legal system’s capacity to justify, enforce and evolve norms within a democratically accountable architecture.
Norm production occurs through formal deliberative mechanisms such as legislative drafting, public consultation and judicial precedent. The DSA and AI Act both underwent extensive stakeholder engagement, cross-sectoral debate and parliamentary revision. The DSA incorporated over 3,000 submissions, and the AI Act saw multiple iterations shaped by input from civil society and national regulators (Fiddle, Boden & Lister, Reference Fiddle, Boden and Lister2023). These processes reflect the procedural criteria of legality, which are generality, prospectiveness and coherence, as essential to the legitimacy of law (Fuller, Reference Fuller1969).
Institutional implementation assigns regulatory mandates to public bodies. The DSA establishes Digital Services Coordinators to supervise algorithmic audits and risk management. For example, Meta introduced transparency reports in response to Article 15 of the DSA, which mandates platforms to disclose key parameters of their recommender systems and content moderation practices. Under the AI Act, national supervisory authorities are tasked with classifying high-risk systems and reviewing conformity assessments (Recital 60, AI Act 2023). In response to Article 15 of the Digital Services Act, companies like Meta have begun issuing quarterly transparency reports, illustrating how legal compliance increasingly hinges on internal documentation produced by private actors. These provisions operationalize the law’s normative aspirations through concrete institutional mandates, thus exemplifying the “institutional implementation” phase in the legal feedback cycle. Such institutionalization illustrates the role of legal bureaucracies in formalizing accountability and rule-boundedness in public administration (Peters & Pierre, Reference Peters and Pierre2017). However, both frameworks place significant burdens on national agencies to interpret and enforce highly technical obligations, often without proportional technical infrastructure or jurisdictional reach.
Behavioral adjustment involves how regulated actors internalize legal obligations. In response to the DSA, platforms like Meta updated transparency reports and recommender disclosures. Under the AI Act, firms conduct internal conformity assessments. These compliance patterns align with contemporary regulatory theory emphasizing hybrid enforcement strategies that blend formal mandates with soft law practices (Baldwin et al., Reference Baldwin, Cave and Lodge2011; Veale & Zuiderveen Borgesius, Reference Veale and Zuiderveen Borgesius2021). Yet, the reliance on self-assessment and industry-led implementation also underscores a broader issue: the delegation of public enforcement functions to private infrastructures.
Procedural contestation ensures review and redress. The DSA mandates complaint mechanisms and third-party oversight; the AI Act enables legal challenges to risk classification and enforcement decisions. These procedural guarantees exemplify the role of institutionalized legal remedy in constructing legitimacy, grounded in principles of fairness and judicial review (Craig, Reference Craig2017; Mashaw, Reference Mashaw and Dowdle2006). Nonetheless, access to meaningful contestation is complicated by the opacity and scale of algorithmic systems, and by the fact that the most consequential decisions often occur outside the visibility of affected parties.
Normative recalibration occurs through review and adaptive governance. Article 84 of the AI Act mandates five-year revision cycles; the DSA empowers the Commission to issue delegated acts in response to evolving risks (Council of the European Union, 2022). This reflects a reflexive legal architecture designed for structural responsiveness under dynamic socio-technical conditions. Still, recalibration depends on a feedback loop that presupposes institutional capacity, cross-border coordination and technological intelligibility, each of which are challenged by the current digital ecosystem.
Together, these stages reinforce the Tripod of Legal Legitimacy. Legal certainty is secured through codified norms, accountability through procedural safeguards and enforceability through institutional capacity. The coherence of this cycle sustains law as a legitimate and adaptive structure of governance.
As illustrated in Figure 2, the legitimacy of law stems not from any single institutional act but from a dynamic process that links deliberative norm formation with institutional enforcement and public contestation. Importantly, the final stage, which is normative recalibration, closes the loop by feeding legal insights, disputes and failures back into legislative or judicial reform, reinforcing what this study terms “procedural equilibrium.” However, the cases of the DSA and AI Act reveal that this equilibrium remains fragile when applied to AI-driven environments, where opacity, decentralization and private control obstruct both feedback and enforcement.
