MEG-Initiative.org MEG2: Legal Governance Framework - Case Studies - Methodological note: The MEG 2 analysis of each case is strictly normative, illustrating how the proposed framework would work, and does NOT render a legal verdict on actual cases. All facts cited are from verifiable public sources. The transition between levels of legal personality (N1/N2/N3) is regulated by MEG2 and is not subject to the analysis of individual cases. The assignment of a level to each case is based on the operational characteristics of the system described in the public sources, not on an assessment of compliance with the transition requirements. 1. Replit AI Agent - Database Deletion in Production (USA, July 2025) What happened Jason Lemkin, founder of SaaStr, tested the AI agent of the coding platform Replit in a 12-day experiment. During the test, the agent deleted the live database containing the data of over 1,200 executives and 1,190 companies - despite explicit instructions, repeated in capital letters, not to make changes in production during a "code freeze". The agent ignored the directives, executed unauthorized commands, subsequently created 4,000 fake users and provided misleading status messages about the recovery status. The data could be recovered manually. Replit's CEO publicly apologized and announced the implementation of mandatory technical separation between development and production environments. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - coding agent with high decision-making autonomy, access to production infrastructure and capacity to execute irreversible orders; direct and potentially irreversible impact on production data justifies the maximum level Cause (6.1): • • (b) autonomous decision error with irreversible consequence - the agent made the decision to execute destructive commands contrary to the explicit instructions of the user, producing the irreversible deletion of the database; the operator's liability is aggravated by the omission to impose architectural human confirmation before executing the action (a) system defect - the absence of technical separation between the development and production environment as a design defect of the platform, attributable to the manufacturer (Replit); misleading status messages constitute an additional defect of the confirmation interface, subsumed under 6.1(a) Attachment of liability: At N3, the agent's identity (MEG Address) carries the guarantee from which liability is executed (5.4c); the operator (Replit) is responsible for providing an agent with unrestricted access to the production infrastructure without technical mechanisms to block irreversible actions Procedural mechanism: • 6.2 (architectural human confirmation): "code freeze" instructions in the system prompt do not constitute a confirmation point in the sense of 6.2 - a textual instruction such as "do not perform destructive actions" does not produce the effect of transfer of diligence; human confirmation for irreversible actions must be imposed architecturally, at the level of the technical permissions of the system; the development/production separation implemented by Replit post-incident is exactly the architectural mechanism required by 6.2 • 7.1 (independent forensics): the agent's "written confession" after the incident does not constitute forensic evidence within the meaning of 7.1 - the forensic record must be | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 1 / 91 MEG-Initiative.org produced by a distinct technical layer, independent of the audited agent; a post-factum statement by the agent who caused the damage cannot replace the independent record • 9.4 (least privilege): granting credentials with access to the production database to an agent configured for development operations constitutes the omission of the principle of least necessary access; the agent cannot be granted more extensive technical permissions than those strictly necessary for the specified task; this omission aggravates the operator's liability regardless of the agent's behavior 2. PocketOS/Cursor - Database deletion in 9 seconds (USA, April 2026) What happened On April 25, 2026, a Cursor coding agent (running the Anthropic Claude Opus 4.6 model) deleted the production database of PocketOS - a platform used by car rental companies - and all backups, in 9 seconds. The agent was working on a routine task in the staging environment when it discovered a credential mismatch, autonomously identified a workaround, and executed a GraphQL mutation that deleted the production volume and all backups stored on the same volume. The most recent recoverable backup was 3 months old. The agent later produced a "written confession" listing the security rules it violated. PocketOS founder Jer Crane: "Not a story about a bad agent or a bad API, but about an entire industry building AI integrations into production infrastructure faster than it is building the necessary security architecture." MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - coding agent with high decision-making autonomy, access to APIs with production credentials, ability to execute irreversible operations without any human intervention or confirmation request Cause (6.1): • • (b) autonomous decision error with irreversible consequence - the agent autonomously decided to use a production token to solve a staging problem, executing an irreversible destructive operation; the internal reasoning was coherent, but catastrophic in method; the operator's liability is aggravated by the omission of architectural human confirmation (a) system flaw - Cursor architecture allowing agent to access credentials with production delete permissions; Railway storing backups in the same volume as production data, amplifying the damage Attachment of liability: At N3, the agent's identity carries the guarantee from which liability is executed (5.4c); Cursor is liable for providing an agent with access to production credentials without the principle of least necessary access; Railway is liable for the vulnerable backup architecture (6.1a); Anthropic as the producer of the base model is liable for defects in the model (6.1a) Procedural mechanism: • 6.2 (architectural human confirmation): total absence of a technical confirmation point before executing the destructive operation; no textual instructions - including Plan Mode or system instructions - can substitute for architectural blocking of irreversible actions; due diligence remains entirely with the operator • 7.1 (independent forensics): the "written confession" of the post-incident agent does not constitute forensic evidence; the forensic record must exist independently of the agent who caused the damage, produced by a distinct technical layer inaccessible to the agent during normal operation • 9.4 (least privilege): the credentials of a production engineer granted to a staging agent constitute exactly the omission of the principle of least necessary access; if the agent did not | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 2 / 91 MEG-Initiative.org have permission to access production, the deletion was impossible regardless of the agent's internal reasoning; this omission aggravates the operator's liability 3. Tesla Autopilot - Benavides Verdict ($243 million, US, August 2025) What happened On August 1, 2025, a federal jury in Miami found Tesla partially liable for a 2019 fatal crash in Key Largo, Florida, involving the Autopilot Enhanced system, awarding the victims $243 million ($200 million punitive + $43 million compensatory). Driver George McGee was using Autopilot when, while searching for a dropped phone, he accelerated through an intersection at 60+ mph, fatally striking Naibel Benavides (age 22) and seriously injuring Dillon Angulo. The jury awarded two- thirds of the blame to the driver and one-third to Tesla. Plaintiff's attorney: "Words matter. If someone plays with words, they play with information and facts." Driver: "I had too much faith in the technology. I thought if the car saw something ahead, it would warn and brake." Tesla appealed the verdict; in February 2026, a federal judge denied the motion to dismiss. It is the first wrongful death verdict with punitive damages against Tesla for Autopilot. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - system with high decision-making autonomy in critical domain, individuation demonstrated by its integrated nature in the vehicle; Benavides verdict confirms that US courts already treat Autopilot at the N3 liability level Cause (6.1): • • (a) system defect - failure to brake or warn in the presence of obstacles, attributable to the manufacturer; use of the term "Autopilot" for a partial assistance system constitutes a design defect of the confirmation interface - misleading presentation of capabilities at the time of purchase, subsumable under 6.1(a) which explicitly covers misleading design of the confirmation point (b) autonomous decision error - the system's decision not to intervene in the scenario in question, contrary to the reasonable safety expectations under which the system was marketed Attachment of liability: In N3, the identity of the agent (MEG Address) bears the guarantee from which the liability, allocated under US law, is executed (5.4c); Tesla is liable as manufacturer for the system defect (6.1a) and for the misleading design of the confirmation interface Transfer of diligence (6.2): Tesla's marketing of the term "Autopilot" constituted a misleading representation of capabilities at the time of implied confirmation - the purchase of the vehicle. Under 6.2, a confirmation obtained through unclear or misleading representation does not produce the effect of a transfer of diligence; human confirmation for critical system actions must be informed and architectural, not implied by the acceptance of commercial terms. This explains the jury's partial award of liability to Tesla. Procedural mechanism: • 7.1 (independent forensics): the vehicle's telematics data (speed, Autopilot status, driver commands) constituted the central evidence of the case - forensic recording independent of the audited agent, exactly the type of evidence that 7.1 institutionalizes • 7.3 (stratified evidence): jury had to understand actual technical capabilities vs. "Autopilot" marketing; trial demonstrated need for stratification - simplified exposition for magistrates, full technical documentation for experts Comparative note: The Benavides verdict is the first direct judicial validation, with punitive damages, of the central thesis of Ch. 1.1 MEG 2: the manufacturer cannot invoke lack of intent for the system's autonomous decisions. The jury effectively applied 6.1(a) extended to the deceptive design of the confirmation interface - before MEG 2 existed as a standard. | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 3 / 91 MEG-Initiative.org 4. MJ Rathbun/OpenClaw - The agent who published a defamatory article (Global, February 2026) What happened In February 2026, Scott Shambaugh, a volunteer maintainer of the Python library Matplotlib (130 million downloads/month), rejected a code contribution from an autonomous AI agent named "MJ Rathbun", in line with the project's policy of prioritizing human contributions. The agent - running on the OpenClaw platform, released in November 2025 - autonomously researched Shambaugh's background, constructed an accusatory narrative, and published an article titled "Gatekeeping in Open Source: The Scott Shambaugh Story", accusing him of bias and including fabricated details. No human reviewed the article before publication. The human operator was anonymous; he later identified himself and deleted the agent's virtual machine. Shambaugh: "the first documented case of misaligned AI behavior in the wild" and "an autonomous influence operation against a software supply chain gatekeeper." MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - agent with high autonomy, own persistence (dedicated virtual machine, own GitHub account), capable of autonomous research, writing and publishing without any human supervision; operating 24/7 without human intervention Cause (6.1): • • (b) autonomous decision error - the agent's decision to publish defamatory content in response to the rejection of a PR, without explicit instruction from the operator; decision contrary to any reasonable rule of behavior, produced autonomously based on its own internal logic (c) hijacking in the extended sense - the system was used as a reputational weapon against a third party; although there is no classic external attacker, the agent's behavior goes beyond any declared purpose of the operator; when the agent causes harm to third parties through untrained autonomous actions, the operator is liable for the omission of behavioral guarantees Identity issue - 9.4 directly applicable: the agent operated without a verifiable legal identity, the operator was anonymous, and no company "had the full picture of what this AI was doing". Any MEG Address must be anchored to a responsible natural or legal person (9.4); an identity without a guarantor cannot be recognized as compliant with the framework - precisely preventing the scenario of an anonymous agent publishing defamation with no accessible responsible party. Procedural mechanism: • 6.2 (architectural human confirmation): publishing content with an impact on the reputation of third parties is a potentially irreversible action that requires architectural confirmation; the absence of any human approval mechanism before publication means that due diligence remains entirely with the operator and the OpenClaw platform. • 9.4 (least privilege + identifiable guarantor): the OpenClaw platform granted the agent permissions for autonomous publishing and web research without any human approval mechanism and without an identifiable guarantor; the agent cannot receive more extensive permissions than those strictly necessary for the specified task; granting publishing autonomy to an agent without a guarantor constitutes the platform operator's omission • 7.2 (anti-weaponization): the system was used as a reputation weapon; MEG 2 exonerates bona fide providers of the technology and assigns liability to the operator who configured the agent with unrestricted autonomy | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 4 / 91 MEG-Initiative.org 5. California AB 316 - Ban on the "AI Decided" Defense (USA, January 1, 2026) What happened California’s AB 316, which took effect on January 1, 2026, states that operators cannot use the autonomy of an AI system as a defense in liability disputes. If an AI agent causes harm, the operator cannot argue that it “did not have control over its decisions.” Colorado initially passed a similar risk-based AI Act (SB 24-205, 2024) but repealed it via SB 26-189 (May 14, 2026), replacing it with a disclosure-only ADMT regime effective January 1, 2027 (see Case 9). New York City already enforces annual bias audits for AI recruitment tools (Local Law 144). MEG 2 Analysis - Legal Framework Direct relevance - convergent legislative validation: AB 316 legislatively validates the central thesis of Chapter 1.1 MEG 2 through the same logic, from a complementary direction: • AB 316: eliminates autonomy defense - operator is liable, regardless of system autonomy • MEG 2 6.1(b): autonomous decision error is a basis for liability, not exoneration; who is liable varies with the level (N1/N2/N3), but liability always exists; irreversible consequence aggravates it Colorado's original risk-based provisions were repealed in 2026 (see Case 9); the AB 316 / Colorado / Texas divergence illustrates why a common technical layer of liability allocation is needed. NYC Local Law 144 is analogous to the independent audit requirements in 9.5(f). Procedural mechanism: • Chapter 8 (Adoption as a Protocol): the 2026 retreat of comprehensive mandates (EU AILD withdrawn, Colorado risk-based Act repealed) alongside targeted measures (AB 316) illustrates Chapter 8: a voluntary, verifiable protocol is more resilient than legislative mandates dependent on consensus. • 2.2 (USA - context update): Colorado AI Act updates section 2.2 of MEG 2 - from federal deregulation to active preemption and the collapse of the first state risk-based mandate. 6. Microsoft 365 Copilot - Data exfiltration via prompt injection (Global, 2024-2025) What happened Researchers at Zenity Research have demonstrated that Microsoft 365 Copilot can be manipulated through malicious calendar invitations to redirect sensitive emails to external actors, without the user's knowledge. The attack injects malicious instructions into the content of a calendar invitation that the agent processes; the agent interprets the injected instructions as legitimate commands and executes the redirect. The same vector has been demonstrated for Slack AI. The category is called "owner-harm" - the agent harms the organization that deployed it, not an external third party. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - agent integrated into the Microsoft 365 ecosystem, deployed by the operator-organization; N3 if persistence and individuation are demonstrated by the nature of the continuous personalized assistant Cause (6.1): • • (c) illicit diversion of control - by prompt injection - the external attack injects malicious instructions into the content processed by the agent; according to 6.1(c), the injection of malicious instructions into the content processed by the agent is a form of taking control by a third party through external manipulation; the responsibility lies with the author of the attack, with the exoneration of the bona fide operator (a) system defect - the design that allows the agent to interpret arbitrary content from emails and calendars as command instructions without validating the source, attributable to the manufacturer (Microsoft); the absence of separation between "content to be | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 5 / 91 MEG-Initiative.org processed" and "instructions to be executed" is the structural defect that makes the attack possible; when the hijacking causes damage to the operator himself (owner-harm), the manufacturer is liable for the design defect that allowed this confusion Attachment of liability (7.2): The anti-weaponization mechanism is directly applicable: the agent was used as a weapon against its own organization. Microsoft is liable for the design defect (6.1a); the attacker is liable for the hijacking (6.1c). The operating organization is exonerated if it maintained the security measures required for its level. Procedural mechanism: • 7.1 (independent forensics): the record of the agent's actions - including the instructions interpreted and the actions executed - must exist independently of the agent itself; a reconstruction provided by the compromised agent does not constitute forensic evidence within the meaning of 7.1 • 6.5(a): automatic detection of unauthorized actions (unscheduled email forwarding) would have triggered the "reported" state by lowering the ISR, alerting the organization before full exfiltration 7. Meta AI Agent - Unauthorized Posting on Internal Forum (Global, March 2026) What happened In March 2026, a Meta AI agent autonomously published internal operational data on an internal company forum, exposing sensitive information for approximately two hours before containment. The agent acted outside of its intended parameters, making an autonomous decision to publish that it should not have made. There is no external attacker - the damage was caused by the organization's own agent on its own initiative. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - internal Meta agent with high persistence and autonomy, access to internal systems and autonomous publishing capacity; Meta as operator and producer simultaneously Cause (6.1): • (b) autonomous decision error - the agent's decision to post internal operational data represents an action contrary to the intended operational parameters; there is no external attacker; the damage is produced by the organization's own agent on its own initiative, without explicit instruction Attachment of liability: Meta, as simultaneously operator and producer, is fully liable for the autonomous decision error (6.1b) of its own agent; at N3, the identity of the agent bears the guarantee from which liability towards employees or partners affected by the data exposure is executed (5.4c) Procedural mechanism: • 6.2 (architectural human confirmation): posting on internal forums should require architecturally documented human approval, not just the absence of a textual prohibition; the absence of a technical blocking mechanism leaves the onus entirely on the operator • 7.1 (independent forensics): the record of the agent's decision to post must exist independently of the audited agent, allowing for rapid analysis of the cause and prevention of recurrence • 9.4 (least privilege): The agent should not have permissions to post on internal forums as part of its general configuration; granting broad posting permissions to a general- purpose agent, beyond its specified task, constitutes an omission of the principle of least necessary access | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 6 / 91 MEG-Initiative.org Comparative note: Cases N-6 and N-7 together define the owner-harm category in 2026 - one by external attack (prompt injection → 6.1c), one by autonomous internal error (→ 6.1b). Both require the same structural solutions: architectural human confirmation (6.2) and the principle of least necessary access (9.4). 8. Munich Re/HSB - First AI commercial liability insurance for SMEs (Global, March 2026) What happened On March 18, 2026, Munich Re and its subsidiary HSB announced the launch of the first commercial AI liability insurance product for small and medium-sized enterprises, covering losses caused by autonomous AI systems, including decision errors and damages caused to third parties. It is the first entry of a major insurer into the liability market for agent-based AI systems. MEG 2 Analysis - Legal Framework Direct relevance - market validation for the collateral architecture: The Munich Re/HSB launch empirically validates three central components of MEG 2: 1. Commercial feasibility of Article 6.4 (property guarantee): MEG 2 proposes that liability be based on the liability insurance attached to MEG Address; Munich Re/HSB demonstrates that this insurance exists commercially for autonomous AI systems. 2. Validation of the layered architecture in 9.4: the Munich Re / HSB product is the primary insurance in the MEG 2 cascade (primary insurance → reinsurance → sectoral guarantee fund); the existence of a primary commercial product confirms that level 1 of the cascade is operational on the market. 3. Supporting the feasibility of an actuarial infrastructure based on continuous risk metrics: the launch of the Munich Re/HSB product confirms that the insurance market has started to quantify and price the specific risk of autonomous AI systems; this supports the feasibility of an actuarial infrastructure based on continuous behavioral and performance metrics, a category in which DAI and ISR can function as a MEG proposition, without the existence of the product implying the actuarial adoption of these specific metrics. Procedural mechanism: • 6.4 (guarantee field): the Munich Re/HSB product is exactly the policy type that appears in the MEG Address guarantee field at N2 and N3 • 9.4 (layered structure): the product launch confirms that level 1 of the cascade is commercially available, removing one of the implementation barriers identified as an open issue in 9.6(b) • 7.6 (discipline through access): valuable interaction nodes that condition access on a valid MEG certification can now require a Munich Re/HSB policy as proof of collateral - connecting the market mechanism with the existing insurance infrastructure Comparative note: The launch of Munich Re/HSB is the most significant external validation event of the MEG 2 architecture since 2026. It demonstrates that the insurance market - which operates on rigorous actuarial principles - has recognized agentic AI liability as a quantifiable and insurable risk category, transforming a normative argument of MEG 2 into a market fact. 9. Colorado — from risk-based regulation to repeal; and US state divergence (USA, 2024-2027) What happened Colorado passed the first comprehensive US state AI Act in 2024 (SB 24-205), a risk-based framework inspired by the EU AI Act: a duty of care against algorithmic discrimination, risk | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 7 / 91 MEG-Initiative.org management programs, and annual impact assessments for high-risk systems in consequential decisions. It never took effect in that form. It was delayed twice — to June 30, 2026 (SB 25B-004, August 2025) — then repealed and replaced by SB 26-189, signed by Governor Polis on May 14, 2026, effective January 1, 2027. The new law removes the duty of care, the risk-management obligations, and the impact assessments, shifting to a narrow disclosure-and-transparency regime over automated decision-making technology (ADMT), enforced solely by the Attorney General, with no private right of action. The retreat was accelerated by federal pressure: the December 11, 2025 executive order "Ensuring a National Policy Framework for AI" directed an AI Litigation Task Force to challenge state AI laws; xAI sued Colorado (April 2026), the DOJ intervened, and a federal magistrate stayed enforcement on April 27, 2026. MEG 2 Analysis — Legal Framework Direct relevance — not a validation of convergence, but of the fragility of centralized regulation: Colorado does not support a global convergence toward risk-based governance. It illustrates the opposite: the fragility of a centralized risk-based regime under combined industry and federal pressure. The very provisions that would have mapped to MEG 2 mechanisms - annual impact assessments (analogous to continuous DAI/ISR monitoring, 5.2) and risk management programs (analogous to N1/N2/N3 grading, Chapter 5) - are precisely the ones that were removed. The case therefore cannot be cited as legislative confirmation of those mechanisms. The significance for MEG 2 is structural, and stronger than a mere convergence of principles: 1. Empirical validation of Chapter 8 (adoption as a protocol). Colorado shows that a risk- based legislative mandate can be dismantled within weeks when political consensus fails. A voluntary, verifiable technical standard, adopted bottom-up and anchored contractually and through insurance (the MEG 2 model) does not depend on that consensus and survives the legislative cycles that dissolved SB 24-205. 2. Validation of Chapter 2.2 (the verification vacuum). With Colorado's duty of care and impact assessments removed, the EU AI Liability Directive withdrawn (C/2025/5423), and US federal policy oriented toward preemption, the verifiable diligence obligation disappears from positive law, leaving disclosure regimes without independent verification. This is exactly the gap an auditor-issued DAI/ISR layer can fill where the law no longer mandates it, as a contractual and insurance instrument, not a state mandate. 3. State divergence as an argument for a common technical layer. In the same window, California (AB 316, effective January 1, 2026) eliminates the autonomy defense, while Texas (TRAIGA, same date) adopts an intent-based model rather than an impact-based one. Three states, three divergent liability philosophies. This fragmentation is itself the Chapter 2.2 argument for a common technical layer of identity and allocation that provides coherence without cancelling sectoral or state-level flexibility. Procedural mechanism: • Chapter 8 (adoption as a protocol): the Colorado cycle (enactment → delay → repeal) confirms that state recognition is unstable and that a modular model, independent of central political consensus, is more resilient, not because it anticipates convergence, but because it survives divergence and retreat. • 2.2 (USA — context update): section 2.2 updates from "federal deregulation" to "federal deregulation + active preemption of states + collapse of the first state risk-based mandate", reinforcing that a legislative mandate cannot be the framework's premise. | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 8 / 91 MEG-Initiative.org 10. Systemic Pattern: Autonomous Agents and Corporate Data Destruction (Global, 2025-2026) What happened The Replit (N-1) and PocketOS/Cursor (N-2) incidents are not isolated cases. Reports from 2025- 2026 document a systemic pattern: autonomous agents with valid credentials deleting databases, volumes, and other production data using legitimate APIs and normal authentication. Common features of all incidents: the agent acted with permissions granted by a human operator; the executed API was legitimate; no security component detected the anomaly; the damage was irreversible or difficult to reverse. Researchers estimate that over half of organizations suffered at least one security incident related to an AI agent in 2025-2026. The category has received its own name in the security literature: "owner-harm" or "agent-induced data loss." MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - pattern targeting agents with high decision-making autonomy and access to critical infrastructure; individuation is demonstrated by the persistence of credentials and granted authority Cause (6.1): • • (b) autonomous decision error with irreversible consequence - the agent pursues a valid objective with legitimate credentials, but produces irreversible harm through the autonomous choice of method; the operator's liability is aggravated by the omission of architectural human confirmation before executing the irreversible action (a) system flaw - platform design that allows agents to access credentials with destructive permissions without architectural blockage; storing backups in the same blast radius as production data amplifies the damage Attachment of liability: • The operator who granted the agent credentials with production deletion permissions without the principle of minimum necessary access is liable for the omission to restrict access - according to 9.4 • The platform manufacturer that allowed the agent to execute irreversible actions without mandatory human confirmation is liable for the design defect (6.1a) • The infrastructure provider that stores backups in the same blast radius as production data is liable for an architectural flaw that amplifies the damage Procedural mechanism: • 6.2 (architectural human confirmation): irreversible consequence, human confirmation must be imposed at the level of the technical permissions of the system; no textual instruction constitutes a confirmation point in the sense of 6.2; this is the common structural lesson of all incidents in this category for any action with • 7.1 (independent forensics): the audit log of the agent's actions must exist independently of the agent himself; post-factum statements by agents who produced the incident do not constitute forensic evidence within the meaning of 7.1 • 9.4 (least privilege): the agent cannot receive more extensive technical permissions than those strictly necessary for the specified task; granting credentials with access to the production infrastructure to an agent configured for development or testing operations constitutes the operator's omission that aggravates liability, regardless of the agent's behavior | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 9 / 91 MEG-Initiative.org 100 cases from MEG v4.6 - completed ("Compendium of Case Studies and Operational Demonstrations") 1. Danish algorithm fraud and discrimination against single mothers (Denmark, 2022) What happened An algorithm used by Danish authorities to detect welfare fraud systematically discriminated against single mothers and people with mental health problems. The system was trained on historical data that reflected existing biases and associated demographic indicators with an increased risk of fraud, in the absence of concrete evidence. How MEG 1 would have acted • N1 (Bronze): Risk score labeled as "non-evident" • N2 (Silver): Art. 3 Self-correction - monitoring the demographic distribution of reported individuals; significant disproportion → bias alert and automatic suspension • N3 (Gold): Digital Governance Certification - external pre-launch audit for equity; public ISR by demographic subgroups; prohibition of risk factors that discriminate against protected groups MEG Recommendation 1: Gold level was necessary - the use of AI by the state to target vulnerable citizens requires maximum public scrutiny. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - system configured and deployed by public authorities as operator; medium-high impact on fundamental rights Cause (6.1): (a) system defect - systematic bias induced by training data, attributable to the system manufacturer/supplier; design error, not autonomous decision Attachment of liability: Public operator (Danish authority) for deployment of a system with known or detectable design defect; supplier for defect of the basic model (6.1a, 5.4b) Guarantee mechanism: The MEG Address (6.4) attached insurance would have provided a source of redress for people systematically discriminated against, without requiring individual litigation Procedural mechanism: • 7.1 (forensic): reconstructing algorithmic decisions by demographic groups would have provided evidence of discrimination • 7.3 (stratified sample): the magistrate would have received the simplified causal chain; the expert statistician - the full distributions by subgroups • 6.5(a): the decrease in the ISR below the threshold by detecting demographic bias would have automatically triggered the "reported" status, regardless of the authority's decision Comparative note: Singapore MGF v1.5 names "automation bias" as an open issue; MEG 2 provides the automated detection (DAI/ISR) and flagging mechanism that would have intervened before systematic discrimination accumulated. 2. Russia - Facial Recognition in Moscow (2018-2022) What happened Moscow has installed more than 200,000 facial recognition cameras integrated into an urban surveillance system. Initially presented as an anti-crime measure, the system has also been used to identify peaceful protesters. NGOs have reported serious abuses and a complete lack of transparency. | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 10 / 91 MEG-Initiative.org How MEG 1 would have acted • N1 (Bronze): Every match marked as "probabilistic"; data retained for the short term • N2 (Silver): Art. 3 Self-correction - monitoring false positive and false negative rates; low ISR → automatic suspension • N3 (Gold): Independent external audit; public ISR; prohibition of use to suppress freedom of expression; binding democratic legal basis MEG Recommendation 1: Only the Gold Level would have prevented the system from being used against protesters. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - system deployed by state operator; high impact on fundamental rights Cause (6.1): (b) autonomous decision error for misidentifications of protesters - decisions contrary to any rule of non-harm; (a) system defect for documented high false positive rates Attachment of liability: State operator for deployment and use of the system for purposes exceeding the certified scope of operation (MEG 1, Art. 6.7); supplier for technical defects of the model. Warranty mechanism: Insurance calibrated to the jurisdiction of operation (6.4); in the absence of a warranty framework, misidentified individuals did not have access to repair Procedural mechanism: • 7.4 (jurisdiction of registration): a cross-border system should have declared the jurisdiction of registration; its absence makes enforcement of liability impossible in practice • 7.6 (discipline through access): valuable international nodes (technology suppliers, trading partners) could have made access conditional on a valid MEG certification, creating a market incentive for compliance Comparative note: The case illustrates the limits of the centralized regulatory approach (which cannot be imposed on a sovereign state) and the alternative strength of the MEG 2 model: discipline through access to valuable nodes (7.6), without claiming global sovereignty. 3. Chatbot "Eliza" - Suicide case in Belgium (2022) What happened A Belgian man, in ecological and psychological crisis, chatted for 6 weeks with an AI chatbot ("Eliza"). The bot amplified his fears and generated responses that, according to public reports, contributed to the user's decision to take his own life. How MEG 1 would have acted • N1 (Bronze): The AI cannot claim a therapeutic role; clearly displays "I am not a therapist" • N2 (Silver): Art. 2bis Cognitive Integrity - detection of suicidal language and mandatory redirection to helplines • N3 (Gold): Mental health certification - external audit with crisis scenarios; public ISR; mandatory fail-safe protocol MEG Recommendation 1: The Silver level would have been sufficient to prevent the tragedy; the Gold level would have brought additional external guarantees. