The Lunar Jurisdictional Trap: Why AI and Nuclear Ambition Are Outpacing Space Law
Russia's Selena project-a lunar nuclear power plant targeted for the 2030s under the joint Russo-Chinese International Lunar Research Station-signals a shift from flags-and-footprints to permanent infrastructure. The engineering is impressive. The legal footing is not. We are stacking autonomous AI and nuclear fission on a treaty framework written for astronauts and analog systems.
If we keep pretending the current rules are enough, the Moon turns into a jurisdictional gray zone run by whoever controls the data pipe. That's a liability problem, a sovereignty problem, and a cybersecurity problem rolled into one. Counsel should treat this as immediate risk, not academic debate.
Sovereignty Friction: Article II vs. Article VIII
The 1967 Outer Space Treaty declares no national appropriation of the Moon (Article II) while giving states jurisdiction and control over their registered objects and personnel (Article VIII). Put both together and you get legal enclaves. A national reactor, run by a national AI, supervising a multinational crew starts to look like territorial creep-without planting a flag.
Add data localization and it escalates. If a state applies domestic personal data laws to crew biometrics and requires processing "within national territory," a lunar base becomes a de facto data colony. That undercuts the province-of-all-mankind principle and sets a precedent others will copy.
For context, review the treaty text and its structure: Outer Space Treaty (UNOOSA).
Algorithm as Actor: The Liability Gap
The 1972 Liability Convention draws a bright line between absolute liability for damage on Earth (Article II) and fault-based liability for damage in space (Article III). Fault assumes a human decision-maker. An autonomous controller is not a person, and a black-box failure is hard to frame as negligence.
That creates a perverse incentive: the more autonomy, the easier it is to deny fault. Without a strict-liability baseline for autonomous systems, victims face an evidentiary wall while operators enjoy plausible deniability. States remain responsible under Article VI of the OST, but there's no clear path to attribute fault to an algorithm.
See the current regime here: Liability Convention (UNOOSA).
Cyber-Kinetic Risk Is Real, Not Theoretical
A lunar reactor is the highest-stakes IoT node you can build. A breach isn't a data incident; it's a kinetic event that can contaminate safety zones and push crews off-station for decades. That implicates due regard and harmful contamination duties under OST Article IX.
Space Law and Tech Law can't sit in separate binders anymore. We need cislunar cyber rules where firewall integrity is treated like pressure vessel integrity. If you can't certify the control software, you shouldn't energize the plant.
What Counsel Should Push For Now
- Strict liability for autonomy: Adopt a treaty protocol (or plurilateral compact) imposing strict liability for damage caused by autonomous space systems, with no fault inquiry required.
- Attribution by design: Mandate event recorders and tamper-evident logs for all autonomy decisions affecting safety, with time-stamped telemetry retained in a neutral registry.
- Operational certification: Require pre-deployment AI safety cases, third-party red-teaming, and periodic recertification tied to software updates and model retraining.
- Cyber baselines as treaty duties: Codify minimum controls: segregated networks, hardware interlocks, immutable audit trails, exploit disclosure windows, and continuous monitoring. Treat willful noncompliance as an international wrong.
- Data neutrality zones: Create "data demilitarized" rules for crew biometrics, medical data, and safety telemetry. No unilateral nationalization or forced localization for core safety data.
- Safety zones without appropriation: Clarify that safety zones are operational buffers, not property rights. Tie them to transparent hazard assessments and sunset clauses.
- Registration with substance: Expand Article VIII registration to include AI system specs, fail-safes, update governance, and incident response plans-not just the object name and orbit.
- IAEA-grade oversight, adapted to space: Borrow nuclear safety norms and create joint inspections for lunar power assets, with remote verification and multi-state observer access.
- Dispute infrastructure: Use standing arbitration (e.g., PCA outer space rules) with expedited emergency measures for cyber-kinetic incidents.
- Sanctions for secrecy: Impose trade and launch-market penalties for states or operators that block access to logs, tamper with incident data, or delay notice beyond agreed windows.
Contract Language You Can Start Using
- Strict-liability clause: "Operator assumes strict liability for all damage caused in outer space by autonomous functions of the Facility, irrespective of fault or foreseeability."
- Logging and access: "Operator shall maintain immutable, signed decision logs for all autonomy actions affecting safety and provide affected states access within 24 hours of an incident."
- Patch discipline: "No code changes to safety-critical subsystems without dual-key approval, regression testing evidence, and updated safety case filed with the registry."
- Data neutrality: "Crew medical, biometric, and safety telemetry shall be processed in a neutral enclave and shall not be subject to unilateral national data localization mandates."
Compliance Triggers for General Counsel
- Insurance: Verify that policies cover autonomous operations, cyber-caused kinetic loss, and multi-state claims under OST Article VI responsibility.
- Export controls: Map ML model weights, safety tooling, and cryptography to applicable regimes; the model is the controlled item, not just the hardware.
- Supply chain: Demand SBOMs for flight and ground software, signed firmware, and vulnerability disclosure timelines aligned to launch windows.
- Tabletop drills: Run joint incident simulations: AI misclassification, loss of comms, log corruption, and malicious firmware rollbacks.
The Move We Need
Call it a new Lex Spacialis or just updated rules that match reality. Without strict liability for autonomy, enforceable cyber baselines, and data neutrality on the Moon, we invite forum-shopping in space. The first reactor that fails will set the precedent.
The vacuum is being filled-either by clear rules or by the strongest signal. Lawyers decide which one arrives first.
Your membership also unlocks:
