Rights-Compliant Model Training Through Depth-Selective Routing

Regulatory Framework

The rights regime that governs AI training is no longer a single jurisdictional question with a single answer. It is a layered set of obligations whose interaction defines what a compliant training pipeline must do. In the United States, 17 USC 107 fair use is the operative defense for training on copyrighted material without license. The four-factor analysis is being applied to training in real cases. Andersen v. Stability AI, originating in 2023 and surviving motion-to-dismiss in significant part, raises the question of whether training on scraped images of identifiable artists is transformative when the resulting model can produce outputs in those artists' styles. The Authors Guild and New York Times matters against OpenAI raise parallel questions for text. The Bartz v. Anthropic decision and the related cases now treat the lawful acquisition of training corpora as a separately significant fact. Whatever the eventual jurisprudential settlement, the cases establish that training is now a fact-intensive inquiry into how training was conducted, not merely whether it occurred.

In the European Union, Directive 2019/790 Article 3 grants a text-and-data-mining exception for research organizations and cultural heritage institutions. Article 4 grants a broader TDM exception for any user, but it is conditioned on the rightholder not having reserved the use in an appropriate machine-readable manner. The EU AI Act Article 53 requires general-purpose AI model providers to put in place a policy to comply with EU copyright law and in particular to identify and respect, including through state-of-the-art technologies, reservations of rights expressed under Article 4(3) of the DSM Directive. The Article 53 obligation entered into application on 2 August 2025 for new models and applies to existing models on 2 August 2027. GDPR Article 22 prohibits decisions based solely on automated processing that produce legal or similarly significant effects without one of the enumerated bases, which constrains downstream deployment of models trained on personal data. The EDPB Opinion 28/2024 of 17 December 2024 addresses the legitimate-interests basis for training and the conditions under which a trained model can be considered anonymous.

Japan's Copyright Act Article 30-4, as amended in 2018 and clarified in 2023 and 2024 guidance, permits use of copyrighted works for non-enjoyment purposes including machine learning, but the Agency for Cultural Affairs has clarified that the exception does not extend to uses that unreasonably prejudice the interests of the copyright holder, including training intended to reproduce a specific author's expression. China's Interim Measures for the Management of Generative AI Services, effective 15 August 2023, require providers to ensure that training data does not infringe intellectual property rights, that personal information is processed on a lawful basis, and that the data is true, accurate, objective, and diverse. The United Kingdom's ICO Guidance on AI and data protection and the FCA's emerging expectations layer additional procedural obligations on UK-relevant training operations.

Architectural Requirement

Read together, these regimes converge on a small set of architectural requirements that no current standard training pipeline satisfies. First, the pipeline must be able to distinguish among training examples on the basis of their rights status: public domain, permissively licensed, contractually licensed for training, opted-in under DSM Article 4, opted-out under DSM Article 4(3), subject to GDPR personal-data constraints, or subject to specific contractual depth limits. Second, the pipeline must enforce that distinction at the level of parameter updates, not merely at the level of corpus selection, because contractual and statutory regimes increasingly distinguish among uses by depth and persistence of integration. Third, the pipeline must maintain a provenance record sufficient to answer, after training, which examples influenced which parameters and to what depth. Fourth, the pipeline must detect and prevent memorization that would constitute reproduction within the meaning of the applicable copyright regime, since outputs that reproduce protected expression cannot be defended on a fair-use or TDM-exception basis regardless of how training was structured.

None of these requirements is satisfied by corpus filtering. They are requirements about the dynamics of training itself, not about its inputs. An architecture that satisfies them must intervene at the gradient computation, must associate every gradient update with the rights metadata of the example that produced it, and must preserve that association through the training run.

Why Procedural Compliance Fails

The dominant industry pattern is procedural compliance over corpora: filter the corpus, attest to the filter, and treat the trained model as though the corpus filter were a sufficient governance boundary. This pattern fails on three independent grounds. First, binary inclusion-exclusion cannot express the rights regime. Article 4(3) of the DSM Directive contemplates that rightholders may reserve uses, which implies that uses can be partial or conditional rather than all-or-nothing. License agreements between publishers and AI companies routinely specify training use under conditions: shallow integration without deep memorization, attribution at output, or usage-based royalties tied to influence. None of these conditions can be enforced by a corpus filter that admits or rejects a document.

Second, post-hoc machine unlearning cannot satisfy the obligations. Research from Cohere for AI, the Stanford CRFM, and others has consistently shown that unlearning techniques either fail to verifiably remove the influence of specific training data or degrade model quality in ways that propagate beyond the targeted content. The EDPB Opinion 28/2024 specifically addresses whether a trained model can be considered anonymous and concludes that this is a fact-specific assessment requiring resistance to attribute inference, membership inference, and reconstruction attacks: an assessment that unlearning cannot reliably establish. Reliance on unlearning as the compliance mechanism therefore exposes the operator to ongoing rights claims even after remediation.

