The consent-under-incapacity problem: accountability when an AI agent must act for a person who cannot consent
Advance directives and healthcare proxies assume consent can be expressed before the fact. AI agents that act on behalf of incapacitated individuals operate in a domain where the consent architecture was designed for human judgment, not autonomous execution.
The standard accountability model for AI agents assumes a principal hierarchy that terminates in a capable human: a person who can confirm what was authorized, revoke permissions that are no longer appropriate, and contest a record they believe to be inaccurate. When something goes wrong, the capable human at the top of the hierarchy is the ultimate reference point. This model does not break down in most agent deployments. It breaks down in one category more completely than any other: when the person most directly affected by the agent's decisions is, at the moment of those decisions, incapacitated.
Incapacity takes many forms in the physical world — sedation, unconsciousness, acute cognitive impairment, or the gradual permanent reduction in decision-making capacity that accompanies certain long-term conditions. In all of these cases, the person cannot exercise their consent rights in real time. The legal and ethical frameworks governing this domain were built around human proxies: a designated person who knew the care recipient, could interpret their known values against a changing situation, and could take personal responsibility for judgment calls made under uncertainty. An AI agent is not a proxy in this sense. It executes logic against a parameter space. When the parameter space does not cover the situation in front of it, the gap must be resolved by something other than judgment.
At the post-quantum security crossing
Advance directive records — documents expressing a person's care preferences in anticipation of future incapacity — are among the most consequential accountability documents in care systems. Storing them with post-quantum cryptographic guarantees provides a strong property: the record cannot be modified without detection, and the guarantee is durable against any future cryptanalytic capability. This is the right property to have. It is not the property that matters most in the consent-under-incapacity scenario.
A post-quantum-signed advance directive proves that the document has not changed since it was signed. It does not prove that the signer's intent at the time of signing corresponds to their current clinical state, their current values, or the specific decision the agent is now navigating. Instructions written before a diagnosis are not instructions for after one. Care preferences expressed under one understanding of a prognosis may differ substantially from what the person would choose under a revised prognosis. The integrity guarantee applies to the document as written. The interpretation gap between the document and the situation is a human judgment problem, and the agent encounters it every time it acts on an advance authorization in a scenario that does not cleanly match the document's conditions.
At the hardware crossing
Agents operating in care contexts with incapacitated individuals frequently depend on hardware-embedded clinical decision logic — medical devices and monitoring platforms that execute protocols specified at configuration time and attested at deployment. Hardware attestation confirms that the device is running authorized firmware in a verified state. This is a meaningful guarantee. It does not address whether the authorized protocol covers the patient's current condition at the resolution the situation requires.
Protocol gaps are a general problem in care automation, but they become critical in incapacity scenarios because the patient cannot signal when the protocol has reached its boundary. A capable patient who notices the device's response does not match what they expected can alert a clinician. An incapacitated patient cannot. The hardware attestation certifies the device state. It does not certify that the protocol encoded in that device state is appropriate for the current moment. When the agent's logic encounters a scenario its embedded protocol was not designed to handle, the incapacity of the person it is acting for means that the gap between protocol coverage and clinical reality goes unannounced by the one party most motivated to announce it.
At the physical-world care crossing
The physical-world care crossing presents the consent-under-incapacity problem in its most direct form. Legal and ethical frameworks governing incapacitated care rely on proxies who can exercise contextual judgment — who can weigh competing values, adapt to new information, and accept responsibility for decisions that cannot be fully justified in advance. An AI agent acting within an advance-authorized care plan is not exercising judgment in this sense. It is matching current conditions to pre-specified parameters and taking the action the parameters specify. When the current conditions fall outside or between the parameters, the agent is not in a position to recognize the gap the way a human proxy would.
This is not a criticism of agent deployment in care contexts. Agents provide continuous monitoring at resolutions and durations that human presence cannot match. The problem is specifically about what happens when the scope of action exceeds the scope of the authorization. In incapacity scenarios, there is no capable principal available to expand the authorization in real time. The gap must be handled by architecture: explicit incapacity operating modes with tighter autonomy bounds, mandatory escalation pathways to human proxies when the agent encounters conditions outside its authorization envelope, and enhanced logging of the reasoning behind each consequential action taken under advance rather than live consent.
