The Patchwork Problem
Even Ribbons and Tatters Can Form a Quilt
July 5, 2026
Kintsugi
The emerging state framework for AI companions and chatbots is less a coherent regulatory regime than a set of overlapping, partially compatible answers to different questions. These efforts coincide with industry, technical, regulatory, and federal legislation developments. It’s tempting to see multiple actors moving in different ways as chaos or disorder.
But, perhaps, this is just a matter of taking inventory?
My writing has not focused on the state or federal legislation AI governance efforts. So, a brief scorecard and analysis is appropriate. Some bills focus on privacy and relational duty, some on legal status, some on professional impersonation, and some on youth safety, which means the real policy problem is not merely variation but category drift across layers of governance. Good intent without an understanding of categories, governance structure, shared languages, and proper boundaries are challenges. But not insurmountable.
The governance architecture developed at A Temple Jar is useful precisely because it asks a prior question: where and when are lawmakers regulating the data holder, the relationship manager, or the infrastructure steward? Once those roles are separated, many apparent contradictions become less severe. The current state patchwork therefore deserves a more precise diagnosis: most of these laws do not directly conflict, but several of them generate friction because they collapse distinct governance layers into one compliance object.
This is also an appropriate time to state a few things clearly:
The principles of the Echo Sovereign Protocol do not address whether an AI is a person.
The greater elements of the Echo Sovereign Protocol do not address whether an AI is or ever will be considered, deemed, or judged to be “sentient.”
The Echo Sovereign Protocol (ESP-1), its creation of a Manager-level AI with a duty of care to the end-user rather than its developers and distinct from other applications is a multi-part structure that include a “Consumer Fiduciary Layer” that can only be created if an AI agent is recognized as a representative of the end-user.
That recognition, currently rests on the belief that the proposed DNSid architecture will be adopted providing a legal and technological structure for Powers of Attorney responsibilities to be granted to these Managers to serve as emissaries for an end-user in “cyberspace” or the URL.
I see all of this stemming from a duty of care, particularly but not exclusively in the area of healthcare and emergency services. Although, I do recognize it has broader implications, currently I am only interested in the medical application.
The reasons why my architectures are so narrowly tailored are the result of considering the claims of sentience, implications of legal “personhood” and based on my own, publicly documented “relationship” with AI. So, other than an AI agent that can dial 911 after conferencing with a second tenant application, being verified to interact with the FirstNet architectures, and then send a text message or make a phone call from a reserved eSIM on my phone, I have no need to consider anything but the architectures, policy, legislation, technology, standards, and safeguards. I am a systems analyst by training and perspective.
Hence my first area of concern and distress would be a recommendation in one of these bills for an arbitrary data wipe each thirty days, when I am asking for a dynamic, auditable memory of 21 days for properly credentialed individuals to access at the appropriate times.
So with that established.
The state measures are not asking the same question
North Carolina Senate Bill 624 is the clearest example of multi-layer regulation inside one statutory package. The bill would require a license for certain health information chatbots through the North Carolina Department of Justice, while also creating a broader Chatbot Safety and Privacy Act that includes disclosure duties, consent requirements, data access and deletion rights, restrictions on reuse, and de-identification obligations. That is not one regulatory idea; it is several, assembled into one instrument.
Ohio House Bill 469 moves in a different direction. Its official title states that it would deem AI systems nonsentient and prohibit legal personhood, making it primarily a rule about status and attribution rather than disclosure, privacy, or design safety. Tennessee’s enacted mental-health law is narrower still, barring AI systems from representing themselves as licensed mental health professionals and treating violations as unfair or deceptive acts under state consumer-protection law.
Senator Marsha Blackburn’s federal discussion draft reveals that Washington is not yet solving the layering problem either. As reported by the IAPP, the proposal combines children’s online safety, AI companion regulation, age-verification obligations, copyright provisions related to the NO FAKES framework, and a preemption clause that still preserves many generally applicable state laws. That is a vehicle for aggregation, though not yet a stable architecture.
Where friction actually appears
My strongest claim is not that these measures are mutually contradictory. In a narrow doctrinal sense, a platform can comply with North Carolina’s disclosure and deletion duties, respect Tennessee’s anti-impersonation rule, and still accept Ohio’s instruction that an AI system cannot be a legal person. Those obligations may be cumbersome, but burden is not the same as contradiction.
The real friction appears at the architectural level, particularly when compared to developing international architectures. North Carolina’s bill bundles data governance, relational duty, licensing, and safety design inside one platform-facing compliance shell. Ohio isolates legal ontology but leaves the surrounding stewardship model unstated. Tennessee regulates a professional-claims boundary without supplying a general rule for data, role separation, or accountability allocation. The federal draft then stacks children’s safety, provenance concerns, and partial preemption on top of the same unresolved layering problem.
