Zero-PII Architecture: An Exploratory Structural Precondition for Safer Human-Machine Interaction in the Age of Cognitive Biomarkers

Abstract

Every human-machine interaction leaves traces. In most contexts, these traces are manageable—a click, a page view, a purchase. In specific high-risk contexts—cognitive overload, fraud pressure, emotional vulnerability, AI companionship, healthcare AI, crisis decision-making—the traces are categorically different. They are cognitive and biological in character: reaction latencies, hesitation patterns, decision reversals under stress, emotional rhythms disclosed to relational machines. If retained and linked to identity across sessions, these traces constitute a cognitive biomarker profile—a map of when and how a specific person's judgment fails under pressure. This is not standard Personally Identifiable Information. It is more intimate, more potentially exploitable, and more difficult to regulate than a name or an account number. Existing privacy regulation was not designed for it. This paper proposes Zero-PII Architecture as a structural response to this problem. Zero-PII is not a policy or a consent framework. It is an architectural principle: systems operating in high-risk human-machine interaction contexts may benefit from being designed without the capacity to retain personally identifiable or identity-adjacent data beyond the duration of a single session. Input arrives in PII form; it is anonymised at the ingestion gate before any processing occurs; session memory is held in encrypted, ephemeral blocks; output is signal-only and non-reversible; and at session end, all in-session data collapses completely. The paper defines the bio-tracker risk, the vulnerable populations most affected, the structural principle of non-retention, and the three operational roles of Zero-PII (identity stripping, session-scoped cryptographic isolation, signal-only output). It situates the architecture within the broader regulatory landscape (GDPR, EU AI Act, DPDP Act, UNESCO Neurotechnology Recommendation) and presents the PUSL (Privacy Under Structural Law) model as a distinct category of privacy protection. A companion record contains the working prototypes that demonstrate this architecture is implementable. **Keywords:** Zero-PII, privacy by architecture, cognitive biomarkers, human-machine interaction, vulnerable populations, AI companions, session collapse, ephemeral memory, exploratory framework **Status:** This is an open exploratory working paper published on Zenodo. It has not been peer-reviewed. **Companion record:** Zero-PII Architecture: Prototype Documentation and Working Code [DOI to be added]

Ähnliche Arbeiten