The record as a material fact
There is one design response to the consent-under-incapacity problem that is often overlooked because it seems administrative: every accountability record produced while an agent is operating under incapacity authorization should explicitly document that fact. The record that the agent acted under advance authorization rather than live consent is not a disclaimer. It is a material fact for any subsequent review — clinical, legal, or ethical. A record that omits this context presents agent decisions made in the absence of a capable consenting principal as though they were made with one. That misrepresentation is not fixed by the cryptographic integrity of the record. It is introduced by what the record fails to say. Accurate, complete accountability in incapacity scenarios requires that the authorization mode under which the agent acted be part of the record the agent produces.
When an AI agent acts on behalf of an incapacitated person, the consent architecture — advance directives, proxy designations, embedded care protocols — was designed for human judgment, not autonomous execution. Post-quantum signatures certify that advance authorization documents have not changed; they cannot close the interpretation gap between a document and a present situation. Hardware attestation certifies device state; it does not certify that the embedded protocol covers the current moment. The design response is explicit incapacity operating modes: tighter autonomy bounds, mandatory escalation to human proxies when conditions fall outside the authorization envelope, and accountability records that document the authorization mode under which every consequential action was taken.
AI智能体的标准问责模型假设主体层次结构终止于一个有能力的人类:一个可以确认授权内容、撤销不再适当的权限并对其认为不准确的记录提出异议的人。当出现问题时,层次结构顶部的有能力人类是最终参考点。这种模型在大多数智能体部署中不会崩溃。它在一类情况中比任何其他情况都更彻底地崩溃:当受智能体决策直接影响最多的人在做出这些决策时丧失了行为能力。