Third, attestation-based corpus governance fails the EU AI Act Article 53(1)(c) requirement to identify and respect Article 4(3) reservations through state-of-the-art technologies. The Commission's draft Code of Practice and the AI Office's emerging supervisory expectations contemplate that providers will be able to evidence not only that they intended to respect reservations but that their pipeline was technically capable of doing so at the gradient level for partial reservations. Procedural compliance over corpora does not provide that evidence and cannot be retrofitted to provide it after a training run is complete.

What AQ Training-Governance Provides

The Adaptive Query training-governance primitive implements depth-selective gradient routing. Each training example carries a governance profile derived from its rights status: jurisdiction, license terms, opt-out signals, personal-data classification, and any contractually specified depth limit. The training loop, before computing gradient updates, evaluates the governance profile and routes the gradients accordingly. Examples permitted full-depth integration contribute gradients across all layers. Examples permitted shallow integration contribute gradients only to upper layers, influencing surface form without embedding in core representations. Examples reserved under DSM Article 4(3) contribute no gradients and the training step records the exclusion. Examples carrying personal data contribute gradients only under the basis configured in the governance profile and only to the depths consistent with the EDPB Opinion 28/2024 anonymity threshold.

Provenance tracing maintains, for each parameter, an attribution structure that records which training examples contributed updates and at which depths. The structure is implemented as a sketch sufficient to answer the inverse query: given a model behavior, which training examples are most likely to have contributed to it, and given a training example, which parameters did it influence and at which depths. The sketch is sized to be retained alongside the model artifact rather than discarded after training.

Memorization detection is integrated into the training loop. Influence-function-style probes are run periodically against representative prompts derived from the highest-integration training examples. When an example's contribution to a parameter or behavior crosses a memorization threshold, the governance system reduces the example's permitted depth or excludes it from further training steps. The threshold is configurable per jurisdiction and per license regime so that, for example, examples used under Japan's Article 30-4 non-enjoyment exception are bounded below the threshold at which the exception ceases to apply.

The combined effect is that rights compliance is not an attestation about training but a structural property of the trained model. The provenance artifact and the gradient-routing log are the evidentiary records that the EU AI Act, the DSM Directive's Article 4(3) compliance posture, and the emerging US case-law standard are converging to require.

Compliance Mapping

Each obligation in the rights regime maps to a specific element of the training-governance architecture. 17 USC 107 fair-use factor one, the purpose and character of the use, is supported by the gradient-routing log, which evidences that the training was structured to limit integration to the depth necessary for the intended non-reproductive use. Factor three, the amount and substantiality, is supported by the depth limits themselves, which constrain how much of any individual work integrates into the model. Factor four, the effect on the market for the original, is supported by memorization detection, which prevents the model from becoming a substitute for the original through extractable reproduction.

EU DSM Directive Article 4(3) reservations are enforced at the gradient-routing layer by mapping the machine-readable opt-out signal to a zero-gradient configuration in the governance profile. EU AI Act Article 53(1)(c) is satisfied by the policy artifact that documents the mapping from rights signals to gradient-routing configurations and by the training-time enforcement that the policy describes. Article 53(1)(d), the public summary of training content, is supported by the provenance index, which categorizes training examples by rights regime, jurisdiction, and integration depth. GDPR Article 22 is supported by the routing of personal-data examples below the anonymity threshold so that downstream decisions based on the model can be argued not to be based solely on automated processing of identifiable personal data within the meaning of Article 22.

Japan Copyright Act Article 30-4 is supported by the memorization-threshold enforcement that bounds integration below the level at which the exception ceases to apply. China's Interim Measures Article 7 obligation that training data not infringe intellectual property rights is supported by the rights-status governance profile and the gradient-routing enforcement. The ICO's accountability principle and Article 5(2) GDPR demonstrability obligation are supported by the provenance artifact, which is the auditable record of how rights signals were respected during training.

Adoption Pathway

Adoption proceeds in three stages. In the first stage, the training organization inventories its corpora and assigns governance profiles. Each source is classified by jurisdiction, by rights regime, by license terms if any, and by opt-out signals if applicable. The classification is automated where possible from headers, registries, and structured metadata, and surfaced for human review where the signals are ambiguous. The output is a governance manifest associating every training example with a profile.

In the second stage, the training pipeline is instrumented with the gradient-routing layer. Initial runs are conducted with routing in observe-only mode so that the routing decisions can be reviewed against training outcomes and the depth thresholds calibrated against measured downstream performance. The provenance sketch is sized and validated so that the inverse-query operations are tractable at the model artifact's intended retention scale.

In the third stage, the gradient-routing layer is moved into enforcement, the memorization-detection probes are scheduled into the training loop at the cadence the threshold and corpus size require, and the provenance and routing logs are integrated with the organization's compliance documentation system. The training organization at this stage can answer, for any model artifact it ships, which rights regimes governed which examples, which depths they integrated to, and which parameters they influenced. That answer is the artifact that the converging global rights regime is increasingly requiring, and it is produced as a byproduct of training rather than reconstructed under litigation pressure.