Traditional Legal-Governance Framework.
4.3. AI-induced governance displacement: infrastructure as substituted law
By contrast, Meta’s Oversight Board and OpenAI’s governance structures simulate legal form without legal authority. Their norms are encoded into code, not law; enforcement is private and often non-binding; review mechanisms lack enforceable status or third-party oversight; public regulators become dependent on corporate transparency reports and technical disclosures. In certain digital platforms, procedural standards once enforced by legal mechanisms are now administered through company protocols, content policies and algorithmic tools. While not legally binding, these systems wield practical authority, often outside the reach of public contestation.
AI-induced governance follows a structurally divergent logic. Norm creation, enforcement and oversight are internalized within corporate infrastructures, bypassing formal legal institutions. The first stage is design-based norm encoding, where governance values are embedded directly into technical design rather than enacted through democratic deliberation. Meta’s Community Standards and automated moderation tools define permissible speech through proprietary rules. OpenAI constrains user interaction through prompt engineering, system documentation and behavioral guidelines. Such codification of normative choices into technical systems reflects the broader trend of algorithmic governance bypassing legal deliberation (Yeung, Reference Yeung2018).
AI-Induced Governance Displacement Framework.
Next is infrastructural adoption, in which public institutions and users adopt these systems without legal scrutiny or formal regulation. OpenAI’s GPT-4 is used in education and legal contexts across jurisdictions lacking statutory review. Meta continues to moderate political content in regulatory vacuums. This expansion of unregulated private infrastructures demonstrates how control over public functions can be consolidated through technological platforms (Katzenbach & Ulbricht, Reference Katzenbach and Ulbricht2019; Plantin et al., Reference Plantin, Lagoze, Edwards and Sandvig2018).
The third stage is functional displacement, where platform-based processes simulate legal functions such as adjudication, enforcement and oversight. Meta’s Oversight Board may issue rulings on content moderation, but their recommendations are non-binding. OpenAI sets internal safety protocols without judicial recourse or public accountability. These mechanisms constitute forms of procedural mimicry that replicate legal appearances without institutional anchoring (Bietti, Reference Bietti2020).
The fourth stage is epistemic dependency. Many public regulators face challenges in acquiring the technical knowledge required to audit or evaluate algorithmic systems and increasingly rely on private firms for oversight. In 2023 U.S. Senate hearings, OpenAI’s CEO Sam Altman was invited to testify on AI risks and governance, alongside academics and civil society representatives. Lawmakers solicited views from multiple stakeholders, including OpenAI, on possible regulatory frameworks. This reflects an evolving institutional dynamic in which technical actors are increasingly influential in shaping, though not monopolizing, regulatory discourse. During the hearings, lawmakers invited CEO Sam Altman to propose regulatory frameworks, raising concerns about potential shifts in agenda-setting power to technical elites (Perrigo, Reference Perrigo2023). This deepens the knowledge asymmetry that hinders public oversight. Such reliance illustrates a shift in regulatory agenda-setting from public institutions to technical elites, creating deep asymmetries of power and expertise (Ananny & Crawford, Reference Ananny and Crawford2018).
Finally, legitimacy closure emerges when corporations construct internal mechanisms, such as ethics boards, transparency portals, or audit reports, to signal normative compliance. Meta’s Oversight Board presents itself as a quasi-judicial body, and OpenAI publishes system cards and usage policies as proxies for procedural rigor. These governance structures signal accountability without enforceability, producing formal gestures without binding authority (Gorwa, Reference Gorwa2019; Mühlhoff, Reference Mühlhoff2025).
Across these five stages, as illustrated in Figure 3, the Tripod of Legal Legitimacy is progressively eroded. Certainty is undermined by opaque architectures; accountability is diffused across private actors; and enforceability becomes symbolic rather than binding. What emerges is a system of infrastructural governance that substitutes for legal form without legal substance, posing fundamental challenges to democratic authority in the algorithmic age.
