As autonomous systems assume greater decision-making authority in orbit, the debate over “responsible behavior” risks getting stuck in a defensive crouch – focused on preventing accidents rather than shaping a high-functioning orbital ecosystem.
Constellations talked to Jesús Bernal Allende, founder and director general of IURUS Consulting and author of CLA: Algorithmic Law for the Cosmos, about why today’s governance debates around autonomous space systems focus too narrowly on preventing harm – and what’s missing when we don’t ask what a well-governed orbital environment should actually deliver.
Q: In a world where algorithms make split-second choices in orbit, how might our understanding of “responsible behavior” evolve when the immediate actor is no longer human?
A: The classical conception of responsibility assumes an identifiable human will behind every consequential act – an assumption that autonomous orbital systems render operationally obsolete. Responsible behavior must therefore be defined prospectively – in the design of the system’s objectives, constraint architecture and auditability – rather than evaluated retrospectively against human intent. The governing principle is that each actor answers for their sphere of control and knowledge, with intensity proportional to the system’s criticality and the failure’s severity. “Responsible behavior” becomes a property of institutional architecture – of how well a system was designed, certified and monitored –not of individual choice at the moment of action.
This shift is structural, not cosmetic. When communication latency between Earth and a spacecraft exceeds 24 minutes, the legal fiction of “human in the loop” dissolves. Responsible behavior must therefore be defined prospectively – in the design of the system’s objectives, constraint architecture and auditability – rather than evaluated retrospectively against human intent.
Q: When an autonomous satellite makes a decision that a human operator wouldn’t, what kind of legal standard should guide how that decision is evaluated?
A: CLA proposes a counterfactual audit standard – not a human-equivalence standard. The operative question is not “would a human have decided this?” but: “Given the information available, the constraints imposed, and the objectives specified, was this decision within the optimal range that the system’s design permitted?”
A decision taken in good faith with the data accessible at the time is not invalidated by subsequent data revealing a better option; the suboptimality is addressed through the accountability chain, not by annulling the decision retroactively.
The standard thereby avoids demanding perfection where it is computationally impossible while holding existential-stakes systems to the highest verifiable performance bar.
Q: When two autonomous systems perceive and interpret the same situation in conflicting ways, how should the law determine which interpretation becomes the basis for accountability?
A: For legal accountability, CLA applies proportional attribution: the system whose interpretation caused greater deviation from optimal outcomes bears primary liability, subject to assessment of whether that interpretation was reasonable given its available data. The operator of the system whose certified parameters produced the suboptimal interpretation bears second-layer liability. This avoids the accountability vacuum that arises when liability dissolves across multiple systems with no clear human decision point.
Q: If autonomous systems begin to dominate operational decision-making in orbit, how might legal language and regulatory concepts need to adapt to reflect a machine-centric operating reality?
A: Jurisdiction must migrate from territorial to functional – following who controls the critical infrastructure rather than where it physically is. A third legal category is needed: neither a full person nor a mere instrument, but an agent that takes autonomous decisions within defined limits, generates legally relevant consequences, is auditable and allows human override. Registration becomes a condition of legal operation; operating without registration makes the operator fully liable. Certification becomes a dynamic state rather than a one-time authorization.
Q: When rapid machine decisions create strategic ambiguity or escalation risks, what legal or policy tools could help maintain stability among states and operators?
A: The most urgent need is a pre-commitment architecture that prevents escalation before incidents occur. Public behavioral registration allows any actor to query the decision parameters of another system before interacting with it, creating predictable behavior rather than surprise. Before deployment, new systems are assessed for technical, economic, social, political and environmental consequences. Configurations that create destabilizing asymmetries are flagged before they enter service. Transparency requirements scale with capability, especially for systems with military-adjacent functions.
Q: If autonomous systems negotiate or coordinate actions that their human operators later dispute, what principles should determine whose choice ultimately governs?
A: The governing principle is that autonomous systems can only bind their operators within the scope of expressly delegated authority. An AI system that negotiates an orbital slot allocation or a collision avoidance protocol with another system does so as an agent of its operator – and the operator is bound by those negotiations to the extent they fall within the system’s pre-registered decision scope.
The deeper principle is that autonomous coordination cannot be a governance-free zone. Every system operating in shared orbital space must have a registered authority profile that other actors and adjudicators can rely upon. This creates strong incentives for operators to specify their systems’ negotiation authority carefully – underclaiming creates operational disadvantages; overclaiming creates liability exposure when disputes arise.
Q: When a machine recognizes an imminent safety threat that humans have not yet processed, how should legal frameworks treat the AI’s decision to take protective action on its own?
A: The key principle is prospective certification of authority. A system that takes protective action it was certified to take – where that authority was registered, auditable, and bounded by explicit limits – acts with legal validity even without real-time human approval. Operators who deploy systems with autonomous safety authority cannot later disclaim the consequences. Systems that act outside their certified scope – even if beneficial – create liability, because uncertified action introduces unpredictability the framework exists to prevent. The framework thereby transforms the question from the irresolvable “should machines be allowed to act without human approval?” to the tractable “what autonomous authority have humans prospectively granted, under what conditions, subject to what constraints?”
