Distributed Authority, Concentrated Harm: A Framework for GPAI Liability Across the Authority Stack

This working paper introduces the Distributed Authority Architecture (DAA) and the GPAI Authority Stack, two analytical frameworks for understanding how liability is generated, distributed, and transferred across the multi‑layered ecosystem of General Purpose AI (GPAI) systems. The paper demonstrates why existing legal doctrines—product liability chains, vicarious liability, and supply‑chain accountability—are structurally insufficient to capture the liability dynamics of GPAI deployments. It grounds the analysis in established legal doctrine, including the EU Product Liability Directive, the EU AI Act, negligence and duty‑of‑care jurisprudence, and sector‑specific anti‑discrimination law. Through a mechanistic model of authority flow, a detailed stress‑test scenario, and an examination of structural distortions such as hyperscaler concentration, open‑model release, and the control‑dependency gradient, the paper provides a doctrinally rigorous framework for courts, regulators, and enterprise risk functions to apportion responsibility in GPAI‑related harm.