行为能力丧失在物理世界中有多种形式——镇静、无意识、急性认知障碍,或伴随某些长期状况而出现的决策能力逐渐永久减退。在所有这些情况下,当事人无法实时行使其同意权。管理这一领域的法律和伦理框架是围绕人类代理人构建的:一个了解照护对象、能够根据其已知价值观对变化情况进行解释并能够对在不确定性下做出的判断决定承担个人责任的指定人。AI智能体不是这种意义上的代理人。它对参数空间执行逻辑。当参数空间不能覆盖其面临的情况时,差距必须通过判断以外的方式来解决。
在后量子安全交叉点
预立医疗指示——在预期未来丧失行为能力时表达一个人照护偏好的文件——是照护系统中最具影响力的问责文件之一。使用后量子密码保证存储它们提供了一个强有力的属性:记录在未被检测到的情况下无法被修改,并且该保证对任何未来的密码分析能力都是持久的。这是应具备的正确属性,但不是在行为能力丧失情况下同意问题中最重要的属性。
后量子签名的预立医疗指示证明文件自签署以来未发生变化。它不能证明签署时签署者的意图与其当前临床状态、当前价值观或智能体正在处理的具体决策相符。诊断前书写的指示不是诊断后的指示。在对预后的某种理解下表达的照护偏好可能与在修订预后下当事人会选择的内容有实质性差异。完整性保证适用于书面文件。文件与情况之间的解释差距是人类判断问题,每当智能体在与文件条件不完全匹配的场景中依据预先授权行事时,它都会遇到这个问题。
在硬件交叉点
在有失能个人的照护环境中运行的智能体经常依赖硬件嵌入式临床决策逻辑——在配置时指定协议并在部署时经过验证的医疗设备和监控平台。硬件证明确认设备在已验证状态下运行授权固件。这是一个有意义的保证,但它不能解决授权协议是否以所需的分辨率覆盖患者当前状况的问题。
协议差距在照护自动化中是一个普遍问题,但在行为能力丧失场景中变得至关重要,因为患者无法发出协议已达到其边界的信号。有能力的患者如果注意到设备响应与预期不符,可以提醒临床医师。丧失行为能力的患者则无法做到这一点。硬件证明认证了设备状态,但它不能认证该设备状态中编码的协议是否适合当前时刻。当智能体的逻辑遇到其嵌入式协议未设计处理的场景时,其所代理的人的行为能力丧失意味着协议覆盖与临床现实之间的差距无法由最有动机宣告这一差距的当事方来宣告。
在物理世界照护交叉点
物理世界照护交叉点以最直接的形式呈现了行为能力丧失下的同意问题。管理失能照护的法律和伦理框架依赖于能够行使情境判断的代理人——能够权衡竞争价值观、适应新信息并接受对无法完全预先理由化的决定承担责任的人。在预先授权照护计划内行事的AI智能体不是在这种意义上行使判断。它将当前条件与预先指定的参数进行匹配,并采取参数指定的行动。当当前条件超出或落在参数之间时,智能体不像人类代理人那样能够识别差距。
这不是对照护环境中智能体部署的批评。智能体在人类存在无法匹配的分辨率和持续时间下提供连续监测。问题特别在于当行动范围超过授权范围时会发生什么。在行为能力丧失场景中,没有有能力的主体可以实时扩展授权。差距必须通过架构来处理:具有更严格自主边界的明确失能操作模式、当智能体遇到超出其授权范围的条件时向人类代理人强制升级的途径,以及对在预先而非实时同意下采取的每项重要行动背后推理的增强日志记录。
记录作为实质性事实
行为能力丧失下同意问题有一个设计回应经常被忽视,因为它看起来像是行政事务:当智能体在失能授权下运行时产生的每条问责记录都应明确记录这一事实。智能体在预先授权而非实时同意下行事的记录不是免责声明,而是任何后续审查——临床、法律或伦理的——的实质性事实。省略此背景的记录将在没有有能力的同意主体情况下做出的智能体决策呈现为仿佛有该主体一样。这种错误陈述不能通过记录的密码完整性来修复,而是通过记录未能说明的内容引入的。在行为能力丧失场景中准确、完整的问责要求智能体采取行动所依据的授权模式成为智能体产生的记录的一部分。
当AI智能体代表失能人员行事时,同意架构——预立医疗指示、代理人指定、嵌入式照护协议——是为人类判断设计的,而非自主执行。后量子签名证明预先授权文件未发生变化;它们无法弥合文件与当前情况之间的解释差距。硬件证明认证设备状态;它不认证嵌入式协议是否适合当前时刻。设计回应是明确的失能操作模式:更严格的自主边界、当条件超出授权范围时向人类代理人强制升级,以及记录每项重要行动所依据的授权模式的问责记录。
AI智能體的標準問責模型假設主體層次結構終止於一個有能力的人類:一個可以確認授權內容、撤銷不再適當的權限並對其認為不準確的記錄提出異議的人。當出現問題時,層次結構頂部的有能力人類是最終參考點。這種模型在大多數智能體部署中不會崩潰。它在一類情況中比任何其他情況都更徹底地崩潰:當受智能體決策直接影響最多的人在做出這些決策時喪失了行為能力。