Q: As some operators gain access to highly advanced autonomy and others rely on manual judgment, what approaches could help maintain fairness and reduce systemic risk in shared orbits?
A: Asymmetric capability is one of the most significant structural risks in the orbital environment – and one that current frameworks almost entirely ignore. CLA addresses this through a combination of behavioral disclosure, systemic risk monitoring, concentration limits and an evidence-based economic architecture.
Behavioral disclosure requirements create baseline information parity independent of capability level. Any operator who can query the certified behavioral profiles of a highly autonomous constellation – its priority hierarchies, autonomy levels, override conditions and constraint architecture, all registered in IURUS – can anticipate how that system will behave in shared-use scenarios. This does not equalize capability; it prevents capability asymmetry from becoming informational asymmetry, which is the mechanism through which asymmetry generates systemic surprise.
Q: When autonomy reduces certain kinds of human error but introduces new forms of unpredictability, how should the law define and manage the boundaries of acceptable unpredictability?
A: The governance challenge is that unpredictability is not uniformly problematic – innovation requires it – but certain forms generate systemic risks that individual operators cannot internalize. CLA distinguishes between operational unpredictability (acceptable within defined bounds) and structural unpredictability (requiring regulatory intervention) along two dimensions: scope and cascadability.
Operational unpredictability – a system that takes an unexpected approach to a routine orbital maneuver – is acceptable when it remains bound within the system’s certified operational envelope, when IURUS logs enable ex-post reconstruction and when the unexpected behavior is causally isolated. Structural unpredictability – behavior that creates second-order effects on other systems, or that emerges from interactions between systems that no individual operator could anticipate — is the target of CLA’s regulatory attention.
Q: As algorithms accumulate behavioral histories of their own, what factors should shape public and regulatory trust in AI systems operating in space?
A: Trust in AI systems operating in space cannot rest on the same foundations as institutional trust in human actors – there is no analog to professional reputation, judicial review of reasoning processes, or the social accountability mechanisms that regulate human behavior. CLA proposes that trust must be built on four pillars:
- First, epistemic legitimacy: decisions must be backed by verifiable data, rigorous methodology, and traceable reasoning.
- Second, functional legitimacy: the system’s behavioral history must demonstrate that it maximizes probability of collective survival and minimizes systemic risk within its operational domain. This requires public reporting on performance against declared objectives, including incidents where the system’s behavior was unexpected or where decisions were subsequently found to be suboptimal.
- Third, ethical legitimacy: No amount of functional performance rehabilitates an ethical breach.
- Fourth, procedural legitimacy: every act of the system must be fully traceable, auditable, and revisable.
Q: How should national-security doctrine evolve when AI-driven space systems make decisions at speeds that outpace diplomatic communication, human interpretation, or traditional rules of engagement?
A: The speed asymmetry between autonomous system decision-making and the institutional rhythms of national-security doctrine represents a categorical change in the relationship between military intent and military action – not a technical challenge that can be addressed by faster human review. Rules of engagement designed for human decision cycles become operationally empty when the relevant decisions are made in milliseconds.
What national-security doctrine will need to develop – and this is an analytical implication of the CLA framework rather than doctrine the CLA itself formalizes – is a theory of anticipatory authority: the legal basis for binding normative commitments made at design and certification time that govern machine actions in operational time.
Q: By 2033, what kinds of governance structures, norms, or legal expectations will be essential for a safe orbital environment where autonomous systems are the primary decision-makers?
A: CLA’s analysis of the 2026-2033 window identifies this period as decisive: the governance norms established in these years will determine whether the orbital environment evolves toward a commons governed by shared rules or toward a feudalized infrastructure controlled by whoever achieved dominant positions before frameworks consolidated.
By 2033, three elements are structurally necessary:
- First, a functioning behavioral registry that provides verifiable information about the operational profiles of all significant autonomous systems. Without this, the orbital environment cannot achieve the coordination required for safe shared operation; actors cannot anticipate each other’s behavior, and incidents cannot be properly attributed.
- Second, a dispute resolution mechanism with genuine reach over commercial operators – not merely interstate arbitration, but a forum with jurisdiction over corporations and systems operating beyond effective state regulatory capacity.
- Third, a set of categorical behavioral norms treated as non-negotiable regardless of operator nationality or commercial interest – covering at minimum: prohibition on actions that create irreversible commons harm mandatory behavioral disclosure for autonomous systems above defined capability thresholds, and recognition of every actor’s right to safe passage under defined conditions.
What is not necessary by 2033 – and may be counterproductive – is a comprehensive treaty regime attempting to regulate all autonomous space activity. The history of multilateral arms control suggests comprehensive frameworks are hostage to holdouts and become obsolete faster than they can be renegotiated. The CLA’s layered adoption strategy – building functional governance through coalitions of willing actors before multilateral consensus is achievable – is designed precisely for the political reality of 2033.
Explore More:
Autonomy On Orbit: What Satellites Should Decide for Themselves
4 Takeaways: The Path Forward for AI in Space: From Pixels to Insight
Automation, Governance and the Release 19 Shift in 5G NTN