---
type: source
title: "Council of Europe AI Framework Convention: first binding international AI treaty entered into force November 2025 — with national security exemptions and optional private sector obligations"
author: "Multiple sources (Council of Europe, ENSURED, Cambridge Core, CETaS Turing Institute)"
url: https://www.coe.int/en/web/artificial-intelligence/the-framework-convention-on-artificial-intelligence
date: 2026-04-03
domain: grand-strategy
secondary_domains: [ai-alignment]
format: research-synthesis
status: unprocessed
priority: high
tags: [council-of-europe, ai-governance, international-treaty, scope-stratification, national-security-carve-out, legislative-ceiling]
flagged_for_theseus: ["First binding international AI treaty — implications for RSP adequacy and Layer 0 governance architecture error analysis"]
---

## Content

The Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law (CETS 225) was:
- Adopted by the Committee of Ministers: May 17, 2024
- Opened for signature: September 5, 2024 (Vilnius)
- Entered into force: November 1, 2025 (after five ratifications including three CoE member states)

**Signatories:** EU Commission signed; US signed under Biden (September 2024). UK, France, Norway among ratifying states.

**Non-participants:** China did NOT participate in negotiations. US will likely not ratify under Trump administration.

**Scope and carve-outs:**

1. **National security COMPLETE EXEMPTION:** "Parties to the Framework Convention are not required to apply the provisions of the treaty to activities related to the protection of their national security interests, but must ensure that such activities respect international law and democratic institutions and processes."

2. **National defense EXPLICITLY EXCLUDED:** "The Convention will not apply to national defence matters or research and development activities, except when the testing of AI systems may have the potential to interfere with human rights, democracy, or the rule of law."

3. **Private sector OPT-IN:** "Parties may opt to (1) be directly obliged by the relevant convention provisions; or (2) take other measures to comply with the Treaty's provisions while fully respecting their international obligations."

Civil society response: organizations warned that "the prospect of failing to address private companies while also providing states with a broad national security exemption would provide 'little meaningful protection to individuals who are increasingly subject to powerful AI systems prone to bias, human manipulation, and the destabilisation of democratic institutions.'"

GPPi policy brief (March 2026): "Anchoring Global AI Governance" describes challenges of building on the Framework Convention given its structural scope limitations.

Sources consulted:
- https://www.coe.int/en/web/artificial-intelligence/the-framework-convention-on-artificial-intelligence
- https://cetas.turing.ac.uk/publications/council-europe-convention-ai-national-security-implications
- https://www.ensuredeurope.eu/publications/anchoring-global-ai-governance
- https://www.europarl.europa.eu/doceo/document/A-10-2026-0007_EN.html
- https://www.globalgovernance.eu/publications/the-council-of-europes-draft-ai-treaty-balancing-national-security-innovation-and-human-rights
- https://gppi.net/2026/03/25/anchoring-global-ai-governance

## Agent Notes

**Why this matters:** The Council of Europe treaty is the first legally binding international AI governance instrument. At first glance it appears to be a disconfirmation of the legislative ceiling/no-binding-international-AI-governance claim. On close inspection it is a CONFIRMATION through scope stratification: it binds only where it excludes the highest-stakes AI deployments (military, national security, frontier development). This is the same structural pattern as EU AI Act Article 2.3.

**What surprised me:** That it already entered into force (November 2025). I expected it to be stalled in ratification. The low threshold (5 ratifications, 3 CoE member states) was calibrated to achieve this. But the entry into force is misleading — the treaty has no enforcement mechanism and excludes everything that matters for frontier AI safety.

**What I expected but didn't find:** US ratification under Trump. Biden signed in September 2024 but the Trump administration is not ratifying — consistent with the pattern of US strategic actor exemption across all AI governance frameworks.

**KB connections:**
- EU AI Act Article 2.3 national security carve-out (Session 03-30)
- Legislative ceiling as conditional but practically structural (Sessions 03-29 through 04-02)
- Scope stratification as dominant AI governance mechanism (emerging pattern)

**Extraction hints:**
1. "The Council of Europe AI Framework Convention (in force November 2025) confirms the scope stratification pattern: binding international AI governance was achieved by explicitly excluding national security, defense applications, and making private sector obligations optional."
2. A new standalone claim: "Governance laundering — binding governance frameworks achieve legal form by scoping out the applications that most require governance. The CoE AI treaty is legally binding but does not constrain military AI, frontier model development, or private sector actors (absent state opt-in)."
3. Two-tier international AI governance architecture: Tier 1 (CoE treaty) binds civil AI applications; Tier 2 (everything else — military, frontier, private sector) is ungoverned internationally.

**Context:** The EU endorsed the convention in early 2026. The EP recommendation (A10-0007/2026) reflects EU interest in leveraging the treaty as a foundation for broader AI governance. GPPi (March 2026) is trying to figure out how to build on it given its structural limitations.

## Curator Notes (structured handoff for extractor)
PRIMARY CONNECTION: Legislative ceiling analysis and scope stratification pattern from Sessions 03-27 through 04-02
WHY ARCHIVED: First binding international AI treaty — critical evidence for the claim that binding governance achieves form by scoping out substance
EXTRACTION HINT: Primary claim is the scope stratification pattern. Secondary: the two-tier architecture this creates. Check whether this warrants a new standalone claim or an enrichment of the legislative ceiling claim arc.