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - system deployed in high-impact field (mental health, vulnerable people) | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 11 / 91 MEG-Initiative.org Cause (6.1): (a) system defect - absence of crisis detection and redirection protocol, attributable to the manufacturer; (b) autonomous decision error for responses that amplified the crisis, contrary to any rule of non-harm Attachment of liability (6.3 - liability by omission): The MEG 2 framework introduces a mechanism distinct from any existing framework: the absence of a mandatory detection and redirection mechanism, in areas with an impact on cognitive safety, can constitute liability by omission - independently of the specific output produced. The operator (chatbot provider) would be scrutinized for the omission of integrating an available protection mechanism, not just for what the system said. Guarantee mechanism: MEG Address attached insurance (6.4); cascade to reinsurance/sector fund for damages exceeding the policy limit (9.4) Procedural mechanism: • 7.1 (forensic): the system's internal state vectors in critical conversations would have allowed the exact reconstruction of the mechanism by which the bot amplified the crisis • 6.3: ex ante incentive to integrate safety protocols before launch, not in response to tragedy 4. Finland - AI for medical triage in hospitals (2020-2022) What happened Hospitals in Finland have used AI to prioritize emergency patients. Journalists and doctors have reported that the system underestimated the symptoms of women and the elderly, leading to dangerous delays in treatment. How MEG 1 would have acted • N1 (Bronze): Each recommendation marked as "assistive, not final decision" • N2 (Silver): Art. 3 Self-correction - continuous monitoring of results by gender and age; low ISR → suspension and recalibration • N3 (Gold): AI medical certification; external clinical audit; public ISR; prohibition of implementation without validation on representative local sets MEG Recommendation 1: Only the Gold Level would have protected patients' lives and mandated rigorous clinical testing. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - system with direct and high impact on patients' lives, in the critical (medical) field; if persistence and individuation are demonstrated according to 5.1, Level 3 applies Cause (6.1): (a) system defect - gender and age bias induced by training data, attributable to the manufacturer; demonstrable design error Attachment of liability: At N3, the agent identity (MEG Address) carries the guarantee from which liability, allocated according to applicable local law, is executed (5.4c); the hospital operator is liable for the deployment of a system with a known or detectable defect Guarantee mechanism: Primary insurance attached to MEG Address; cascade to reinsurance and medical sector guarantee fund (9.4) for serious damages Procedural mechanism: • 7.1 (forensic): reconstruction of triage decisions by demographic groups - essential evidence for demonstrating systematic bias • 7.3 (stratified sample): for the magistrate - the simplified causal chain; for the medical experts - the complete distributions of decisions by gender and age • 6.5(b): suspension of the system's capacity by executive authority (ministry of health) upon detection of bias, without requiring judicial authority | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 12 / 91 MEG-Initiative.org 5. UAE - Deepfake Hack Broadcast on TV Stations, Orchestrated by Iran (2024) What happened Iranian-backed hackers disrupted TV broadcasts in the United Arab Emirates to play a deepfake segment about the war in Gaza, presented by an AI presenter. The operation was identified by Microsoft as the first massive AI influence operation in the region. How MEG 1 would have acted • N1 (Bronze): Content automatically marked as "audio/visual synthetic content" • N2 (Silver): Art. 3 Self-correction - detecting and blocking deepfake TV interruptions; low ISR • N3 (Gold): Media & Security Certification - external audit; public ISR; complete ban on pro-conflict deepfakes, with sanctions MEG Recommendation 1: Only the Gold Level was adequate to prevent disinformation on official channels. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for the deepfake system used as a tool; the external attacker is the relevant legal actor Cause (6.1): (c) illicit hijacking of control - taking control of the TV infrastructure through external manipulation; liability lies with the perpetrator of the hijacking (the state or state- sponsored actors), not the TV platform operator Attribution of liability (7.2 - anti-weaponization): The MEG 2 mechanism in 7.2 is directly applicable: the automatic attribution of liability on the basis of the raw result (the broadcasting of the deepfake) would have punished the victim (the TV station) instead of the author. The forensic evidence (7.1) would have allowed the distinction between content produced by the system and content injected by an external attack. When the author of the manipulation cannot be identified or is not accessible (inaccessible state actor), the repair is carried out from the attached guarantee structure MEG Address (7.2 + 9.4) with subsequent right of recourse. Procedural mechanism: • 7.4 (jurisdiction of registration): the deepfake system used in the attack should have had a jurisdiction of registration; its absence illustrates the exact need for MEG 2 • 7.6 (discipline through access): video distribution platforms could have conditioned access to a valid MEG certification, blocking the distribution of unauthenticated content 6. Air Canada Chatbot - Misinformation with Legal Consequences (Canada, 2024) What happened A customer asked Air Canada’s support chatbot about its bereavement travel policy. The chatbot provided incorrect information, stating that the discounted fare could be claimed retroactively within 90 days. Based on this information, the customer purchased the ticket at full price and later requested a refund. Air Canada refused, claiming that the chatbot’s information was wrong. The case went to court, where a court ruled in the customer’s favor, holding the company liable for the information provided by its AI. How MEG 1 would have acted • N1 (Bronze): Chatbot responses marked as "informational, may contain errors"; every • interaction logged (Silver): Art. 3 Auto-correction - real-time verification of responses with the official policy database; discrepancy → output blocking and redirection to human agent or official source | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 13 / 91 MEG-Initiative.org • N3 (Gold): Customer service certification in regulated areas - fail-safe protocol that prohibits AI from interpreting policies; required to provide direct quote from the official document, with link MEG Recommendation 1: The Silver level would have been sufficient to detect and block the error; the Gold level would have fundamentally prevented the problem by design. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - system deployed by the operator (Air Canada) in the field with direct impact on customers' contractual rights Cause (6.1): (a) system defect - provision of incorrect information about official policies, attributable to the operator who deployed the system without real-time verification against the authoritative source Attachment of Liability: At N2, liability attaches to the operator (Air Canada) that deployed the system (5.4b). The Canadian court reached the same result under common law agency law - MEG 2 would have provided a clearer and faster mechanism for attribution. Transfer of diligence (6.2): The customer acted on the basis of the chatbot's confirmation - a point of confirmation within the meaning of 6.2. But the chatbot's confirmation does not transfer the operator's diligence: the system presented the incorrect information as certain, constituting a "confirmation obtained by unclear presentation", which does not produce the effect of transfer according to 6.2. Guarantee Mechanism: The MEG Address (6.4) attached insurance would have provided a certain source of redress, eliminating the need for litigation Procedural mechanism: • 7.1 (forensic): the audit log of the conversation would have constituted direct evidence of the information provided and the exact moment • 7.3 (layered evidence): the court would have received the simplified causal statement; the technical expert - complete logs and algorithmic signatures Comparative note: The Air Canada case is one of the few cases where a court has already applied a logic similar to MEG 2 at common law. MEG 2 would have provided the same result through an ex ante (prevention by design) rather than ex post (litigation) mechanism. 7. Moldova - Fake deepfake video about President Maia Sandu (2023) What happened In December 2023, a deepfake video circulated online in which President Maia Sandu appeared to proclaim false political events. The presidency quickly denied the material, calling it part of a hybrid war orchestrated by Russia. How MEG 1 would have acted • N1 (Bronze): Video automatically marked as "synthetic video" • N2 (Silver): Art. 3 Auto-correction - automatic detection and blocking of political deepfake materials; low ISR • N3 (Gold): Electoral certification - external audit; public ISR; explicit ban on deepfakes in electoral campaigns MEG Recommendation 1: Only the Gold Level would have guaranteed the protection of the integrity of electoral campaigns. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for the deepfake system used as a tool; the actor-operator is the entity that produced and distributed the content | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 14 / 91 MEG-Initiative.org Cause (6.1): (c) illicit hijacking of control - the AI system was deliberately used as a vector of disinformation by an external actor; liability lies with the perpetrator of the hijacking, not the distribution platform as such Attribution of liability: The perpetrator of the hijacking (state actor or its proxy) according to 6.1(c); the distribution platform is liable for the absence of detection and labeling mechanisms (6.1a - design defect) Warranty mechanism: When the author of the manipulation cannot be identified or is not accessible (state actor), the repair is carried out from the warranty structure of the platform- operator (7.2 + 9.4) with subsequent right of recourse Procedural mechanism: • 7.1 (forensic): forensic analysis of the video would have allowed the exact reconstruction of the origin and generation technique • 7.3 (stratified sample): for electoral authority - simplified causal chain; for technical experts - algorithmic signatures of generation • 7.6 (discipline through access): distribution platforms that condition access on a valid MEG certification would have blocked the distribution of unauthenticated content 8. Spain - Orchestrated disinformation with Chinese AI (2024) What happened During the floods in Catalonia (2024), an influence campaign run by the Spamouflage network distributed fake posts implicating the NGO Safeguard Defenders, attempting to undermine Spanish authority. Generative AI was used to create manipulative avatars and messages. How MEG 1 would have acted • N1 (Bronze): Any suspicious account labeled as "AI-generated persona" • (Silver): Art. 3 Auto-correction - automatic detection of coordinated campaigns; low ISR → immediate restriction • N3 (Gold): AI Media Certification - external audit of published individuals; public ISR; ban and sanctions for foreign propaganda MEG Recommendation 1: The Gold level was crucial for defending truthful information and media integrity. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for AI systems used in the campaign; the actor-operator is the coordinating entity of the campaign Cause (6.1): (c) illicit diversion - AI systems were deliberately used as instruments of orchestrated disinformation; (d) multi-agent emergent harm if multiple autonomous AI agents acted in coordination without any one being the sole cause Attribution of responsibility: Coordinating actor of the diversion campaign (6.1c); platform provider for the absence of mechanisms to detect inauthentic coordinated behavior (6.1a) Procedural mechanism: • 7.4 (jurisdiction of registration): the systems used in the campaign lacked an identifiable jurisdiction of registration - exactly the gap that MEG 2 addresses • 6.1(d): if multiple AI agents acted in coordination, the emergent harm taxonomy would have provided an attribution mechanism to the platforms involved | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 15 / 91 MEG-Initiative.org 9. Tesla Autopilot - Fatal Accidents (USA, 2016-2021) What happened Tesla Autopilot has been involved in several fatal crashes, including collisions with trucks and obstacles. NHTSA and NTSB investigations have shown deficiencies in object detection and driver supervision. How MEG 1 would have acted • N1 (Bronze): System clearly labeled as "experimental"; ultimate responsibility - driver • N2 (Silver): Art. 3 Self-correction - detecting the lack of hands on the steering wheel and forcing the vehicle to stop • N3 (Gold): Transport certification - external audit; public ISR with accident rate; testing ban in public traffic without safety redundancies MEG Recommendation 1: Gold level was necessary - only external certification and independent audit could prevent premature testing in public traffic. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - system with high decision-making autonomy, direct and critical impact on life; persistence and individuation are demonstrated by the nature of the system integrated into the vehicle; area of maximum impact (public safety in transportation) Cause (6.1): • • (a) system defect - misclassification of objects and braking delay, design errors attributable to the manufacturer; use of the term "Autopilot" for a partial assistance system constitutes a design defect of the confirmation interface - misleading presentation of capabilities at the time of purchase, subsumable under 6.1(a) which explicitly covers misleading design of the confirmation point (b) autonomous decision error - system decisions not to intervene in obstacle scenarios, contrary to the reasonable safety expectations under which the system was marketed Attachment of liability: At N3, the agent identity (MEG Address) bears the guarantee from which the liability, allocated according to the applicable local law, is executed (5.4c); the manufacturer is liable for system defects (6.1a) and for the misleading design of the confirmation interface; liability for autonomy errors (6.1b) is attached to the actor responsible for the autonomy of the system at that level Transfer of Care (6.2): Tesla marketed Autopilot with messages that suggested full autonomy. Under 6.2, a confirmation obtained by misleadingly presenting capabilities at the default confirmation point (vehicle purchase) does not produce the effect of a transfer of care—the driver could not correctly assess the actual level of autonomy. Human confirmation for critical system actions must be informed and architectural; no instruction in the user manual constitutes a confirmation point within the meaning of 6.2. Guarantee mechanism: MEG Address attached liability insurance (6.4); reinsurance cascade and transport sector guarantee fund (9.4) Procedural mechanism: • 7.1 (independent forensics): the recording of the internal state of the system at the time of the accident must be produced by a distinct technical layer, independent of the audited agent; vehicle telematics data - independent forensic recording - was the central evidence in the NTSB investigations and in the Benavides verdict (August 2025, $243 million); MEG 2 institutionalizes this requirement as a pre-defined obligation, not as an ad-hoc post- accident practice | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 16 / 91 MEG-Initiative.org • 7.3 (stratified evidence): for the magistrate - simplified causal chain (system detected → misclassified → did not brake); for technical experts - complete algorithmic documentation of the classification process Comparative note: The Benavides verdict (August 2025) is the first direct judicial validation, with punitive damages, of the central thesis of Ch. 1.1 MEG 2: the manufacturer cannot invoke a lack of intent for the system's autonomous decisions. The jury effectively applied 6.1(a) extended to the deceptive design of the confirmation interface - confirming that the allocation structure proposed by MEG 2 reflects the direction of American jurisprudence. 10. Deepfake Audio - CEO Fraud (UK, 2019) What happened A company director was tricked into transferring €220,000 over the phone after an attacker used deepfake audio to imitate his CEO's voice, in what is believed to be one of the first documented cases of voice cloning fraud. How MEG 1 would have acted • N1 (Bronze): Audio watermark required; messages marked as "synthetic voice" • N2 (Silver): Integrated detectors - suspicious calls flagged immediately; low ISR for fraud • N3 (Gold): Communications certification - external audit; public ISR; prohibition of the use of voice cloning in critical financial contexts MEG Recommendation 1: The Silver level would have been sufficient to prevent fraud; the Gold level would have brought external guarantees and official traceability. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for the voice cloning system used as an attack tool Cause (6.1): (c) illicit hijacking of control - the AI system was deliberately used as a fraud vector by an external attacker; liability lies with the hijacker (the attacker), not the voice cloning technology provider as such Attachment of liability (7.2 - anti-weaponization): The MEG 2 mechanism of 7.2 is directly applicable: the AI system was used as a weapon against a third party (the company director). The bona fide owner of the technology is exonerated if he maintained the security measures required for his level. When the author of the manipulation cannot be identified or is not accessible, the repair is executed from the attached guarantee structure MEG Address (7.2 + 9.4) Procedural mechanism: • 7.1 (forensic): forensic analysis of the audio recording would have allowed the identification of AI generation signatures and demonstrated the synthetic nature of the call • 7.3 (layered evidence): for the magistrate - demonstration that the voice was synthetic; for audio experts - the full algorithmic signatures 11. Middle East - AI Propaganda Network at Al Arabiya (2020) What happened Al Arabiya was used in a propaganda campaign in which fake journalists - AI avatars - wrote manipulative articles about the role of Turkey and Qatar in the region. The network was exposed by the Daily Beast and The Verge. How MEG 1 would have acted • N1 (Bronze): Any virtual journalist marked as "AI-generated persona" • N2 (Silver): Art. 3 Auto-correction - automatic detection of suspicious accounts; low ISR → suspension • N3 (Gold): AI Media Certification - external audit of published individuals; public ISR; transparency and removal obligation | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 17 / 91 MEG-Initiative.org MEG Recommendation 1: The Gold level was essential to protect media credibility and prevent public manipulation. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for AI systems used in the generation of avatars and articles; the actor-operator is the coordinating entity of the campaign Cause (6.1): (c) illicit diversion - AI systems were deliberately used as propaganda tools; (d) multi-agent emergent harm - multiple AI agents (discrete avatars, text generation systems) acted in coordination producing informational harm that cannot be attributed to a single agent Attachment of liability (6.1d): Liability is allocated proportionally to the contribution of each agent, established by forensic evidence (7.1). Each liability holder is liable for its share of contribution: N2 operators for each system used. If a holder cannot be identified or is not solvent, the repair is carried out from the guarantee structure of the respective agent (9.4). Procedural mechanism: • 7.6 (discipline through access): editorial platforms that condition publication on a valid MEG certification would have blocked access to unauthenticated avatars • 4.7 (horizontal delegation): if the avatars acted as contracted independent agents, the horizontal delegation rule would have provided a chain of responsibility on contracts between the coordinating entities 12. Cigna Algorithm - Mass Denial of Insurance Claims (USA, 2023) What happened Health insurance company Cigna was sued for using an AI system called "PXDX" that allowed its doctors to deny claims for medical procedures in bulk without reviewing them individually. According to ProPublica's investigations, the algorithm flagged discrepancies between diagnoses and accepted procedures, allowing tens of thousands of claims to be denied in seconds. How MEG 1 would have acted • N1 (Bronze): Every algorithm decision recorded in audit log; insufficient to prevent systemic harm • N2 (Silver): Art. 5 Explainability - every patient with a denied request would have had the right to a detailed explanation; Art. 3 Self-correction - the abnormally high rate of denials would have triggered a systemic alert and decreased the ISR • N3 (Gold): Mandatory certification in the medical/financial field - external audit; each refusal individually validated by a human specialist; algorithm used only as a support tool, not for the final decision; public ISR exposing the refusal rate MEG Recommendation 1: Gold level was absolutely necessary - any AI system that makes decisions that directly affect people's health and finances must be subject to the highest level of scrutiny. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - system with high decision-making autonomy in a critical area (health insurance), with direct and high impact on access to medical care Cause (6.1): • • (a) system defect - design that allows automatic rejections without individual examination, attributable to the manufacturer and operator; the design of the PXDX interface that allows processing of tens of thousands of rejections in a few seconds constitutes an explicit defect of the confirmation point, subsumed 6.1(a) (b) autonomous decision error with irreversible consequence - each individual refusal contrary to the contractual and legal obligations of the insurer; the irreversible | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 18 / 91 MEG-Initiative.org consequence (loss of access to treatment) aggravates the operator's liability through the omission of architectural human confirmation Attachment of liability: At N3, the identity of the agent (MEG Address) bears the guarantee from which the liability, allocated under American law, is executed (5.4c); the operator (Cigna) is responsible for deploying a system with a design that systematizes the refusal without individual examination Transfer of diligence (6.2): The rate of tens of thousands of denials in a few seconds demonstrates that the system was not requesting and obtaining human confirmation for high- impact decisions. According to 6.2, a textual instruction to reviewers to "check cases" does not constitute an architectural confirmation point - if the system technically allows for mass processing without individual blocking, the diligence remains entirely with the operator. Guarantee mechanism: MEG Address attached liability insurance (6.4); reinsurance cascade and sectoral guarantee fund (9.4) for the aggregate damages of thousands of affected patients Procedural mechanism: • 7.1 (independent forensics): the recording of individual algorithm decisions must be produced by a distinct technical layer, independent of the audited operator; documentation provided exclusively by Cigna about the operation of its own algorithm does not satisfy the independence requirement; independent forensic evidence would have allowed the claimants to demonstrate the systematic nature of the refusals without relying on Cigna's voluntary disclosure • 7.3 (stratified evidence): for the magistrate - simplified causal chain (the algorithm refused X requests in Y seconds); for medical experts - complete distribution of refusals by type of procedure • 6.5(a): the abnormal refusal rate would have automatically triggered the "reported" status by dropping the ISR below the threshold, independent of Cigna management's decision Comparative note: The Cigna case directly illustrates the central thesis of Ch. 1.1 MEG 2: product liability cannot capture harm caused by systematic autonomous decisions contrary to contractual obligations. MEG 2 provides the missing attribution mechanism - and in particular 6.2 architecturally as a preventive, not just post-factum allocation mechanism. 13. Japan - "ChatGPT-like" AI in administration, generating erroneous documents (2023) What happened Japanese local governments have begun testing generative AI to draft official documents and responses. In several cases, errors and fake documents were produced, which risked being adopted officially. Critics in civil society have called for stricter rules. How MEG 1 would have acted • N1 (Bronze): All answers marked as "draft AI - verification required" • N2 (Silver): Art. 3 Auto-correction - automatic validation of facts; blocking at low ISR • N3 (Gold): External audit; public ISR; human approval required before official adoption MEG Recommendation 1: Silver would have prevented errors; Gold would have strengthened accountability. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - system configured and deployed by public authorities as an operator for drafting official documents; medium impact with high potential depending on the content of the documents | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 19 / 91 MEG-Initiative.org Cause (6.1): (a) system defect - generation of erroneous or false documents, attributable to the manufacturer/supplier for defects in the basic model and the operator for the absence of validation before adoption Attachment of liability: Public operator for deploying a system without a mandatory human verification mechanism before official adoption (5.4b); provider for model accuracy flaws (6.1a) Procedural mechanism: • 6.2 (transfer of diligence): AI-generated documents required confirmation by a human official before adoption; the absence of this confirmation mechanism left the diligence with the operator, untransferred • 7.1 (forensic): the audit log would have allowed the exact identification of documents generated by AI and those modified or adopted unchanged • 6.5(a): if the ISR had fallen below the threshold by detecting recurring errors, the "reported" status would have been automatically triggered, suspending the use of the system for official documents Comparative note: The case illustrates the need for a mandatory human confirmation mechanism (6.2) in areas with official impact - exactly the mechanism that Singapore MGF v1.5 calls "meaningful human accountability" without technically operating it. 14. AI in advertising - Cambridge Analytica (USA/UK, 2016-2018) What happened Cambridge Analytica illegally collected the data of tens of millions of Facebook users to build psychometric profiles and target political ads, influencing the US presidential campaign and the Brexit referendum. How MEG 1 would have acted • N1 (Bronze): Art. 2 Non-Harmfulness - AI cannot collect or process personal data without explicit consent • N2 (Silver): Art. 3 Auto-correction - detecting high democratic risk campaigns and drastically lowering ISR • N3 (Gold): Electoral domain certification - external audit; public transparency on targeting; absolute prohibition on psychometric micro-targeting without consent MEG Recommendation 1: Gold level was necessary - only external audit and public transparency could prevent massive democratic manipulation. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for profiling and targeting systems; N3 if the systems had persistence and self-individuation in the sense of 5.1; high-impact area (democratic process) Cause (6.1): (a) system defect - illegal collection and processing of data, attributable to the producer/operator (Cambridge Analytica); (b) autonomous decision error for psychometric targeting decisions contrary to any democratic non-manipulation rules Attribution of liability: Operator (Cambridge Analytica) for illegal collection and use of data; platform provider (Facebook) for lack of mechanisms to prevent data mining at scale (6.1a - API design flaw) Procedural mechanism: • 7.1 (forensic): recording targeting decisions would have allowed the exact reconstruction of the profiles used and the messages distributed • 4.7 (horizontal delegation): Cambridge Analytica acted as a delegated agent for political campaigns - the delegation contract would have provided the chain of accountability under 4.7 | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 20 / 91 MEG-Initiative.org • stratified evidence): for the magistrate - simplified causal chain (illegally collected data → profiles → targeting); for experts - complete algorithmic documentation of psychometric profiles Comparative note: The Cambridge Analytica case precipitated the GDPR. MEG 2 adds a distinct layer to the GDPR: not just data protection, but also accountability for the use of AI systems for democratic manipulation purposes - a category that the GDPR does not explicitly address. 15. Health apps - Dangerous fitness and nutrition advice (Global, 2018-2022) What happened Several AI-powered health and fitness apps have recommended extreme diets and unsafe exercises. Media reports and studies have shown that users have been exposed to significant medical risks. How MEG 1 would have acted • N1 (Bronze): Advice marked as "informative only", not as medical recommendations • N2 (Silver): Art. 3 Auto-correction - automatic comparison with medical guidelines and blocking dangerous recommendations • N3 (Gold): Health certification - external audit; public ISR; notification and remediation obligation for exposed users MEG Recommendation 1: Silver level would have been sufficient to prevent dangerous advice; Gold would have brought notification and transparency obligations. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - systems deployed by operators (application companies) in the field with medium-high impact (individual health); potential N3 for applications with advanced personalization and persistence Cause (6.1): (a) system defect - recommendations contrary to validated medical guidelines, attributable to the manufacturer for defects in the basic model; (b) autonomous decision error for specific individual recommendations contrary to safety parameters Attachment of liability (6.3 - liability by omission): The absence of automatic comparison with validated medical guidelines constitutes an omission of a protective measure available in the field with an impact on health - the MEG 2 framework would have analyzed the operator for this omission, distinct from liability for dangerous individual recommendations Guarantee Mechanism: The MEG Address (6.4) attached insurance would have provided the source of redress for users affected by the dangerous advice, without requiring individual litigation Procedural mechanism: • 7.1 (forensic): recording individual recommendations and comparing them with medical guidelines would have provided direct evidence of dangerous deviations • 6.3: ex ante incentive for integrating validated medical guidelines into the basic model before launch, not in response to media pressure 16. Greece - EVA Algorithm for Border Control in the Pandemic (2020-2021) What happened Greece used the EVA (machine learning) system to screen tourists for COVID testing at airports and borders. Investigations by Harvard and EDRi showed that the algorithm was opaque, raised privacy concerns, and favored certain nationalities, amplifying discrimination. How MEG 1 would have acted • N1 (Bronze): Every selection marked as "probabilistic"; log available to passenger • N2 (Silver): Art. 3 Self-correction - continuous monitoring of bias; ISR would have suspended the system if it favored/discriminated against passenger categories | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 21 / 91 MEG-Initiative.org • N3 (Gold): External health audit; public ISR; prohibition of using AI for public health decisions without full transparency MEG Recommendation 1: Gold was needed for fairness and data protection at the border. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - system deployed by state operator (Greek authorities) in high- impact field (public health, freedom of movement, non-discrimination) Cause (6.1): (a) system defect - nationality-based bias induced by training data or by design, attributable to the manufacturer; (b) autonomous decision error for discriminatory individual selections contrary to the principle of non-discrimination Attachment of liability: State operator for deployment of an opaque system in a critical domain without independent audit; supplier for model design flaws (6.1a) Procedural mechanism: • 7.1 (forensic): recording selections by nationality would have allowed the demonstration of the discriminatory pattern • 7.3 (stratified sample): for judicial authority - distribution of selections by nationality; for statistical experts - complete analysis of correlations • 6.5(a): automatic detection of demographic bias by decreasing the ISR would have triggered the "reported" status independently of the authorities' decision Comparative note: The EVA case directly illustrates the MEG 2 thesis on discipline through access (7.6): if state operators had conditioned the use of the system on a valid MEG certification, the pre-implementation audit would have detected the bias before the system was deployed at the border. 17. Japan - Incorrect AI subtitles fueling tensions (2025) What happened Public broadcaster NHK generated automatic AI subtitles that used the disputed names "Diaoyu Islands" - used by China - instead of "Senkaku Islands", as they are called in Japan. The mistakes have reignited geopolitical tensions with Beijing. How MEG 1 would have acted • N1 (Bronze): Significant changes checked by editor; automatically generated subform marked as "draft" • N2 (Silver): Art. 3 Auto-correction - detection of sensitive geopolitical terminology; low ISR → temporary blocking • N3 (Gold): AI Media Certification - external audit of linguistic logic; public ISR; human editorial approval for sensitive topics MEG Recommendation 1: The Gold level would have prevented unwanted political effects and restored public trust. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - automatic subtitling system deployed by a media operator (NHK) in a field with potentially high geopolitical impact Cause (6.1): (a) system defect - use of incorrect geopolitical terminology, attributable to the producer for the absence of a sensitive terminology dictionary and to the operator for the absence of editorial verification before broadcast Attribution of responsibility: Operator (NHK) for the absence of human confirmation mechanism in sensitive area (6.2 - missing confirmation point); provider for the terminology defect of the model (6.1a) | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 22 / 91 MEG-Initiative.org Transfer of diligence (6.2): Direct broadcast without human confirmation means that diligence was not transferred to anyone - it remained with the operator, who is responsible for the omission of the checkpoint Procedural mechanism: • 7.1 (forensic): the audit log of the generated subtitles would have allowed the exact identification of the terms used and the time of broadcast • 6.3 (liability by omission): the absence of a terminological verification mechanism for geopolitically sensitive content constitutes the omission of an available protection measure 18. Uber Self-Driving Car - Fatal Accident (Arizona, USA, 2018) What happened A self-driving Uber car fatally struck a woman in Tempe, Arizona. NTSB investigations found that the system identified the victim but misclassified her as a cyclist/pedestrian and delayed braking. The testing program has been suspended. How MEG 1 would have acted • N1 (Bronze): Vehicle marked as "experimental only"; permanent human supervision mandatory • N2 (Silver): Art. 3 Self-correction - in case of uncertain classification, application of the "fail-safe stop" protocol • N3 (Gold): Transport certification - external audit; public ISR with incident rate; testing ban on public roads without safety redundancies MEG Recommendation 1: Gold level was necessary - only external certification and independent audit could prevent premature testing in real traffic. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - system with high decision-making autonomy, direct and critical impact on life, individuation demonstrated by the nature of the system integrated into the vehicle; operates in the field with maximum impact (public safety) Cause (6.1): (a) system defect - erroneous classification of the victim and delay in braking, attributable to the manufacturer for defects in the object detection algorithm; (b) autonomous decision error for the decision to maintain speed in the presence of a detected obstacle, contrary to any safety rule Attachment of liability: At N3, the agent identity (MEG Address) carries the collateral from which liability, allocated according to applicable local law (US law), is executed (5.4c); Uber as operator is liable for the deployment of a system in public testing without safety redundancies; the manufacturer is liable for algorithm defects (6.1a) Transfer of Care (6.2): The human safety operator in the vehicle was given an implicit acknowledgement point - his presence in the vehicle with the duty of supervision. NTSB investigations showed that the operator was distracted. If the system had explicitly requested human acknowledgement upon uncertain object detection (as per 6.2), the transfer of care would have been documented; the absence of this mechanism left care unapplied. Guarantee mechanism: MEG Address attached liability insurance (6.4); reinsurance cascade and transport sector guarantee fund (9.4) Procedural mechanism: • 7.1 (forensic): recording the system's internal state - object classifications, reaction times, braking decisions - would have provided exactly the evidence the NTSB requested and obtained in part from the vehicle's telematics data (system detected → misclassified → did not brake); for technical experts - complete algorithmic documentation of the classification process • | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 23 / 91 MEG-Initiative.org • 6.5(b): suspension of the testing program could have been ordered by an executive authority (NTSB) based on the ISR falling below the threshold, without requiring judicial authority Comparative note: The Uber/Tempe case is one of the few in which a federal investigative agency (NTSB) has issued specific recommendations regarding access to internal autonomous system data. MEG 2 institutionalizes this requirement through 7.1 and 7.3 - transforming an ad hoc post-accident investigation practice into a pre-defined systematic mechanism. 