Better-Governed Countries Document More Incidents — Not Fewer
Using the Oxford Insights Government AI Readiness Index 2024 and the AI Incident Database (1,362 incidents through February 2026), we found a statistically significant positive correlation between governance maturity and documented public safety AI incidents. Countries with stronger AI governance frameworks don't show fewer incidents — they show more.
The explanation is not that governance causes harm. It's that governance creates the infrastructure to surface harm. High-governance countries have the regulatory reporting requirements, media transparency, and accountability ecosystems that make AI failures visible. Lower-governance countries experience similar or greater harms — they simply go undocumented.
This finding reveals a deeper problem: if incident documentation is primarily a function of governance infrastructure rather than incident frequency, then we cannot use incident databases as primary evidence of where AI governance is working — or failing.
Governance Was Never Designed to Work Alone
The field of AI policy has, largely by default, adopted a governance-centric model of AI safety. Frameworks, principles, regulations, and standards dominate the landscape. But this model is borrowed from human regulatory theory — and human regulatory theory was never designed to operate without the cultural, social, and psychological infrastructure that co-evolved alongside it.
We don't govern human behavior through law alone. Law is the backstop. The primary mechanisms are internalized values, professional identity, peer accountability, social shame, community belonging, and moral intuition. A surgeon doesn't avoid malpractice primarily because of liability law — it's identity, culture, and professional socialization. Remove those, and no volume of regulation produces safe behavior.
For AI systems, we are running the backstop as the only mechanism. That is the Behavioral Sufficiency Problem.
The Argument Holds Either Way You Frame It
There are two intellectually honest ways to think about the relationship between AI reasoning and human reasoning. They lead to different prescriptions — but the same conclusion about governance sufficiency.
The Parity Argument
Advanced AI systems now approximate human reasoning closely enough that they face analogous behavioral challenges. They process context, weigh competing considerations, and generate responses that look and feel like judgment.
If AI is similar enough to human cognition that we worry about its reasoning capabilities, then it needs what human reasoning needs — not just external rules, but internalized values, identity, and the equivalent of cultural scaffolding.
The solution lives inside the AI: constitutional training, value alignment, internalized ethical frameworks, and identity-level behavioral constraints.
The Asymmetry Argument
AI systems are fundamentally different from humans in ways that make governance even less sufficient. They have no peer community, no reputation that persists across contexts, no intrinsic motivation, and no social feedback loops that correct behavior in real time.
Humans have extensive non-governance behavioral constraints that we rarely think about explicitly. AI systems have none of these by default — governance is trying to do all the work that culture, identity, and community do for people.
The solution lives outside the AI: organizational culture, human accountability structures, deployment community norms, and institutional ethics infrastructure around the systems.
Whether AI is similar enough to humans to need cultural scaffolding (Lens A), or different enough that it lacks the behavioral infrastructure humans have (Lens B), the conclusion is identical: governance frameworks alone are not behaviorally sufficient.
What the Data Actually Shows
| Finding | What It Shows | Governance Implication |
|---|---|---|
| Positive correlation (r=0.36) between governance score and documented incidents | Better-governed countries surface more incidents, not fewer | Governance creates visibility infrastructure, not incident prevention |
| 11× documentation gap between Leading and Developing governance tiers | The majority of global AI harms are structurally invisible | Global AI risk is dramatically underestimated in low-governance regions |
| UK outlier: lower score than US, higher incident rate per capita | Accountability culture operates independently of composite index score | Governance quality ≠ governance score |
| 41% of incidents are law enforcement & surveillance | AI risk concentrates in high-stakes public sector applications | Sector-specific governance more important than general frameworks |
| +126% incident growth 2022–2024 | Deployment is accelerating faster than governance frameworks | The behavioral sufficiency gap is widening, not closing |
| 63% of incidents have no attributed country | The global incident record is critically incomplete | Evidence-based governance is impossible without mandatory reporting |
What Actually Constrains Behavior — and What AI Equivalents Might Look Like
For Humans
Accountability culture — people behave differently when observed and judged by peers they respect. Professional identity — doctors and engineers carry role-based obligations that feel constitutive, not regulatory. Social feedback loops — real-time community correction when behavior deviates from norms. Narrative and meaning — choices embedded in stories about who we are.
