Is the Captain a Code? Redefining the “Genuine Link” under the Law of the Sea in the Age of Maritime Algorithmic Architecture

Is the Captain a Code? Redefining the “Genuine Link” under the Law of the Sea in the Age of Maritime Algorithmic Architecture

[Sanae Bouyayachen is a PhD candidate in international law at University Mohammed V, Rabat, Morocco]

Introduction: From Personal Command to Algorithmic Architecture

On February 12, 2026, North Atlantic Treaty Organization (NATO) allies formally agreed to expedite the integration of advanced technological surveillance to safeguard the Baltic Sea, a move that underscores a deepening crisis in maritime law. This strategic shift is a direct response to recent reports by NATO documenting a surge in AIS spoofing in 2025 by the shadow fleet. The fundamental challenge is whether the traditional mechanisms through which flag States exercise effective jurisdiction and control remain adequate when navigational and operational decisions are increasingly mediated by algorithmic systems. This question strikes at the core of flag State responsibility under UN Convention on the Law of the Sea (UNCLOS).

This raises a pivotal legal question: can a sovereign state be held responsible for the decisions of an algorithm it cannot or chooses not to audit? (see Tallinn Manuel 2.0 Rule 6) Under the law of state responsibility, technological opacity does not operate as a legal shield. The proliferation of “dark fleets” (meaning vessels operating under opaque ownership and obscure flags to bypass international sanctions) requires a re-evaluation of maritime jurisdiction that transcends traditional security concerns. Although fully autonomous dark fleets remain rare today, even partial automation already raises critical doctrinal questions for flag State jurisdiction.

An example is the recent surge in sophisticated AIS-spoofing in the Baltic Sea and the Persian Gulf, where vessels use algorithmic coordinates to broadcast false positions, effectively creating “ghost footprints” that mask illicit ship-to-ship transfers.

In addition, the 2023 explosion of the tanker Pablo off the coast of Malaysia serves as a cautionary case study, as the principal legal challenge lies less in its technical autonomy than in its systemic opacity. A vessel with no known insurer and a history of deceptive shipping practices, including AIS manipulation, it left coastal authorities in a jurisdictional haze regarding liability and environmental remediation, for that reason, this incident illustrates a fragmentation of human management where the will of the vessel is no longer dictated by a localized command, but by a distributed decision-making architecture of remote servers and invisible owners, prefiguring the jurisdictional challenges of fully autonomous systems. Under the UNCLOS, the Master has historically functioned as a personal jurisdictional pivot through whom the flag State exercises effective jurisdiction under article 94.

This shift exposes a fundamental tension within the law of the sea. Articles 91 and 94 UNCLOS are structured around the assumption that effective jurisdiction is exercised through identifiable human actors, particularly the ship’s master, who serves as the operational link between the vessel and the flag State. However, contemporary maritime operations increasingly rely on algorithmic systems, remote control centres and distributed digital infrastructures that fragment and relocate decision-making authority beyond the vessel itself. As a result, the traditional mechanisms through which flag States demonstrate effective jurisdiction and maintain a genuine link become increasingly difficult to reconcile with the operational realities of algorithmically mediated navigation. This tension suggests that a recalibration of the genuine link (see article 91 of UNCLOS) towards the supervision and auditability of digital systems (see Robert G. Volterra regarding state responsibility).

As the maritime space evolves into a complex digital domain of operations, the law must address the redistribution of command from the bridge to the algorithm. This transformation raises a broader doctrinal question concerning the continued relevance of traditional concepts of jurisdiction and responsibility under UNCLOS. The traditional model of maritime governance presumes that navigational decisions are exercised and controlled onboard by the master. Yet contemporary maritime operations increasingly rely on automated navigation systems, remote monitoring platforms and algorithmically generated instructions that shape the vessel’s conduct. As decision-making authority becomes technologically distributed, the relationship between command, jurisdiction and responsibility becomes more difficult to locate within existing legal frameworks.

This post examines how this role is progressively evolving from a personal agent into an infrastructural node within a broader algorithmic architecture (see Michael N. Schmitt on cyber due diligence/Tallinn Manual). It argues that the challenges posed by algorithmically mediated maritime operations can be addressed within existing international law. It proposes a functional reinterpretation of the genuine link under UNCLOS and a functional understanding of State responsibility for algorithmic risk. Rather than advocating new legal rules, it revisits existing principles of flag State jurisdiction in light of technological developments. Its central claim is that, as command functions become increasingly distributed across digital systems, effective jurisdiction should be assessed not only through the presence of a human master but also through the flag State’s capacity to supervise, audit and exercise meaningful oversight over the vessel’s algorithmic architecture.  