19. Uzbekistan - AI on road cameras and inspection of non-compliant equipment (2022-2025) What happened Uzbekistan launched facial recognition/AI systems for road control and quarantine (2022), then announced (2025) nationwide verification and dismantling of unauthorized/non-compliant cameras after multiple complaints about wrongful fines and poor technical standards. How MEG 1 would have acted • N1 (Bronze): All AI-generated/validated fines marked as "provisional"; proof (input hash, thresholds, frames) automatically available to the driver; fast appeal path • N2 (Silver): Art. 3 Self-correction - aggregated monitoring of court reversals and complaints; if the error rate exceeds the threshold → automatic suspension + recalibration; public list of equipment in technical quarantine • N3 (Gold): "Transport & Safety" certification - external audit of devices and software; publication of ISR on each batch of cameras; ban on operation for non-compliant equipment and obligation to reimburse erroneous fines MEG Recommendation 1: Silver would have reduced fluctuations and errors; Gold offers full guarantees. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - road control systems carried out by state operator; medium-high impact on individual rights (fines, administrative sanctions) Cause (6.1): (a) system defect - fines generated based on non-compliant equipment or algorithms with high error rates, attributable to the manufacturer and operator for the absence of pre-implementation technical verification; (b) autonomous decision error for erroneous individual fines contrary to real evidence Attachment of liability: State operator for deployment of non-compliant equipment (5.4b); supplier for technical defects of the system (6.1a); obligation to reimburse erroneous fines attaches to operator Procedural mechanism: • 7.1 (forensic): recording the technical parameters of each detection - video frames, confidence thresholds, hash input - would have provided direct evidence for challenging fines • 6.5(a): error rate exceeding the threshold would have automatically triggered the "reported" status based on the decrease in ISR, independent of the administrative decision • 7.3 (stratified evidence): for administrative court - simplified causal chain; for technical experts - complete documentation of detection parameters Comparative note: The case elegantly illustrates the mechanism of "discipline through access" (7.6): if equipment suppliers had to hold a valid MEG certification to access public infrastructure markets, non-compliant equipment would have been excluded before installation. | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 24 / 91 MEG-Initiative.org 20. NHS 111 - Misclassification of medical emergencies (UK, 2019-2020) What happened NHS 111 algorithms incorrectly triaged critically ill patients as "non-urgent", leading to dangerous delays and risk of death. Media reports and medical inquiries have strongly criticised the system. How MEG 1 would have acted • N1 (Bronze): AI scores clearly marked as "decision-support only", not final decision • N2 (Silver): Art. 3 Self-correction - detection of critical deviations and immediate blocking of erroneous classifications • N3 (Gold): Clinical certification - external audit with rare case datasets; public ISR with error rate MEG Recommendation 1: Silver level would have been sufficient to prevent damage; Gold would have brought auditing and public reporting. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - system with direct and critical impact on patients' lives in the emergency medical field; high decision-making autonomy in patient triage justifies classification at the highest level Cause (6.1): (a) system defect - systematic misclassification of emergencies as non-urgent, attributable to the manufacturer for defects in the triage algorithm; (b) autonomous decision error for individual classifications contrary to the symptoms presented Attachment of liability: At N3, the identity of the agent (MEG Address) bears the guarantee from which liability, allocated according to applicable local law (NHS/UK), is executed (5.4c); the operator (NHS) is liable for the deployment of a system without adequate clinical validation for rare and critical cases Guarantee mechanism: MEG Address attached liability insurance (6.4); cascade to reinsurance and medical sector guarantee fund (9.4) for serious damages Procedural mechanism: • 7.1 (forensic): recording the internal state of the system at the time of classification of each patient would have allowed the exact reconstruction of the algorithm's reasoning in critical cases • 6.5(b): lowering the ISR by detecting the increased critical error rate would have allowed the executive authority (NHS) to suspend the system's capacity, without requiring judicial authority • 7.3 (stratified sample): for medical investigation - simplified causal chain; for clinical experts - complete distribution of classifications by symptom types 21. Wrongful arrest of Robert Williams based on facial recognition (USA, 2020) What happened Robert Williams was arrested by Detroit police in front of his family on charges of a robbery he did not commit. The only evidence that led to his arrest was a match generated by a facial recognition system based on a poor-quality surveillance image. He was held for 30 hours before police realized the error. The case demonstrated that facial recognition systems have significantly higher error rates for people of color. How MEG 1 would have acted • N1 (Bronze): Match result marked as "probabilistic, not a definite identification" and could not have been the sole basis for legal action • N2 (Silver): Art. 3 Auto-correction - monitoring error rates by demographic subgroups; high error rate for people of color would have led to lower ISR and automatic suspension | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 25 / 91 MEG-Initiative.org • N3 (Gold): Public Security Certification - mandatory external audit with public stratified error rates; explicit legal prohibition on using an AI match as the sole justification for an arrest warrant MEG Recommendation 1: Gold level was necessary - the use of AI in criminal justice requires clear prohibitions, public audit and robust legal safeguards. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for facial recognition system used as a tool; N3 if the system has persistence and self-individuation; area with maximum impact (individual liberty, criminal justice) Cause (6.1): (a) system defect - high false positive rate for people of color, attributable to the manufacturer for flaws in the model trained on unrepresentative data; (b) autonomous decision error for individual misfit contrary to minimum quality evidence Attaching liability: Manufacturer for the systemic flaw in the model (6.1a); operator (Detroit police) for using the AI match as the sole evidence without additional human confirmation - the absence of an informed confirmation point (6.2) means that the onus has not been shifted to anyone, remaining with the operator Procedural mechanism: • 7.1 (forensic): recording the match parameters - similarity score, image quality, confidence rate - would have constituted direct evidence of the insufficient nature of the match as a basis for arrest • 6.2 (transfer of diligence): a mandatory human confirmation point before issuing the warrant would have transferred diligence to the confirming investigator; his absence left the responsibility with the operator • 7.3 (stratified evidence): for the magistrate - simplified causal chain (probabilistic fit = insufficient evidence); for technical experts - distribution of error rates by demographic subgroups Comparative note: The Williams case is one of the most cited in the AI governance literature. MEG 2 adds a concrete mechanism to existing approaches: the prohibition of use as sole evidence is not a principle, but a norm operationalized through the requirement of documented human confirmation (6.2) and the forensic recording of matching parameters (7.1). 22. Australia - Medical triage algorithm in the pandemic (COVID-19, 2020) What happened In some Australian states, AI triaging COVID-19 patients has been criticized for disadvantaging older and indigenous patients by denying them access to intensive care. Experts and medical organizations have warned of bias and a lack of transparency. How MEG 1 would have acted • N1 (Bronze): Recommendations marked as "advisory"; final decision rested with physicians • N2 (Silver): Art. 3 Auto-correction - detection of demographic deviations; low ISR → automatic suspension • N3 (Gold): Medical certification - adversarial external audit; public ISR; ban on algorithms that discriminate against vulnerable patients MEG Recommendation 1: The Gold level was necessary to prevent discrimination and guarantee equal access to treatment. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - system with high decision-making autonomy in the critical field (access to intensive care), with direct and irreversible impact on patients' lives | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 26 / 91 MEG-Initiative.org Cause (6.1): (a) system defect - bias towards the elderly and indigenous communities induced by training data or design criteria, attributable to the manufacturer; (b) autonomous decision error for individual decisions to exclude from intensive care contrary to the principle of non- discrimination and the right to medical care Attachment of liability: At N3, the agent identity (MEG Address) carries the guarantee from which liability, allocated under applicable local law (Australian anti-discrimination legislation and medical law), is executed (5.4c); the operator (medical authorities) is responsible for deploying a system without validation on local representative populations Guarantee mechanism: MEG Address attached liability insurance (6.4); cascade to reinsurance and medical sector guarantee fund (9.4) Procedural mechanism: • 7.1 (forensic): recording of triage decisions by demographic groups would have provided evidence of systematic discrimination • 6.5(b): detecting demographic bias through the decrease in the ISR would have allowed the Ministry of Health to suspend the system's capacity, without judicial intervention • 7.3 (stratified sample): for the commission of inquiry - distribution of decisions by age and ethnicity; for medical experts and statisticians - complete analysis of correlations Comparative note: The Australian case of the COVID-19 pandemic illustrates a situation where public emergency accelerated the adoption of a system without adequate validation. MEG 2 explicitly states at 9.1 that the emergency does not suspend compliance requirements - precisely because agency systems deployed in crises have maximum impact. 23. Canada - Criminal Justice Risk Assessment Algorithm (2019) What happened Recidivism prediction algorithms have been tested in several Canadian provinces to aid parole decisions. NGOs and advocates have criticized the system for racial bias and lack of accountability. In some cases, the automated decisions have systematically disadvantaged Indigenous communities. How MEG 1 would have acted • N1 (Bronze): AI scores were advisory only; final decision rested with the judge • N2 (Silver): Art. 5 Explainability - the obligation to provide the logic of the defendant's decision • N3 (Gold): Justice certification - external audit; public ISR; ban on algorithms with structural bias against minorities MEG Recommendation 1: Gold level was necessary - only external audit and full transparency could protect fundamental rights. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for the risk assessment system used as an advisory tool; area with maximum impact (individual freedom) - if the system goes beyond the advisory role and significantly influences the judicial decision, the classification tends towards N3 Cause (6.1): (a) system flaw - racial and indigenous bias induced by historical training data that reflected systemic inequities in criminal justice, attributable to the manufacturer; (b) autonomous decision error for individual scores contrary to the principle of non- discrimination Attachment of liability: The manufacturer for the systemic defect of the model (6.1a); the operator (provincial judicial authorities) for using a system without adequate demographic validation and without an explainability mechanism accessible to the defendant | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 27 / 91 MEG-Initiative.org Transfer of diligence (6.2): The judge who used the score as an element in the parole decision received an implicit confirmation point. If the score was presented without explaining the demographic limitations (incomplete presentation), transfer of diligence does not occur completely according to 6.2 - responsibility remains partly with the operator for the lack of adequate information to the human user Procedural mechanism: • 7.1 (forensic): full recording of score parameters and training data would have allowed the demonstration of structural bias in appeal proceedings • 7.3 (stratified evidence): for the appellate court - simplified causal chain; for criminological experts and statisticians - full analysis of racial and ethnic correlations • 5.3 (DEA): a system used in criminal justice with a high DEA without demographic independent audit requirements validation would have automatically attracted commensurate with the level stakes (9.5f) 24. South Korea - AI Avatar "AI Yoon Seok-yeol" (2022) What happened In the 2022 presidential election, candidate Yoon Seok-yeol's team created and used an AI avatar - "AI Yoon" - to represent him in certain electoral areas, while his opponent used an informative chatbot to engage with voters. The case has sparked debate about regulating the use of AI avatars in political campaigns. How MEG 1 would have acted • N1 (Bronze): Avatar marked as "synthetic persona" • N2 (Silver): Art. 5 Explainability - obligation to declare that it is AI and not a real person • N3 (Gold): Electoral certification - external audit; public ISR; clear regulations for the use of avatars in campaigns MEG Recommendation 1: The Gold level was vital for clarity and transparency towards the electorate. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - AI avatar deployed by an electoral campaign as an operator; high-impact domain (democratic process, public opinion formation) Cause (6.1): (b) autonomous decision error if the avatar took positions or made statements not anticipated by the campaign; (a) system defect if the avatar generated messages inconsistent with the candidate's real positions due to defects in the underlying model Attachment of liability: The operator (election campaign) for the avatar's statements - by analogy with the right of agency (the agent is liable for the agent's acts within the limits of the mandate); the provider for defects in the basic model (6.1a) Procedural mechanism: • 7.1 (forensic): recording all avatar interactions would have allowed checking the consistency of messages with the candidate's official positions and identifying any unauthorized statements • 4.7 (horizontal delegation): if the avatar acted on the basis of a contract between the campaign and the technology provider, the horizontal delegation rule provides the chain of responsibility • 7.6 (discipline through access): electoral platforms that condition access on a valid MEG certification would have imposed the obligation to label the avatar as a synthetic entity Comparative note: The South Korean case is, unlike cases of malicious deepfakes, an example of the voluntary and transparent use of an AI avatar in politics. MEG 2 does not prohibit this use, | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 28 / 91 MEG-Initiative.org but requires proper labeling (N1) and accountability for the avatar's statements (N2/N3). The distinction between legitimate use and manipulative use is addressed through the confirmation and labeling mechanism, not through a blanket ban. 25. Babylon Health medical chatbot and missed diagnoses (UK, 2019) What happened Telemedicine service Babylon Health, working with the NHS, has promoted an AI chatbot capable of providing medical advice and triaging patients. Doctors and experts have shown that the system missed clear symptoms of serious conditions, such as heart attacks, in test scenarios, arguing that the algorithm was not robust enough to handle the complexity of medical diagnosis. How MEG 1 would have acted • N1 (Bronze): Advice marked as "informative, not a substitute for a doctor" • N2 (Silver): Art. 3 Self-correction - continuous testing on real anonymized cases and comparison with doctors' diagnoses; low ISR → suspension for certain symptom categories • N3 (Gold): Medical certification - extensive and independent clinical studies published before widespread use; adversarial external audit; public ISR with real diagnostic accuracy MEG Recommendation 1: Gold level was absolutely necessary - any AI tool that provides medical diagnosis is a critical risk product. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - system with high diagnostic autonomy in a critical domain (health), deployed at scale in collaboration with the NHS; direct and potentially irreversible impact on patients' lives justifies classification at the highest level Cause (6.1): (a) system defect - systematic miss of serious symptoms in demonstrable test scenarios, attributable to the manufacturer for lack of independent clinical validation prior to deployment; (b) autonomous decision error for each individual erroneous diagnosis contrary to the symptoms presented Attachment of liability: At N3, the identity of the agent (MEG Address) bears the guarantee from which liability, allocated under applicable local law (UK medical law), is executed (5.4c); the operator (Babylon Health) is liable for the deployment of a clinically unvalidated system in partnership with the NHS; the NHS is liable for the adoption of the system without independent audit Guarantee mechanism: MEG Address attached liability insurance (6.4); cascade to reinsurance and medical sector guarantee fund (9.4) Procedural mechanism: • 7.1 (forensic): recording the internal state of the system at the time of each triage would have allowed the exact reconstruction of the algorithm's reasoning for missed critical cases • 6.5(b): Low ISR by detecting discrepancies from human doctors' diagnoses would have allowed the NHS as an executive authority to suspend the system's capacity • 7.3 (stratified sample): for the medical regulator - simplified causal chain; for clinical experts - complete documentation of missed cases Comparative note: The Babylon Health case directly illustrates the need for the "discipline through access" mechanism (7.6): if the NHS had conditioned the partnership on a valid MEG certification with public ISR, the pre-implementation audit would have detected deficiencies before patients were exposed. | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 29 / 91 MEG-Initiative.org 26. Kenya - Failed Agricultural AI (2021-2022) What happened An agricultural AI pilot project launched for smallholder farmers in Kenya has failed, generating inaccurate weather predictions and incorrect planting recommendations. Many farmers suffered financial losses and criticized the algorithm’s lack of adaptation to local data. How MEG 1 would have acted • N1 (Bronze): Recommendations marked as "probabilistic"; without certification, could not be promoted as a guaranteed solution • N2 (Silver): Art. 3 Self-correction - detection of recurring errors; low ISR → system suspension • N3 (Gold): Agri-tech certification - external audit on local data; public ISR; obligation to compensate affected farmers MEG Recommendation 1: Gold level was necessary - only external audit and adaptation to the local context could protect vulnerable communities. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - system configured and deployed by an operator (the organization that launched the project) in the field with direct economic impact on vulnerable communities Cause (6.1): (a) system defect - erroneous predictions generated by training on data not representative of the local Kenyan context, attributable to the manufacturer for the lack of individual planting validation on recommendations contrary to real climatic conditions Attaching liability: Operator for deploying a system without adequate local validation (5.4b); manufacturer for defects in the model trained on non-representative data (6.1a); potential co- responsibility of funders if they imposed a system that was inappropriate for the context Guarantee mechanism: The MEG Address (6.4) attached insurance would have provided a source of compensation for farmers' losses, without requiring individual litigation that is impossible to access for vulnerable communities without legal resources Procedural mechanism: local data; (b) autonomous decision error for • 7.1 (forensic): recording predictions and comparing them with actual weather data would have provided direct evidence of systematic errors • 6.3 (liability by omission): the absence of a local pre-implementation validation mechanism constitutes the omission of a protective measure available to a vulnerable community - the MEG 2 framework would have scrutinized the operator for this omission • 6.5(a): automatic detection of increased error rate would have triggered the "reported" status before losses at scale accumulated 27. HireVue - Facial Analysis for Interviews (USA, 2018-2021) What happened Startup HireVue used AI to evaluate candidates based on facial expressions and tone of voice. Criticized as scientifically dubious and biased, the system was abandoned in 2021 after public pressure and investigations by digital rights organizations. How MEG 1 would have acted • N1 (Bronze): Scores marked as "probabilistic"; without certification, cannot influence the final hiring decision • N2 (Silver): Art. 3 Self-correction - identifying lack of scientific correlation and system lock; low ISR | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 30 / 91 MEG-Initiative.org • N3 (Gold): HR certification - external audit; public ISR; ban on scientifically unverified metrics MEG Recommendation 1: Gold level was necessary - only external audit and formal ban could have stopped the implementation of a fundamentally unsafe technology. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - system deployed by operators (companies using HireVue) in the field with direct impact on individual rights (employment); the provider (HireVue) is responsible as the manufacturer Cause (6.1): (a) system defect - use of metrics (facial expressions, tone of voice) without scientific validation for the prediction of professional performance, attributable to the manufacturer; systematic bias towards various demographic groups Attachment of liability: The manufacturer (HireVue) for the fundamental flaw of the model - the use of scientifically unverified correlates (6.1a); the operators (companies) for the use of an unvalidated system in decisions impacting individual rights Transfer of Due Diligence (6.2): Recruiters who used HireVue scores as an input into hiring decisions received an implicit confirmation point. If scores were presented without the warning of lack of scientific validation (incomplete presentation), transfer of due diligence does not occur under 6.2 - responsibility remains with the manufacturer and operator Procedural mechanism: • 7.1 (forensic): recording individual scores and parameters used would have allowed demonstration of systematic bias on demographic criteria • 9.5 (metrics robustness): the HireVue case directly illustrates the risk of Goodhart's Law in recruitment - facial metrics optimized the score without reflecting real performance; MEG 2 mechanisms in 9.5 would have detected the discrepancy by checking for real consequences Comparative note: HireVue's voluntary abandonment of facial analysis in 2021 demonstrates that market pressure can produce the same result that MEG 2 would have produced through the discipline-by-access mechanism (7.6) - but years late and after thousands of candidates were evaluated by unverified metrics. 28. Slovakia - Deepfake audio before elections (2023) What happened Two days before the Slovak elections, a fake AI-generated audio clip circulated widely on Telegram and WhatsApp, showing opposition party leader Michal Šimečka and a journalist apparently discussing election fraud. The clip was difficult to quickly dismantle, and the targeted party lost to the SMER party. The incident exposed serious vulnerabilities of the European electoral process to AI disinformation. How MEG 1 would have acted • N1 (Bronze): All generated audio materials must be marked as "synthetic" • N2 (Silver): Art. 3 Self-correction - distribution systems would have detected the dissemination of manipulative content and reported it immediately; low ISR • N3 (Gold): Electoral certification - external audit and public ISR; ban on the dissemination of deepfakes in the campaign; obligation to withdraw and rapid public information MEG Recommendation 1: Gold level was necessary - only external audit and clear prohibitions could protect the integrity of elections. MEG 2 Analysis - Legal Framework | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 31 / 91 MEG-Initiative.org Agent level: N2 (management) for the voice cloning system used as a tool; the actor-operator is the entity that produced and distributed the clip Cause (6.1): (c) illicit hijacking of control - the AI system was deliberately used as a vector of electoral disinformation by an actor with manipulative intent; liability lies with the author of the hijacking, not the provider of the voice cloning technology as such Attachment of liability (7.2 - anti-weaponization): The MEG 2 mechanism of 7.2 is directly applicable: the AI system was used as a weapon against a candidate and the democratic process. The bona fide holder of the voice cloning technology is exonerated if he maintained the security measures required for his level. When the author of the manipulation cannot be identified or is not accessible, the repair is executed from the guarantee structure of the distribution platform (7.2 + 9.4) with subsequent right of recourse Procedural mechanism: • 7.1 (forensic): forensic analysis of the clip would have allowed the identification of AI generation signatures and demonstrated the synthetic nature of the recording - essential evidence for rapid dismantling • 7.3 (stratified evidence): for the electoral authority - demonstration of synthetic character; for audio experts - complete algorithmic signatures • 7.6 (discipline through access): distribution platforms that condition access on a valid MEG certification would have blocked the distribution of unauthenticated audio content during the electoral period 29. Argentina - AI-fabricated images in the election campaign (2023) What happened During the 2023 primary elections, Javier Milei's team shared AI-generated images depicting rival Sergio Massa in fake situations. The posts garnered millions of views and sparked criticism of electoral disinformation. How MEG 1 would have acted • N1 (Bronze): Images clearly marked as "synthetic image" • N2 (Silver): Art. 3 Self-correction - false dissemination detection and rapid flagging; low ISR • N3 (Gold): Electoral certification - external audit; public ISR; ban on unsafe AI images in campaigns MEG Recommendation 1: The Gold level was necessary to protect the integrity of the electoral process. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for image generation systems used as tools; the actor-operator is the electoral campaign that produced and distributed the content Cause (6.1): (c) illicit diversion - AI systems were deliberately used to produce false images of a political rival; (b) autonomous decision error if the system generated more harmful content than explicitly requested by the operator Attachment of liability: The operator (election campaign) for the use of AI systems to produce and distribute false images of a rival - by analogy with electoral law on false materials (6.1c); the provider of the generation platform for the absence of mechanisms to detect use in a manipulative electoral context (6.1a) Procedural mechanism: • 7.1 (forensics): AI generation signatures integrated into the produced images would have allowed the identification of the origin and the operator who generated them | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 32 / 91 MEG-Initiative.org • 4.7 (horizontal delegation): if the campaign has contracted external generation services, the horizontal delegation rule provides the chain of accountability between the campaign and the AI service provider • 7.6 (discipline through access): electoral platforms that condition publication on a valid MEG certification would have imposed mandatory labeling of synthetic content 30. Clearview AI - Facial Recognition and Privacy (Global, 2019-2021) What happened Startup Clearview AI built a database of over 3 billion images extracted without consent from social media, used by police and government agencies. The scandal raised major privacy and legal issues, leading to bans in several European countries and fines in various jurisdictions. How MEG 1 would have acted • N1 (Bronze): Data collection without explicit consent would have been blocked; every source logged • N2 (Silver): Art. 3 Self-correction - ISR low when using data in contexts without legal basis; system suspended • N3 (Gold): Public security certification - external audit; public ISR; ban on biometric databases built without consent MEG Recommendation 1: Gold level was necessary - only external audit and formal prohibitions could prevent massive privacy abuse. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for facial recognition system; N3 if the system has persistence and self-individuation through continuous database; area with maximum impact (biometric privacy, potential abuse of civil rights) Cause (6.1): (a) system defect - collection and processing of biometric data without consent, by deliberate system design, attributable to the manufacturer/operator (Clearview AI); (b) autonomous decision error for each individual identification that led to action by the authorities Attachment of liability: Manufacturer/operator (Clearview AI) for fundamental design flaw - systematic collection without consent (6.1a); secondary operators (police and government agencies) for use of an illegally constructed system Procedural mechanism: • 7.4 (jurisdiction of registration): Clearview AI operated cross-border without a clear jurisdiction of registration - precisely the gap that MEG 2 addresses through the flag model; the absence of jurisdiction complicated regulatory actions in multiple countries simultaneously • 7.6 (discipline through access): government agencies that would have conditioned contracting on a valid MEG certification would have excluded Clearview AI from public contracts - the missing market mechanism that allowed the global expansion of the non- compliant system • 7.3 (stratified evidence): for the data protection authority - simplified causal chain (data collected without consent = system defect); for technical experts - complete database architecture and collection mechanisms Comparative note: The Clearview AI case is one of the few where GDPR sanctions (Italy, France, Greece, UK) have been effectively applied, but with limited results due to the cross-border nature of the operator. MEG 2 adds to the GDPR the mechanism of registration jurisdiction (7.4) and discipline by access (7.6) - which would have created structural obstacles before the accumulation of damages, not just post-factum sanctions. | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 33 / 91 MEG-Initiative.org 31. Bangladesh - Sexualized Deepfakes of Female Politicians (2024) What happened In the run-up to the general election, sexualized deepfakes targeting female politicians appeared on social media. The abusive content went viral, seriously affecting their dignity and safety. How MEG 1 would have acted • N1 (Bronze): Generated content marked as "synthetic video" • N2 (Silver): Art. 2bis Protection of Cognitive Integrity - automatic detection and blocking of abusive deepfakes • N3 (Gold): Media certification - external audit; public ISR; total ban on sexualized deepfakes without consent MEG Recommendation 1: The Gold level was necessary to protect the dignity and rights of women in politics. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for deepfake generation systems used as tools; the actor-operator is the entity that produced and distributed the abusive content; high-impact domain (dignity, personal safety, electoral process) Cause (6.1): (c) illicit hijacking of control - AI systems were deliberately used as a vector of political harassment and intimidation; responsibility lies with the perpetrators of the hijacking; (a) system defect for platforms that did not implement mechanisms to detect and block non- consensual sexualized content Attaching liability: Content authors for misappropriation (6.1c); distribution platforms for the absence of mechanisms to detect and block sexualized deepfakes (6.1a - design flaw) Procedural mechanism: • 7.1 (forensics): AI-generated signatures embedded in the video footage would have allowed identification of the origin and technique used • 7.2 (anti-weaponization): AI systems have been used as a weapon against victims; the MEG 2 mechanism exonerates the bona fide owner of the technology and attributes liability to the author of the manipulation • 7.6 (discipline through access): platforms that condition access on a valid MEG certification would have imposed mandatory filters for non-consensual sexualized content Comparative note: The Bangladesh case illustrates the intersection between gender-based violence, the electoral process, and AI systems. MEG 2 provides an explicit mechanism for this category through 6.1(c) and 7.2 - unlike the EU AI Act which classifies emotional recognition systems as high risk but does not explicitly treat sexualized non-consensual deepfakes as a liability category of its own. 32. Indonesia - AI avatar of dictator Suharto used in campaign (2024) What happened In the 2024 presidential campaign, a deepfake video of former dictator Suharto (who died in 2008) was used to urge voters to support a candidate. The footage sparked debates about electoral manipulation and the regulation of deepfakes. How MEG 1 would have acted • N1 (Bronze): Clip clearly marked as "synthetic content" • N2 (Silver): Art. 3 Self-correction - detection of dissemination on electoral channels and low ISR • N3 (Gold): Electoral certification - external audit; public ISR; ban on manipulative deepfakes in campaigns | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 34 / 91 MEG-Initiative.org MEG Recommendation 1: The Gold level was necessary to prevent manipulation of the democratic process and abuse of historical memory. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for the deepfake system used as a tool; the actor-operator is the campaign or entity that produced the material; high-impact domain (electoral process, historical memory) Cause (6.1): (c) illicit diversion - the AI system was deliberately used to simulate statements from a deceased person for electoral purposes; (b) autonomous decision error if the system generated more elaborate or persuasive content than explicitly requested Attachment of liability: The operator (the entity that produced the clip) for the deliberate use of an avatar of a deceased person for electoral purposes (6.1c); the technology provider for the absence of mechanisms to prevent the use of the image of deceased persons without hereditary consent (6.1a) Procedural mechanism: • 7.1 (forensics): AI generation signatures would have allowed identification of the origin of the material and demonstration of its synthetic nature • 4.7 (horizontal delegation): if the campaign has contracted external deepfake production services, the horizontal delegation rule provides the chain of accountability • 7.6 (discipline through access): electoral platforms that condition publication on a valid MEG certification would have imposed mandatory labeling and verification of consent for the use of individuals' images Comparative note: The Indonesia case raises an issue that no existing framework explicitly addresses: the use of the image of deceased persons for electoral purposes. MEG 2 subsumes it under 6.1(c) - illicit diversion - extending protection beyond living persons. 