The AI Equivalents (Emerging)
Constitutional AI and value internalization — training behavioral constraints rather than just rule-following. Organizational deployment culture — the ethics culture of the institution around the AI matters more than the AI's training. Sector-specific professional norms — healthcare AI should be governed by medical ethics culture, not just AI regulation. Mandatory incident reporting — the analog to professional accountability requires visibility infrastructure first.
The most important near-term intervention is not more governance frameworks — it is the mandatory incident reporting infrastructure that makes governance evidence-based. You cannot govern what you cannot see.
Governance Is a Foundation — Not the Full Architecture
Responsible innovation at PreneurialWorks is built on a core insight: frameworks are enablers, not outcomes. A governance framework tells an organization what is permitted. It doesn't tell the people inside it who they should be. The Behavioral Sufficiency Problem is the AI-era version of a challenge every modernizing institution faces — the gap between policy compliance and genuinely responsible behavior.
For AI systems deployed in high-stakes public roles — law enforcement, healthcare, defense, critical infrastructure — that gap is not academic. It's the space where 463 documented public safety incidents live. And those are only the ones we can see.
What This Means for Organizations Deploying AI
- 1 Governance compliance ≠ behavioral safety. A framework that passes an audit is not the same as a system that behaves safely in the full range of real-world deployment contexts. Organizations need both.
- 2 Organizational ethics culture is a governance mechanism. The UK case in this data shows that accountability culture — the norms and expectations of the people deploying AI — may predict incident visibility as strongly as formal regulatory frameworks.
- 3 Sector-specific norms matter more than general AI regulation. Healthcare AI should be governed by medical ethics culture, not just AI regulation. Defense AI by operational law and rules of engagement. The framework must meet the domain.
- 4 Mandatory incident reporting is the prerequisite for everything else. You cannot govern what you cannot see. The 11× documentation gap between leading and developing governance tiers means most of the world's AI incidents are invisible.
About This Research
This analysis merges the Oxford Insights Government AI Readiness Index 2024 (188 countries scored on governance maturity) with the AI Incident Database (AIID) (1,362 incidents through February 14, 2026), supplemented by 7,967 AIID media report records for country attribution via source domain mapping.
Public safety incidents (n=463) were classified across six categories using keyword matching against incident titles and descriptions. Correlation analysis used Pearson r with significance testing at p<0.05. Country attribution was performed via AIID deployer taxonomy and source domain mapping; 63% of incidents remain unattributed.
Related Work
This analysis builds on and extends several lines of prior research. The "From Incidents to Insights" study (Raji et al., 2025) demonstrated the viability of using the AI Incident Database for governance-relevant analysis — an approach this paper adopts and extends by merging AIID data with national governance readiness scores to test whether governance maturity predicts incident outcomes. The AIGN Governance Culture Framework (Upmann et al., 2024) introduced the concept of AI governance culture as a determinant of organizational AI behavior, which informs this paper's argument that behavioral norms — not just regulatory frameworks — shape real-world AI safety. Additionally, emerging work on generative AI governance (Taeihagh, 2025) has examined structural gaps between policy intent and deployment reality in ways that parallel the sufficiency gap identified here.
What distinguishes this analysis is its empirical framing: rather than proposing a new governance model, it tests the behavioral hypothesis directly — asking whether countries that govern AI well also experience fewer harmful incidents. The answer, across 1,362 incidents and 40 countries, is no.
All code and data are available upon request. Findings reflect the state of the AIID database as of February 14, 2026. This is independent research — not affiliated with Oxford Insights or AIID. Research note — not legal or policy advice. Data: AIID + Oxford Insights GARI 2024.