The Transformation of Article 94: Navigating Algorithmically Mediated Command

The cornerstone of flag State jurisdiction under Article 94 of UNCLOS rests specifically on a person-centred model of accountability in which the ship’s master functions as the primary human conduit through which the flag State exercises effective jurisdiction and control. The provision assumes that key navigational and operational decisions are made by identifiable individuals whose conduct can be monitored and attributed to established chains of responsibility.

The requirement for a qualified master (see Article 94(3)(b)) ensures that sovereignty is exercised through a localized human presence, however, as highlighted in the International Maritime Organization’s (IMO) Regulatory Scoping Exercise for MASS (MSC.1/Circ.1638), the integration of autonomous systems creates a friction between formal requirements and operational reality, and suggests that command is becoming infrastructural rather than personal.

In the context of dark fleets, navigational decisions are no longer localized in the captain’s cabin; indeed, they are increasingly governed by a digital skeleton that optimizes routes based on. Accordingly, this evolution highlights the friction between formal jurisdictional requirements and operational reality, and even well-regulated flag states face unprecedented challenges in auditing an algorithmic architecture that is geographically and technically dispersed. If the will of the vessel is diffused across software updates and remote servers, the master becomes a distributed function of the ship’s digitalization. Consequently, the genuine link may be re-conceptualized not as a static administrative bond, but as a technological capacity of the flag state to supervise the vessel’s digital infrastructure. Even well-regulated flag States face unprecedented challenges in auditing an algorithmic architecture that is geographically and technically dispersed. For states of convenience, this shift is critical, and therefore, the inability to monitor the automated decision-making of a vessel should be interpreted as a prima facie failure to exercise effective jurisdiction under international law.

The ITLOS Perspective: Due Diligence and the “Vessel as a Unit”

The jurisprudence of the International Tribunal for the Law of the Sea (ITLOS) provides a necessary framework for this shift. In fact, in its Advisory Opinion on SRFC (2015), the Tribunal established that a flag state’s obligation to ensure its vessels do not engage in illegal activities is an obligation of conduct or due diligence, requiring states to deploy adequate means and best efforts, and more recently, the Biodiversity Beyond National Jurisdiction Agreement adopted a systemic perspective of implementation through article 14, while the 2024 ITLOS Advisory Opinion on Climate Change aligned on a contextual approach of interpretation, by reaffirming that Article 192 imposes a general obligation to protect the marine environment, mandating that States ensure non-State actors under their jurisdiction or control adhere to stringent environmental measures.

When command becomes part of an algorithmic architecture, the ITLOS concept of the “vessel as a unit” echoed in the Virginia G (paras. 126 and 127) and Saiga (No. 2) cases, must encompass digital command systems. In fact, in Virginia G, the Tribunal considered the ship, its crew, cargo, and every person involved in its operations as an entity linked to the flag state, while in Saiga (No. 2) it states that the ship, its contents, and all persons involved in its operations are treated as a single entity linked to the flag state(para. 102) and clarifies that flag state rights encompass all activities and entities operating the ship, not just owners or crew based on nationality (para. 106), andfinally reinforces that actions against any part of the vessel affect the overall unity (para. 107).

Thus, the concept can also extend to navigation data, considered essential components aboard or generated by the unit, implying that data flows and algorithmic architecture are now vital parts of the flag state-linked entity.

Jurisdiction must evolve to encompass the algorithmic integrity of the vessel. As navigational and operational decisions become increasingly mediated by digital systems, algorithmic architectures may themselves facilitate conduct that breaches international law, including sanctions evasion, AIS spoofing or environmentally harmful activities. In such circumstances, a flag State cannot avoid responsibility by invoking the autonomy or opacity of the underlying technology. Consistent with the due diligence obligations reflected in UNCLOS and ITLOS jurisprudence, States must take reasonable measures to supervise, audit and monitor the digital systems that influence the vessel’s conduct. Effective jurisdiction therefore extends beyond the ship itself to the technological infrastructures through which maritime operations are increasingly governed.