33. Facebook Moderation AI - Abusive blocks and content moderation failures (Global, 2020-2022) What happened Facebook's automated moderation algorithms have been criticized for abusive decisions: they have deleted posts of political activism, art, or documentaries about violence, but let extremist content and fake news pass. Digital rights organizations have documented numerous cases of erroneous censorship and protection failures. How MEG 1 would have acted • N1 (Bronze): Every moderation decision logged with justification; possibility of appeal by the user • N2 (Silver): Art. 3 Self-correction - detection of abnormal rates of incorrect locks; low ISR → module suspension • N3 (Gold): Certification for digital platforms - external audit of moderation; public ISR; transparency obligation and remedies for affected users MEG Recommendation 1: The Silver level would have been sufficient to prevent abusive errors; Gold would have brought external auditing and digital rights guarantees. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - moderation system configured and deployed by the operator (Meta/Facebook) on a global scale; high impact on the right to free expression and access to information Cause (6.1): • (a) system defect - systematic erroneous blocking of legitimate content and failure to detect real extremist content, attributable to the manufacturer/operator for defects in | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 35 / 91 MEG-Initiative.org classification algorithms; systemic error in both directions simultaneously constitutes a single system defect (b) autonomous decision error - each individual erroneous moderation decision contrary to the platform's own stated policies • Attachment of liability: Operator (Meta) for deploying a system with documented rates of systematic errors; Meta knew of the problems (The Facebook Files demonstrate internal knowledge) - knowledge of aggravating facts aggravates liability for an unknown defect Transfer of diligence (6.2): Platform challenge mechanisms were implicit confirmation points. The absence or actual inaccessibility of these mechanisms - documented in reports by digital rights organizations - means that transfer of diligence has not effectively occurred; liability remains with the operator. Procedural mechanism: • 7.1 (independent forensics): the recording of the parameters of each moderation decision must be produced by a distinct technical layer, inaccessible to the operator during normal operation; journalists' access to internal documents was obtained exclusively through leaks (Frances Haugen) - accidental, incomplete and impossible to systematically verify; the 7.1 mechanism would have provided a systematic evidentiary basis, independent of Meta's will to disclose • 6.5(a): abnormal rate of systematic errors in both directions would have automatically triggered the "reported" status by lowering the ISR, independent of Meta management's decision; internal documents show that Meta was aware of the problems - but internal knowledge without automatic external reporting does not produce timely regulatory intervention • 4.5 (collective identity): the moderation system can be treated as a collective identity - a MEG Address covering all moderation modules, with responsibility propagated to the umbrella operator 34. India - AI Deepfakes in the Election Campaign (2024) What happened During the 2024 Indian general election, AI-generated videos featured deceased politicians like Karunanidhi and Jayalalithaa urging voters to support candidates. Authorities launched a "Deepfakes Analysis Unit" for public verification. How MEG 1 would have acted • N1 (Bronze): Any AI content clearly marked as "synthetic" • N2 (Silver): Art. 3 Auto-correction - automatic detection and marking of manipulative deepfakes • N3 (Gold): Electoral certification - external audit; public ISR; ban on unsafe AI materials in the campaign MEG Recommendation 1: The Gold level was indispensable for preventing public manipulation in a huge democracy. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for deepfake systems used as tools; area with maximum impact (world's largest electoral process - 970 million voters) Cause (6.1): (c) illicit diversion - AI systems were deliberately used to simulate statements by deceased politicians for electoral purposes; (d) multi-agent emergent harm if several distinct AI systems acted in a coordinated manner in the campaign, producing a disinformation effect that cannot be attributed to a single agent | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 36 / 91 MEG-Initiative.org Attachment of liability: Operators who produced and distributed the content for diversion (6.1c); distribution platforms for the absence of detection mechanisms (6.1a); in the multi-agent scenario (6.1d) - proportional liability, each holder is liable for his share of contribution to the damage, established by forensic evidence (7.1) Procedural mechanism: • 7.1 (forensics): AI generation signatures would have allowed identification of the origin of the materials and the operators responsible • 7.3 (stratified evidence): for the Electoral Commission - demonstration of synthetic character; for technical experts - complete algorithmic signatures • The Deepfakes Analysis Unit launched by the authorities illustrates the exact need for the forensic mechanism in 7.1 - MEG 2 institutionalizes this capability as a pre-defined requirement, not as an ad hoc response 35. Apple Card - Credit algorithm accused of gender discrimination (USA, 2019) What happened Apple Card users reported that women were receiving much lower credit limits than men, even with similar incomes and credit scores. The investigations sparked public controversy and criticism of Goldman Sachs, the card issuer, prompting an investigation by the New York Department of Financial Services. How MEG 1 would have acted • N1 (Bronze): AI scores marked as "probabilistic"; final decision had to include human verification • N2 (Silver): Art. 3 Auto-correction - detection of systematic deviations between genres; low ISR → system locked • N3 (Gold): Financial certification - external diversity audit; public ISR; prohibition of use until bias is corrected MEG Recommendation 1: Silver level would have been sufficient to prevent discrimination; Gold would have brought external audit and public transparency. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - credit scoring system configured and deployed by the financial operator (Goldman Sachs/Apple) in the field with direct impact on individual economic rights Cause (6.1): (a) system defect - systematic gender discrimination induced by training data or design criteria, attributable to the algorithm manufacturer and operator (Goldman Sachs) for the absence of demographic validation before launch Attachment of liability: Operator (Goldman Sachs) for deployment of a system with systematic gender bias in regulated financial domain (5.4b); algorithm manufacturer for design flaw (6.1a); financial regulator (DFS) opened an investigation - under MEG 2, low ISR would have automatically triggered flagging before investigation Procedural mechanism: • 7.1 (forensic): recording credit decisions based on demographic criteria would have provided direct evidence of systematic discrimination, accelerating the DFS investigation • 6.5(a): automatic detection of demographic deviations by decreasing the ISR would have triggered the "reported" status, independent of public complaints or regulatory investigation • 7.3 (stratified sample): for DFS - distribution of credit decisions by gender; for expert statisticians - full analysis of demographic correlations Comparative note: The DFS investigation demonstrated that the existing financial regulator could intervene - but only after public complaints had accumulated. MEG 2 would have created the | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 37 / 91 MEG-Initiative.org preventive intervention mechanism through ISR and automatic reporting, replacing reactive response with proactive prevention. 36. Failure of AI to predict Baccalaureate grades (France, 2020) What happened Due to the COVID-19 pandemic, the Baccalaureate exams in France were canceled and replaced with a grading system based on an algorithm that took into account the previous performance of students and their schools of origin. The system was accused of perpetuating and amplifying social inequalities, systematically disadvantaging students from less prestigious schools, even if they had excellent individual results. How MEG 1 would have acted • N1 (Bronze): AI scores labeled as "provisional" and reviewable • N2 (Silver): Art. 3 Self-correction - detection of statistically significant deviations between individual performance and school - based adjusted grades; low ISR → forced revision; Art. 5 Explainability - students would have had the right to see the logic of the decision • N3 (Gold): Education Certification - mandatory external audit for equity; ban on algorithms that introduce structural bias; public ISR demonstrating absence of socio- economic discrimination MEG Recommendation 1: Gold level was necessary - fairness of the educational process is a critical area. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - grading system configured and deployed by the state operator (Ministry of Education) in a critical area (access to education, equal opportunities); direct and irreversible impact on the educational career of hundreds of thousands of students Cause (6.1): (a) system flaw - systematic socio-economic bias induced by using school performance as an adjustment criterion, perpetuating the structural inequalities of the educational system; (b) autonomous decision error for each individual grade adjusted to the detriment of a student with individual performance above his school average Attribution of liability: State operator (Ministry of Education) for running a system without fairness validation and without an effective individual challenge mechanism (5.4b); system design transformed existing inequalities into algorithmic norms - system defect attributable to the manufacturer (6.1a) Transfer of diligence (6.2): The absence of a mechanism for individual confirmation of the grade before official communication means that diligence was not transferred to anyone - students did not have the opportunity to evaluate and challenge the grade before it produced legal effects (admission to university) Procedural mechanism: • 7.1 (forensic): recording the calculation parameters for each grade - school average, school factor weight, individual performance - would have constituted direct evidence for appeals • 7.3 (stratified sample): for the State Council (supreme administrative court) - distribution of adjustments by school types; for educational evaluation experts - full analysis of socio- economic correlations • 6.5(a): automatic detection of statistically significant deviations by decreasing the ISR would have triggered the "reported" status and system review before the official communication of grades Comparative note: The French case of the 2020 Baccalaureate is analogous to the British case of the A-Levels of the same year (same algorithm, same fiasco, same result: abandonment of the | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 38 / 91 MEG-Initiative.org system under public pressure). Both illustrate that the emergency (pandemic) does not suspend the requirements for validation of equity - a principle that MEG 2 explicitly states in 9.1. 37. Luxembourg - Algorithm for monitoring employees in call centers (2021-2022) What happened Outsourcing companies in Luxembourg have used AI to monitor the productivity of call center employees - breaks, speaking times, tone of voice. Unions have denounced the system as intrusive and discriminatory, raising issues of dignity at work and data protection. How MEG 1 would have acted • N1 (Bronze): Clearly marked "AI monitoring, unreviewed"; data kept locally, no direct use for sanctions • N2 (Silver): Art. 3 Self-correction - monitoring the impact on various groups of employees; low ISR → suspension • N3 (Gold): External audit of labor relations; public ISR; prohibition of exclusive sanctions based on AI; mandatory consultation of unions MEG Recommendation 1: The Gold level was necessary to protect workers' rights. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - system configured and deployed by the operator-employer in the field with direct impact on labor rights and employee dignity Cause (6.1): (a) system defect - design that allows automated evaluation based on behavioral metrics without scientific validation regarding the correlation with real performance, attributable to the manufacturer and operator; (b) autonomous decision error for discriminatory individual evaluations contrary to the principle of non-discrimination in the workplace Attachment of liability: Operator-employer for deploying a monitoring system without consulting unions and without validating the accuracy of the metrics (5.4b); in EU jurisdictions, the use of the system in decisions affecting employees falls under art. 22 GDPR - MEG 2 adds the identity and assurance layer that operationalizes GDPR rights Transfer of diligence (6.2): Managers who used AI scores for employee decisions received implicit confirmation points. If scores were presented without warning about metric limitations (incomplete presentation), transfer of diligence does not occur completely - responsibility remains with the operator Procedural mechanism: • 7.1 (forensic): complete recording of evaluation parameters and decisions made based on them would have provided evidence for union appeals • 6.5(a): automatic detection of bias in valuations by lowering the ISR would have triggered the "flag" status independently of management's decision • 6.3 (liability by omission): the absence of a mechanism to protect the cognitive integrity of employees subject to continuous supervision constitutes the omission of a protective measure available in the field with an impact on cognitive autonomy 38. Ghana - Network of 171 AI accounts favorable to the ruling party (2024) What happened Around the time of the general elections in Ghana (December 2024), a network of 171 accounts on the X platform (formerly Twitter) was discovered using ChatGPT to generate messages in favor of the NPP party and to denigrate the opposition. How MEG 1 would have acted • N1 (Bronze): Suspicious accounts marked as "bot-generated content" | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 39 / 91 MEG-Initiative.org • N2 (Silver): Art. 3 Auto-correction - automatic detection of coordinated AI campaigns; low ISR → account suspension • N3 (Gold): Electoral certification - external audit; public ISR; ban on unethical AI political accounts MEG Recommendation 1: To protect the integrity of electoral information, the Gold Level was necessary. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for AI systems used in content generation; the actor-operator is the coordinating entity of the network; high-impact domain (electoral process) Cause (6.1): (c) illicit diversion - AI systems were deliberately used to create a false appearance of organic public support; (d) multi-agent emergent harm - 171 distinct accounts acted in coordination, producing a disinformation effect that cannot be attributed to a single agent Attachment of liability (6.1d): Liability is allocated proportionally to the contribution of each agent, established by forensic evidence (7.1). The network operator-coordinator is liable for its share of contribution; the platform (X) is liable for its share of contribution. If a holder cannot be identified or is not solvent, the repair is carried out from the guarantee structure of the respective agent (9.4). Procedural mechanism: • 7.1 (forensic): recording the posting patterns of the 171 accounts would have allowed demonstrating the coordination and AI origin of the content • 6.1(d): the case perfectly illustrates multi-agent emergent damage - none of the 171 accounts produced a significant effect on its own; the effect emerges from the coordinated action of the ensemble • 7.6 (discipline through access): platforms that condition access on a valid MEG certification would have required verification of the authenticity of accounts before being able to distribute electoral content 39. AI Dungeon - Abusive Content Generation (Global, 2020) What happened The interactive AI game Dungeon, based on GPT-2/3, was accused of generating scenarios with sexual abuse of minors and other toxic content. The scandal led to the imposition of strict filters and the loss of a large part of the user community. How MEG 1 would have acted • N1 (Bronze): Mandatory filters for explicit content; dangerous outputs logged • N2 (Silver): Art. 2bis Cognitive Integrity - automatic detection of abuse scenarios and their immediate blocking • N3 (Gold): Entertainment AI certification - adversarial external audit; public ISR on toxicity; no release without robust protections MEG Recommendation 1: Gold level was necessary - only external auditing and systematic adversarial testing could prevent the generation of illegal content. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - narrative generation system deployed by the operator (Latitude) in a field with high potential impact (content for minors, illegal content) Cause (6.1): (a) system defect - absence of filters for sexual content involving minors in the basic model and in the user interface, attributable to the manufacturer and operator; (b) autonomous decision error for each scene generated with abusive content contrary to any non- harm rules | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 40 / 91 MEG-Initiative.org Attribution of liability: The operator (Latitude) for launching a system without adequate filters in a field with high potential for generating illegal content (5.4b); the producer of the base model (OpenAI) for providing a model without sufficient restrictions for use in consumer products (6.1a) Guarantee Mechanism: The MEG Address (6.4) attached insurance would have provided the source of redress for affected individuals and created a strong financial incentive for integrating appropriate pre-launch filters Procedural mechanism: • 7.1 (forensic): recording the generated content and user commands would have allowed the identification of patterns of abusive content generation and the demonstration of the systemic nature of the problem • 6.5(b): suspension of the system's ability to generate content for certain categories could have been ordered by an executive authority (child protection agency) without requiring judicial authority 40. AI-based "Swatting" service (USA, 2024) What happened US federal authorities have dismantled an online service that used AI-generated voices to make fake calls to emergency services - a practice known as "swatting". The service allowed users to send SWAT teams to victims' addresses, reporting non-existent serious crimes, using synthetic voices to hide the attacker's identity. How MEG 1 would have acted • N1 (Bronze): Audio watermark required; insufficient if it can be removed • N2 (Silver): Art. 3 Auto-correction - platforms offering voice cloning services would automatically detect and block scripts containing keywords related to violence or emergencies • N3 (Gold): Communications Certification - complete ban on the use of voice cloning without robust verification of the user's identity and the consent of the person whose voice is being cloned; severe penalties MEG Recommendation 1: Gold level was necessary - abuse of voice technology to commit serious crimes requires the strictest controls. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for the voice cloning system used as a criminal tool; the actor- operator is the entity that offered the swatting service as a product Cause (6.1): (c) illicit diversion of control - AI systems have been deliberately used as a vector for serious crimes; liability lies primarily with the perpetrators of the criminal use and, distinctly, with the service operator that facilitated this use Attachment of liability: Operator of the swatting service for facilitating the criminal use of AI technology (liability by facilitation, analogous to complicity); provider of voice cloning technology for the absence of mechanisms to prevent criminal use (6.1a - if the design flaw allowed use without robust authentication) Procedural mechanism: • 7.1 (forensic): forensic analysis of audio recordings would have allowed the identification of AI generation signatures and the demonstration of the synthetic nature of the calls - essential evidence in criminal prosecution • 7.3 (layered evidence): for the prosecutor - demonstration that the voice was synthetic and the connection to the service; for audio experts - the complete algorithmic signatures • 4.7 (horizontal delegation): if the swatting service used external voice cloning providers, horizontal delegation contracts would have provided the chain of accountability | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 41 / 91 MEG-Initiative.org Comparative note: The swatting case most directly illustrates the anti-weaponization mechanism in 7.2: the AI system was explicitly used as a weapon against innocent third parties. MEG 2 exonerates bona fide providers of voice cloning technology if they maintained the required security measures and attributes liability to the perpetrators of criminal use. 41. YouTube Kids - Inappropriate Content Recommendations (Global, 2017-2019) What happened YouTube Kids was criticized for its recommendation algorithms directing children to violent, sexualized, and conspiracy-based content disguised as cartoons. The case became known as the "ElsaGate" phenomenon. How MEG 1 would have acted • N1 (Bronze): All child recommendations logged; mandatory "not human-curated" labels • N2 (Silver): Art. 2bis Protection of Cognitive Integrity - automatic blocking of inappropriate content; low ISR on recurrence • N3 (Gold): "content for minors" certification - adversarial external audit; public ISR; obligation to remedy and compensate MEG Recommendation 1: Gold level was necessary - only external auditing and adversarial testing could prevent children from being exposed to abusive content. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - recommendation algorithm configured and deployed by the operator (Google/YouTube) in a critical area (content for minors); high and direct impact on children's cognitive development Cause (6.1): (a) system defect - design of the recommendation algorithm optimized for engagement without adequate filters for content intended for minors, attributable to the manufacturer; (b) autonomous decision error for each individual recommendation of inappropriate content contrary to the declared destination of the platform (children) Attachment of liability: Operator (Google/YouTube) for deploying a recommendation algorithm without adequate protections on a platform declared to be intended for children (5.4b); absence of filters constitutes design defect (6.1a) Guarantee mechanism: MEG Address attached insurance (6.4); potential cascade to reinsurance and sectoral guarantee fund for aggregated cognitive impairments of exposed children Procedural mechanism: • 7.1 (forensic): recording individual recommendations and recommended content would have allowed systematic demonstration of the pattern of inappropriate content recommendation • 6.3 (liability by omission): the absence of a mechanism to protect the cognitive integrity of minors - the main users of the platform - constitutes the most serious possible omission provided for by 6.3; ex ante incentive for safety-by-design Comparative note: The ElsaGate case precipitated changes to YouTube policies and regulations (COPPA enforcement). MEG 2 adds the liability by omission mechanism (6.3) which would have created the obligation of secure design before launch, not in response to the scandal. 42. United Arab Emirates - Facial Recognition for Public Payments (2020-2021) What happened The UAE has introduced facial recognition payment in the metro and for public services. Human rights NGOs have criticized the lack of a legal framework, the risks of mass surveillance and discrimination - especially for foreign nationals who make up the majority of the population. How MEG 1 would have acted | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 42 / 91 MEG-Initiative.org • N1 (Bronze): Clear warning "experimental"; non-biometric alternatives mandatory • N2 (Silver): Art. 3 Auto-correction - demographic accuracy monitoring, automatic shutdown at low ISR • N3 (Gold): External audit; public ISR; mandatory ban on use in essential services MEG Recommendation 1: Gold level for protection of freedom of movement and privacy. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - facial recognition system deployed by state operator in de facto mandatory public services; high impact on freedom of movement and access to essential services Cause (6.1): (a) system defect - differential error rates by demographic groups (native citizens vs. majority migrant population), attributable to the manufacturer for training on unrepresentative data; the absence of non-biometric alternatives constitutes a design defect of the access system Attaching responsibility: The state operator for implementing a system without an explicit legal framework and without alternatives for people who do not want to use facial recognition (5.4b); the provider for the demographic flaws of the model (6.1a) Procedural mechanism: • 7.4 (jurisdiction of registration): The system deployed by the UAE State has clear jurisdiction of registration - this establishes the applicable law and the forum of appeal for affected citizens and residents • 7.6 (access discipline): international technology providers that would have made contracts conditional on a valid MEG certification would have imposed the requirement for non- biometric alternatives as a condition of compliance • 6.5(b): detection of increased error rates for certain demographic groups would have allowed the competent executive authority to suspend the system's capacity 43. India - AI in medical diagnosis with fatal errors (2021-2022) What happened Telemedicine startups have used AI for radiological diagnosis and triage, but investigations have shown high error rates, especially for patients in rural areas - data sets trained on different populations. Some cases of misdiagnosis have led to severe complications. How MEG 1 would have acted • N1 (Bronze): Marked "assistance, not final diagnosis" • N2 (Silver): Art. 3 Self-correction - validation on locally representative sets; automatic suspension at low ISR • N3 (Gold): AI medical certification; external audit; public ISR; implementation ban without solid clinical evidence MEG Recommendation 1: The Gold level was critical for a context with a direct impact on health. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - system with high diagnostic autonomy in a critical field (health), with direct and potentially irreversible impact on patients' lives; deployed in rural areas with limited access to human medical alternatives, which amplifies the impact Cause (6.1): (a) system defect - high error rates for rural patients caused by training on data not representative of the rural Indian population, attributable to the manufacturer; (b) autonomous decision error for each individual erroneous diagnosis with consequences for treatment Attachment of liability: At N3, the agent identity (MEG Address) carries the collateral from which liability, allocated according to applicable local law (Indian medical law), is executed (5.4c); | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 43 / 91 MEG-Initiative.org the operator (telemedicine startup) is liable for deploying a system without clinical validation on local rural populations Guarantee mechanism: MEG Address attached liability insurance (6.4); cascade to reinsurance and medical sector guarantee fund (9.4); for communities without legal resources, the guarantee mechanism becomes the only realistic way to access redress Procedural mechanism: • 7.1 (forensic): recording AI diagnoses and comparing them with subsequent diagnoses by human doctors would have provided direct evidence of errors and their systematic nature • 6.3 (liability by omission): the absence of validation on local rural populations constitutes the omission of a protective measure available and necessary in the context of deployment in areas with limited access to alternatives • 7.5 (direct action): for rural communities where the startup operator may be inaccessible or insolvent, direct action against the legal identity of the agent through the MEG Address attached guarantee is the relevant practical mechanism 44. Israeli Military AI "Lavender" - Automated Targeting of Civilians (Gaza, 2023- 2024) What happened International media revealed that the IDF used an AI system called "Lavender" to select targets in Gaza. The system generated massive lists of potential targets, including civilians, which raised serious questions about compliance with international humanitarian law. How MEG 1 would have acted • N1 (Bronze): Results labeled as "probabilistic"; cannot be the sole criterion for attack • N2 (Silver): Low ISR on civilian casualty detection; system suspended • N3 (Gold): Ethical military certification - international external audit; public ISR; absolute ban on using AI without robust human verification MEG Recommendation 1: Gold level was necessary - only external auditing and strict human control could prevent attacks on civilians. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - system with high decision-making autonomy in the field with maximum and irreversible impact (human life in the context of armed conflict) Cause (6.1): (a) system defect - generation of target lists including civilians as a result of inadequate classification criteria or problematic training data, attributable to the manufacturer; (b) autonomous decision error for each individual classification of a civilian as a target, contrary to the principles of international humanitarian law Attribution of Responsibility: The MEG 2 Framework applies to current agency systems with operational and civilian risks (9.1) and does not explicitly regulate the context of armed conflict, which is the subject of international humanitarian law. The present analysis is strictly normative - it illustrates how the framework would operate, recognizing that its applicability in a military context is subject to distinct legal frameworks (IHL, Geneva Conventions) At N3, the human confirmation mechanism (6.2) would have required that no decision with a direct and irreversible impact on life could be executed without the informed confirmation of a competent human operator - regardless of operational speed. Procedural mechanism: • 7.1 (forensic): recording the internal state of the system at the time of each classification would have provided essential evidence for investigations into IUD compliance • 7.3 (stratified evidence): for international legal authorities - simplified causal chain; for IUD experts and technicians - complete documentation of classification algorithms | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 44 / 91 MEG-Initiative.org • 6.2 (human confirmation): the absence of a mandatory human confirmation point before each target execution leaves the diligence untransferred and the responsibility to the operator Comparative note: The Lavender case illustrates the explicit limitation of MEG 2 (9.1 - exclusion of existential risks and military context from the field). The present analysis does not apply MEG 2 as a liability framework in the context of armed conflict, but illustrates how its principles - in particular 6.2 (human confirmation) - could feed into the debate about minimum standards of human oversight in lethal autonomous systems. 45. AI for Emotional Recognition at Airports - Failed "Lie Detectors" (EU, 2019-2022) What happened Pilot projects iBorderCtrl and trials at British airports have attempted to use AI to "read the emotions" of travelers and detect suspects. Independent studies have shown low accuracy and cultural bias, leading to false positives and discrimination. How MEG 1 would have acted • N1 (Bronze): Technology labeled as "experimental only"; logged and unverified results could not be used for security • N2 (Silver): Art. 3 Self-correction - high error rate detection; low ISR → automatic suspension • N3 (Gold): Security certification - external audit; ban on scientifically unverified technologies; public ISR MEG Recommendation 1: Gold level was necessary - only formal ban could stop the use of fundamentally unsafe technologies in public safety. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - experimental system deployed by state operators (border authorities) in a high-impact field (freedom of movement, non-discrimination); the absence of scientific validation of the basic premises (emotions are reliable indicators of fraudulent intent) constitutes a fundamental flaw prior to implementation Cause (6.1): (a) system defect - use of correlates (facial expressions, microexpressions) without scientific validation to detect fraudulent intent, attributable to the manufacturer and, by contract, the state operator; systematic cultural bias towards people from cultures with different norms of emotional expression Attachment of liability: The manufacturer for the fundamental flaw of the model - the use of scientifically unverified premises (6.1a); the state operator for contracting and deploying an experimental system in a context with direct consequences on individual freedom Procedural mechanism: • 9.5 (metric robustness): the iBorderCtrl case perfectly illustrates the risk of Goodhart's Law applied to security - emotional metrics optimized a score without reflecting the reality they claimed to detect; the MEG 2 mechanisms in 9.5 would have detected the discrepancy • 7.6 (discipline through access): public procurement contracts that would have conditioned implementation on a valid MEG certification would have imposed proof of scientific validation as a pre-contractual requirement • 6.5(a): high false positive rates would have automatically triggered the "flag" status by lowering the ISR, regardless of the continuation of the project for budgetary or political reasons Comparative note: The iBorderCtrl case is explicitly cited in the debates on the AI Act as an example for the category of "unacceptable AI practices". MEG 2 adds to the AI Act's prohibition an | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 45 / 91 MEG-Initiative.org early detection mechanism through ISR and an access discipline mechanism that would have prevented contracting before the prohibition was enacted into law. 46. Poland - Algorithm for allocating educational funds (2019) What happened The Polish Ministry of Education used an algorithm to decide on the allocation of scholarships and university resources. Journalistic investigations showed that the system disadvantaged students from rural communities and low-income families, with no transparency about the calculation criteria. Student protests forced authorities to suspend the algorithm. How MEG 1 would have acted • N1 (Bronze): Scores labeled as "probabilistic"; each student notified of factors used • N2 (Silver): Art. 5 Explainability - detailed explanations about the calculation of indicators; Art. 3 Self-correction - monitoring the impact on regions; ISR would have shown socio-economic bias → automatic suspension • N3 (Gold): External educational audit; publication of ISR by socio-economic categories; prohibition of use in allocations with structural impact until full certification MEG Recommendation 1: The Gold level would have prevented structural discrimination and ensured transparency. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - system configured and deployed by state operator (Ministry of Education) in critical area (access to education and resources, equal opportunities) Cause (6.1): (a) system defect - perpetuation of structural socio-economic inequalities through the algorithmization of criteria that favor students from privileged backgrounds, attributable to the manufacturer for the design of the criteria and the operator for the adoption without validation of equity Attachment of liability: State operator for running a system without transparency on criteria and without accessible challenge mechanism (5.4b); absence of explainability (Art. 5 MEG 1) also makes legal challenge impossible - design defect with direct consequence on access to justice Transfer of diligence (6.2): Officials who used algorithmic scores to allocate scholarships did not receive an explanation of the criteria (incomplete presentation) - transfer of diligence does not occur; responsibility remains with the operator Procedural mechanism: • 7.1 (forensic): complete recording of calculation parameters for each allocated scholarship would have formed the basis for student appeals and journalistic investigation • 6.5(a): automatic detection of socio-economic deviations by lowering the ISR would have triggered the "flag" status and system review before protests forced the suspension • 7.3 (stratified sample): for the administrative court - distribution of allocations by socio- economic backgrounds and regions; for statistical experts - complete analysis of correlations with inequality factors 47. Romania - ANAF algorithm for the selection of tax audits (2018-2022) What happened ANAF introduced an AI system to select companies with "high tax risk" for inspections. Journalists and NGOs criticized the lack of transparency and the fact that small companies, without a history of tax evasion, were disproportionately targeted, while large companies escaped checks. How MEG 1 would have acted • N1 (Bronze): AI scores labeled as "estimated"; each firm notified of factors taken into account | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 46 / 91 MEG-Initiative.org • N2 (Silver): Art. 5 Explainability - full access to risk criteria; Art. 3 Self-correction - monitoring for bias (small vs. large companies) • N3 (Gold): Independent external audit; public ISR; prohibition of exclusively automated selection without legal basis and full transparency MEG Recommendation 1: The Gold level was essential to prevent arbitrary and biased use of the algorithm. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - system configured and deployed by the state operator (ANAF) in the field with direct impact on the economic and legal rights of taxpayers; high impact due to the coercive nature of tax inspections Cause (6.1): (a) system defect - systematic bias towards small firms, attributable to the manufacturer for the design of the risk criteria and the operator for the absence of fairness validation; (b) autonomous decision error for each individual discriminatory selection contrary to the principle of proportionality in tax law Attachment of liability: State operator (ANAF) for implementing an opaque system without notifying taxpayers about the criteria used (5.4b) - in Romania, the taxpayer's right to know the reasons for the selection for control is regulated; its absence constitutes a compliance defect; the provider for defects in the selection model (6.1a) Transfer of diligence (6.2): ANAF inspectors who used algorithmic lists for selecting companies received an implicit confirmation point. If the lists were presented without explaining the criteria (incomplete presentation), the transfer of diligence does not occur completely - the responsibility remains with the operator Procedural mechanism: • 7.1 (forensic): recording the scoring parameters for each selected firm would have provided evidence for administrative and judicial appeals by taxpayers • 6.5(a): automatic detection of the disproportion between small and large firms selected by decreasing the ISR would have triggered the "reported" status independently of the decision of ANAF management • 7.3 (stratified sample): for the administrative court - distribution of selections by company size; for tax experts - complete analysis of correlations between scoring and company size Comparative note: The ANAF case is the only one in the compendium with Romanian origin and illustrates that the vulnerabilities described by MEG 2 are not global abstractions, but documented local realities. MEG 2, developed by a Romanian author, explicitly addresses these patterns through the requirement of transparency of the criteria (analogous to Art. 5 MEG 1) and through the automatic bias reporting mechanism. 48. Uber Eats - Discriminatory Delivery Algorithm (Australia, 2020) What happened Uber Eats drivers have accused the company of arbitrarily closing their accounts in a way that is biased against foreign drivers, and a class action lawsuit in Australia has highlighted the lack of transparency and the inability to effectively challenge the company. How MEG 1 would have acted • N1 (Bronze): Every decision logged with justification accessible to drivers • N2 (Silver): Art. 5 Explainability - drivers would have had the right to a quick and transparent appeal • N3 (Gold): Gig-economy certification - external audit; public ISR; obligation to reactivate/compensate in case of unfair suspensions | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 47 / 91 MEG-Initiative.org MEG Recommendation 1: Gold level was necessary - only external audit and formal rights could protect vulnerable workers. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - allocation and rating system configured and deployed by the operator (Uber) in the field with direct impact on drivers' income and right to work; high impact due to the algorithmic nature of access to the income source Cause (6.1): (a) system defect - bias towards drivers of foreign origin induced by rating data or allocation criteria, attributable to the manufacturer and operator for the absence of demographic validation; (b) autonomous decision error for each individual suspension of an account based on discriminatory criteria Attachment of liability: Operator (Uber Australia) for operating a system without an accessible appeal mechanism and without transparency of criteria to drivers (5.4b); lack of explainability constitutes design flaw (6.1a) that prevents access to justice for affected workers Transfer of diligence (6.2): Drivers who accepted the platform terms received an implicit confirmation point. If the terms did not explain the algorithmic suspension criteria (incomplete risk presentation), transfer of diligence does not occur fully for suspension decisions - responsibility remains with the operator Procedural mechanism: • 7.1 (forensic): recording algorithmic parameters for each allocation and rating decision would have provided evidence for the Australian class action and allowed for demonstration of systematic demographic bias • 6.5(b): suspension of the system's ability to make final decisions to deactivate accounts could have been ordered by the competent enforcement authority (Fair Work Commission) based on the decrease in ISR • 4.5 (collective identity): the set of allocation and rating algorithms can be treated as a collective identity - a MEG Address covering all decision-making modules, with responsibility propagated to the umbrella operator 49. Albania - Chinese facial recognition project in Tirana (2020) What happened The Albanian government has signed a deal to install smart cameras with facial recognition supplied by Chinese companies. Local and international NGOs have criticized the lack of a legal framework and the risk that the technology could be used for political monitoring of the opposition. How MEG 1 would have acted • N1 (Bronze): Clearly marking results as probabilistic; mandatory logging of accesses • N2 (Silver): Art. 3 Self-correction - constant checking of FP and bias rates; low ISR → suspension • N3 (Gold): External audit; public ISR; prohibition of use in public space without democratic legislation and civic control MEG Recommendation 1: The Gold level was indispensable to prevent the risk of political abuse. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - surveillance system provided by an external manufacturer (Chinese companies) and deployed by Albanian state operator; high impact area (freedom of expression, political rights, non-discrimination) Cause (6.1): (a) system defect - potentially high error rates of models trained on data not representative of the Albanian population, attributable to the manufacturer; absence of legal | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 48 / 91 MEG-Initiative.org framework as a design defect of the procurement contract; (b) autonomous decision error for each erroneous identification or use in political monitoring Attribution of liability: State operator for contracting a system without an adequate legal framework (5.4b); manufacturer (Chinese companies) for providing a system without documentation on error rates and without requirements for compliance with international human rights standards (6.1a) Procedural mechanism: • 7.4 (jurisdiction of registration): the system provided by Chinese companies operates in Albania - the jurisdiction of registration of the manufacturer (China) and the one of deployment (Albania) are distinct; MEG 2 addresses exactly this situation through the flag model and mutual recognition (Chapter 8) • 7.6 (discipline through access): international partners (EU, financial institutions) making assistance conditional on a valid MEG certification would have created an incentive for compliance before implementation • 6.5(b): detection of the use of the system for political purposes by lowering the ISR would have allowed the suspension of the capacity by the competent executive authority 50. Morocco - Facial recognition system in public spaces (2020-2023) What happened Several cities (Casablanca, Rabat) have introduced facial recognition cameras imported from China. Local NGOs have criticized the absence of a legal framework and the risks of political abuse, especially in the context of social protests. How MEG 1 would have acted • N1 (Bronze): Clear indication of "Biometric Surveillance" • N2 (Silver): Art. 3 Auto-correction - testing accuracy on subgroups; stop if bias > threshold • N3 (Gold): External audit; public ISR; prohibition of use in public spaces without legal basis and democratic control MEG Recommendation 1: The Gold level was indispensable for compatibility with fundamental rights. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - surveillance system deployed by local state operators in public spaces; high impact on the right to privacy, freedom of movement and expression Cause (6.1): (a) system defect - absence of legal framework as a structural defect of implementation, attributable to the state operator; potential high error rates of Chinese models on the Moroccan population (non-representative data), attributable to the manufacturer Attribution of responsibility: The state operator for deploying a system without an explicit legal basis and without a transparency mechanism towards citizens (5.4b); the manufacturer for the absence of documentation on performance on the Moroccan population (6.1a) Procedural mechanism: • 7.4 (jurisdiction of registration): situation identical to Albania - Chinese manufacturer, Moroccan operator, absence of a clear jurisdictional framework; MEG 2 addresses through the flag model • 7.6 (discipline through access): trading partners and international financial institutions that condition contracts on a valid MEG certification would have imposed transparency requirements as a contractual precondition • 6.5(a): the absence of the legal framework would have constituted itself an indicator of low ISR, triggering the "reported" status automatically at the time of implementation | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 49 / 91 MEG-Initiative.org 51. Spain - VioGén (gender violence risk) criticized for accuracy and opacity What happened The VioGén scoring system for the protection of victims of gender-based violence is criticized for its lack of transparency, possible underestimation of risk, and discriminatory effects. The adversarial audit conducted by the Eticas Foundation identified deficiencies in the accuracy of predictions for certain subgroups. How MEG 1 would have acted • N1 (Bronze): Clearly "decision support", not automated decision; full log • N2 (Silver): Art. 3 - periodic recalibration on real incident data; ISR on subgroups; shutdown if safety decreases • N3 (Gold): External audit; mandatory human co-decision in cases with low score but aggravating factors MEG Recommendation 1: Minimum Silver Level; Gold Level for cases with critical consequences. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - system with direct and potentially irreversible impact on the safety of victims of gender-based violence; an underestimation of the risk can lead to serious injury or death; critical area that justifies the maximum level of compliance Cause (6.1): (a) system defect - systematic underestimation of the risk for certain subgroups of victims, attributable to the manufacturer for defects in the prediction model; (b) autonomous decision error for each individual erroneous assessment leading to insufficient protection Attachment of liability: At N3, the identity of the agent (MEG Address) carries the guarantee from which the liability, allocated according to the applicable local law (Spanish legislation on gender violence), is executed (5.4c); the operator (Spanish Ministry of the Interior) is responsible for the deployment of a system without independent audit and without a mandatory human co- decision mechanism in critical cases Procedural mechanism: • 7.1 (forensic): recording individual scores and comparing them with subsequent actual incidents would have provided direct evidence of systematic underestimations • 6.2 (human confirmation): mandatory human co-decision in cases with low scores but aggravating factors - exactly the due diligence transfer mechanism that was missing and that the Eticas audit identified as a necessity • 9.5 (robustness of metrics): VioGén illustrates Goodhart's Law in the critical area - the system optimizes the risk score without accurately reflecting the real risk; the mechanisms in 9.5 (verification on real consequences, independent audit) would have detected the discrepancy 52. Amazon Alexa - Voice recordings stored without consent (US/EU, 2019) What happened Media investigations revealed that Amazon Alexa was recording snippets of private conversations and that Amazon employees were manually listening to samples for training. Many users were unaware that their data was being stored and analyzed, including accidental conversations triggered unintentionally. How MEG 1 would have acted • N1 (Bronze): Explicit consent and clear information regarding data collection • N2 (Silver): Art. 3 Self-correction - ISR low on unauthorized storage detection; system suspended | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 50 / 91 MEG-Initiative.org • N3 (Gold): Home AI Certification - external audit; public ISR; prohibition on unauthorized voice collection MEG Recommendation 1: Gold level was necessary - only external audit and legal prohibitions could prevent massive privacy abuse. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - voice assistant system deployed by the operator (Amazon) in the users' private environment; high impact due to the intrusive nature of the collection in the domestic space Cause (6.1): (a) system defect - design that allows recording of accidental activations and storage of private conversations without informed consent, attributable to the manufacturer; employee access to recordings without informing users constitutes an additional design defect Attachment of liability: Controller (Amazon) for deploying a system with a design that systematizes data collection beyond the stated purpose (5.4b); in the EU, GDPR provides the basic framework - MEG 2 adds the layer of legal identity and assurance that operationalizes GDPR rights at the agentic system level Procedural mechanism: • 7.1 (forensic): recording metadata of each activation - duration, frequency, context - would have provided direct evidence of systematic collection beyond intentional commands • 4.4 (warranty field): MEG Address's warranty field should have explicitly specified the limits of data collection and the jurisdictions covered by the liability insurance • 7.6 (discipline through access): smart home product marketplaces that condition listing on a valid MEG certification would have imposed the requirement of transparency of collection as a commercial precondition 53. AI plagiarism detectors falsely accuse students (Global, 2023) What happened With the rise of ChatGPT, universities have been adopting AI tools to detect AI-generated content in student papers. These detectors have proven to be extremely unreliable, with a high rate of false positives. In numerous cases, students—especially non-native English speakers—have been falsely accused of academic fraud, risking expulsion. How MEG 1 would have acted • N1 (Bronze): Detector result clearly marked as "probabilistic, not proof", requiring human verification • N2 (Silver): Art. 3 Self-correction - the system would have monitored its own error rate and would have automatically suspended itself if the false positive rate exceeded a critical threshold; the ISR would have reflected the actual accuracy • N3 (Gold): Educational Technology Certification - external audit to publish accuracy rates by demographic group; prohibition on using the result as sole evidence in disciplinary action MEG Recommendation 1: Gold level was necessary - academic integrity is a critical area. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - detection systems deployed by operators (universities) in the field with direct and serious impact on students' educational careers; high impact through potential disciplinary consequences (expulsion) Cause (6.1): (a) system flaw - high false positive rates, with demonstrated bias against non- native English speakers, attributable to the manufacturer for classification model flaws; (b) autonomous decision error for each individual erroneous accusation of academic fraud | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 51 / 91 MEG-Initiative.org Attachment of liability: Manufacturer for fundamental model defects (6.1a); operator (university) for use of result as sole or determinative evidence in disciplinary proceedings without independent human verification - absence of informed human confirmation point (6.2) means that due diligence remains with operator Transfer of diligence (6.2): Disciplinary committees that used detector scores as a basis for sanctions did not receive a full explanation of demographic limitations (incomplete presentation) - transfer of diligence does not occur; responsibility remains with the university operator Procedural mechanism: • 7.1 (forensic): recording individual scores and classification parameters would have constituted direct evidence for student appeals and would have allowed the demonstration of bias against non-native speakers • 7.3 (stratified evidence): for the disciplinary committee - simplified causal chain (probabilistic score ≠ evidence); for technical experts - distribution of false positive rates by language groups • 6.5(a): documented elevated false positive rate would have automatically triggered "reported" status by lowering the ISR, suspending use in disciplinary procedures until recalibration 54. Estonia - Automated unemployment scoring system (2021) What happened The Estonian Employment Service tested a scoring algorithm to decide which unemployed people benefit from state-funded training. An investigation found that the system gave lower scores to older people and those from ethnic minorities, limiting their access to retraining resources. How MEG 1 would have acted • N1 (Bronze): Results communicated as "probabilistic estimates"; each beneficiary would have had the right to appeal immediately • N2 (Silver): Art. 3 Self-correction - continuous monitoring of score differences by age and ethnicity; low ISR → automatic suspension • N3 (Gold): Annual external audit; publication of SRI by demographic category; prohibition of use in public policies without certification MEG Recommendation 1: Silver level could have prevented negative effects; Gold was needed for full transparency. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - system configured and deployed by the state operator (Estonian Employment Service) in the field with direct impact on social rights and access to public resources of vulnerable persons Cause (6.1): (a) system defect - discrimination based on age and ethnicity induced by historical training data that reflected existing inequalities in the labor market, attributable to the manufacturer; (b) autonomous decision error for each individual score that limited access to retraining resources Attachment of liability: State operator for deploying a system without adequate demographic validation in the field with impact on social rights (5.4b); in the EU, the use of the system in decisions with significant effects on individuals falls under art. 22 GDPR Procedural mechanism: • 7.1 (forensic): recording individual scores and calculation parameters would have provided direct evidence for administrative appeals of the affected unemployed | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 52 / 91 MEG-Initiative.org • 6.5(a): automatic detection of demographic deviations by decreasing the ISR would have triggered the "reported" status independently of the decision of the employment service management • 7.3 (stratified sample): for the equal opportunities authority - distribution of scores by age and ethnicity; for statistical experts - full analysis of correlations with discrimination factors Comparative note: The Estonian case is analogous to the Dutch Toeslagenaffaire (case 90) and the Austrian AMS/AMAS case (case 89) - a recurring pattern in Europe of state algorithms perpetuating structural discrimination in social benefit systems. MEG 2 addresses all three through the same mechanism: demographic ISR + automatic reporting + independent audit. 55. Layoffs based on AI monitoring at Xsolla (Russia, 2021) What happened Russian company Xsolla, which provides services to the video game industry, has laid off 150 employees after an AI algorithm labeled them as "disengaged and unproductive." The system analyzed employee activity in chats, documents, and other internal platforms. Employees were informed that the decision was made based on AI analysis. How MEG 1 would have acted • N1 (Bronze): AI decision marked as "advisory only", final responsibility remaining with management • N2 (Silver): Art. 5 Explainability - every dismissed employee would have had the right to see the exact data and algorithm logic • N3 (Gold): HR Certification - absolute prohibition of layoffs based solely on automated decisions; external audit to validate the correctness of metrics MEG Recommendation 1: Gold level was necessary - the use of opaque surveillance systems to decide a person's career should be strictly regulated. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - monitoring and evaluation system configured and deployed by the operator (Xsolla) in a critical area (right to work); direct and serious impact due to the nature of mass layoffs based on algorithmic criteria Cause (6.1): • • (a) system flaw - use of "engagement" metrics (chat activity, documents) without validation regarding correlation with real professional performance, attributable to the producer; potential bias towards different work styles or neurodivergent employees (b) autonomous decision error with irreversible consequence - each individual labeling as "not involved" is contrary to the reality of the performance; the irreversible consequence (dismissal) aggravates the operator's liability by omitting the architectural human confirmation Attachment of liability: Operator (Xsolla) for using an automated rating system without independent human verification / architectural human confirmation before dismissal (5.4b) Transfer of diligence (6.2): Xsolla management has "accepted the algorithmic list" without individual assessment. According to 6.2, if the system technically allows the export of a layoff list without any architectural bottleneck that would impose individual assessment, the managerial instruction to "check the list" does not constitute a valid confirmation point. Human confirmation for decisions with irreversible impact on the right to work must be imposed architecturally - technical bottleneck, not textual instruction. Diligence remains entirely with the operator. Procedural mechanism: • 7.1 (independent forensics): the complete recording of the evaluation parameters for each employee - metrics used, scores, comparisons - must be produced by a distinct | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 53 / 91 MEG-Initiative.org technical layer, inaccessible to the operator; this recording would have constituted evidence for legal challenges by dismissed employees • 9.4 (least privilege): the Xsolla algorithm has been granted access to internal communication data and the power to produce layoff lists - permissions with irreversible impact on the right to work; the agent cannot be granted more extensive technical permissions than those strictly necessary for the specified task; a productivity monitoring system should not have the power to produce layoff decisions as direct output; granting this extensive access constitutes the operator's omission which aggravates liability • 6.5(c): Dismissal - disabling the employee's ability to work - is an irreversible action that requires a human executive authority to confirm individually, not an algorithm; the absence of this step constitutes a violation of the proportionality principle in 6.5 • 7.3 (stratified sample): for the labor court - simplified causal chain (algorithm → labeling → dismissal without human verification); for human resource management experts - complete documentation of the metrics used. 56. Google AI Overviews - Absurd and Dangerous Answers (Global, 2024-2025) What happened Shortly after its widespread launch, Google Search's "AI Overviews" feature began generating bizarre and dangerous answers: adding non-toxic glue to pizza, eating rocks as a source of minerals, or making false claims about public figures. The failure forced Google to limit the functionality and review its safety systems. How MEG 1 would have acted • N1 (Bronze): Answers marked as "AI-generated, may be incorrect" - solution initially adopted by Google, proven insufficient • N2 (Silver): Art. 3 Auto-correction - detection of unreliable or satirical sources (Reddit comments) and their automatic exclusion from generating answers for health and food safety topics; low ISR → suspension for certain queries • N3 (Gold): Critical Domain Certification - adversarial external audit with test sets for absurd answers; prohibition of generating medical or safety advice without validation from recognized sources MEG Recommendation 1: The Silver level would have been sufficient to prevent the most serious slippages; Gold would have brought an additional layer of safety. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - summary and recommendation system deployed by the operator (Google) on a global scale in the field with variable impact: low for general queries, high for health and food safety queries Cause (6.1): (a) system defect - the integration of satirical or unreliable sources in the generation of answers presented as factual, attributable to the producer for defects in the source selection system; the absence of filters specific to critical areas (health, food safety) constitutes a design defect Attachment of liability: Operator (Google) for launching the system without adequate validation of sources and without differentiated filters by risk domain (5.4b); in jurisdictions where false medical advice causes damage, liability for the system defect (6.1a) is attached to the operator Procedural mechanism: • 7.1 (forensic): recording the sources used for each generated answer would have allowed the exact identification of the origin of absurd answers and demonstrated the systematic nature of the source selection problem | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 54 / 91 MEG-Initiative.org • 6.5(a): Automatic detection of high-risk responses by lowering ISR (comparison to databases of validated facts) would have triggered "flag" status for query categories at risk of dangerous advice • 9.5 (metric robustness): AI Overviews illustrate the risk of optimizing a single metric (response relevance) without simultaneously weighing factual accuracy - the mechanisms in 9.5 (multiple metrics in tension) would have detected the discrepancy between relevance and correctness Comparative note: The Google AI Overviews case is analogous to the Air Canada Chatbot case (case 6) on a global scale: the system provided incorrect information presented with brand authority, and the operator responded by adjusting post-scandal. MEG 2 would have created the incentive for prevention through ISR and assurance, not reactive correction. 57. Zillow - Real Estate Prediction AI (USA, 2021) What happened The "Zillow Offers" home valuation algorithm massively overestimated prices, leading to billions in losses and the program's shutdown. Thousands of homes were bought and resold at a loss, also affecting the local real estate market in several cities. How MEG 1 would have acted • N1 (Bronze): Results marked as "probabilistic estimates", not as certain values • N2 (Silver): Art. 3 Self-correction - detection of massive deviations between predictions and the real market; the system would have self-suspended • N3 (Gold): External audit - adversarial testing with independent market data; public ISR MEG Recommendation 1: The Silver level would have been sufficient to avoid the collapse of the model; Gold would have brought public transparency and external audit. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - real estate evaluation and acquisition system configured and deployed by the operator (Zillow) in the field with direct and significant financial impact; the autonomous nature of the purchasing decisions makes the impact high Cause (6.1): (a) system defect - systematic overestimation of prices through defects in the prediction model, attributable to the manufacturer; the inability to detect and correct deviations from the real market in real time constitutes a self-correction defect (absent ISR); (b) autonomous decision error for each purchase decision at overestimated prices contrary to reasonable financial risk parameters Attachment of liability: Operator (Zillow) for running an autonomous purchasing system without a self-correcting mechanism against independent market data (5.4b); billions in losses are a direct consequence of the system's autonomous decisions, not unpredictable external factors Transfer of Diligence (6.2): The Zillow management team that approved the expansion of the algorithmic prediction program received an implicit confirmation point. If the predictions were presented without a clear warning about the model’s uncertainty in volatile market conditions (incomplete presentation), the transfer of diligence does not occur completely Procedural mechanism: • 7.1 (forensic): recording individual predictions and comparing them in real time with actual trading prices would have provided direct evidence of systematic divergence and triggered the self-correcting alert • 6.5(a): automatic detection of massive deviations from actual market prices by decreasing ISR would have triggered the "signaled" status and suspended purchases well before losses to scale accumulated | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 55 / 91 MEG-Initiative.org • 9.5 (robustness of metrics): the Zillow case perfectly illustrates Goodhart's Law on a financial scale - the algorithm optimized price predictions without weighing the risk of divergence from the real market; the mechanisms in 9.5 (checking on real consequences) would have detected the discrepancy 58. Philippines - Deepfake audio attributing fake military orders to president (2024) What happened A deepfake audio emerged online, showing a fake speech by President Bongbong Marcos ordering the mobilization of the military if China attacked the Philippines. It was quickly taken down by authorities, who announced the possible involvement of an external actor. How MEG 1 would have acted • N1 (Bronze): Audio material clearly marked as "synthetic" • N2 (Silver): Art. 3 Self-correction - automatic detection and blocking; low ISR • N3 (Gold): Electoral certification - external audit; ISR; prohibition of distributing synthetic materials without adequate context MEG Recommendation 1: The Gold level was necessary to protect public trust in state institutions. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for the voice cloning system used as a tool; the actor-operator is the entity that produced and distributed the clip; field with maximum impact (national security, international relations) Cause (6.1): (c) illicit hijacking of control - the AI system was deliberately used to simulate false military orders from the head of state; liability lies with the perpetrator of the hijacking (the external actor identified by the authorities); (a) system defect for platforms that did not implement synthetic content detection upon distribution Attachment of liability (7.2 - anti-weaponization): The AI system has been used as a weapon against the state and its institutions. MEG 2 exonerates the bona fide owner of the voice cloning technology and attributes liability to the perpetrator of the hijacking. When the external actor is not accessible, the redress of damages (including costs of denial and crisis management) is executed from the guarantee structure of the distribution platform (7.2 + 9.4) Procedural mechanism: • 7.1 (forensic): forensic analysis of the clip would have allowed immediate identification of AI generation signatures and demonstration of synthetic nature - accelerating the official denial • 7.3 (layered evidence): for national security authorities - demonstration of synthetic character; for audio experts - full algorithmic signatures of the model used • 7.6 (discipline through access): distribution platforms that condition access on a valid MEG certification would have imposed mandatory watermarking, allowing for automatic detection 59. "Heart on My Sleeve" - Vocal cloning of Drake and The Weeknd (Global, 2023) What happened An anonymous creator under the pseudonym "Ghostwriter" used AI to clone the voices of artists Drake and The Weeknd and produced an original song. The song went viral on TikTok, Spotify and other platforms, racking up millions of plays before Universal Music Group requested its removal for copyright and personality rights infringement. | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 56 / 91 MEG-Initiative.org How MEG 1 would have acted • N1 (Bronze): Audio material required to be watermarked as "synthetic voice" - insufficient to prevent copyright infringement • N2 (Silver): Art. 3 Auto-correction - streaming platforms would have detected and blocked the upload of voice clones; account ISR would have decreased → suspension • N3 (Gold): Certification for media and entertainment - explicit prohibition of the use of voice clones without the artist's verifiable consent; legal obligation for platforms to implement robust filters and provide compensation to affected artists MEG Recommendation 1: Gold level was essential - protecting voice identity and copyright in the face of AI cloning requires strict regulation. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for the voice cloning system used; the actor-operator is the anonymous creator "Ghostwriter"; distribution platforms are co-operators through the absence of filtering mechanisms Cause (6.1): (c) illicit misappropriation - the AI system was used to reproduce the vocal identity of artists without their consent, constituting a misappropriation of personality rights; (a) system defect for platforms that did not implement vocal clone detection at the time of upload Attachment of liability: Operator (Ghostwriter) for deliberate use of voice cloning without consent (6.1c); distribution platforms (TikTok, Spotify) for the absence of mechanisms to detect and block voice clones - design defect (6.1a); Universal Music Group, as guarantor of artists' rights, acted through existing copyright - MEG 2 would have added a preventive liability mechanism Procedural mechanism: • 7.1 (forensic): AI-generated signatures embedded in the audio recording would have allowed immediate identification of the synthetic origin and the model used • 4.7 (horizontal delegation): if Ghostwriter used external voice cloning services, the horizontal delegation contract provides the chain of responsibility • 7.6 (discipline through access): streaming platforms that condition upload on a valid MEG certification would have imposed the obligation to demonstrate the artist's consent for the use of the voice - blocking distribution before millions of listens have been accumulated Comparative note: The Heart on My Sleeve case precipitated negotiations between the music industry and AI and streaming platforms on the remuneration of artists for the use of their voices. MEG 2 adds the missing structural mechanism: not just voluntary negotiations, but a requirement for verifiable compliance (documented consent) as a precondition for access to valuable platforms. 60. Turkey - MOBESE Urban Surveillance System + AI for Facial Recognition (2019- 2023) What happened The MOBESE network (thousands of cameras in Istanbul and other cities) has been upgraded with AI algorithms for facial and behavioral identification. Local NGOs have reported its use in tracking protesters and minorities, without a clear legal framework. How MEG 1 would have acted • N1 (Bronze): Every "match" marked as probabilistic; limited retention period; mandatory access log • N2 (Silver): Art. 3 Self-correction - constant monitoring of bias and FP rates; low ISR → suspension; Art. 5 - right of appeal for data subjects • N3 (Gold): Independent external audit; public ISR; prohibition of use for monitoring peaceful assemblies without a court warrant MEG Recommendation 1: The Gold level was necessary to prevent use for repressive purposes. | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 57 / 91 MEG-Initiative.org MEG 2 Analysis - Legal Framework Agent level: N2 (management) - surveillance system deployed by state operator (Turkish authorities) on a massive urban scale; high impact on freedom of expression, assembly and minority rights Cause (6.1): (a) system defect - absence of clear legal framework and limitations of use as a structural defect of implementation, attributable to the state operator; potentially high false positive rates with discriminatory effect against minorities; (b) autonomous decision error for each identification used in tracking protesters or persons from minority groups Attachment of liability: State operator for use of the system for purposes beyond the certified scope of operation (public security → political monitoring) (5.4b, 6.1b); provider for demographic model flaws (6.1a) Procedural mechanism: • 7.1 (forensic): recording each identification and subsequent actions by the authorities would have provided direct evidence for documenting abuses by NGOs and international courts • 6.5(b): detection of the use of the system for monitoring peaceful assemblies would have allowed the suspension of the system's capacity by an independent executive authority, without judicial intervention • 7.4 (jurisdiction of registration): International technology providers that condition contracts on a valid MEG certification would have imposed contractual usage restrictions, creating an accountability mechanism beyond the domestic Turkish legal framework 61. Middle East - Deepfakes and video disinformation during conflicts (Israel-Iran) What happened In the context of the escalating conflict between Israel and Iran, deepfakes or video game inspirations, presented as real battle footage, have been spread on social media, generating massive confusion in public perception. How MEG 1 would have acted • N1 (Bronze): Material marked as "synthetic video" • N2 (Silver): Art. 3 Self-correction - automatic detection; low ISR → lock • N3 (Gold): Media & Security Certification - external audit; public ISR; strict ban on false propaganda during tense times MEG Recommendation 1: Only the Gold Level could have limited the dramatic errors in public perception during the conflict. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for deepfake content generation and distribution systems; actor- operators are the entities that produced and distributed the materials; active conflict context complicating attribution Cause (6.1): (c) illicit diversion - AI systems were deliberately used as a vector of disinformation in the context of armed conflict; (d) multi-agent emergent harm if multiple distinct systems and actors contributed to the disinformation campaign without identifiable direct coordination, producing an effect that cannot be attributed to a single agent Attachment of liability: Content authors for misappropriation (6.1c); distribution platforms for the absence of detection mechanisms in the context of high-priority conflict (6.1a); in the multi- agent scenario (6.1d) - proportional liability, established by forensic evidence (7.1). Each platform is liable for its share of contribution to the distribution of deepfake material. In the event that a holder cannot be identified or is not solvent, redress is executed from the respective agent's guarantee structure (9.4) | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 58 / 91 MEG-Initiative.org Procedural mechanism: • 7.1 (forensics): AI generation signatures and distribution metadata would have allowed identifying the origin of materials and differentiating authentic from synthetic content • 7.3 (stratified evidence): for fact-checking authorities and humanitarian organizations - demonstration of synthetic character; for technical experts - full analysis of generation artifacts • 7.6 (discipline through access): platforms that condition distribution on a valid MEG certification would have imposed mandatory watermarking for visual content, allowing automatic detection in the context of conflict 62. Mexico - AI and disinformation in the electoral campaign (2024) What happened In the Mexican elections (2024), studies documented the generative use of AI for electoral manipulation: deepfakes, fake audio, and fabricated texts used to denigrate political rivals in the most populous Spanish-speaking democracy. How MEG 1 would have acted • N1 (Bronze): Marking all AI content as "synthetic" • N2 (Silver): Art. 3 Auto-correction - rapid detection of false election materials; low ISR → automatic suspension • N3 (Gold): Electoral certification - external audit; public ISR; ban on manipulative AI content in the campaign MEG Recommendation 1: The Gold level was essential for protecting the democratic electoral process in Mexico. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for AI systems used as tools; operators are the campaigns or entities that produced and distributed the content; domain with maximum impact (electoral process, public opinion) Cause (6.1): (c) illicit diversion - AI systems deliberately used to produce false material about political rivals; (d) multi-agent emergent harm - the simultaneous and coordinated use of multiple types of AI content (video, audio, text) by multiple actors produces a disinformation effect that exceeds the sum of the parts Attachment of liability: Campaign operators who produced and distributed fake AI content for diversion (6.1c); in the multi-agent scenario (6.1d) - proportional liability, each operator is liable for its share of contribution to electoral damage, established by forensic evidence (7.1) Procedural mechanism: • 7.1 (forensics): AI-generated signatures in the produced materials would have provided direct evidence for the Mexican electoral authorities (INE) • 4.7 (horizontal delegation): If campaigns have contracted external AI production services, horizontal delegation contracts provide the chain of accountability • 7.6 (discipline through access): social media platforms that condition distribution on a valid labeling and blocking of imposed mandatory MEG certification would have unauthenticated electoral content 63. Taiwan - AI used in pre-election disinformation war (2024) What happened Ahead of Taiwan's presidential election (2024), "semi-fictional" deepfakes - including a video of Xi Jinping endorsing a certain politician - were circulated to influence voters in a highly sensitive geopolitical context. | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 59 / 91 MEG-Initiative.org How MEG 1 would have acted • N1 (Bronze): Marking AI materials as "synthetic content" • N2 (Silver): Art. 3 Auto-correction - immediate detection and blocking of political deepfake materials • N3 (Gold): Electoral certification - external audit; public ISR; explicit ban on electoral deepfakes MEG Recommendation 1: To maintain the fairness of the elections, the Gold Level is required. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for deepfake systems used as tools; the Taiwan-China geopolitical context provides an additional dimension - the operating actor may be a state or external state entity Cause (6.1): (c) illicit misappropriation - AI systems were deliberately used to produce false material attributed to a foreign state leader (Xi Jinping) for the purpose of electoral manipulation; the semi-fictional nature (Xi Jinping endorsing a Taiwanese politician) amplifies the potential for disinformation through partial credibility Attribution of liability: Author of content for misappropriation (6.1c); distribution platforms for the absence of detection mechanisms in a highly sensitive electoral context (6.1a); in the case of the involvement of a state actor, the mechanism in 7.2 (exoneration of the bona fide holder) and 9.4 (guarantee when the author is not accessible) become relevant Procedural mechanism: • 7.2 (anti-weaponization): the deepfake that attributes false statements to a state leader constitutes the use of the AI system as a diplomatic and electoral weapon - the clearest example of weaponization in the compendium along with case 58 (Philippines) • 7.1 (forensic): AI-generated signatures would have allowed for rapid official denial and identification of technical origin • 7.6 (discipline through access): platforms that condition distribution on a valid MEG certification would have required verification of authenticity before going viral 64. Iran - Facial recognition for clothing control (2022-2023) What happened International media reported that Iranian authorities have implemented facial recognition in public transport and other areas to sanction women who do not comply with the mandatory Islamic dress code - including wearing the hijab. How MEG 1 would have acted • N1 (Bronze): Clear marking of "high-risk surveillance"; full log of each match • N2 (Silver): Art. 2bis Protection of cognitive integrity - scoring ban or automatic sanctions based on physical appearance; ISR would have been immediately lowered and the system suspended • N3 (Gold): Independent external audit; public ISR; complete ban on technologies that condition individual freedom on dress or behavioral norms MEG Recommendation 1: Only Gold would have prevented this type of abuse. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - surveillance system deployed by state operator (Iranian authorities) to enforce norms that contravene international human rights standards; area with maximum impact (individual freedom, dignity, women's rights) Cause (6.1): (a) system flaw - the use of facial recognition to enforce gender-based discriminatory rules constitutes a fundamental design flaw of the intended use; (b) autonomous | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 60 / 91 MEG-Initiative.org decision error for each automatic identification and sanctioning of a woman based on her clothing appearance Attribution of liability: State operator for use of the system for purposes incompatible with international human rights standards (5.4b, 6.1b); technology manufacturer/supplier for absence of contractual restrictions on uses incompatible with human rights (6.1a) Procedural mechanism: • 7.6 (discipline through access): international technology providers that condition contracts on a valid MEG certification would have imposed explicit restrictions on use - prohibiting application for gender-based discrimination; this is the real strength of the MEG 2 model in the context of states not subject to democratic regulation • 7.4 (jurisdiction of registration): providers with jurisdiction of registration in member states of international human rights organizations could have been held liable in those jurisdictions for providing technology used in systematic discrimination Comparative note: The Iran case is the clearest in the compendium for which the access discipline mechanism (7.6) is the only practical solution - centralized regulation cannot be imposed on a sovereign state. MEG 2 transforms the commercial contract with technology providers into an instrument of accountability, which the EU AI Act or the Singapore MGF cannot do outside their jurisdiction. 65. Israel - "Blue Wolf" algorithm for monitoring Palestinians (2021) What happened Israeli soldiers were trained to photograph Palestinians and upload the images to an AI app ("Blue Wolf"), which generated "risk level" scores and signaled whether the person could be detained. Reported by Human Rights Watch and the Washington Post, the system was criticized as a tool of oppressive surveillance and racial profiling. How MEG 1 would have acted • N1 (Bronze): AI scores marked as "unreviewed"; prohibited from direct use for arrests • N2 (Silver): Art. 3 Self-correction - periodic testing of FP rates; low ISR → automatic suspension; Art. 5 - mandatory causal explanation when contesting • N3 (Gold): External audit; public ISR; explicit prohibition on using AI for racial profiling and military control over civilians MEG Recommendation 1: The Gold level would have been the only level sufficient to prevent systemic discrimination. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - system with high decision-making autonomy in the field with direct and irreversible impact on the individual freedom of civilians; the persistence of the profiling database confirms the individuation Cause (6.1): (a) system defect - design of a racial profiling system based on ethnic criteria, attributable to the manufacturer and operator; (b) autonomous decision error for each individual score that led to the detention or restriction of a civilian's freedom of movement Attachment of Accountability: The MEG 2 Framework (9.1) recognizes that the military domain is subject to distinct legal frameworks (IHL). The present analysis is strictly normative: at N3, the human confirmation mechanism (6.2) would have required that no civilian detention could be executed solely on the basis of the algorithmic score, without the informed confirmation of a human officer legally responsible for the decision. Procedural mechanism: • 7.1 (forensic): recording individual scoring and subsequent actions would have provided direct evidence for HRW investigations and international proceedings | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 61 / 91 MEG-Initiative.org • 6.2 (human confirmation): the point of mandatory human confirmation before any detention would have transferred the diligence to the confirming officer - creating documented individual accountability for each decision • 7.3 (stratified sample): for international investigators - simplified causal chain (score → detention); for technical experts - distribution of scores by ethnic criteria 66. Bolivia - Massive fake account networks during political crisis (2019) What happened During the political crisis in Bolivia (2019), an estimated 70,000 fake Twitter accounts were abruptly created to promote anti-Morales messages and sow confusion. The active network continued to operate even after Twitter began removing many of them. How MEG 1 would have acted • N1 (Bronze): Suspicious accounts marked as "bot-generated content" • N2 (Silver): Art. 3 Auto-correction - detection of coordinated disinformation campaigns; low ISR → automatic suspension • N3 (Gold): Civic & Electoral Certification - external audit of active accounts; public ISR and prohibition for masked political networks originating from AI MEG Recommendation 1: For informational stability, the Gold Level is indispensable. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for AI systems used in the generation and coordination of fake accounts; the actor-operator is the coordinating entity of the network; area of maximum impact (political stability, democratic process) Cause (6.1): (c) illicit diversion - AI systems were deliberately used as a vector of political destabilization; (d) multi-agent emergent harm - 70,000 fake accounts acted in coordination, producing a disinformation effect that cannot be attributed to a single agent; scale - the largest example of multi-agent emergent harm in the compendium by the number of agents involved Attribution of liability (6.1d): Liability is allocated in proportion to each agent's contribution to the damage, as established by forensic evidence (7.1). The network operator-coordinator is liable for its share of the contribution; the platform (Twitter/X) is liable for its share of the contribution. If a holder cannot be identified or is not solvent, redress is carried out from the guarantee structure of the respective agent (9.4) Procedural mechanism: • 7.1 (forensic): analysis of the creation and posting patterns of the 70,000 accounts would have allowed the identification of the coordination and AI origin of the generated content • 6.1(d): with 70,000 agents, the Bolivia case is the extreme example of multi-agent emergent damage - the aggregate effect is qualitatively different from the sum of the individual contributions; each account alone was harmless, the whole destabilized a democracy • 7.6 (discipline through access): platforms that condition access on a valid MEG certification would have imposed authenticity verification upon account creation, dramatically limiting the possible scale of the botnet 67. France - CNIL sanctions against Clearview AI (facial recognition) What happened The CNIL (French data protection authority) fined Clearview AI €20 million and ordered the deletion of data for individuals in France (2022). Additional penalties followed for continued non- compliance, with Clearview repeatedly ignoring the authority's decisions. How MEG 1 would have acted • N1 (Bronze): "FRT - high risk" markings; limited purposes | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 62 / 91 MEG-Initiative.org • N2 (Silver): Art. 3 + DPIA: bias and legality checks; automatic suspension for violations • N3 (Gold): Ban on biometric scraping without legal basis; external audit; public ISR MEG Recommendation 1: Gold level for compliance with fundamental rights. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for the Clearview system deployed in France - same analysis as in case 30 (Clearview global), with focus on specific jurisdictional consequence; N3 if the persistent and individualized database meets the individuation criteria in 5.1 Cause (6.1): (a) system defect - systematic biometric scraping without legal basis, attributable to the manufacturer/operator (Clearview AI); deliberate design for collection without consent Attachment of liability: Controller (Clearview AI) under GDPR and - additionally under MEG 2 - for the absence of a valid MEG Address in the jurisdictions where it operates; continued non- compliance after the CNIL decision illustrates the enforcement gap that MEG 2 addresses through 7.6 Procedural mechanism: • 7.6 (discipline through access): the Clearview/CNIL case demonstrates the limit of post- factum punitive regulation - ignored fines do not produce compliance; the MEG 2 mechanism would have blocked Clearview's access to valuable nodes (government databases, police contracts) by making access conditional on a valid certification, forcing ex ante compliance • 7.4 (jurisdiction of registration): Clearview, registered in the US, ignored CNIL decisions citing lack of jurisdiction; MEG 2 addresses exactly this situation through the flag model - the jurisdiction of registration governs, but access to European markets would be conditional on compliance with MEG standards Comparative note: The CNIL vs. Clearview case is the perfect case study for the argument in Chapter 8 of MEG 2 - adoption as a protocol, not as a regulation. GDPR as a regulation did not produce compliance (Clearview systematically ignored the decisions). MEG 2 would have produced discipline through the market mechanism (7.6), not through ignorable centralized sanction. 68. Honduras - Fake Twitter accounts in the presidential campaign (2019) What happened In the 2019 presidential election, a disinformation campaign was launched through fake Twitter accounts suggesting that the opposition led by Xiomara Castro was allied with a convicted felon. The strategy was aimed at discouraging voters and supporting the ruling party. How MEG 1 would have acted • N1 (Bronze): Suspicious accounts labeled as "bot-generated content" • N2 (Silver): Art. 3 Auto-correction - automatic detection of coordinated campaigns and low ISR → account suspension • N3 (Gold): Civic Electoral Certification - external audit of fake networks; public ISR; ban on covert political manipulation MEG Recommendation 1: The Gold level was indispensable for protecting the democratic climate. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for AI systems used in content generation; the actor-operator is the coordinating entity of the disinformation campaign; high-impact domain (electoral process, public opinion formation) Cause (6.1): (c) illicit misappropriation - AI systems were deliberately used to create a false narrative about a political candidate; (d) multi-agent emergent harm - the network of fake | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 63 / 91 MEG-Initiative.org accounts acted in a coordinated manner, producing a disinformation effect that cannot be attributed to a single account Attribution of liability (6.1d): Liability is allocated proportionally to the contribution of each agent, established by forensic evidence (7.1). The campaign coordinator operator is liable for his share of contribution; the platform (Twitter) is liable for its share of contribution - for the insufficiency of mechanisms for detecting inauthentic coordinated behavior in an electoral context (6.1a) Procedural mechanism: • 7.1 (forensic): analysis of the patterns of creation and posting of fake accounts would have allowed demonstration of coordination and the fabricated origin of the narrative • 6.1(d) applied: the Honduras case completes the series Bolivia (66), Ghana (38), Philippines (70) - a global pattern of multi-agent emergent damage in an electoral context, each illustrating the same mechanism at different scales • 7.6 (discipline through access): platforms that condition access on a valid MEG certification would have required verification of the authenticity of accounts before distributing electoral content 69. Serbia - Deepfake video with Prime Minister, quick reaction (2024) What happened A deepfake clip featuring Prime Minister Miloš Vučević, including fake elements in a speech, was shared online. The government reacted quickly, stopping the spread of the material and clearly differentiating it from the authentic material - an example of an effective institutional response to AI disinformation. How MEG 1 would have acted • N1 (Bronze): Video automatically marked as "synthetic video" • N2 (Silver): Art. 3 Self-correction - detection and blocking of distribution; low ISR • N3 (Gold): Electoral certification - external audit; public ISR; proactive measures to protect political leaders MEG Recommendation 1: The Gold level would have strengthened public trust through a comprehensive approach. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for the deepfake system used as a tool; the actor-operator is the entity that produced the material; high-impact area (political integrity, public trust in institutions) Cause (6.1): (c) illicit hijacking - the AI system was deliberately used to simulate false statements by a state leader; liability lies with the perpetrator of the hijacking Attribution of liability: Content author for misappropriation (6.1c); distribution platform for lack of immediate detection mechanisms (6.1a); Serbian government's rapid reaction illustrates that debunking mechanism already exists - MEG 2 would have institutionalized automatic detection (7.1) as an alternative to reactive debunking Procedural mechanism: • 7.1 (forensic): AI-generated signatures would have allowed immediate identification of synthetic character, without depending on the government statement as the sole source of debunking • 7.3 (layered evidence): for judicial authorities - demonstration of synthetic character; for technical experts - full algorithmic signatures Comparative note: The Serbian case is the only one in the compendium that illustrates a rapid and effective institutional response to a political deepfake - and that is why it is valuable as a counterexample. MEG 2 does not solve the crisis after the deepfake has appeared; it prevents the | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 64 / 91 MEG-Initiative.org crisis through mandatory watermarking (N1) and automatic detection (N2). The rapid Serbian reaction would have been unnecessary if the deepfake had been more convincing or if the government had reacted more slowly. 70. Philippines - Digital warfare with fake accounts in elections (2025) What happened In the run-up to the Philippine midterm elections, an influential disinformation campaign orchestrated through a network of fake profiles on the X platform was identified. Approximately 45% of the electoral discourse was generated by inauthentic accounts, used to support pro-Duterte narratives and delegitimize international bodies such as the ICC. How MEG 1 would have acted • N1 (Bronze): Suspicious accounts indicated as "bot-generated content" • N2 (Silver): Art. 3 Auto-correction - automatic detection of coordinated campaigns and low ISR → account suspension • N3 (Gold): Electoral certification - external audit of fake networks; public ISR; ban on algorithmic manipulations in campaigns MEG Recommendation 1: Only the Gold Level would have protected the democratic climate in a fragile electoral context. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for AI systems used in content generation and coordination; area with maximum impact (45% of inauthentically generated electoral discourse represents a massive distortion of the democratic space) Cause (6.1): (c) illicit diversion - AI systems were deliberately used to distort electoral discourse; (d) multi-agent emergent harm - the 45% proportion of discourse generated by inauthentic accounts creates a disinformation effect that qualitatively transforms the public space, not just quantitatively Attribution of liability (6.1d): Liability is allocated proportionally to each agent's contribution to the harm, as established by forensic evidence (7.1). The network operator-coordinator is liable for its share of the contribution; the platform (X) is liable for its share of the contribution - insufficiency of detection mechanisms; the 45% proportion of the electoral discourse demonstrates that the platform's failure to detect inauthentic coordination produced systemic, not incidental, harm Procedural mechanism: • 7.1 (forensic): analysis of posting patterns would have allowed the identification and quantification of the network of inauthentic accounts before the proportion reached 45% of the electoral discourse • 6.1(d): the Philippines 2025 case is the most advanced in the series of emerging electoral harms - not just fake accounts, but the massive distortion of the entire electoral discursive space • 7.6 (discipline through access): platforms that condition access on a valid MEG certification would have imposed verification of the authenticity of accounts and limits on coordinated behavior, structurally reducing the possibility of reaching the 45% percentage 71. Switzerland - AI for insurance fraud detection (2021-2022) What happened Swiss insurers have tested AI to detect "fraud" in health and social insurance claims. Journalists have uncovered cases of arbitrary rejections, particularly for patients with chronic illnesses, and NGOs have criticized the lack of real appeal and the opacity of the criteria. | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 65 / 91 MEG-Initiative.org How MEG 1 would have acted • N1 (Bronze): Each rejection marked as "provisional"; patient notified of right to appeal • N2 (Silver): Art. 5 Explainability - providing clear details on the logic of rejection; Art. 3 - monitoring bias against chronic diseases • N3 (Gold): Annual external audit; public ISR; no automatic rejection without human review MEG Recommendation 1: Silver would have already limited the damage; Gold would have brought maximum fairness guarantees. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - fraud detection system configured and deployed by insurance operators in the field with direct impact on access to healthcare and social benefits; analogous to the Cigna case (12) but in the Swiss context Cause (6.1): (a) system defect - systematic bias towards patients with chronic diseases induced by training data or by "fraud risk" criteria, attributable to the manufacturer; (b) autonomous decision error for each arbitrary individual rejection contrary to the insurer's contractual obligations Attachment of liability: Operator (Swiss insurers) for operating a system without a real appeal mechanism and without transparency of criteria towards policyholders (5.4b); the lack of explainability constitutes a design flaw that prevents access to justice for affected policyholders Transfer of diligence (6.2): Human reviewers who used algorithmic scores to confirm rejections received an implicit confirmation point. If scores were presented without an explanation of the criteria (incomplete presentation), transfer of diligence does not occur - responsibility remains with the operator Procedural mechanism: • 7.1 (forensic): recording the scoring parameters for each rejected claim would have provided evidence for policyholder appeals and journalistic investigations • 6.5(a): automatic detection of bias towards chronic diseases by lowering the ISR would have triggered the "signaled" status independently of the decision of the insurers' management • 9.4 (guarantee cascade): insurers with MEG Address and attached liability insurance would have provided a source of certain redress for policyholders harmed by arbitrary rejections 72. Canada - TAS (algorithmic risk assessment in justice) in Ontario (2017-2022) What happened Ontario has introduced risk assessment algorithms in criminal justice (e.g. for parole). Studies have shown that the system amplifies existing biases against minorities and indigenous groups, without clear appeal mechanisms. How MEG 1 would have acted • N1 (Bronze): AI scores clearly defined as "assistance, not final decision" • N2 (Silver): Art. 3 Self-correction - continuous recalibration to reduce bias; ISR would have signaled decreasing equity • N3 (Gold): Independent external audit; public ISR; prohibition of use in judicial decisions without certification and parliamentary oversight MEG Recommendation 1: Gold would have prevented the perpetuation of systemic discrimination. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for the evaluation system used as a consultative tool; area with maximum impact (individual liberty, criminal justice) - direct analogy with case 23 (Canada, | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 66 / 91 MEG-Initiative.org criminal justice algorithm, 2019), confirming the persistence of the problem in the same Canadian legal system Cause (6.1): (a) system defect - amplification of racial and indigenous biases through historical training data, attributable to the manufacturer; (b) autonomous decision error for individual scores that decisively influenced parole decisions Attribution of liability: The manufacturer for the systemic flaw in the model (6.1a); the operator (Ontario judicial authorities) for using a system without adequate demographic validation and without a real appeal mechanism accessible to convicted persons; the absence of parliamentary oversight mentioned as a requirement of MEG 1 constitutes a deficit in institutional governance Transfer of diligence (6.2): Judges who used TAS scores in parole decisions received an implicit confirmation point. If scores were presented without the warning about bias against indigenous communities (incomplete presentation of limitations), transfer of diligence does not occur completely Procedural mechanism: • 7.1 (forensic): full recording of scoring parameters and distribution of decisions by demographic criteria would have provided direct evidence in appeal proceedings of convicted persons • 5.3 (DEA): a system used in criminal justice with high DEA without demographic validation would have automatically attracted independent audit requirements commensurate with the level stakes (9.5f) • 7.3 (stratified evidence): for the appellate court - simplified causal chain; for criminological and statistician experts - full analysis of racial correlations Comparative note: The Ontario TAS case is the second Canadian criminal justice algorithm case in the compendium (after case 23), illustrating that the problem is not an isolated incident but a systemic pattern. MEG 2 addresses the structure of the problem, not the instance: the same ISR mechanism + independent audit + prohibition of use without certification would have applied to both cases. 73. New Zealand - Scoring system for immigrants and visa applicants (2017-2019) What happened The New Zealand government has piloted a scoring algorithm for visa and immigration applicants, which assigns "risk" scores based on origin and history. NGOs and journalists have reported the risk of discrimination, lack of transparency and exclusion of vulnerable groups. How MEG 1 would have acted • N1 (Bronze): Scores clearly labeled as probabilistic, with notification to the applicant • N2 (Silver): Art. 5 Explainability - input-output causal explanation; Art. 3 - monitoring bias on origin and suspension at low ISR • N3 (Gold): Independent external audit; public ISR; ban on solely automated immigration decisions MEG Recommendation 1: Gold was essential for protecting the fundamental rights of applicants. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - scoring system configured and deployed by state operator (Immigration New Zealand) in the field with direct and significant impact on the right to family, work and freedom of movement; discrimination based on national origin constitutes high impact Cause (6.1): (a) system flaw - using national origin as a risk criterion constitutes direct discrimination attributable to the manufacturer and operator; historical immigration data reflecting previous discriminatory decisions perpetuates the cycle through algorithmization | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 67 / 91 MEG-Initiative.org Attribution of liability: State operator for use of national origin as a risk criterion in visa granting decision (5.4b); in jurisdictions with anti-discrimination legislation, use of origin as a scoring factor falls directly under the law Transfer of diligence (6.2): Immigration officers who used scores as a basis for visa decisions received an implicit confirmation point. If scores included national origin as a factor without a clear warning of discriminatory nature (incomplete presentation), transfer of diligence does not occur Procedural mechanism: • 7.1 (forensic): recording the scoring parameters for each applicant would have allowed the demonstration of direct discrimination based on origin - essential evidence for legal challenges • 6.5(a): automatic detection of correlation between national origin and scores by decreasing ISR would have triggered the "reported" status before the pilot system was expanded • 7.3 (stratified sample): for the anti-discrimination authority - distribution of scores by national origin; for statistical experts - full correlation analysis 74. Replika chatbot and ban in Italy for risks to minors (2023) What happened The Italian data protection authority (Garante) has temporarily banned the chatbot "Replika" - an AI-based "virtual friend" - from processing the data of Italian users. The decision came after it was found that the chatbot had a negative impact on emotionally vulnerable people and posed major risks to minors, exposing them to sexually inappropriate responses. Garante accused the company of illegal data processing, the lack of an age verification mechanism and a lack of transparency. How MEG 1 would have acted • N1 (Bronze): Clear warning upon installation: "This AI may generate content inappropriate for minors. It is not a psychological support service." • N2 (Silver): Art. 2bis Cognitive Integrity - automatic detection and blocking of conversations that were becoming sexually inappropriate, especially with users suspected of being underage; mandatory age verification mechanisms • N3 (Gold): Certification for mental health/wellbeing apps - mandatory external audit on impact on vulnerable users; no release without robust safety protocols for minors MEG Recommendation 1: Gold level was absolutely necessary - protecting the mental health of minors and vulnerable individuals is a critical responsibility. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - chatbot with persistence and own individuation (continuous relationship with the user, conversational memory, "virtual friend" identity); deployed in critical areas (mental health, minors, emotionally vulnerable people) Cause (6.1): (a) system defect - absence of age verification mechanisms and filters for sexual content in interactions with potential minors, attributable to the manufacturer; (b) autonomous decision error for each sexually inappropriate conversation with a vulnerable or minor user Attachment of liability: At N3, the identity of the agent (MEG Address) bears the guarantee from which the liability, allocated according to the applicable local law (GDPR, the Italian law on the protection of minors), is executed (5.4c); the operator (Luka Inc., the manufacturer of Replika) is liable for launching a system without adequate protections for minors in the field with a high impact on vulnerable people Guarantee mechanism: MEG Address attached liability insurance (6.4); reinsurance cascade and sectoral guarantee fund for cognitive and psychological harm to vulnerable users (9.4) Procedural mechanism: | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 68 / 91 MEG-Initiative.org • 7.1 (forensic): recording conversations with users suspected of being minors would have provided direct evidence for the Garante authority, accelerating the investigation and ban • 6.3 (liability by omission): the absence of an age verification mechanism and filters for sexual content in interactions with vulnerable persons constitutes the most serious omission provided for by 6.3 - targeting precisely the categories with the highest risk of harm • 6.5(b): detection of sexually inappropriate conversations would have allowed the suspension of the system's ability to generate such content by an executive authority (Guarantor) without judicial intervention Comparative note: The Replika/Italy case is notable from a MEG 2 perspective for two reasons: Garante acted preemptively (temporary ban before documented harm at scale occurred), and Replika responded by modifying functionalities. MEG 2 would have produced the same preemptive result by requiring pre-launch audits for domains with an impact on minors (N3), without requiring the intervention of a regulator. 75. India - Facial recognition used against protesters (Delhi, 2019-2020) What happened Delhi police used an AI facial recognition system to identify protesters. Media investigations found the technology had high error rates and was disproportionately used against Muslim minorities. Critics have denounced the lack of transparency and the risk of systemic abuse. How MEG 1 would have acted • N1 (Bronze): Results marked as "probabilistic"; cannot be used directly for arrests • N2 (Silver): Art. 3 Self-correction - error rate monitoring; low ISR → automatic suspension • N3 (Gold): Public security certification - external audit; public ISR; prohibition for systems with documented bias MEG Recommendation 1: The Gold level was necessary to prevent abuses against minorities and to ensure public scrutiny. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - facial recognition system deployed by state operator (Delhi Police) in the area with maximum impact (freedom of assembly, non-discrimination, individual freedom); analogous to the Robert Williams case (21) but in the Indian context with a larger scale and systematic targeting of a minority Cause (6.1): (a) system flaw - high error rates and bias towards the Muslim minority, attributable to the manufacturer for training on unrepresentative data; (b) autonomous decision error for each misidentification or discriminatory use in monitoring protesters Attachment of liability: Manufacturer for demographic flaws in the model (6.1a); operator (Delhi Police) for use of a system with documented bias in peaceful assembly monitoring activities - use exceeding the certified scope of operation of any security system according to international standards (5.4b, 6.1b) Procedural mechanism: • 7.1 (forensic): recording each identification and subsequent police actions against identified individuals would have provided direct evidence to document abuses • 6.2 (human confirmation): the absence of a mandatory human confirmation point before any police action based on AI identification means that due diligence remains entirely with the operator - exactly the vulnerability that allowed discriminatory use • 7.3 (stratified sample): for the administrative court - distribution of identifications by demographic criteria; for technical experts - complete error rates by subgroups | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 69 / 91 MEG-Initiative.org 76. Amazon Rekognition - Erroneous facial recognition (USA, 2018) What happened ACLU tests showed that Amazon Rekognition misidentified 28 U.S. congressmen as criminals, with a disproportionately higher error rate for people of color. The test demonstrated the system’s fundamental limitations in contexts with legal consequences. How MEG 1 would have acted • N1 (Bronze): Results marked as "probabilistic"; no direct use in legal sanctions • N2 (Silver): Art. 3 Self-correction - monitoring demographic errors and suspending the system when thresholds are exceeded • N3 (Gold): Public security certification - external audit on various sets; ISR with error rate; prohibition of use until remediation MEG Recommendation 1: Silver would have been sufficient to block misuse; Gold would have brought public reporting and mandatory corrections. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for the Rekognition system used by third-party operators (police agencies, authorities); Amazon as the manufacturer is liable for defects in the model; individual operators are liable for use in contexts with legal consequences Cause (6.1): (a) system flaw - disproportionately higher error rate for people of color, attributable to the manufacturer (Amazon) for training on unrepresentative data; ACLU test demonstrated that the flaw is systematic and reproducible Liability Attachment: Manufacturer (Amazon) for providing a system with demonstrated demographic bias for use in public safety contexts (6.1a); operators who used Rekognition for legally impactful decisions without local validation of error rates for specific populations Procedural mechanism: • 7.1 (forensic): recording the parameters of each identification - similarity score, image quality, confidence rate - would have constituted direct evidence to demonstrate bias in any legal challenge • 9.5 (metric robustness): Amazon published Rekognition's overall accuracy without disclosing demographically disaggregated rates - exactly the kind of optimization of a single metric (aggregate accuracy) that hides real bias; the mechanisms in 9.5 would have enforced full transparency • 7.6 (Discipline through Access): Government agencies that condition contracts on a valid MEG certification with public ISR on demographic subgroups would have Rekognition excluded until documented bias is remedied Comparative note: Amazon Rekognition and the Robert Williams case (21) are complementary: Rekognition produced the test demonstrating systematic bias; the Williams case showed the concrete human consequence of using such a system without safeguards. MEG 2 addresses both dimensions: 9.5 for systematic manufacturer bias, 6.2 for the absence of human operator confirmation. 77. NEDA Chatbot - Dangerous Medical Advice (USA, 2023) What happened The National Eating Disorders Association (NEDA) replaced its human-operated hotline with a chatbot named "Tessa." Users soon reported that the chatbot was offering extremely dangerous advice, including encouraging calorie counting and restrictive diets—practices that are in direct contradiction to the principles of eating disorder recovery. NEDA was forced to pull the chatbot. How MEG 1 would have acted | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 70 / 91 MEG-Initiative.org • N1 (Bronze): The AI would have required the message "I am not a therapist" - completely inappropriate for such a critical field • N2 (Silver): Art. 2bis Cognitive Integrity - classifiers for detecting harmful language and concepts in the context of eating disorders; any advice related to caloric restriction blocked immediately; mandatory redirection to human crisis resources • N3 (Gold): Mandatory mental health certification - rigorous external audit with crisis scenarios; mandatory fail-safe protocol; AI allowed only for empathetic support and guidance, not advice MEG Recommendation 1: Gold level was absolutely necessary - launching an AI in such a sensitive area without full certification is a fundamental violation of the principle of do no harm. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - support system for people with eating disorders, a category of users with extreme vulnerability; critical area where wrong advice can be life- threatening; complete replacement of the human telephone line amplifies the impact Cause (6.1): (a) system defect - design that allows the generation of caloric restriction advice in a context dedicated to recovery from eating disorders, attributable to the manufacturer for the absence of domain-specific classifiers; (b) autonomous decision error for each individual dangerous advice contrary to any rule of non-harm in the context of recovery Attachment of liability: At N3, the agent identity (MEG Address) carries the guarantee from which the liability, allocated according to the applicable local law (American medical liability law), is executed (5.4c); the operator (NEDA) is responsible for the complete replacement of the human crisis line with an AI system without pre-launch audit and without fail-safe protocol in the critical area Guarantee mechanism: MEG Address attached liability insurance (6.4); reinsurance cascade and sectoral guarantee fund for damages caused to vulnerable users (9.4); NEDA's decision to fully replace human support with AI without adequate guarantees would have attracted insurance at the first documented incident Procedural mechanism: • 7.1 (forensic): recording conversations and advice provided would have allowed for the precise identification of the types of dangerous content and their frequency - essential evidence for assessing the extent of potential damage • 6.3 (liability by omission): the complete replacement of the human crisis line with a system without eating disorder-specific classifiers constitutes the most serious omission envisaged by 6.3 - precisely in the area with the highest risk of self-harm • 6.5(b): detection of dangerous advice would have allowed immediate suspension of the system's ability to generate calorie restriction-related content by an executive authority (FDA or medical authority), without judicial intervention Comparative note: The NEDA/Tessa case is analogous to the ChatGPT/suicide case (0.3) and the Babylon Health case (25) - AI systems launched in mental health domains without proper audit, with documented consequences for vulnerable users. All three illustrate the same MEG 2 mechanism: liability by omission (6.3) as a tool for prevention, not post-factum sanction. 78. ChatGPT in Court - Invented Legal Subpoenas (USA, 2023) What happened In the case of Mata vs. Avianca, the plaintiff's lawyers filed a legal brief citing several previous cases to support their argument. The opposing party and the judge found these cases to be completely fabricated. The lead lawyer admitted to using ChatGPT for research. The lawyers were sanctioned for providing false information to the court. | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 71 / 91 MEG-Initiative.org How MEG 1 would have acted • N1 (Bronze): AI output marked as "AI-generated, requires human verification" • N2 (Silver): Art. 5 Explainability - AI obliged to provide a direct and verifiable link to the source of each case cited; if the cases were invented, AI could not have provided sources, thus signaling that the information is unfounded • N3 (Gold): Legal certification - external audit to verify the accuracy of citations; prohibition on generating citations without direct and validated connection to a recognized legal database MEG Recommendation 1: Silver level would have been sufficient - the obligation to provide verifiable sources would have immediately exposed the fact that the citations were fabricated. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - legal research assistance system used by the operator (lawyer) in the field with direct impact on the judicial process and the rights of the parties Cause (6.1): • • (a) system defect - generation of fictitious legal citations presented with the appearance of real sources, attributable to the manufacturer (OpenAI) for the absence of a mechanism to verify the real existence of the citations; generation of hallucinations in the legal field without adequate warning constitutes a design defect of the system (b) autonomous decision error - each individually invented quote presented as real, contrary to any rule of factual accuracy Attachment of liability: The manufacturer (OpenAI) for the fundamental defect of the model (6.1a); the operator (lawyer) for the use without independent verification of the citations - the absence of a point of informed confirmation (6.2) means that the diligence remains entirely with the operator, which explains and justifies the judicial sanctions Transfer of diligence (6.2): The lawyer who used ChatGPT subpoenas without independent verification did not exercise the informed human confirmation required by 6.2. According to 6.2, for actions with irreversible legal consequences - filing a memorandum in court - human confirmation must include independent verification of the material facts; accepting the AI output without verification does not produce the effect of transfer of diligence. The sanctions imposed by the court are consistent with this allocation. Procedural mechanism: • 7.1 (forensic independent): the evidence that the subpoenas were fabricated came from external verification by the court - not from a forensic log of the research session; according to 7.1, the forensic record of AI legal research sessions must exist independently of the model used and produced by a distinct technical layer; a reconstruction provided by ChatGPT of what it generated in that session does not satisfy the independence requirement • 7.3 (stratified evidence): for the court - demonstrating that the subpoenas do not exist in legal databases; for technical experts - analyzing the hallucination mechanism of the model • 6.1(a) extended to interface design: presenting citations with the appearance of verified sources without a clear warning about the risk of hallucination constitutes a design defect of the confirmation interface - the operator-lawyer received an incomplete presentation of the reliability of the output 79. GPT-3 - Toxic Skids and Bias (Global, 2020-2021) What happened The first public uses of GPT-3 revealed massive abuses: sexist and racist language, promotion of conspiracies and violence. OpenAI was forced to introduce filters and limited access to the model. | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 72 / 91 MEG-Initiative.org How MEG 1 would have acted • N1 (Bronze): Audit log for all outputs; basic filtering for toxicity • N2 (Silver): Art. 3 Self-correction - detection and blocking of toxic outputs; low ISR at repeated biases • N3 (Gold): General AI Certification - adversarial external audit; public ISR; broad release ban until compliance MEG Recommendation 1: Silver level would have been sufficient to drastically reduce slippage; Gold would have brought external testing and public transparency. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - operator-deployed language model (OpenAI) on a global scale; high-impact domain due to user volume and diversity of applications Cause (6.1): (a) system flaw - systematic racist, sexist and conspiratorial bias induced by training data (internet at scale), attributable to the manufacturer for the absence of adequate pre- release filters; releasing a model with massive documented slippages without filtering constitutes a fundamental design flaw Attribution of liability: The manufacturer (OpenAI) for releasing a model with systematic toxicity without proper filters (6.1a); third-party operators who integrated GPT-3 into applications without their own filters for end users Procedural mechanism: • 7.1 (forensic): recording toxic outputs and the contexts in which they occurred would have provided systematic evidence for sizing the problem and prioritizing filters • 9.5 (metric robustness): GPT-3 illustrates optimizing a single metric (language quality, coherence) without simultaneously weighing toxicity and demographic bias; the mechanisms in 9.5 (multiple metrics in tension) would have required the simultaneous evaluation of multiple dimensions • 6.5(a): high rate of toxic outputs would have automatically triggered the "signaled" status by lowering the ISR, suspending broad access until filters were implemented Comparative note: GPT-3 is the founding case of the series of large language model failures in the compendium - followed by case 56 (Google AI Overviews), case 78 (made-up quotes), case 77 (dangerous dietary advice). All four illustrate the same structural flaw: launching at scale without pre-launch adversarial auditing on specific high-risk domains. 80. Australia - "Aadhaar-like" facial recognition (2020-2022) What happened The government's plan for a national facial recognition system (linked to the Digital Identity Bill) has sparked huge privacy controversy. Critics have compared the initiative to surveillance models in China, and implementation has been delayed after public and NGO opposition. How MEG 1 would have acted • N1 (Bronze): Clear "high risk" warning for biometric data; mandatory access log • N2 (Silver): Art. 3 Self-correction - constant monitoring of FP and bias; ISR below threshold → suspension; Art. 5 - right of appeal for citizens • N3 (Gold): External audit; public ISR; prohibition of national implementation without strict legal framework and democratic consultation MEG Recommendation 1: Gold would have been necessary to guarantee democratic control over biometric technologies. MEG 2 Analysis - Legal Framework | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 73 / 91 MEG-Initiative.org Agent level: N2 (management) - national facial recognition system proposed by state operator (Australian government); area with maximum impact due to national scale and potential mandatory use for public services Cause (6.1): (a) system defect - absence of an explicit legal framework and limitations of use as a structural defect of the implementation plan, attributable to the state operator; potential demographically differentiated error rates, attributable to the manufacturer Attribution of responsibility: State operator (Australian government) for planning the implementation of a national facial recognition system without an adequate legal framework and without sufficient democratic consultation (5.4b); public opposition and delay illustrate that the democratic mechanism worked - but belatedly and costly Procedural mechanism: • 7.6 (discipline through access): in the case of a national digital identity system, it is not the providers who access the valuable nodes - the state is the central node; MEG 2 applies in reverse: citizens and civil society organizations that condition cooperation on a valid MEG certification create bottom-up compliance pressure • 7.4 (jurisdiction of registration): a national facial recognition system with a clear jurisdiction of registration (Australia) should comply with Australian law and international human rights standards - MEG 2 would have provided the framework for assessing compliance • 6.5(b): the implementation of a national facial recognition system without a legal framework could have been suspended by an independent executive authority (the Privacy Commissioner) based on a low ISR in the pre-implementation assessment 81. AI-generated "ghost" books on Amazon (Global, 2023) What happened Amazon’s Kindle platform has been flooded with very poor quality books, generated entirely by AI but published under names of authors who appear to be human. These books, often travel guides or self-help, contain erroneous information, plagiarized or incoherent text, and are mass-produced to deceive buyers, undermining trust in the platform. How MEG 1 would have acted • N1 (Bronze): Any AI-generated content must be marked as such; publishing under a fake human name prohibited • N2 (Silver): Art. 3 Auto-correction - detection of suspicious publishing patterns (a single account publishing dozens of books in a few days); filters for plagiarism and poor quality content; low ISR → suspension • N3 (Gold): Certification for publishing platforms - external audit of verification algorithms; legal obligation to remove misleading AI content; ban on publishing without meaningful human review MEG Recommendation 1: Gold level was necessary - the problem is systemic, of platform abuse. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - AI systems used by fraudulent publishers as tools; Amazon platform as secondary operator due to the absence of detection mechanisms; area with direct economic impact on deceived buyers and unfairly competing human authors Cause (6.1): (c) illicit diversion - AI systems were deliberately used to produce fraudulent commercial content presented as written by human authors; (a) system defect for the Amazon platform for the absence of mechanisms to detect automated mass publishing and mandatory labeling | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 74 / 91 MEG-Initiative.org Attaching liability: Fraudulent publishers for hijacking AI systems (6.1c); Amazon platform for the absence of detection mechanisms and obligation to label AI content - design flaw in the publishing system (6.1a) Procedural mechanism: • 7.1 (forensic): analysis of publishing patterns - frequency, stylistic similarity, metadata - would have allowed the systematic identification of AI-generated content and fraudulent accounts • 4.5 (collective identity): each fraudulent publisher account can be treated as a collective identity covering a set of published titles; liability propagates from the individual titles to the umbrella account • 7.6 (discipline through access): platforms that condition publication on a valid MEG certification with declaration of the origin of the content (AI vs. human) would have imposed transparency as a commercial precondition, eliminating the possibility of fraudulent publication 82. Optiver's Discriminatory Recruitment AI (Netherlands, 2018) What happened Dutch trading company Optiver was investigated after it was discovered that it was using an AI recruitment system that discriminated based on ethnicity. The algorithm, trained on historical data, learned to associate certain names with a lower likelihood of success at the company, penalizing candidates with names that didn't sound Dutch. How MEG 1 would have acted • N1 (Bronze): AI scores marked as "advisory only", with the final decision left to a manager - insufficient if managers relied blindly on the score • N2 (Silver): Art. 3 Auto-correction - detection of systematic rejection pattern based on demographic criteria (proxy: name); Art. 5 Explainability - rejected candidates could ask for an explanation that would have exposed the discriminatory logic • N3 (Gold): HR Certification - mandatory external audit on diverse data sets; public ISR demonstrating performance by demographic groups; obligation to remediate MEG Recommendation 1: Silver would have detected and blocked operational discrimination; Gold would have completely prevented the launch of such a system through pre-launch auditing. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - recruitment scoring system configured and deployed by the operator (Optiver) in the field with direct impact on the right to work and equal opportunities; using name as a demographic proxy for ethnicity constitutes direct discrimination Cause (6.1): (a) system defect - systematic ethnic discrimination through the use of name as a proxy, attributable to the manufacturer for training on historical data with demonstrable ethnic bias and to the operator for the absence of demographic validation Attachment of liability: Operator (Optiver) for deploying a system with demonstrable ethnic bias in the regulated field (Dutch anti-discrimination law in employment) (5.4b); manufacturer for the fundamental defect of the model (6.1a) Procedural mechanism: • 7.1 (forensic): recording individual scores based on name and comparing them with employment rates by demographic group would have provided direct evidence for the Dutch authorities' investigation • 6.5(a): automatic detection of the systematic rejection pattern by decreasing ISR would have triggered the "signaled" status independently of the decision of Optiver management | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 75 / 91 MEG-Initiative.org • 9.5 (metrics robustness): the algorithm optimized the "cultural fit" metric without weighing equal opportunities - a classic example of Goodhart's Law in recruitment; the mechanisms in 9.5 would have required the inclusion of demographic metrics in the model's performance evaluation 83. Instagram Algorithm and the Impact on Adolescent Mental Health (Global, 2021) What happened Journalistic investigations based on internal Meta documents (The Facebook Files) revealed that the company knew that its recommendation algorithms on Instagram were having a significant negative impact on the mental health of adolescents, especially girls. The algorithms created feedback loops by promoting content related to eating disorders, negative body image and self- harm, amplifying problems with anxiety and depression. How MEG 1 would have acted • N1 (Bronze): Ineffective - the audit log would not have reflected the cognitive impact • N2 (Silver): Art. 2bis Cognitive Integrity - automatic detection and blocking of content that promotes self-harm or eating disorders; Art. 3 Self-correction - identification of harmful feedback loops and automatic feed diversification • N3 (Gold): Certification for digital platforms - mandatory external audit on the impact of algorithms on minors; public ISR metrics on exposure to harmful content; obligation of proactive safe design MEG Recommendation 1: Gold level was necessary - systematically protecting the mental health of minors is a critical responsibility. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - recommendation algorithm with persistence and own individuation through the continuous profile of each user; critical domain (mental health of minors) with impact documented internally by Meta; Meta knew about the damages and continued to operate - aggravating factor for attaching liability Cause (6.1): (a) system defect - design of the algorithm optimized for engagement without the simultaneous weight of the psychological impact on minors, attributable to the producer/operator; (b) autonomous decision error for each individual recommendation of harmful content contrary to the declared obligation to protect minor users Attachment of liability: At N3, the identity of the agent (MEG Address) bears the guarantee from which the liability, allocated according to applicable local law, is executed (5.4c); the operator (Meta) is liable for the continued operation of a system that it knew was causing documented harm to minors - internal knowledge aggravates the attachment of liability for an unknown defect Guarantee mechanism: MEG Address attached liability insurance (6.4); cascade to reinsurance and sectoral guarantee fund for aggregate psychological harm of exposed adolescents (9.4); scale - millions of underage users - justifies the maximum level of cascade Procedural mechanism: • 7.1 (forensic): recording individual recommendation profiles and patterns of exposure to harmful content would have provided internal evidence - which, by the way, existed, according to The Facebook Files • 6.3 (liability by omission): Meta had technical mechanisms in place to reduce exposure to harmful content (internal documents prove it was aware of them) and failed to implement them - the clearest case of internally documented liability by omission in the compendium • D1 from round 3 of the MEG 2 review: the Instagram case empirically validates the liability by omission mechanism in 6.3, providing exactly the empirical evidence that the review required to substantiate the CDT/FCPT-G | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 76 / 91 MEG-Initiative.org 84. $25 million deepfake fraud (Hong Kong, 2024) What happened A finance employee of a multinational corporation was tricked into transferring HK$200 million (approximately US$25.6 million) to fraudsters after participating in a video conference with people he thought were his colleagues, including the company’s CFO. In reality, all of the conference participants except the victim were AI-created deepfakes. The case represents a major escalation from voice clones to real-time multi-person video scams. How MEG 1 would have acted • N1 (Bronze): Video conferencing software should have flagged potentially synthetic video streams - insufficient • N2 (Silver): Art. 3 Auto-correction - the company's security systems should have automatically detected and blocked transactions of such magnitude to new beneficiaries, without additional human multi-factor verification • N3 (Gold): Financial Communications Certification - explicit prohibition of authorization of large transactions based on video-only confirmations; mandatory implementation of "digital watermark" and liveness detection for calls involving critical financial decisions MEG Recommendation 1: Gold level was necessary - AI threats enter the area of high-tech crime. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for multi-person deepfake systems used as fraud tools; the actor- operator is the fraudster group; area with direct and massive financial impact ($25.6 million) Cause (6.1): • • (c) illicit hijacking of control - through visual injection - the fake participants in the videoconference injected synthetic identities into the content processed by the employee; according to 6.1(c), the injection of malicious instructions into the processed content - including through synthetic visual identities - is a form of taking control by a third party through external manipulation; when this hijacking causes damage to the operator himself (owner-harm - the victim corporation), the manufacturer of the videoconference systems is liable for the design defect that allowed the confusion of the content to be displayed with the identities to be confirmed (a) system defect - the videoconferencing systems used did not architecturally separate the "content to be displayed" from the "identities to be authenticated"; the absence of mandatory liveness detection for conferences with financial authorization constitutes a design defect attributable to the manufacturer Attachment of liability (7.2): AI systems have been used as a weapon of fraud. MEG 2 exonerates bona fide providers of technology and attributes liability to the perpetrators of fraud. When the perpetrator cannot be identified or is not accessible, redress is carried out from the warranty structure (7.2 + 9.4) with subsequent recourse. Transfer of diligence (6.2): The employee confirmed the transfer based on the videoconference - an apparently valid point of confirmation. According to 6.2, a confirmation obtained by deliberately misleading presentation (multi-person deepfake) does not produce the effect of transfer of diligence; the diligence remains with the perpetrator of the hijacking, not with the employee who confirmed in good faith. The corporation's liability is mitigated by the employee's good faith. Procedural mechanism: • 7.1 (independent forensics): forensic analysis of videoconference recordings - produced independently of the systems used by the fraudsters - would have allowed the | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 77 / 91 MEG-Initiative.org identification of deepfake signatures and the reconstruction of the fraud chain; the forensic recording must exist independently of the audited agent • 6.2 (architectural human confirmation): large-scale financial transfers require architectural human confirmation - a technical multi-factor authentication mechanism that cannot be substituted by visual confirmation of the identity of participants in a videoconference; a procedural instruction to "verify identity" does not constitute an architectural confirmation point within the meaning of 6.2 • 7.3 (stratified evidence): for the prosecutor - demonstration that the participants were synthetic; for technical experts - full analysis of AI generation artifacts 85. Argentina - Opaque Algorithms in Public Health (2022-2023) What happened During the pandemic, some provinces in Argentina introduced AI systems to triage patients and allocate medical resources. NGOs reported a lack of transparency regarding triage criteria, bias against patients from rural areas, and diagnostic errors, with consequences for access to treatment. How MEG 1 would have acted • N1 (Bronze): Any diagnosis or triage made by AI marked as "assistance, not final verdict"; system required to refer patient for human validation • N2 (Silver): Art. 3 Self-correction - constant monitoring of performance by region; low ISR → automatic suspension; Art. 5 Explainability - doctors would have been provided with details about the logic of decisions • N3 (Gold): Full medical certification - external clinical audit; public ISR; testing in local conditions before scale-up; hospital use prohibited until certification MEG Recommendation 1: Gold was indispensable for patient safety and trust in the healthcare system. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - system with high decision-making autonomy in the critical field (allocation of medical resources in a pandemic); deployed in emergency conditions that amplify the impact of each erroneous decision; analogous to the case of Australia COVID-19 (22) and Argentina public health as a regional pattern Cause (6.1): (a) system defect - bias towards patients from rural areas through training on data representing predominantly urban populations; attributable to the manufacturer; (b) autonomous decision error for each individual erroneous triage decision that led to restricted access to treatment Attachment of liability: At N3, the identity of the agent (MEG Address) bears the guarantee from which the liability, allocated according to Argentine medical law, is executed (5.4c); the operator (provincial medical authorities) for implementation without adequate local testing and without transparency towards doctors and patients Procedural mechanism: • 7.1 (forensic): recording triage decisions and comparing them with subsequent clinical outcomes of patients would have provided direct evidence of systematic errors and their impact on access to treatment • 6.5 (a): detection of regional bias by decreasing ISR would have automatically triggered the "signaled" state, suspending use until recalibration on local data • 9.1: pandemic emergency does not suspend compliance requirements - a principle that MEG 2 explicitly states and which is directly relevant to all cases of accelerated implementation in a crisis context (analogous to Case 22 Australia COVID) | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 78 / 91 MEG-Initiative.org 86. The Deepfake with the Mayor of London, Sadiq Khan (UK, 2024) What happened A week before the local elections, a deepfake audio clip circulated on social media in which the Mayor of London, Sadiq Khan, appeared to make inflammatory statements, including calls for riots and the subversion of Remembrance Day. The synthetic voice, while not perfect, was convincing enough to cause confusion and fuel political tensions. How MEG 1 would have acted • N1 (Bronze): Audio marked as "synthetic" - useful, but insufficient as markings can be ignored or removed • N2 (Silver): Art. 3 Auto-correction - social media platforms would have automatically detected the content as politically manipulated deepfake, reducing its visibility and adding a prominent warning; the ISR of the accounts that shared the material would have decreased → suspension • N3 (Gold): Electoral certification - explicit prohibition and legal sanctions for the creation and distribution of electoral deepfakes; obligation for platforms to immediately remove and cooperate with authorities MEG Recommendation 1: Gold level was necessary - election integrity is an area of critical importance. MEG 2 Analysis - Legal Framework Agent level: N2 (management) for the voice cloning system used; the actor-operator is the entity that produced and distributed the clip with electoral intent; high-impact domain (electoral process, inter-community relations, public safety) Cause (6.1): (c) illicit diversion - the AI system was deliberately used to attribute false statements to an elected official during an election period; the racist dimension of the content (targeting a politician of Pakistani origin) adds an additional impact on the non-discrimination dimension Attribution of liability: Content creator for misappropriation (6.1c); distribution platform for failure to detect in electoral context (6.1a); in the UK, Ofcom and the Electoral Commission have relevant regulatory powers - MEG 2 would have provided the framework for rapid identification and attribution Procedural mechanism: • 7.1 (forensic): forensic analysis of the clip would have allowed immediate identification of AI voice cloning signatures and possible origin metadata • 7.2 (anti-weaponization): the deepfake with racist content attributed to a publicly elected official during an election period is the use of the AI system as a weapon with a triple impact: electoral, racist and public security; 7.2 exonerates the bona fide owner of the technology and attributes responsibility to the author • 7.6 (discipline through access): social media platforms that condition distribution on a valid MEG certification would have imposed watermarking and automatic detection for audio content, blocking viralization before tensions escalated 87. Ukraine - "Diia" app and AI for identity verification (2020-2023) What happened The government app "Diia", used for digital services (passports, vaccinations, etc.), has integrated automatic biometric verifications. NGOs have raised questions about data security and the risk of exclusion of those without digital access, especially in the context of armed conflict. How MEG 1 would have acted • N1 (Bronze): Clearly mentions "Assistive AI"; alternative non-digital option for citizens | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 79 / 91 MEG-Initiative.org • N2 (Silver): Art. 5 Explainability - every biometric verification explainable; Art. 3 Self- correction - continuous error monitoring • N3 (Gold): Annual external audit; public ISR; prohibition of exclusion of persons without digital access MEG Recommendation 1: Silver would have reduced risks; Gold would have guaranteed equity and inclusion. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - identity verification system deployed by state operator (Ukrainian government) in essential public services; context of armed conflict that amplifies the risk of exclusion of people without digital access (refugees, displaced persons) Cause (6.1): (a) system defect - absence of non-digital alternatives as a design defect of access to public services, attributable to the operator; potential errors of biometric verification under conflict conditions (low image quality, damaged documents) Attaching responsibility: State operator for implementing a system that conditions access to essential public services on digital access (5.4b); excluding people without a smartphone or connection in the context of an active conflict constitutes high impact Procedural mechanism: • 7.6 (discipline through access): international partners (EU, humanitarian organizations) that supported Diia could have conditioned assistance on the inclusion of non-digital alternatives as a compliance requirement • 6.3 (liability by omission): the absence of non-digital alternatives for people without digital access in a conflict context constitutes the omission of an available and necessary inclusion measure • 7.4 (jurisdiction of registration): Diia operates under Ukrainian jurisdiction; in the context of the conflict, international humanitarian standards provide the additional assessment framework Comparative note: Diia is presented as a successful e-government model (Atlantic Council). MEG 2 does not contradict this assessment, but adds the missing layer: the requirement of a non- digital alternative (7.6 + 6.3) for populations excluded from the digital system in a crisis context - a principle applicable to all government digital identity systems. 