AI governance has crossed into hard international law for the first time. The instrument is the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law (CETS No. 225) — the CoE AI Convention — adopted on 17 May 2024 and opened for signature in Vilnius on 5 September 2024. It is the first binding international treaty to break from the non-binding soft-law lineage of the OECD AI Principles, the UNESCO ethics recommendation, and UN Resolution 78/265. But between the appearance of consensus and the substance of enforcement lies a decisive gap: as of late May 2026, twenty states have signed, yet only the EU has ratified, depositing its instrument on 15 May 2026 in Chișinău. The threshold for entry into force (five ratifications, at least three CoE members, plus three months) is unmet. The gradient of hard law is at work.
The thesis has two parts: first, the adoption of a binding international AI treaty is itself a doctrinal event, yet its hardening remains provisional and rests on a weak, self-reporting enforcement structure; second, beneath a surface on which global AI governance appears to converge on a "rights-based, risk-based, human-centric" vocabulary, four to five incompatible models coexist in deep divergence.
Why Now
Three causes converged. Soft-law saturation: five years of accumulation (OECD 2019, UNESCO 2021, G7 Hiroshima 2023, Bletchley 2023, UN Resolution 78/265 in March 2024) pushed the demand for hardening to critical mass. The EU AI Act and Brussels-Effect ambition: to extend Bradford's de facto and de jure mechanisms to AI, the EU needed an international vehicle, which is why it engaged actively in the CAI negotiations. The CoE's first-binding tradition: Convention 108 (1981, the first binding data-protection instrument, 55 ratifications), the Budapest Cybercrime Convention (2001, 76 parties), and the Oviedo Convention (1997) form the lineage into which CETS 225 falls.
Decided and Avoided
Eight chapters, 26 articles. Decided: seven core principles (human dignity, transparency, accountability, non-discrimination, privacy, reliability, safe innovation); remedies (Articles 14–15); risk and impact management (Article 16); the establish or designate oversight duty (Article 26); the Conference of the Parties (Article 23). Avoided: risk categorisation (the decisive contrast with the EU AI Act — no prohibited list); the private-sector "two modalities" (Articles 1(2) and 1(4) — direct obligation or "other appropriate measures"); the national-security exemption (Article 3(2), "shall not be required to apply", selective; Article 3(4), national defence, "do not fall within the scope", absolute); and the absence of compulsory ECtHR jurisdiction, with weak, COP-centred, self-reporting enforcement.
Surface Convergence, Deep Divergence
On the surface, the OECD, UNESCO, the UN, the EU, and the CoE share a "human rights, safe, trustworthy AI" vocabulary. Underneath, five incompatible models coexist. The EU: prescriptive, risk-based, binding regulation. The US: market-based, Senate ratification improbable, with the Trump administration's EO 14199 (4 February 2025) withdrawal review. The UK: signed but declined the Paris declaration, with no comprehensive AI statute. China: non-participant, not even an observer. Switzerland, Japan, Canada, and others: signatory non-CoE outsiders pursuing sectoral implementation. The vocabulary is shared; the implementation models are incompatible. CETS 225 is the ceiling of consensus, not the floor of enforcement — surface convergence / deep divergence, the inverse of the surface differentiation / deep convergence that marks the Thaler pattern.
Doctrinal Foundation and Industry Impact
Bradford's Brussels Effect and Bygrave's Strasbourg Effect (2021, 40 Computer Law & Security Review 105460) combine: the EU AI Act supplies market pressure, CETS 225 supplies normative legitimacy, in a dual-track diffusion. The hard-law/soft-law binary blurs too, as the OECD definition is incorporated into a binding instrument — soft-law content transposed into hard law. HUDERIA (adopted 28 November 2024, approved 26 February 2025; HUDERIA Model: COBRA, 25 February 2026), with its four-stage process, operates as a de facto compliance template. A three-layer stack is forming: ISO/IEC 42001, the NIST AI RMF, and HUDERIA. Vendor commitments from Microsoft, Anthropic, and OpenAI may expand from IP indemnification into human-rights compliance. International law is shaping the normative anchor of an industry's compliance ecosystem.
The Tests Ahead
Three tests measure the consensus. Ratification gridlock: Switzerland past 2027, the US Senate realistically out, the UK, Japan, and Canada delayed — if entry into force slips to 2028, an unentered treaty loses doctrinal weight. A US signature withdrawal: EO 14199 (4 February 2025) plus the January 2026 exit from 66 organisations, against the precedent of the Arms Trade Treaty withdrawal (2019), gives the administration an incentive for a symbolic exit. Weak Conference-of-the-Parties enforcement: Article 23 self-reporting with no teeth, and the GDPR-style complement available only in the EU, leaving "binding" increasingly nominal elsewhere.
The remaining question: is "binding international law" for AI possible, or does the hard-law/soft-law binary collapse at the frontier? CETS 225 is the first case to test the answer. The liminal present — entry into force nearing while ratification gridlocks — means the very attempt by international law to govern AI is reshaping the form of international law itself. The EU's ratification on 15 May 2026 is the institutional beginning of that process, not the confirmation of a result. The first binding AI treaty has arrived; it has not yet begun to bind.