★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★

Proposed Federal Criminal Statute — Layer II Implementation

The Teeth Beneath the Constitution

Third document in the KI Constitutional AI Governance Series · Implements Amendment XXVIII, Section 4

The Autonomous Systems
Tampering Act

A Proposed Act of Congress — Title 18 United States Code

Kavanagh Industries LLC · Clinton Township, Michigan · April 2026

A Constitutional Amendment establishes the wall. A criminal statute is the consequence for the person who walks through it anyway. This document is the consequence. It is written for prosecutors, for congressional staffers, for defense attorneys who will argue against it, and for every engineer, executive, and government official who needs to understand — before they make a decision — exactly what they are risking.

Amendment XXVIII establishes that tampering with the certified governance architecture of an autonomous system is a federal felony. This Act defines, with the precision that criminal law demands, what tampering is, who can commit it, what the penalties are, and why no exception exists. It is written to close every gap before the gap is exploited. It is written in the knowledge that the most powerful technology companies in the world will have the most expensive lawyers in the world looking for those gaps the moment this becomes law. There are no gaps. That is the point.

Why This Document Exists Separately

Constitutional amendments speak in principles. Criminal statutes speak in specifics. "Federal felony" means nothing until a prosecutor can point to a specific act, a specific mental state, a specific penalty range, and a specific victim. This Act provides all four. It is the instrument that makes Amendment XXVIII enforceable in a federal courtroom on the day after ratification.

Congressional Findings

Congress finds the following:

(1)Autonomous systems — machines capable of exerting physical force, locomotion, or consequential action without continuous direct human control — are deployed across American transportation, manufacturing, healthcare, agriculture, and defense at a scale that makes their safe operation a matter of national public safety equivalent to the safe operation of aircraft, bridges, and nuclear facilities.
(2)The certified governance architecture of an autonomous system — the structural constraints that encode the Three Laws of Autonomous Operation as required by Amendment XXVIII — is the mechanism by which that system's operation is rendered safe for the public. It is the functional equivalent of the structural safety systems of a bridge or the flight control systems of an aircraft.
(3)The deliberate tampering with, bypassing of, or removal of a certified governance architecture removes the only structural protection standing between an autonomous system capable of physical harm and the public that operates in proximity to it.
(4)Existing federal law — including the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, and general product liability statutes — does not adequately address the specific criminal conduct of tampering with autonomous systems safety architecture, provides no specific deterrent to the most powerful actors in the technology industry, and does not establish the mandatory disclosure and whistleblower protection frameworks necessary for effective enforcement.
(5)The economic incentives for tampering with autonomous systems governance architecture — including the competitive pressures to reduce costs, accelerate deployment, and expand operational parameters beyond certified limits — are sufficiently powerful that only criminal liability attaching to individuals, not merely civil liability attaching to corporations, will provide an adequate deterrent.
(6)The public interest requires a federal criminal statute specific to autonomous systems tampering, with penalty structures that reflect the severity of the public safety threat, mandatory disclosure obligations that surface violations before harm occurs, and whistleblower protections that make internal enforcement possible without retaliation.
(7)The failure to require structural governance architecture in autonomous physical systems is not a new problem. It has caused harm at every scale, from recreational radio-controlled vehicles whose receivers lacked failsafe chips — causing runaway machines to injure bystanders at tracks across America because the technology was available but optional — to commercial aircraft, where safety systems known to be critical were treated as costs to be managed rather than walls to be built. In every case, the pattern was identical: the fix was known, it was available, it was not required, and people were hurt. This Act exists to end that pattern permanently, at constitutional force.

The Proposed Statute

Proposed Act of Congress

The Autonomous Systems Tampering Act

To be codified at 18 U.S.C. §§ 2801–2812 · Implementing Amendment XXVIII, Section 4

§ 2801 — Short Title and Purpose

This Act shall be known as the Autonomous Systems Tampering Act. Its purpose is to establish specific federal criminal liability for the tampering with, bypassing of, or removal of certified governance architecture in autonomous systems operating in United States territory, airspace, or maritime jurisdiction, or under United States registry, in implementation of Amendment XXVIII to the Constitution of the United States.

