The Legislation
Each statute addresses a distinct layer of the constitutional problem. Each statute’s effectiveness depends on the others. Together they constitute a complete legal architecture for government’s digital relationship with citizens.
Utah’s SB260 and SB275 demonstrate that this constitutional architecture can achieve unanimous bipartisan passage when framed around individual rights. These three statutes extend that work to close the three gaps SEDI deliberately left open.
Mandates decentralized, citizen-controlled identity architecture. Prohibits centralized identity repositories and surveillance-capable systems. Extends Utah’s SEDI framework to the full data architecture.
Read VIDA → PDTAEstablishes citizens as the primary trustees of their own personal data. Imposes binding fiduciary duties on all government actors. Provides a private right of action citizens enforce directly against government.
Read PDTA → GAAFAExtends fiduciary obligations to AI systems making decisions about citizens. Requires pre-deployment assessments and the right to algorithmic explanation. Classifies autonomous AI agents as statutory secondary fiduciaries.
Read GAAFA →Why all three statutes are required. VIDA without PDTA is technically sound architecture with no enforcement mechanism. PDTA without VIDA imposes fiduciary duties on an infrastructure not built to implement them. Both without GAAFA leave the AI decision layer entirely ungoverned.
The dependency is not a weakness. It is the argument. Each partial implementation leaves an identifiable gap. All three together closes all three gaps.
The constitutional theory needs scholars who can identify its doctrinal vulnerabilities before a court does. The legislative language needs practitioners who can identify requirements that are technically incoherent before a legislature votes on them.