HAICA: Human-AI Co-Authorship Protocol — A Principled Governance Standard for Human-Directed AI Development

The normalization of human-directed AI development — producing functional software through natural language instruction rather than direct syntax authorship — has structurally outpaced the governance frameworks designed to regulate software production. Existing IP law, licensing standards, and secure development lifecycle frameworks assume the human author and the code author are the same entity. They are inadequate for a model in which human cognitive intent is translated into executable systems through an AI-mediated execution channel.This paper introduces HAICA (Human-AI Co-Authorship Protocol), an operational governance standard addressing this gap across six domains: ontological definition, tiered compliance architecture, security controls, publishing protocol, enforcement authority, and long-term preservation. HAICA introduces the concept of the cognitive instrument — a formally defined artifact category in which human cognitive architecture is externalised into functional systems through AI mediation — and argues that this category requires distinct governance treatment not addressed by existing standards.Five principal contributions are made: (1) the cognitive instrument as a formal governance category; (2) prompt lineage as an authorship evidence category; (3) packaging configuration as a novel vulnerability class not covered by conventional SAST tooling; (4) a tiered compliance architecture including a Tier 3 Lite pathway for small teams; and (5) century-scale governance durability provisions for the 2026–2100 window.HAICA is designed to remain coherent and enforceable from 2026 to 2100.