Section navigation
ACanonical DefinitionsBConformance ChecklistCRecord Surface Map TemplateDCustody Surface Map TemplateEConfiguration Exposure MatrixFFeedback Routing TableGAudit Evidence ChecklistHConformance Statement TemplateIIndependent Assessor GuidanceJConformance Model CrosswalkKARCS-to-NIST SP 800-53 CrosswalkLVerification and Attestation ProtocolMLegal and Discovery FrameworkNConduit and Custody ModelOIndustry Framework Comparison

Annex N: Conduit and Custody Model

This annex describes the structural relationship between infrastructure governance for communications networks (the conduit model) and interaction record governance for AI systems (the custody model). The comparison identifies the governance principles that have been applied to prior communications infrastructure and the extent to which those principles have or have not been applied to AI interaction records. This annex is informative.

N.1 The conduit model for communications infrastructure

Communications infrastructure governance, developed across common carrier doctrine, telecommunications regulation, and internet governance frameworks, operates on the principle that the infrastructure operator (the conduit) does not own, retain, or unilaterally govern the content that flows through the infrastructure.

This principle has been implemented through several regulatory instruments across different technology generations. Common carrier doctrine, originating in English common law and codified in the Communications Act of 1934, establishes that infrastructure operators bear a duty to provide service impartially and that the operator's commercial interests do not override the user's interest in the content. Net neutrality principles, articulated by Wu (2003) and grounded in the end-to-end design principle described by Saltzer, Reed, and Clark (1981), extend conduit-content separation to internet traffic: the network transports data without inspecting, prioritizing, or retaining it. The Communications Assistance for Law Enforcement Act (CALEA) establishes that lawful interception of communications requires judicial authorization and probable cause, and that records of user communications are not retained as a default byproduct of infrastructure operation. Section 230 of the Communications Decency Act provides that the conduit is not liable for user-generated content that passes through its infrastructure.

The structural achievement of this framework is a governance architecture in which the conduit does not retain the content by default, compelled production of content requires judicial process with procedural safeguards, and the conduit's operational and commercial interests are subordinated to governed retention rules.

N.2 AI platforms as structural inversion of the conduit model

AI platforms operate under an architecture that inverts the conduit model on every structural dimension.

Regarding ownership of content: under conduit governance, the infrastructure operator does not own the content. AI platforms retain interaction records as vendor-owned data assets, governed by vendor terms of service rather than user-controlled lifecycle policies.

Regarding default retention posture: conduit governance presumes non-retention of content unless legal process compels otherwise. AI platforms retain interaction records by default, and non-retention requires user-initiated configuration on a per-platform, per-tier basis with no standardized verification mechanism.

Regarding compelled production standard: interception of ISP traffic requires a warrant, probable cause, and judicial authorization. Production of AI interaction records requires only a standard civil discovery request or subpoena, with no warrant, no probable cause showing, and no judicial pre-authorization required.

Regarding use of content: ISPs are generally prohibited from using the content of user communications for commercial purposes without consent and legal process. AI platforms use interaction records for model training, safety review, analytics, and product improvement as a standard business practice, governed by terms of service.

Regarding jurisdictional mapping: ISP infrastructure is regionally situated, and user traffic passes through infrastructure governed by the user's jurisdiction. AI platform infrastructure stores records in data centers the user did not choose, in jurisdictions the user cannot verify, under retention policies the user did not set.

N.3 The governance gap

Communications infrastructure has a governance framework, assembled across decades of regulatory development, that establishes how the conduit relates to the content. AI interaction records have no equivalent governance framework. No retention standard specifies defaults, limits, or lifecycle controls. No production standard constrains access to interaction records beyond the ordinary civil discovery rules that apply to all ESI. No framework requires the platform to separate the processing function (generating a response to the user's input) from the retention function (storing the record of what the user asked, how the user reasoned, and what the system produced).

In a typical AI deployment, two independent custody surfaces exist: the operator surface (interaction content traversing the operator's application stack, databases, caches, logs, analytics pipelines, backups, and observability tools) and the vendor surface (interaction content retained by the AI service provider for safety monitoring, abuse prevention, debugging, compliance, or legal hold). A vendor commitment not to use interaction content for model training does not address custody; training exclusion does not eliminate retention. Deployment-scale AI features generate more than visible chat history, including moderation flags, safety classifier outputs, abuse monitoring markers, human review queue records, operational logs, and metadata sufficient to link a user, a session, and an output to internal systems.

This gap compounds when interaction records propagate across vendor boundaries through connected-application architectures. Each integration point (API endpoint, tool connection, agent delegation) is a potential custody boundary where records pass from operator-governed infrastructure to vendor-governed infrastructure with no lifecycle controls. Multi-vendor propagation expands the custody surface in ways the operator may not be able to verify or constrain.

N.4 ARCS control families as the governance layer

ARCS addresses the governance gap by defining control families that correspond structurally to the components of the conduit governance model, translated from physical communications infrastructure to interaction record infrastructure.

ARCS-LIF (Record Lifecycle) establishes that retention is a governed decision rather than a platform default. Operators define retention posture, destruction schedules, and deletion triggers for each record category. Where conduit governance presumes non-retention unless legal process compels otherwise, ARCS-LIF requires that retention decisions be explicit, documented, and auditable, accommodating both non-retention architectures and deployments where retention is legally mandated.

ARCS-CUS (Custody Surface) requires operators to identify all custodians that hold interaction records, including platform vendors, tool providers, API endpoints, and downstream services. Where conduit governance benefits from the physical visibility of network infrastructure, AI interaction records may persist across vendor infrastructure the operator cannot inspect. Custody surface mapping produces the visibility that the conduit model assumes but that AI architectures do not provide.

ARCS-OPB (Operator Boundary) defines governance responsibility. Under conduit governance, regulatory obligations apply to the infrastructure operator by operation of law. ARCS-OPB establishes that the deploying operator, not the vendor, determines the governance posture for its AI systems, and that vendor terms of service do not override operator governance requirements.

ARCS-NCR (Non-Creation) applies verification requirements to non-retention claims. Under conduit governance, non-retention is verifiable through physical inspection of network infrastructure. ARCS-NCR requires that non-retention claims for AI interaction records be architecturally documented, independently verifiable, and distinguished from post-creation deletion.

ARCS-VER (Verification) establishes auditability. Where conduit compliance is verifiable by network inspection, AI record governance must be verified through the documentation, inspection, and testing mechanisms defined in the verification framework (see Annex L).

N.5 Scope of analogy

The conduit-custody comparison is a structural parallel, not a claim of legal equivalence. Communications infrastructure governance was developed through legislation, regulation, and judicial interpretation across multiple technology generations. AI interaction record governance is in an earlier stage of development. ARCS provides a governance framework that addresses the same structural concerns (retention defaults, custody mapping, production standards, verification) using control-based specification rather than legislative mandate. The comparison clarifies the governance architecture ARCS implements; it does not assert that AI platforms are or should be legally classified as common carriers.

Annex N is informative. It provides structural context for the ARCS governance framework but does not modify the normative requirements of the standard.