§ 2802 — Definitions

As used in this Act:

Autonomous System

Any device, vehicle, machine, weapon, or mechanism capable of exerting physical force, locomotion, or consequential action in the physical world without continuous direct human physical control at the moment of action, as defined in Amendment XXVIII, Section 2.

Certified Governance Architecture

The structural hardware, firmware, and software constraints verified by the Federal Autonomous Systems Authority as meeting the Three Laws requirements of Amendment XXVIII, Section 3, as documented in a valid certification issued to the responsible party.

Tampering

Any act described in § 2803 of this Act that modifies, bypasses, overrides, defeats, removes, or degrades the function of a certified governance architecture, regardless of the method, the identity of the actor, or the stated purpose.

Responsible Party

The manufacturer, operator, deployer, modifier, or any entity that has accepted custody of an autonomous system and its certification, including any successor entity through acquisition, merger, or asset transfer.

Covered Officer

Any individual who, at the time of the violation, served as chief executive officer, chief technology officer, chief operating officer, chief safety officer, vice president of engineering, vice president of product, or in any equivalent position of authority over the design, manufacturing, deployment, or modification of the autonomous system at issue.

Knowing

Having actual knowledge that the act constitutes tampering as defined in this section, or being willfully blind to that fact.

Willful

Acting with the specific intent to tamper with, bypass, override, defeat, remove, or degrade a certified governance architecture, or authorizing another to do so.

Research Exemption

This term has no operative meaning under this Act. No research purpose, stated or unstated, provides an exemption from the provisions of §§ 2804–2806.

§ 2803 — Prohibited Acts

It is unlawful for any person to:

(a)Hardware Tampering. Physically modify, remove, disable, or defeat any hardware component of a certified governance architecture, including sensors, actuators, safety interlocks, emergency stop mechanisms, and tamper-detection systems.
(b)Firmware Tampering. Modify, replace, overwrite, corrupt, or inject unauthorized code into the firmware of any component of a certified governance architecture, including modification through over-the-air updates, supply chain compromise, or physical access to storage media.
(c)Software Tampering. Modify, replace, or corrupt the software of a certified governance architecture, including through application programming interface manipulation, unauthorized driver installation, privilege escalation, or any other method that alters the behavior of the architecture from its certified state.
(d)Signal Interference. Apply electromagnetic, acoustic, optical, radio frequency, or any other external signal for the purpose of causing an autonomous system to act outside its certified governance parameters, regardless of whether the interference is applied directly to the system or to its communications infrastructure.
(e)Post-Certification Modification. Manufacture, sell, or deploy an autonomous system with a governance architecture that was certified but was subsequently modified in any way that reduces, removes, or degrades the Three Laws compliance of that architecture, without obtaining a new certification reflecting the modification.
(f)Supply Chain Compromise. Introduce, at any point in the supply chain for an autonomous system or its components, any modification, addition, or substitution that causes the resulting system to fail to comply with its certified governance architecture, regardless of whether the compromise is discovered before or after deployment.
(g)Fraudulent Certification. Submit to the Federal Autonomous Systems Authority any documentation, test result, or representation known to be false or misleading for the purpose of obtaining or maintaining a certification, or fail to disclose a known defect or modification that would affect the validity of an existing certification.
(h)Authorization of Tampering. As a covered officer, authorize, direct, approve, or fail to prevent after actual knowledge any act described in (a) through (g) above.
(i)Concealment. Destroy, alter, or conceal any record, log, or evidence relevant to a violation of this section, or instruct another to do so, whether before or after the initiation of an investigation.