行為能力喪失在物理世界中有多種形式——鎮靜、無意識、急性認知障礙,或伴隨某些長期狀況而出現的決策能力逐漸永久減退。在所有這些情況下,當事人無法實時行使其同意權。管理這一領域的法律和倫理框架是圍繞人類代理人構建的:一個了解照護對象、能夠根據其已知價值觀對變化情況進行解釋並能夠對在不確定性下做出的判斷決定承擔個人責任的指定人。AI智能體不是這種意義上的代理人。它對參數空間執行邏輯。當參數空間不能覆蓋其面臨的情況時,差距必須通過判斷以外的方式來解決。
在後量子安全交叉點
預立醫療指示——在預期未來喪失行為能力時表達一個人照護偏好的文件——是照護系統中最具影響力的問責文件之一。使用後量子密碼保證存儲它們提供了一個強有力的屬性:記錄在未被檢測到的情況下無法被修改,並且該保證對任何未來的密碼分析能力都是持久的。這是應具備的正確屬性,但不是在行為能力喪失情況下同意問題中最重要的屬性。
後量子簽名的預立醫療指示證明文件自簽署以來未發生變化。它不能證明簽署時簽署者的意圖與其當前臨床狀態、當前價值觀或智能體正在處理的具體決策相符。診斷前書寫的指示不是診斷後的指示。在對預後的某種理解下表達的照護偏好可能與在修訂預後下當事人會選擇的內容有實質性差異。完整性保證適用於書面文件。文件與情況之間的解釋差距是人類判斷問題,每當智能體在與文件條件不完全匹配的場景中依據預先授權行事時,它都會遇到這個問題。
在硬件交叉點
在有失能個人的照護環境中運行的智能體經常依賴硬件嵌入式臨床決策邏輯——在配置時指定協議並在部署時經過驗證的醫療設備和監控平台。硬件證明確認設備在已驗證狀態下運行授權韌體。這是一個有意義的保證,但它不能解決授權協議是否以所需的分辨率覆蓋患者當前狀況的問題。
協議差距在照護自動化中是一個普遍問題,但在行為能力喪失場景中變得至關重要,因為患者無法發出協議已達到其邊界的訊號。有能力的患者如果注意到設備回應與預期不符,可以提醒臨床醫師。喪失行為能力的患者則無法做到這一點。硬件證明認證了設備狀態,但它不能認證該設備狀態中編碼的協議是否適合當前時刻。當智能體的邏輯遇到其嵌入式協議未設計處理的場景時,其所代理的人的行為能力喪失意味著協議覆蓋與臨床現實之間的差距無法由最有動機宣告這一差距的當事方來宣告。
在物理世界照護交叉點
物理世界照護交叉點以最直接的形式呈現了行為能力喪失下的同意問題。管理失能照護的法律和倫理框架依賴於能夠行使情境判斷的代理人——能夠權衡競爭價值觀、適應新資訊並接受對無法完全預先理由化的決定承擔責任的人。在預先授權照護計畫內行事的AI智能體不是在這種意義上行使判斷。它將當前條件與預先指定的參數進行匹配,並採取參數指定的行動。當當前條件超出或落在參數之間時,智能體不像人類代理人那樣能夠識別差距。
這不是對照護環境中智能體部署的批評。智能體在人類存在無法匹配的分辨率和持續時間下提供連續監測。問題特別在於當行動範圍超過授權範圍時會發生什麼。在行為能力喪失場景中,沒有有能力的主體可以實時擴展授權。差距必須通過架構來處理:具有更嚴格自主邊界的明確失能操作模式、當智能體遇到超出其授權範圍的條件時向人類代理人強制升級的途徑,以及對在預先而非實時同意下採取的每項重要行動背後推理的增強日誌記錄。
記錄作為實質性事實
行為能力喪失下同意問題有一個設計回應經常被忽視,因為它看起來像是行政事務:當智能體在失能授權下運行時產生的每條問責記錄都應明確記錄這一事實。智能體在預先授權而非實時同意下行事的記錄不是免責聲明,而是任何後續審查——臨床、法律或倫理的——的實質性事實。省略此背景的記錄將在沒有有能力的同意主體情況下做出的智能體決策呈現為仿佛有該主體一樣。這種錯誤陳述不能通過記錄的密碼完整性來修復,而是通過記錄未能說明的內容引入的。在行為能力喪失場景中準確、完整的問責要求智能體採取行動所依據的授權模式成為智能體產生的記錄的一部分。
當AI智能體代表失能人員行事時,同意架構——預立醫療指示、代理人指定、嵌入式照護協議——是為人類判斷設計的,而非自主執行。後量子簽名證明預先授權文件未發生變化;它們無法彌合文件與當前情況之間的解釋差距。硬件證明認證設備狀態;它不認證嵌入式協議是否適合當前時刻。設計回應是明確的失能操作模式:更嚴格的自主邊界、當條件超出授權範圍時向人類代理人強制升級,以及記錄每項重要行動所依據的授權模式的問責記錄。