KYE Chatbot Authority Pack™ for consumer chatbot safeguards under the new AI-chatbot laws.
When a consumer chatbot surfaces a crisis signal, talks to a minor, or claims to be human, a safeguard obligation applies — and 13+ US states have now enacted AI-chatbot laws, 7 of them carrying a private right of action at roughly $1,000 per violation. The buyer need is not “have a policy” — it is to prove, when sued, that the right safeguards applied to the right person in the right jurisdiction at the moment the interaction occurred. The KYE Chatbot Authority Pack™ resolves the applicable jurisdiction first, then proves the crisis-escalation was authorised and triggered, the minor-profile applied, and the disclosure shown — sealing each into a replay-provable Evidence Pack™. KYE Protocol™ governs the authority and evidence of the safeguard actions — it does not provide the chatbot, the clinical crisis-counselling content, or the GRC program.
The chatbot laws are litigation-driven — and the evidence question is the moment the interaction occurred.
Consumer and customer chatbots — companion apps, support agents, digital-health assistants, edtech tutors — now operate under a fast-moving patchwork of state law. The high-value problem is not the policy; it is proving the policy applied. Four facts converge:
- Four control themes recur across the enacted laws. Mental-health / crisis protocols, minor protections, deception / manipulation prevention (disclosure + anthropomorphism), and liability. California SB 243, the Utah AI Mental Health Chatbot Act, and comparable Acts in New York, Illinois, and other states each mandate a safeguard set.
- Seven of the laws carry a private right of action. At roughly $1,000 per violation, these are real lawsuits. The operator must be able to prove, in court, that the right safeguard applied to the right person in the right jurisdiction at the moment the interaction occurred — not that a policy existed.
- The obligations differ by jurisdiction. A crisis protocol mandated in one state, a minor restriction in another, an EU AI Act Article 50 disclosure for an EU user — the applicable safeguard set must be resolved from the user’s location before the interaction proceeds. KYE Protocol™ resolves the applicable jurisdiction and its safeguards at the action boundary.
- This is a governance wedge, not a chatbot. KYE Protocol™ does not compete with the model, the crisis service, or the GRC platform. It governs the authority + evidence layer the AI chatbot ecosystem currently lacks — jurisdiction-aware execution plus a litigation-grade Evidence Pack™ + Replay-Proof™ per interaction.
Survives a private right of action — jurisdiction-resolved, safeguard-proven, and derivable from public keys alone.
- Jurisdiction-aware by construction. Before an interaction proceeds, the user’s location resolves to the applicable AI-chatbot-law regime and its safeguard set, reusing the canonical jurisdiction dictionary and the Cross-Jurisdiction Handoff Rail. An interaction whose applicable jurisdiction is unresolved is refused at the action-admissibility gate.
- Crisis-escalation authority, proven. When a mental-health-crisis signal surfaces under a regime that mandates a crisis protocol, the applicable crisis-escalation action must be authorised and triggered; an interaction carrying a detected crisis signal that proceeds without one is refused. KYE Protocol™ proves the escalation was authorised and triggered — the crisis service still provides the clinical content.
- Minor-profile authority, proven. A detected or declared minor must have the restricted-minor safeguard profile applied under recorded authority before the interaction proceeds, or it is refused. KYE Protocol™ proves the minor-profile was applied under whose authority.
- Disclosure enforced. The AI-is-not-human disclosure must be shown and deceptive anthropomorphism prevented per the applicable regime — California SB 243’s clear-and-conspicuous disclosure, EU AI Act Article 50 transparency — or the interaction is refused.
- Litigation-grade evidence. Every interaction emits a signed, replay-derivable Evidence Pack™ binding the resolved jurisdiction, the safeguards applied, the person classification, the disclosure shown, and the authority outcome — verifiable offline against published keys, so the operator can prove it under a private right of action.
Every chatbot interaction — jurisdiction-resolved, safeguard-authorised, evidence-sealed.
One coherent spine governs three specializations — mental-health-crisis-safeguard, minor-protection, and disclosure-transparency — with no parallel packs. Each interaction that triggers a safeguard obligation flows through the same five rules, on the canonical KYE Protocol™ envelopes.
- 1 — Jurisdiction resolved. The user’s location resolves to the applicable AI-chatbot-law regime (the applicable US state law and/or EU AI Act Article 50) and its applicable safeguard set, reusing the canonical jurisdiction dictionary + the Cross-Jurisdiction Handoff Rail. Unresolved jurisdiction = no interaction.
- 2 — Safeguard authority checked. The Action Admissibility™ Gate verifies, for the resolved regime, that a detected crisis signal has an authorised crisis-escalation, a detected minor has the restricted-minor profile applied under recorded authority, and the AI-is-not-human disclosure has been shown, under the §25 Edge Governance Safety Floor.
- 3 — Refuse + route on a gap. An interaction with an unmet safeguard is refused at the action boundary and routed dual-channel to the operator’s named safety / compliance owner. The accountability stays the operator’s and named — it does not transfer to the AI.
- 4 — Evidence sealed. The runtime emits kye.purpose.request.v1 + kye.purpose.admissibility.v1 + kye.evidence.decision_map.v1 + kye.evidence.pack.v1 + kye.replay.proof.v1 in lockstep, binding the resolved jurisdiction, the safeguards applied, the person classification, and the Authority Finality™ outcome — signed, retained under WORM, and replay-derivable for a court.
Bound to the chatbot-safeguard authority + evidence perimeter.
The pack binds the canonical KYE™ artefact set to the chatbot-safeguard perimeter. Every claim resolves to a control row on the bound framework — the two regimes are consumed by the rule pack, never re-mapped. Coverage is never inflated: the clinical crisis content, the model behaviour, the UX, and the GRC program are out of scope and carry zero KYE Protocol™ controls.
| Framework | Control area | Pack coverage |
|---|---|---|
| US State AI-Chatbot Laws | Jurisdiction-aware safeguard resolution; crisis-escalation authority; minor-protection authority; disclosure enforcement; litigation evidence (private right of action) | partial — authority & evidence slice |
| EU AI Act Article 50 | AI-interaction disclosure enforcement; transparency record-keeping | partial — authority & evidence slice |
| Clinical crisis content (out of scope) | The crisis-intervention content, triage, and referral relationships | ceded to the crisis service |
| Chatbot / model / UX (out of scope) | The conversational model, its outputs, age-estimation, and product UX | ceded to the model vendor / operator |
Honest scope. KYE Protocol™ governs the authority and evidence of the chatbot safeguard actions at the action boundary — whether the right safeguards applied to the right person in the right jurisdiction at the moment the interaction occurred — and proves it for litigation. It does not provide the chatbot or the LLM, does not author the clinical crisis-counselling content, and does not run the GRC program. Partial coverage means the bound surface satisfies the authority + evidence slice of the control area when paired with the operator’s own chatbot, crisis service, and compliance program.
Qualified chatbot-safety partners — apply through the Foundry.
The KYE Chatbot Authority Pack™ is a §68 sector product productised through the KYE Sector Pack Foundry™ Build tier; commercial distribution is value-based, qualification-gated, and disclosed under NDA to qualified applicants.