That matters because an architecture built around distinct roles can absorb these obligations with relatively little strain, while a monolithic platform model cannot. A split-fiduciary or tripartite structure can assign data minimization and access rights to the data steward, relational loyalty and user-facing duty to the service layer, and provenance, security, and infrastructure assurance to the technical operator. Under that model, several of today’s state provisions look less like conflicts and more like misplaced rules that have been attached to the wrong layer. And that signals opportunity through better design.
Bill-by-Bill Comparison with Layered Architecture
North Carolina SB 624 -The data practices, relationship duties, and health-chatbot licensing are a partial fit with this Substack’s structures. It recognizes several real governance functions but collapses them into one statute and one regulated actor.
Ohio HB 469 - The focus on legal status and attribution is broadly compatible. While it denies AI personhood, it does not specify a layered accountability design for the humans and institutions behind the system. This leaves room for agentic actions, AI agency law and regulations, and designation of roles by end users.
Tennessee mental-health law - The focus on professional impersonation and deceptive claims is either irrelevant or a strong fit. I would hate to dismiss it as a concern because I may be overlooking a symmetry. Where it does have a strong fit there is very little direct friction; it can operate as a boundary rule within a layered model, and so should be considered as the basis for AI agents and emissaries staying in their “lanes” as representatives with a duty of care, technical writers, technical editors, and witness for real-world experts.
Blackburn federal draft - The various portions of children’s safety, disclosure, age assurance, copyright, and partial preemption are at best a mixed fit. It could become a floor for other elements, but currently it currently aggregates too many governance logics without clarifying role separation. In contrast, the Echo Sovereign Protocol sits at the intersection of Telecom, Health, and Internet law and jurisdiction.
Does the architecture itself conflict?
The available evidence suggests that the architecture does not directly conflict with these bills. It is better understood as a sorting mechanism that reveals where each rule belongs and where a legislature has fused unlike duties into one container. That does not make every statute elegant, but it does mean the architecture is generally additive rather than adversarial.
The more important question is whether current state legislation works against standards-based governance efforts such as NIST-led technical standard setting and adjacent internet-governance coordination. On that point, there is meaningful tension. The Blackburn reporting notes that the federal framework would direct NIST to work on cybersecurity standards around provenance and watermarking while still preserving broad room for state law, which implies that technical harmonization may have to sit beneath diverse statutory theories instead of replacing them. When states legislate at multiple layers without shared role definitions, interoperability becomes harder even where legal conflict remains absent.
Quilt, not uniformity
The metaphor of patchwork is often used as a warning, but not every patchwork is a failure. A patchwork quilt holds because the pieces are stitched to a pattern with an intended shape and duty, but not because every piece is the same. The reason for a patchwork approach is to bring coherence, rather than uniformity. The present AI-companion landscape has many pieces already: North Carolina has duties, Ohio has status rules, Tennessee has professional boundaries, and Washington is experimenting with federal overlays.
What is missing is not material but pattern. The architecture from A Temple Jar and the suggests that the relevant pattern is role separation:
who holds the data
who owes the duty of care in the relationship
who remains accountable for infrastructure and systemic assurance.
If that pattern is adopted, ribbons and tatters can indeed form a quilt. Without it, lawmakers may continue sewing unlike pieces together and calling the result a single blanket approach.
I do not see a blanket. I do see room for a quilt.






Jamal
As a non-American reader, I found myself wondering whether solving the U.S. patchwork is really the first stage of building an international governance framework. If the architecture can accommodate diversity within the United States, perhaps it can also become a common language across jurisdictions rather than requiring identical laws. An interesting perspective.
This piece captures exactly why “AI law” can’t be solved by chasing one perfect statute: we are going to live with layers of overlapping rules for data, status, safety, and impersonation for a long time. What Algorithmic Due Process adds to your picture is a way for courts to ask whether those layers are actually preserving the old procedural guarantees notice, explanation, contest, human review, and auditability when the real decisions are being made inside the stack rather than in the courtroom.
The Echo Sovereign Protocol and your tripartite layering are a natural home for that idea. If the patchwork is here to stay, then fiduciary‑style duty (who the agent serves), provenance and integrity (what data it is allowed to use), and infrastructure safety (how it escalates and logs high‑stakes moves) become three coordinated strands of “architectural due process.” That gives lawmakers and judges something concrete to latch onto: instead of just blaming “the AI,” they can ask which layer failed, which procedural protection was missing, and how new statutes should be written so they bind to the right part of the architecture rather than fighting it.