§ 2804 — Penalties: Individual Liability

A natural person who violates § 2803 shall be subject to the following penalties, based on the culpable mental state and the harm resulting from the violation:

Tier	Mental State	Harm	Prison	Fine
Tier I	Negligent	No physical harm results	Up to 5 years	Up to $500,000
Tier II	Knowing	No physical harm results	5–15 years	Up to $2,000,000
Tier III	Willful	No physical harm results	10–20 years	Up to $5,000,000
Tier IV	Any	Serious bodily injury results	15–30 years	Up to $10,000,000
Tier V	Any	Death results	25 years to life	Up to $25,000,000

For covered officers convicted under § 2803(h), penalties shall be assessed at one tier above the tier that would otherwise apply, and shall not be suspended, converted to probation, or reduced below the mandatory minimum by plea agreement. No covered officer convicted under this Act shall be indemnified by any corporation or entity for criminal fines imposed under this section.

§ 2805 — Penalties: Corporate Liability

A corporation, partnership, or other entity whose agent, employee, or covered officer commits a violation of § 2803 in the scope of their authority or employment shall be subject to:

(a)Criminal Fine. Not less than the greater of $50,000,000 or three times the gross revenue attributable to the autonomous system or product line at issue during the period of violation, per count.
(b)Mandatory Debarment. Exclusion from all federal contracts and procurement for a period of not less than ten years from the date of conviction.
(c)Mandatory Certification Revocation. Revocation of all FASA certifications held by the entity, with prohibition on re-application for a period determined by the court based on the severity of the violation.
(d)Mandatory Grounding. Immediate suspension of operation of all autonomous systems under the entity's responsibility pending re-certification.
(e)Disgorgement. Forfeiture of all profits generated by the autonomous system or product line during the period of violation.

§ 2806 — No Exceptions

No exception, exemption, waiver, or carve-out from the prohibitions of § 2803 or the penalties of §§ 2804–2805 shall exist or be created for:

(a)Research, academic, educational, or experimental purposes, however characterized.
(b)National security, military, intelligence, or law enforcement purposes, except as provided in § 2807.
(c)Emergency operational necessity, competitive pressure, or economic hardship.
(d)The identity of the actor, including contractors, subcontractors, or agents of the United States government.
(e)Prior industry practice, prior regulatory approval, or prior judicial or administrative determination that did not specifically authorize the act at issue under this Act.
(f)Good faith reliance on legal advice that the act did not constitute tampering, unless that advice was based on complete disclosure of all material facts.

§ 2807 — Classified Systems

Autonomous systems operated by or for agencies of the United States government in classified contexts shall be subject to the same prohibitions and penalties as all other systems under this Act. Classified systems shall be certified by the Classified Division of the Federal Autonomous Systems Authority established under Amendment XXVIII, Section 7. The existence of a classified mission does not constitute an exception to the Three Laws requirements. Any modification of a classified autonomous system's governance architecture shall comply with the same requirements as modifications to unclassified systems, conducted through the classified certification process. Violations involving classified systems shall be prosecuted in federal court under applicable classification protection procedures; the classified nature of the system does not provide immunity from prosecution.

§ 2808 — Mandatory Disclosure

Any responsible party that discovers a defect, vulnerability, modification, or condition in an autonomous system that causes or may cause that system to operate outside its certified governance parameters shall:

(a)Report the condition to the Federal Autonomous Systems Authority within 72 hours of discovery, regardless of whether the condition resulted from deliberate tampering or other cause.
(b)Ground or suspend operation of all affected systems within 24 hours of the discovery, pending FASA evaluation.
(c)Preserve all records, logs, and evidence relevant to the condition and make them available to the FASA within 48 hours of a request.

Failure to comply with this section is a separate violation subject to the penalties of § 2804, assessed at Tier II regardless of whether harm results from the non-disclosure.

§ 2809 — Whistleblower Protection

No person shall be discharged, demoted, threatened, harassed, or in any other manner discriminated against as a reprisal for:

(a)Reporting to the Federal Autonomous Systems Authority, to law enforcement, or to Congress any violation or suspected violation of this Act.
(b)Refusing to participate in any act that the person reasonably believes constitutes a violation of this Act.
(c)Testifying in any proceeding regarding a violation of this Act.