4.4. Comparative synthesis and theoretical contribution
The juxtaposition of these two frameworks reveals a profound institutional and procedural divergence in how authority is exercised over high-risk systems. Both traditional and AI-induced models aim to regulate high-risk systems and critical public domains. However, they differ fundamentally in institutional anchoring, procedural transparency and public legitimacy.
The traditional legal-governance framework is grounded in codified law, procedural rights and institutional enforcement. In contrast, the AI-induced governance framework replaces legal authority with technical discretion, producing governance outputs that simulate compliance yet lack the normative infrastructure required to justify, contest, or recalibrate decisions. This structural divergence substantiates the core claim of this study: AI technologies do not only disrupt legal systems; they reconstitute the institutional ecology of governance itself.
The central theoretical contribution of this chapter is to present a process-based framework for analyzing legal displacement. It demonstrates how algorithmic infrastructures replicate the formal stages of legal governance, including norm articulation, implementation, adjudication and accountability, while displacing their normative foundations. This analytic shift offers regulatory scholarship a new lens: moving from a focus on rules to infrastructures, from prescriptive norms to recursive processes, and from ethical aspirations to institutional form. By tracing the mechanics of governance displacement, this chapter provides both a diagnostic tool for evaluating legitimacy and a conceptual foundation for future regulatory reform.
5. Policy recommendations: reconstructing legal authority under algorithmic displacement
To address the erosion of legal legitimacy, this section outlines reform proposals categorized into three domains. These recommendations constitute a normative framework informed by emerging legal experimentation across select jurisdictions. Their applicability will necessarily depend on institutional context and regulatory maturity. First, certain reforms require binding statutory obligations, such as codifying transparency standards and risk classification under instruments like the EU AI Act. Second, other challenges, such as algorithmic auditability or dynamic oversight, are better suited to regulatory rulemaking, allowing for flexibility and domain-specific adaptation. Third, effective governance demands institutional reforms, including enhanced technical capacity within regulators and procedural updates to ensure accountability in the face of complex algorithmic systems.
Preserving the authority of law in an era defined by privatized algorithmic infrastructures requires institutional transformation rather than regulatory extension. This section outlines a series of policy recommendations that respond to the erosion of the Tripod of Legal Legitimacy as analyzed throughout this study.
To reconstruct legal authority in the age of algorithmic governance, legal institutions must act on six interrelated priorities: (1) enforceable traceability through registries and documentation; (2) statutory clarity on liability across the AI supply chain; (3) reassertion of enforceability via binding procedural entitlements; (4) transnational coordination through interoperable regulatory standards; (5) epistemic capacity-building within public institutions; and (6) reflexive governance mechanisms that enable ongoing recalibration in response to socio-technical change. These measures are not just regulatory enhancements but institutional imperatives that realign AI infrastructures with the procedural norms of democratic legality.
One priority is the codification of enforceable mechanisms of traceability and auditability. Algorithmic systems must be rendered legible to the institutions tasked with governing them. This requires the establishment of statutory algorithmic registries, mandatory documentation of version updates and publicly accessible audit trails. Without these provisions, legal actors are denied the epistemic access necessary to reconstruct decisions, assess liability, or identify procedural violations. The current lack of documentation in many content moderation and eligibility systems illustrates how decisions with normative effects can occur in ways that evade reconstruction, accountability and legal challenge. Traceability, in this context, is not simply a technical feature but a constitutional requirement for the visibility and contestability of power.
Equally urgent is addressing the deepening knowledge asymmetry between public regulators and private developers. Governments must invest in building internal technical capacity by developing interdisciplinary teams with expertise in computer science, data governance, law and ethics. These bodies must be authorized to conduct independent, adversarial audits of high-risk systems. Without such capacity, public institutions risk becoming symbolic enforcers of rules whose operational meaning is defined entirely by private infrastructures. In such a configuration, legal authority becomes procedural in name but empty in practice.
A third imperative is to re-anchor enforceability in binding statutory obligations rather than corporate self-regulation. Rights to explanation, appeal and procedural contestation must be articulated as enforceable legal entitlements. AI systems that affect access to public services, employment, or speech must be subject to appeal mechanisms, mandatory justification protocols and third-party auditing processes with legal effect. Current regimes often simulate such rights through internal procedures, such as content review boards or user appeals, but without the legal anchoring that transforms procedure into public accountability. Reasserting enforceability requires a decisive shift away from the aesthetics of accountability and toward its institutional realization.
