AI governance frameworks are not failing to deploy because they are technically immature. They are failing to deploy because they are architecturally naive about the systems they propose to govern. The Execution Viability Framework (EVF) diagnoses this failure structurally: governance architectures that require voluntary adoption by incentive-inverted entities will not reach the entities that most need governing. This is not a contingent outcome. It is a predictable one. Post-quantum cryptographic transition changes this calculus for the first time. NIST’s finalization of FIPS 203, 204, and 205 in August 2024, combined with converging regulatory mandates across the United States, European Union, and Canada, has created what is, to the author’s knowledge and for this class of operators, the first infrastructure-level compliance forcing function with converging, time-bound mandates across major jurisdictions, one that the entities most resistant to governance transparency cannot sustainably route around within those jurisdictions and procurement regimes. The cryptographic substrate must change. The question is what governance architecture that substrate change makes possible, and whether organizations choose that architecture during the voluntary window that precedes full mandate enforcement, or accept the architecture that regulators impose afterward. This paper argues that the choice between these two positions is not technical but structural, and that it is time-bounded. Organizations that act during the voluntary window retain governance architecture choice. Organizations that wait forfeit it. This asymmetry between early movers who design and late movers who are assigned constitutes a governance decision that boards are currently making by default.
Amelie Kingsbury Barry (Wed,) studied this question.