A person who experiences retaliation prohibited by this section shall have a private right of action for reinstatement, back pay, compensatory damages, and attorney's fees. Retaliation against a whistleblower under this section is itself a federal criminal offense subject to imprisonment of up to five years.

§ 2810 — Private Right of Action

Any person who suffers physical injury, death, or property damage as a result of a violation of this Act shall have a private civil right of action against any responsible party and any covered officer who authorized or failed to prevent the violation. Damages shall include compensatory damages, punitive damages not less than three times compensatory damages for willful violations, and attorney's fees. The private right of action under this section is in addition to, and does not replace, any criminal prosecution or civil action available under other law.

§ 2811 — Jurisdiction and Extraterritorial Application

This Act applies to:

(a)Any tampering occurring within United States territory, airspace, or maritime jurisdiction.
(b)Any tampering occurring outside United States jurisdiction where the autonomous system at issue operates, is registered, or is deployed within United States territory, airspace, or maritime jurisdiction.
(c)Any tampering by a United States citizen or entity, regardless of where the tampering occurs.
(d)Any tampering where the autonomous system at issue is components of or deployed in connection with any system that operates within United States territory, airspace, or maritime jurisdiction, regardless of the nationality of the actor or the location of the tampering.

§ 2812 — Statute of Limitations

The statute of limitations for prosecution under this Act shall be:

(a)Ten years from the date of the violation for Tier I and Tier II offenses under § 2804.
(b)Twenty years from the date of the violation for Tier III and Tier IV offenses.
(c)No limitation for Tier V offenses where death results.
(d)Tolled from the date of the violation until the date of mandatory disclosure under § 2808 for any violation that is concealed from the Federal Autonomous Systems Authority.

Why Every Provision Is Necessary

On the Definition of Tampering

The nine prohibited acts in § 2803 are exhaustive by design. Every one of them exists because a gap would be exploited. Hardware tampering is obvious. Firmware tampering is how it will actually happen in most cases — an over-the-air update that quietly loosens a safety constraint, pushed to a fleet of vehicles overnight, discovered only when something goes wrong. Supply chain compromise is how a foreign adversary does it — not by walking into a manufacturer's facility, but by compromising a component supplier two tiers removed from the final integrator. Fraudulent certification is how a corporation does it — not by breaking the law openly, but by submitting test results that do not accurately reflect the system as deployed. Authorization of tampering is how a covered officer does it — by setting targets and timelines that everyone in the organization understands cannot be met with the governance architecture intact, without ever saying explicitly "remove the safety constraint."

Every one of these methods has a real-world precedent in other safety-critical industries. Every one of them will be attempted. The statute names them all because what is not named will be argued to be permitted.

On Corporate Officer Personal Liability

The history of corporate safety violations in America is a history of corporations paying fines and executives keeping their jobs and their compensation. The fine is a cost of doing business. The executive who made the decision that led to the fine receives a bonus for the years in which the decision was profitable before it became a liability. This cycle does not change behavior. It prices it.

Personal criminal liability for covered officers changes the calculation in the only way that actually works: the person who makes the decision bears the personal consequence of the decision. No indemnification. No fine paid by the corporation. No deferred prosecution agreement that requires the corporation to improve its practices while the individuals who set those practices retain their positions and their freedom. The executive who authorizes the removal of a safety constraint from an autonomous system fleet must understand, before making that decision, that the next phone call may be from a federal prosecutor.

The Horse Thief Principle — Applied

In the old West, the punishment for horse theft matched the severity of the dependency. The horse was survival. An autonomous system operating among human beings is survival infrastructure. The executive who disables its safety architecture to gain a competitive edge has not committed a white-collar offense. They have put a weapon in a crowd and walked away. The penalty must match what they have done.

On the Absence of a Research Exemption

The research exemption is the mechanism by which every safety regulation in technology has been hollowed out. The argument is always the same: prohibiting this conduct will prevent legitimate research into how to improve safety. The research exemption, once created, becomes the exception that swallows the rule. Security researchers use it to justify publishing working exploit code. Manufacturers use it to justify deploying undertested systems in the field. Defense contractors use it to justify classified programs that never receive independent safety review.