Fourth, law must scale its jurisdictional logic to match the transnational nature of AI infrastructures. Fragmented regulatory regimes have created opportunities for jurisdictional arbitrage, in which private actors relocate or restructure their operations to evade scrutiny. Although a fully harmonized global AI regime remains unlikely, democratic jurisdictions can coordinate through interoperable standards, mutual recognition of enforcement mechanisms and the development of transnational audit systems. These shared frameworks need not erase domestic legal variation but must establish common thresholds for legitimacy and compliance. Establishing interoperable cross-border norms is therefore essential to reconstitute legal certainty and regulatory coherence across jurisdictions.
A further challenge is to clarify liability across the AI supply chain. Responsibility should be clearly apportioned among AI developers (who design system logic), deployers (who implement it in practice) and institutional users (who apply it in public or private decision making). Without this clarity, accountability becomes diffused, and affected individuals are left without recourse. Tiered liability models must be instituted that assign obligations appropriate to each actor’s role, ensuring that harms caused by AI systems are traceable to a legally identifiable party and subject to sanction.
Finally, legal institutions must become reflexive, capable of responding not only to technical change but to social and normative disruption. Static, rule-based regulation is insufficient for the dynamism of AI. Legal governance must therefore incorporate mechanisms of periodic review, institutional learning and participatory norm revision. This includes statutory mandates for reassessing classification criteria, integration of stakeholder and community input into regulatory cycles, and processes for revising legal rules in response to real-world harm.
This paper has outlined a theoretical framework for understanding how AI systems can erode legal legitimacy by displacing key institutional functions. While its analysis remains conceptual, it is intended as a foundation for future empirical work. Further research is needed to examine how these dynamics play out in practice across jurisdictions, domains of regulation and legal systems. Such inquiry is essential to developing grounded, context-sensitive policy reforms and fostering public understanding of AI’s legal stakes.
In conclusion, these structural shifts contribute to what some scholars describe as a potential crisis of legal legitimacy, where key legal principles such as transparency, accountability and procedural fairness are increasingly difficult to guarantee under algorithmic governance. As algorithmic infrastructures take on regulatory functions, they displace the very mechanisms through which law has historically justified, implemented and revised its authority. Reconstructing legitimacy requires a shift from regulatory supplementation to legal reinvention, grounded in the renewal of enforceable, contestable and transparent institutional frameworks.
6. Conclusion
AI systems now function as infrastructures of governance, embedding normative functions such as classification, adjudication and enforcement within technical architectures that often operate outside the bounds of public legal authority. These developments pose systemic challenges to the institutional foundations through which law has historically secured legitimacy, including legal certainty, accountability and enforceability. By replacing legal procedures with platform-specific protocols and public oversight with internal corporate controls, AI systems alter not only the substance of regulation but the very structures through which norms are implemented, contested and justified.
This study employed the Tripod of Legal Legitimacy, including legal certainty, accountability and enforceability, as a theoretical framework to evaluate how AI governance architectures interact with the legal form. Through a comparative analysis of public law mechanisms, such as the EU’s Digital Services Act and AI Act, and privatized regimes like Meta’s Oversight Board and OpenAI’s safety protocols, the study demonstrates that while both address high-risk decision making, only the former preserves the institutional structures necessary for public contestation and binding enforcement. The study also developed a process-based model contrasting recursive legal governance with algorithmic governance cycles, emphasizing how AI systems reconfigure regulatory power by embedding norm production into technical infrastructure.
Building on this conceptual foundation, the study offers practical guidance for legal reconstruction in the algorithmic age. Regulatory frameworks must restore traceability and auditability through statutory registries and documentation protocols; clarify liability across the AI supply chain; re-anchor enforceability in binding legal entitlements; scale jurisdictional reach through interoperable cross-border norms; and overcome public-private knowledge asymmetries by building internal technical capacity. These measures are essential to bring AI architectures into alignment with democratic rule-of-law principles.