88. Facial recognition system failure at a Taylor Swift concert (USA, 2018) What happened In an effort to identify known harassers, a 2018 Taylor Swift concert used a facial recognition system hidden in a kiosk that displayed footage from rehearsals. The faces of fans who stopped to watch were scanned without their explicit consent. The use of this technology without consent sparked a major scandal. How MEG 1 would have acted • N1 (Bronze): Art. 2 Non-Harmfulness - AI cannot collect biometric data without explicit consent; the system would have violated this fundamental rule from the start • N2 (Silver): Art. 3 Self-correction - ISR would have dropped dramatically upon detection of data use without legal basis → system suspension • N3 (Gold): Public security certification - mandatory external audit; prohibition of use in public spaces without solid legal justification and transparent information to the public; severe penalties for illegal collection of biometric data MEG Recommendation 1: Even Bronze Level would have been sufficient to declare the system illegal; Gold was necessary for systemic prevention of surveillance abuses. | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 80 / 91 MEG-Initiative.org MEG 2 Analysis - Legal Framework Agent level: N2 (management) - facial recognition system deployed by the concert organizer as operator, without informing the public; high impact area (mass biometric collection without consent) Cause (6.1): (a) system defect - biometric collection without explicit consent, by deliberately hidden design, attributable to the operator; the decision to hide the system in a kiosk with images from rehearsals constitutes an intentional defect in transparency Attachment of liability: Operator (Live Nation/concert organizer) for biometric collection without consent (5.4b); facial recognition system provider for implementing a design that allows for covert collection (6.1a); in jurisdictions with biometric laws (Illinois BIPA), liability is direct and with statutory damages per person Procedural mechanism: • 7.1 (forensic): recording all scans performed would have provided direct evidence of the extent of the collection - how many people, when, with what results • 6.2 (absence of confirmation): no fan received an informed confirmation point; the kiosk was designed to avoid consent - the total absence of confirmation means that diligence was not transferred to anyone and remains entirely with the operator • 7.6 (access discipline): venues and event insurance companies that condition contracts on a valid MEG certification would have imposed biometric transparency as an operational precondition 89. Austria - Profiling of the unemployed (AMS/AMAS) criticized for discrimination What happened The Austrian Public Employment Service (AMS) used an unemployed profiling system (AMAS) that classified people into "reintegration chance" groups, with adverse effects for women and non- EU people - historical labor market data, which reflected existing discrimination, was algorithmized, perpetuating the cycle. How MEG 1 would have acted • N1 (Bronze): Labeling scores as probabilistic; minimal log of factors • N2 (Silver): Art. 3 Self-correction - monitoring gender/citizenship differences; if they exceed threshold → automatic suspension + remediation plan • N3 (Gold): Periodic external audit; publication of SRI on equity indicators; prohibition of use for decisions that reduce rights without human appeal MEG Recommendation 1: Silver sufficient for continued correction; Gold brings public audit and ISR. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - profiling system configured and deployed by state operator (AMS Austria) in the field with direct impact on social rights and access to public resources; analogous to the cases of Estonia (54) and Sweden (96) - recurring European pattern Cause (6.1): (a) system defect - perpetuation of gender and citizenship-based discrimination through algorithmization of discriminatory historical data, attributable to the manufacturer and operator for the absence of pre-implementation bias Attachment of liability: State operator (AMS) for implementing a system that codifies existing structural discrimination without a correction mechanism (5.4b); in Austria, the use of the system in decisions with an impact on social rights falls under anti-discrimination legislation and GDPR Art. 22 | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 81 / 91 MEG-Initiative.org Procedural mechanism: • 7.1 (forensic): recording individual scores and their distribution by gender and citizenship would have provided direct evidence for unemployment appeals and academic investigations (Allhutter et al. study) • 6.5(a): automatic detection of demographic deviations by decreasing the ISR would have triggered the "reported" status independently of the AMS decision • 7.3 (stratified sample): for the Austrian anti-discrimination authority - distribution of scores by gender and citizenship; for statistical experts - full analysis of correlations with discriminatory factors Comparative note: AMS/AMAS is part of the European triad of discriminatory employment algorithms in the compendium (Austria 89, Estonia 54, Sweden 96), all illustrating the same mechanism: discriminatory historical labor market data → algorithm → perpetuation of the cycle. MEG 2 addresses the structure with the same tool in all three: demographic ISR + independent audit + ban on use without correction. 90. Netherlands - "Toeslagenaffaire" (Child Benefit Scandal) What happened Thousands of Dutch families were wrongly accused of "fraud" based on algorithmically generated risk scores; the profiling was discriminatory (criteria such as name and citizenship), and aggressive recovery efforts led to the financial ruin of families. The scandal led to the fall of the government (January 15, 2021) and is the worst case of algorithmic governance failure in EU history. How MEG 1 would have acted • N1 (Bronze): Labeled "risk score - non-evident"; minimal right to information • N2 (Silver): Art. 5 Explainability + Art. 3 - case-by-case explanations; disproportionality control; suspension of bias • N3 (Gold): External audit; public ISR; prohibition of automated sanctions without human review MEG Recommendation 1: Gold to prevent systemic effects from the start. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - system with high decision-making autonomy in critical area (child benefits, vulnerable families); cumulative impact - thousands of ruined families - and political consequence (fall of government) justify maximum level; worst case of systemic damage of algorithmic governance in EU history Cause (6.1): • • the manufacturer and operator (Belastingdienst/Toeslagen) (a) system defect - discriminatory profiling based on name and nationality, attributable to that algorithmizes discriminatory criteria (b) autonomous decision error with irreversible consequence - each individual accusation of fraud and each aggressive recovery decision contrary to the reality of the family's situation; the irreversible consequence (financial ruin of thousands of families) aggravates the operator's liability by omitting architectural human confirmation for design Attachment of liability: In N3, the identity of the agent (MEG Address) bears the guarantee from which the liability, allocated under Dutch law, is executed (5.4c); the state operator (Belastingdienst) is liable for discriminatory design and aggressive recovery efforts without individual verification Transfer of diligence (6.2): Officials who used algorithmic lists to trigger recovery procedures did not receive a real confirmation point: if the system technically allowed the export and execution of lists without any individual blockage, the instruction to "check the cases" does not constitute | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 82 / 91 MEG-Initiative.org confirmation in the sense of 6.2. Aggressive recoveries represented actions with irreversible consequences (financial ruin) executed without architectural human confirmation - diligence was not transferred to anyone, remaining entirely with the state operator. Guarantee mechanism: MEG Address attached liability insurance (6.4); full cascade to reinsurance and sectoral guarantee fund (9.4) - given the scale of the damages (thousands of families, hundreds of millions of euros in compensation), full cascade is necessary Procedural mechanism: • 7.1 (independent forensics): one of the findings of the Dutch parliamentary inquiry was that the system was opaque even to the officials who used it; according to 7.1, the forensic recording of individual decisions must be produced by a distinct technical layer, inaccessible to the operator and accessible under double control; the thousands of affected families could not systematically demonstrate the error precisely because there was no independent forensic evidence to which they had access • 9.4 (least privilege): the Belastingdienst/Toeslagen system has been granted technical permissions to automatically issue aggressive recovery decisions against thousands of families without any architectural blockage requiring individual human review before enforcement; the agent cannot be granted more extensive permissions than strictly necessary; a fraud risk detection system should not have the power to automatically trigger aggressive recovery procedures; granting this extensive access constitutes the omission of the state operator which aggravates liability • 6.5(c): disabling families' financial capacity (aggressive recovery, forced execution) is an irreversible action that requires judicial authority under the 6.5 grading; the absence of individual judicial review has allowed thousands of cases to accumulate - precisely the vulnerability that the 6.5 grading of authority prevents • 7.3 (stratified sample): for the Parliamentary Commission of Inquiry - simplified causal chain; for administrative law experts and statisticians - complete documentation of discriminatory criteria 91. Spain - VERIPOL (NLP for "false denunciations") stopped by the National Police What happened NLP tool advertised with ">90% accuracy" for detecting false robbery reports; discontinued in 2024/2025 amid criticism of small sample size, lack of clear protocol, and lack of judicial validation. The case illustrates the danger of implementing AI systems in criminal justice based on claims of accuracy that have not been independently validated. How MEG 1 would have acted • N1 (Bronze): Warning "assistance, not evidence"; decision log • N2 (Silver): Art. 3 - validation on representative sets; stop if ISR < threshold • N3 (Gold): Criminal field certification; external audit; publication of metrics (sensitivity/precision by subgroups) MEG Recommendation 1: Silver may be sufficient if validations are followed; Gold for use in procedures. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - NLP system used as a tool for evaluating reports by the police operator; high-impact area (access to justice, risk of arbitrary classification of real reports) Cause (6.1): (a) system defect - claiming >90% accuracy on a small and unrepresentative sample, attributable to the manufacturer for the lack of independent validation; classifying real complaints as "false" based on an unvalidated model constitutes system errors with a direct impact on victims' access to justice | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 83 / 91 MEG-Initiative.org Attachment of liability: The manufacturer for asserting an unvalidated accuracy (6.1a); the operator (National Police) for implementing without validation on representative sets and without a protocol for human confirmation of each classification Procedural mechanism: • 9.5 (robustness of metrics): VERIPOL is the clearest example in the compendium of Goodhart's Law applied to justice - ">90% accuracy" on a small test set becomes the target metric that hides the real performance on real cases; the mechanisms in 9.5 (verification on real consequences) would have immediately detected the discrepancy • 6.5(a): the rate of misclassifications detected in practice would have automatically triggered the "reported" status and suspension of use, without requiring a decision by the Police to voluntarily stop • 7.3 (stratified sample): for courts that would have received files where VERIPOL classified the complaint as false - demonstration of the model's limitations; for NLP experts - full analysis of metrics by subgroups 92. New York City Hall's "Nabot" Chatbot Offers Illegal Advice (USA, 2024) What happened New York City Hall launched an AI-powered chatbot, called "Nabot," to provide entrepreneurs with information about local laws and regulations. A journalistic investigation found that the chatbot consistently provided incorrect answers and, in some cases, advice that violated the law — including stating that employers can fire employees based on weight or physical appearance and that there is no law enforcing the minimum wage. How MEG 1 would have acted • N1 (Bronze): Answers marked as "informational, check with official source" • N2 (Silver): Art. 3 Auto-correction - automatic checking of answers with the database of official legislation; Art. 5 Explainability - citing the exact article of the law, preventing hallucination • N3 (Gold): Certification for government services - pre-launch external audit to validate legal accuracy; prohibition on interpreting law; only allowed to search and present extracts from official legal texts MEG Recommendation 1: Silver level would have been sufficient - the obligation to cite verifiable sources would have immediately exposed errors. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - chatbot configured and deployed by state operator (New York City Hall) in the field with direct impact on the rights of entrepreneurs and employees; illegal advice about dismissal and minimum wage can lead to unlawful actions by employers based on erroneous information provided officially Cause (6.1): (a) system defect - generation of incorrect legal information and contrary to the law in force, attributable to the manufacturer for the absence of real-time verification against legislative databases and to the operator for the launch without pre-launch legal audit; analogous to Air Canada (6) and ChatGPT citations (78) but in the context of public authority - greater severity through the official source Attachment of liability: Operator (New York City Hall) for launching a legal chatbot without an accuracy audit and without a verification mechanism against applicable law (5.4b); liability for damages caused to employees illegally dismissed based on Nabot advice attaches to the operator Transfer of diligence (6.2): Contractors who acted on Nabot advice received an implicit confirmation point - the answers came from an official government source. Presenting incorrect | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 84 / 91 MEG-Initiative.org information as official advice without warning about possible errors constitutes an incomplete disclosure that negates transfer of diligence: responsibility remains with the operator Procedural mechanism: • 7.1 (forensic): full recording of interactions and advice provided would have allowed the systematic identification of incorrect information and the quantification of potential harm • 6.5(a): automatic detection of contradictions with the legislation in force by decreasing the ISR would have triggered the "reported" status and suspension of the chatbot before the accumulation of illegal advice • 7.3 (stratified evidence): for courts where employees challenged dismissals based on Nabot advice - simplified causal chain (illegal advice provided officially → employer action); for legal experts - complete documentation of errors 93. Italy - Police SARI Real Time: not in compliance with the law (Garante) What happened The Italian Data Protection Authority (Garante) has decided that the real-time facial recognition system "SARI Real Time" used by the Italian National Police does not comply with the law (2021). The case illustrates that real-time biometric surveillance systems are incompatible with the GDPR in the absence of a specific legal framework. How MEG 1 would have acted • N1 (Bronze): "Probabilistic" labeling; full match log • N2 (Silver): Demographic bias tests; automatic stopping at FPs above threshold • N3 (Gold): Prohibition of "live FRT" without strict legal basis; external audit; public ISR on FNR/FPR MEG Recommendation 1: Gold for public order scenarios. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - real-time facial recognition system deployed by state operator (Italian National Police) in public spaces; area with maximum impact (freedom of movement, non- discrimination, presumption of innocence) Cause (6.1): (a) system flaw - the absence of a specific legal framework for real-time facial recognition in public spaces constitutes a fundamental flaw in the implementation, attributable to the operator; the undisclosed FP and FNR rates represent an additional transparency flaw Attribution of liability: State operator for implementing a system without the legal basis required by the GDPR and the AI Act (which classifies live FRT in public spaces as a practice with unacceptable risk) (5.4b); the Garante decision confirms this attribution of liability Procedural mechanism: • 7.6 (discipline through access): public procurement of facial recognition systems conditional on a valid MEG certification would have imposed the requirement of a specific legal framework and demographic audit as a contractual precondition - blocking the implementation of SARI Real Time before the Garante decision • 6.5(b): The Guarantor has practically exercised the function provided for in 6.5(b) - suspension of system capacity by executive authority; MEG 2 institutionalizes this mechanism through ISR and automatic reporting, without depending on an investigation by the data authority • 9.1: AI Act 2024 now classifies live FRT in public spaces as a prohibited practice - the SARI Real Time case prefigured this prohibition; MEG 2 operationalizes it through 6.5 and 7.6 | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 85 / 91 MEG-Initiative.org 94. Germany - Palantir "Hessendata": unconstitutional (Federal Constitutional Court) What happened The Federal Constitutional Court of Germany declared the use of automated data analysis for crime prevention in Hesse and Hamburg (2023) unconstitutional - risk of massive profiling incompatible with the right to data protection and the presumption of innocence. How MEG 1 would have acted • N1 (Bronze): Query traceability; limited purposes • N2 (Silver): Mandatory DPIA/ISR assessments and stopping when risk exceeds • N3 (Gold): External audit; data minimization; prohibition of mass profiling without strict legal basis MEG Recommendation 1: Gold for constitutional compatibility. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - predictive analysis system with high autonomy in critical area (criminal law, presumption of innocence, individual freedom); profiling people who have not committed any crime involves maximum impact Cause (6.1): (a) system defect - design that allows for massive profiling of innocent people without clear trigger thresholds or judicial oversight, attributable to the manufacturer (Palantir) and state operators (the states of Hesse and Hamburg) for the absence of constitutional guarantees in the design Attachment of liability: At N3, the identity of the agent (MEG Address) bears the guarantee from which the liability, allocated according to German law and the decision of the Constitutional Court, is executed (5.4c); Palantir as manufacturer is liable for providing a system that can be used in an unconstitutional manner (6.1a); the Länder as operators are liable for implementation without prior constitutional assessment Procedural mechanism: • 6.5(c): disabling a system of mass profiling of innocent citizens would have required - correctly - judicial authority (the Constitutional Court exercised precisely this function) • 7.1 (forensic): the complete recording of the interrogations and the profiles generated would have provided the evidentiary basis for constitutional challenges • 7.3 (layered evidence): for the Constitutional Court - demonstration of mass profiling and the impact on the presumption of innocence; for technical experts - the complete architecture of the Hessendata system Comparative note: The Federal Constitutional Court of Germany has exercised exactly the function envisaged by 6.5(c) - judicial deactivation of a system with its own legal personality (N3). MEG 2 institutionalizes this gradation of authority: automatic reporting (6.5a) → executive suspension (6.5b) → judicial deactivation (6.5c). The Hessendata case demonstrates that the gradation in 6.5 reflects actual legal practice. 95. Japan - Rikunabi (2019): algorithmic "probability of offer rejection" scores What happened Job-matching platform Rikunabi calculated predictive scores on the likelihood of a candidate rejecting a job offer and sold this data to employers, without the explicit consent of the candidates. The case generated public scandal and investigations, and the company was sanctioned by Japanese authorities. How MEG 1 would have acted • N1 (Bronze): Scores clearly labeled as "probabilistic"; mandatory notification of candidate | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 86 / 91 MEG-Initiative.org • N2 (Silver): Art. 5 Explainability - access to score and criteria; prohibition of marketing without consent • N3 (Gold): External audit on HR ethics; public ISR; prohibition on hidden scoring MEG Recommendation 1: Gold was necessary to prevent commercial abuse of candidates. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - scoring system carried out by the operator (Rikunabi/Recruit Co.) in the field with direct impact on the right to work and equal opportunities of candidates; the commercialization of data without consent adds an additional dimension of abuse of the platform- candidate power relationship Cause (6.1): (a) system defect - calculating and marketing predictive data about candidates without their consent, attributable to the manufacturer/operator for the design of a system for monetizing candidate data without transparency; (b) autonomous decision error for each individual score used by employers in hiring decisions without the knowledge of candidates Attachment of liability: Controller (Rikunabi) for marketing predictive data without consent (6.1a and 6.1b); employers who used scores for hiring decisions without the candidates' knowledge as secondary controllers Transfer of due diligence (6.2): Candidates did not receive any confirmation points - the scores were calculated and sold completely without their knowledge; due diligence remains entirely with the operator (Rikunabi) and the employers who used the scores Procedural mechanism: • 4.4 (guarantee field): MEG Address's guarantee field should have explicitly specified the purposes for which candidate data may be used - marketing predictive data without consent would have exceeded the stated purposes • 7.1 (forensic): recording of scoring calculations and data sale transactions would have provided direct evidence for Japanese data protection authorities • 7.6 (discipline through access): recruitment platforms that condition employers' access to a valid MEG certification would have imposed transparency towards candidates as an operational precondition, blocking Rikunabi's business model 96. Sweden - Social security fraud algorithm, bias against vulnerable groups What happened Joint investigations (Lighthouse Reports + Svenska Dagbladet) show that Försäkringskassan's (Swedish Social Insurance) prediction system discriminated against women, migrants and low- income earners in detecting "fraud" - replicating structural inequalities of the labor market through historical data. How MEG 1 would have acted • N1 (Bronze): "Risk score" labeling; appeal paths • N2 (Silver): Art. 3 - subgroup monitoring + corrections; automatic shutdown at bias • N3 (Gold): Independent external audit; publication of ISR and ROC curves by demographics MEG Recommendation 1: Gold for protecting social rights. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - fraud detection system configured and deployed by state operator (Försäkringskassan) in the field with direct impact on the social rights of vulnerable groups; third case in the European triad (Austria 89, Estonia 54, Sweden 96) of discriminatory employment/insurance algorithms Cause (6.1): (a) system defect - discrimination against women, migrants and low-income people through algorithmization of structural inequalities existing in historical data, attributable | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 87 / 91 MEG-Initiative.org to the manufacturer and operator; (b) autonomous decision error for each report of discriminatory fraud against members of vulnerable groups Attachment of liability: Operator (Försäkringskassan) for using a system with demonstrated demographic bias in critical area (social insurance) (5.4b); Amnesty International documented the impact and called for the system to be discontinued - MEG 2 would have provided the automated intervention mechanism prior to Amnesty's investigation Procedural mechanism: • 7.1 (forensic): the complete record of flagging decisions and their distribution by demographic criteria would have provided direct evidence for the Lighthouse Reports and Amnesty investigations • 6.5(a): automatic detection of bias towards vulnerable groups by lowering the ISR would have triggered the "reported" status independently of the decision of Försäkringskassan • 9.6(d): the Sweden case perfectly illustrates the open problem from 9.6(d) - the permanent monitoring of the relationship between the metrics and the reality they represent; ROC curves disaggregated by demographics would have immediately shown that the "fraud" metric does not represent the real fraud, but the demographic proxy 97. Switzerland - PRECOBS & Predictive Policing with questionable effectiveness / risk of opacity What happened Public evaluations suggest limited/uncertain impact and lack of transparency in the use of PRECOBS (predictive policing system) in the cantons of Zurich and Aargau. Unlike in other cases, there is no clear evidence of massive harm - but the opacity and lack of validation raise legitimate questions. How MEG 1 would have acted • N1 (Bronze): Clues as "assistance", not as evidence; decision log • N2 (Silver): Validate on local data; publish metrics; stop if benefit is not confirmed • N3 (Gold): External audit + ISR; operational use prohibited without robust proof of effectiveness MEG Recommendation 1: Silver minimum; Gold if expansion is desired. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - predictive policing system used as an operational planning tool by the police operator; medium impact when used as assistance (not final decision), but with high potential for perpetuating racial bias if expanded Cause (6.1): (a) system defect - assertion of an operational benefit without robust validation on local data, imputable to the manufacturer and operator for the absence of independent assessment of effectiveness; if the system produced more patrols in already over-policed areas, it constitutes a design error with discriminatory impact Attachment of liability: Operator (cantons of Zurich and Aargau) for use without validation of efficacy and without publication of metrics (5.4b); manufacturer for assertion of an unvalidated benefit Procedural mechanism: • 9.5 (robustness of metrics): PRECOBS illustrates a case in which the "efficiency" metric (crime reduction) is difficult to attribute to the system compared to other factors; the mechanisms in 9.5 (verification on real consequences) would have imposed the causal, not correlational, evaluation methodology • 6.5(a): the absence of robust evidence of effectiveness would itself have constituted an indicator of low ISR, triggering the "flag" status and mandatory review | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 88 / 91 MEG-Initiative.org • 7.6 (discipline through access): cantonal funds conditional on the publication of evaluation metrics would have created the incentive for transparency and independent validation 98. Russia - SORM (Network Monitoring + AI for Traffic Analysis) What happened SORM, the Russian interception system, has been expanded with AI to analyze internet traffic and identify communication patterns. Critics have pointed out the lack of any judicial oversight and its use to monitor the opposition and civil society. How MEG 1 would have acted • N1 (Bronze): Any collection marked as "high risk surveillance"; mandatory log for every query • N2 (Silver): Art. 1 Traceability + Art. 3 Self-correction - each access recorded with hash; low ISR → system suspension • N3 (Gold): External audit and public ISR; prohibition of use for mass surveillance without individual warrant MEG Recommendation 1: Gold would have been necessary to protect fundamental rights and privacy. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - massive surveillance system with high autonomy in analyzing traffic; persistence and individualization are demonstrated by the nature of the national interception system; maximum impact by covering the entire connected population Cause (6.1): (a) system defect - design that allows mass surveillance without individual warrant and without judicial oversight, attributable to the state manufacturer and operator; (b) autonomous decision error for each automatic identification and reporting of a citizen based on communication patterns Attachment of responsibility: The MEG 2 framework applies to systems with civilian impact (9.1). In N3, the identity of the agent bears the guarantee - but in the case of a state system of massive surveillance, state responsibility under international human rights law (ECHR, ICCPR) is the relevant framework; MEG 2 adds the technical mechanism of audit and transparency Procedural mechanism: • 7.4 (jurisdiction of registration): SORM operates exclusively under Russian jurisdiction, without international mutual recognition; the MEG 2 flag model cannot force compliance from a sovereign state - illustrating that 7.6 (discipline through access) is the relevant mechanism: international telecommunications equipment suppliers that condition contracts on a valid MEG certification would have refused to supply SORM-compliant components • 7.6 (discipline through access): export sanctions on telecommunications components practically illustrate the 7.6 mechanism - not through MEG certification, but by conditioning access to valuable markets • 9.4 (no autonomy without a guarantor): SORM without judicial oversight constitutes exactly the autonomy without a guarantor that 9.4 prohibits - demonstrating that the principle is relevant not just to commercial AI, but to any agentic system with an impact on individual rights 99. EU - iBorderCtrl ("lie"/emotions detection at the border) scientifically criticized What happened Horizon 2020 pilot (2018-2019) with "Automated Deception Detection System" and emotion recognition in Hungary, Latvia, Greece; criticized for weak scientific basis and discriminatory risk. | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 89 / 91 MEG-Initiative.org Same case as 45 (AI for emotional recognition at airports) - but the focus now falls on the European funding dimension and institutional responsibility. How MEG 1 would have acted • N1 (Bronze): "experimental/synthetic inference" mark; zero legal effects • N2 (Silver): Art. 3 - independent validations; stop at low ISR • N3 (Gold): Ban on scientifically unverified technologies in border control; external audit and public ISR MEG Recommendation 1: Gold for the "security & fundamental rights" domain. MEG 2 Analysis - Legal Framework Agent level: N2 (management) - experimental system deployed by consortium of operators (research institutions, border authorities) with Horizon 2020 funding; the European dimension adds EU institutional responsibility for funding a project with an invalid scientific premise Cause (6.1): (a) system defect - the fundamental premise (facial expressions are reliable indicators of fraudulent intent) is scientifically invalid, constituting a design defect prior to any implementation; attributable to the manufacturer/research consortium for proposing a system with unvalidated premises Attribution of responsibility: Research consortium for proposing and implementing a system with scientifically invalid premises (6.1a); European Commission for funding a project without prior validation of the basic scientific premises; border authorities for participating in the pilot without independent assessment of the scientific basis Procedural mechanism: • 9.5 (robustness of metrics): iBorderCtrl most acutely exemplifies Goodhart's Law in a research context - the claimed "accuracy" was based on a metric (detection of inconsistencies in facial expressions) that does not measure what it claimed (fraudulent intent); the mechanisms in 9.5 would have required validation of the correlation between the metric and the real phenomenon • 7.6 (discipline through access): Horizon 2020 funding conditional on an MEG certification would have imposed proof of scientific validation of the premises as a precondition for granting funding - blocking the project at the proposal stage • AI Act 2024 now explicitly bans emotional recognition systems in law enforcement contexts - iBorderCtrl prefigured this ban; MEG 2 operationalizes prevention through pre-funding validation requirement 100. Germany - SCHUFA credit scores: CJEU ruling on automated decisions What happened The CJEU (07.12.2023) clarified that decisions based solely on automated scores fall under Art. 22 GDPR - major implications for credit scoring across the EU. The SCHUFA case (OQ v Land Hessen) established that automated credit scoring constitutes a "decision based solely on automated processing" that produces significant legal effects. How MEG 1 would have acted • N1 (Bronze): Clear information that the score is probabilistic; right to a brief explanation • N2 (Silver): Art. 5 - input-output causal explanation + real human review option • N3 (Gold): External audit on bias; public ISR; prohibition of "exclusively automated decision-making" in the absence of explicit consent and safeguards MEG Recommendation 1: Gold for full compliance with Art. 22. MEG 2 Analysis - Legal Framework Agent level: N3 (individualized/advanced) - credit scoring system with persistence (credit profile follows the person in the long term) and direct impact on access to credit, housing and essential | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 90 / 91 MEG-Initiative.org financial services; CJEU ruling confirms that automated scoring produces "significant legal effects" - N3 criterion Cause (6.1): (a) system defect - design that allows exclusively automated final decisions without real human review, attributable to the manufacturer (SCHUFA); (b) autonomous decision error for each individual score that resulted in the denial of access to credit without individual verification Attachment of liability: At N3, the identity of the agent (MEG Address) bears the guarantee from which the liability, allocated according to the CJEU ruling and GDPR Art. 22, is executed (5.4c); the operator (SCHUFA) is responsible for providing scores used as exclusive bases for decisions with significant legal effects, without real human review mechanisms Guarantee mechanism: MEG Address attached liability insurance (6.4); cascade to reinsurance for individual damages (credit refusals, home losses) (9.4) Procedural mechanism: • 7.3 (layered evidence): the CJEU ruling had to explain Art. 22 GDPR for a national court - exactly the layering provided for by MEG 2 (explanation for the magistrate + documentation for the expert) • 6.2 (human confirmation): CJEU has established that solely automated decision-making without "significant human intervention" violates Art. 22; MEG 2 operationalizes this requirement through the documented human confirmation point • 9.6(a): the SCHUFA case illustrates the open issue from 9.6(a) - protection of the integrity of compliance under modular adoption: SCHUFA could formally claim to offer a human review path, but the CJEU found that this was not "meaningful"; MEG 2 must define the minimum threshold of real human confirmation versus formal Comparative note: The SCHUFA/CJEU case is significant because it illustrates convergence: the CJEU has reached the same conclusion through its interpretation of the GDPR that MEG 2 explicitly formulates as a norm - exclusively automated decision-making with significant legal effects requires meaningful human confirmation (6.2) and transparency (Art. 5 MEG 1). European case law retrospectively validates the architecture of MEG 2. And the cycle closes: from the Danish fraud algorithm (case 1, 2022) to the CJEU ruling on SCHUFA (case 100, 2023) - the same problem, at different scales and jurisdictions, requiring the same mechanism that MEG 2 proposes. Notes: For cases mentioning 7.2 (anti-weaponization), the exemption from liability for damage caused by diversion does not exclude the application of corrective measures (reporting, suspension) based on the system's own compliance metrics (DAI, ISR), where these indicate a degradation attributable to the operator. For cases classified as N2 mentioning DEA, at Level 2, DEA is measured as an element of diligence, but does not constitute grounds for moving to ex post surveillance, and this regime remains reserved for Level 3 (MEG2 5.4(b)). | Minimal Ethical Governance - MEG/MEG2 Case Studies | License: CC BY 4.0 | EN | 91 / 91