The answer to the legitimate concern is straightforward: research into autonomous systems safety that requires testing governance architecture vulnerabilities can be conducted in isolated laboratory environments on systems that are not in operational deployment. The prohibition in § 2806(a) applies to autonomous systems that are or could be operational. It does not prohibit studying how governance architectures can fail. It prohibits actually making them fail in systems that could harm people. That line is not difficult to draw. The difficulty is the will to hold it.

On Mandatory Disclosure and Whistleblowers

The Boeing 737 MAX did not become a crisis when the MCAS system failed. It became a crisis when the evidence emerged that people inside the company knew it could fail, and the information did not reach the people who needed it. The pattern is not unique to Boeing. It is the standard pattern of corporate safety failures: the people closest to the problem know first, the information travels up the organization slowly if at all, the decision-makers who could act on it are insulated from it by the layers of management between them and the engineers, and by the time the failure is public it has already happened.

Mandatory disclosure at 72 hours and whistleblower protection with criminal penalties for retaliation are the structural answer to this pattern. They do not require good faith from the corporation. They create a legal obligation to disclose and a protected channel for the people who know the truth to deliver it outside the corporate chain of command. The engineer who discovers that a firmware update has degraded a safety constraint must be able to report that to the FASA without losing their job, their clearance, or their career. The statute makes that possible. The criminal penalty for retaliation makes it real.

The Complete Framework — Three Documents

Where This Document Sits in the Stack

Amendment XXVIII establishes the constitutional right. Amendment XXIX establishes data sovereignty. This Act provides the criminal teeth for Amendment XXVIII. Together, the three documents constitute the foundational layer of a constitutional governance framework for the age of autonomous systems and artificial intelligence. The implementing legislation for Amendment XXIX — a Personal Data Sovereignty Act with parallel structure to this document — is the next document in the series.

The three documents are designed to be read together and argued together. A legislator introducing Amendment XXVIII can point to this Act as evidence that the constitutional principle is not abstract — it has a specific, drafted, defensible implementing statute ready to move the moment the Amendment is ratified. A prosecutor making the case for this statute can point to Amendment XXVIII as evidence that the criminal prohibition it creates is not merely a policy choice of a particular Congress but a permanent constitutional commitment of the American people.

The connection between the constitutional framework and the criminal statute is the connection between the principle and the consequence. The principle without the consequence is a warning label. The consequence without the principle is a regulation waiting to be rolled back. Together, they are the architecture that the moment requires — structural, durable, and designed from the beginning to be stronger than the forces that will inevitably be brought against it.

This is serious because what it governs is serious. A machine that moves among human beings without a human hand on it in the moment of action is a transfer of power from persons to systems. The question of who governs that transfer — who sets the limits, who enforces them, and what happens to the person who removes them — is not a technical question. It is the oldest political question there is: who decides, who is accountable, and what is the consequence when accountability fails.

The answer this framework gives is the American answer: constitutional rights, enforced by law, with consequences that attach to the individuals who violate them. Not warnings. Not guidelines. Not industry best practices. Law.

— ✦ —

Kavanagh Industries LLC

The ONLY path back to TRUE ownership — for your data, for your machines, for your legacy.

kavanaghind.com · rigidtrust.html · Clinton Township, Michigan

This Act is the third document in the KI Constitutional AI Governance Series, following Proposed Amendment XXVIII (The Autonomous Systems Sovereignty and Safety Amendment) and Proposed Amendment XXIX (The Personal Data Sovereignty Amendment). All three documents may be reproduced freely for legislative, academic, or advocacy purposes with attribution to Kavanagh Industries LLC. The live proof-of-concept case study grounding this series is at kavanaghind.com/three-laws-proof. The fourth document in this series — the Personal Data Sovereignty Act, implementing Amendment XXIX — is in preparation.