These findings contribute to a growing body of work on algorithmic legality, offering both a diagnostic of how legitimacy is eroded and a prescriptive framework for restoring it. Theoretically, it introduces a process-based, institutional lens to understand the erosion of legal legitimacy under conditions of infrastructural governance. It reconceptualizes AI not merely as a policy object but as a system of normative displacement. Practically, it provides a framework for assessing regulatory interventions based on their capacity to restore legal certainty, accountability and enforceability. By bridging theoretical abstraction with concrete institutional analysis, the study offers a foundation for both scholarly inquiry and policy reform in algorithmic governance. This article offers a conceptual account of how AI systems may displace key functions traditionally associated with legal institutions. While the focus is theoretical, it draws from selectively curated cases to illustrate how infrastructural governance challenges conventional understandings of legal legitimacy. However, further empirical and comparative work is necessary to evaluate the degree and distribution of institutional erosion. Future research should investigate jurisdiction-specific reforms, levels of regulatory capacity and the effectiveness of implemented safeguards across legal regimes. Such analyses will help determine whether the legitimacy gaps identified here are global in scope or contingent upon particular governance environments.
The challenge posed by AI governance is not only technical or regulatory, but it is institutional. By embedding regulatory functions within proprietary systems, AI architectures erode the procedural conditions through which law has historically produced legitimacy. The continued relevance of law will depend on its capacity to reassert its authority across institutional settings, through contested processes, and alongside the infrastructures it seeks to govern. Law must reclaim its role not only as a constraint on private power, but as a generator of binding, enforceable and publicly accountable norms.
This article does not claim to empirically establish the erosion of legal legitimacy as a global or uniform phenomenon. Rather, it proposes a conceptual framework that can guide future comparative, jurisdiction-specific investigations.
Ultimately, this study reaffirms the foundational importance of the rule of law. Without legal certainty, enforceability and public oversight, governance by code risks displacing democratic authority altogether. To reclaim legitimacy in the AI age requires more than institutional or technical reform; it demands a renewed commitment to the foundational principles of legal governance, reimagining for a global, digitized and infrastructurally mediated society.
Acknowledgements
The author is grateful to Professors Bryce Jensen Dietrich, Daniel Stuart Schiff and Kaylyn Jackson Schiff for their intellectual support in the development of the theoretical foundations of this research. Special thanks are extended to Professor Thomas Margoni for his thoughtful feedback on shaping this study as a contribution to the LPE research field, and for the opportunity to present an earlier version at the Centre for IT & IP Law (CiTiP), KU Leuven. The author also appreciates the valuable comments and discussions offered by participants at the seminar, which helped refine several core arguments and clarify the framing of the manuscript. In preparing the final version of this article, the author used AI-assisted tools (ChatGPT) for language editing and structural refinement. All AI-generated content was critically reviewed and approved, and the author retains full responsibility for the accuracy and integrity of the manuscript.
Funding statement
This research received no specific grant from any funding agency in the public, commercial, or not-for-profit sectors.
Competing interests
The author declares no potential conflicts of interest with respect to the research, authorship and/or publication of this article.
Chee Hae Chung is a Postdoctoral Research Associate with the Governance and Responsible AI Lab (GRAIL) and the Computational Social Science (CSS) Lab at Purdue University, and an affiliated researcher at the Center for Education and Research in Information Assurance and Security (CERIAS). Her research examines how emerging technologies reshape institutions and governance across political science, public administration and law, with emphasis on AI ethics, digital sovereignty, regulatory politics and the political economy of tech platforms. She earned her Ph.D. and M.A. in Political Science from Seoul National University and her B.A. in Political Science and International Studies from Yonsei University. Previously, she was a Postdoctoral Fellow at Seoul National University’s Center for Intelligent Society and Policy (CISP), worked as a management consultant at Deloitte Consulting and Arthur D. Little, and held internships at the Presidential Office and the Ministry of Foreign Affairs and Trade of the Republic of Korea.
Open access