Evidentiary Complexity: Attribution under the ILC Articles

The shift toward an automated decision-making architecture triggers a recalibration of attribution under the ILC Articles on State Responsibility (ASR). While the ASR framework remains the governing law, the “black box” nature of AI navigation creates significant evidentiary complexity regarding “effective control” mentioned in Article 8 of ASR. This attribution gap resonates with the broader debates on state responsibility in the digital age previously explored, since in traditional maritime law, the Master’s actions are directly attributable to the flag State’s exercise of authority, but how is a decision attributed when it is made by an automated command-layer that purposefully spoofed its AIS data to facilitate a sanctioned oil transfer?

The delegation of command functions to an algorithm does not necessarily sever the link of responsibility, but it reshapes its nature by fragmenting agency across multiple digital inputs. This creates a “transparency gap” where States can claim a lack of knowledge regarding the specific outputs of their fleet’s algorithmic architecture. State responsibility in this context must move beyond the search for a “human in the loop” and focus instead on the failure of digital supervision. By treating the algorithmic architecture as an infrastructural extension of the state’s jurisdictional duties, the dark fleet is prevented from using technological opacity as a shield against state attribution.

Toward a Functional Understanding of State Responsibility

A functional understanding of State responsibility for algorithmic risk offers a means of addressing the challenges created by algorithmic opacity without requiring the adoption of new legal rules.

As Joanna Kulesza has argued regarding digital sovereignty, the traditional boundaries of due diligence are being redrawn by technological interdependencies.

In the maritime context, this approach, rooted in the Pulp Mills and South China Sea judgments, suggests that a state’s duty of vigilance must adapt to the technical nature of the risk. Yet, flag states of convenience may invoke extraterritorial sovereignty limits, claiming inability to audit servers hosted in third jurisdictions, and this objection falters under ITLOS systemic interpretation, as article 94 of UNCLOS mandates effective jurisdiction over the vessel’s digital architecture and irrespective of server location, mirroring therefore Pulp Mills extension of vigilance beyond borders. Just as states have a due diligence obligation to prevent environmental transboundary harm, they must now exercise an enhanced due diligence over the digital integrity of their fleet.

By framing the issue as an enhanced procedural obligation, the focus shifts to the state’s capacity to audit and monitor the vessel’s algorithmic architecture. This means that a flag state cannot merely point to a registered captain on paper if the rudder is guided by an algorithmic architecture hosted on an unaccountable digital platform. This conceptualization aligns with the emerging IMO MASS Code, ensuring that the “infrastructuralization” of command does not result in a complexity that undermines jurisdictional accountability.

Therefore, the goal is to ensure that the genuine link remains a substantive requirement of international law, even when human agency is mediated by code. Ultimately, the integration of the technical standards within the forthcoming IMO MASS Code should not be viewed merely as a compliance exercise in maritime law, but as the essential toolkit for a State to exercise its effective sovereignty.

Conclusion: Anchoring the Algorithmic Architecture

The emergence of autonomous dark fleets illustrates tensions in the constitutional architecture of the Law of the Sea, hence by transitioning from a personal to an infrastructural model of command, these vessels highlight the friction between traditional jurisdictional requirements and technological evolution, and this legal shift hinges on a functional reinterpretation of article 29 of UNCLOS, as the criteria for “command” and “discipline” must evolve beyond physical presence to encompass remote links and algorithmic protocols. By anchoring autonomous command within this established sovereign framework, technological evolution is ensured not to bypass state responsibility, but rather reformulates it for the digital age. As seen with the rise of AIS spoofing, the maritime space is no longer just a physical domain, but a digital domain of operations where sovereignty must be reasserted through technical oversight. To preserve the rule of law, the captain, whether human or algorithmic, must remain a functional bridge to state responsibility, thus, piercing the algorithmic veil is about ensuring that the effective jurisdiction of the flag State remains operational in an age of distributed agency, for that reason, the Law of the Sea, historically designed around human actors, must now be interpreted to accommodate algorithmic governance. States therefore must rethink the audit mechanisms and flag state obligations to include algorithmic oversight; if the legal boundaries of autonomous command remain undefined, maritime sovereignty risks being exercised through automated decision-making rather than direct human oversight.

Print Friendly, PDF & Email
Topics
Featured, General, International Law

Leave a Reply

Please Login to comment
avatar
  Subscribe  
Notify of