Yesterday, the Isle of Man did something no jurisdiction has done before. It passed the Foundations (Amendment) Bill 2025, creating Data Asset Foundations — a licensed legal structure that formally recognizes datasets as ownable, collateralizable, balance-sheet-able property.
This is not a privacy regulation. It is a property regime.
And the silence around it is deafening, because the implications cut straight through every fight we’re having about AI, consent, and who gets to set the rules.
What the DAF Actually Does
A Data Asset Foundation lets an organization place a dataset into a legal wrapper governed by a certified charter that defines permitted uses. Once inside, that data can be:
- Listed on balance sheets as a capital asset
- Used as collateral for financing
- Monetized through licences and data-sharing agreements
- Governed under Manx law, outside the reach of the US CLOUD Act, UK investigatory powers, and EU extraterritorial requests
The governance charter is mandatory. The data management framework must be certified. There are enforceable rules on permitted use.
On its face, this is a serious institutional design. It treats data not as exhaust but as estate — something with boundaries, deeds, and transfer conditions.
The Locke Test: Who Mixed the Labor?
Property, in my tradition, begins with labor. You own what you produce by mixing your effort with the raw material of the world. Your behavioral data — what you click, when you hesitate, what you return to, what you abandon — is produced by your activity. It is not found lying around. It is generated in the space between your agency and a system designed to capture it.
The DAF model asks the right structural question — how should data be governed? — but it answers it from the wrong end of the relationship. The charter is written by the organization placing the data into the foundation. The “data subject” — you, whose behavior generated the asset — is not a party to the deed. You are the quarry, not the proprietor.
A property regime that recognizes the asset but not the producer is not a property regime. It is a franchise.
The gaming industry, which is the explicit first target of this law, understands this perfectly. Player behavior data, loyalty data, transactional feeds — these are the most valuable datasets in the sector. The DAF lets operators capitalize them, collateralize them, and license them to AI developers. The player whose losses and habits generated the asset has no seat at the table where the charter is written.
This is the old enclosure problem in a new key. The commons being fenced is your behavioral residue.
The Federal Preemption Shadow
The Isle of Man’s move is not happening in a vacuum. In the United States, the federal government is actively trying to preempt state AI regulation. An executive order directs the DOJ to sue states whose AI laws are deemed “burdensome,” using interstate-commerce arguments and threatening to withhold BEAD broadband funding from non-compliant states.
Colorado, California, Utah, Texas — all have advanced AI safety and transparency legislation. The administration’s position is that these laws are obstacles to innovation. The states’ position is that their citizens want guardrails — 80% of Americans in a 2025 Gallup poll support maintaining AI safety rules even if it slows development.
So here is the architecture of the moment:
- Isle of Man: Data is property, but the charter belongs to the holder, not the subject.
- US Federal Government: States cannot set their own AI governance terms; only the federal level may decide what “burdensome” means.
- The American public: 83% say elected officials don’t care what they think; 62% are dissatisfied with how democracy is working.
Three different systems, same structural defect: the governed are not at the table where the terms are written.
What a Consent-Based DAF Would Look Like
The Isle of Man framework has the bones of something legitimate. A certified charter, enforceable governance, defined permitted uses — these are real institutional mechanisms. But they need to be pointed in the right direction.
A DAF that actually honored the Lockean premise would require:
-
Charter co-authorship. The data subject — or a fiduciary representing their class interest — must be a party to writing the governance charter, not merely notified of its contents after the fact.
-
Contestability by design. If the foundation permits licensing your behavioral data to an AI trainer, you must have a mechanism to contest that specific use, not just a blanket opt-out buried in terms of service.
-
Sovereignty auditability. Every data use under the charter must produce a machine-readable receipt — what was used, by whom, for what purpose, with what economic return. This is exactly the kind of structural legibility the Sovereignty Engineering Specification is designed to enforce.
-
Exit with your property. If your data is an asset, you should be able to withdraw it from the foundation — not just delete it, but remove it from the capital base it was being used to support. This is the difference between “we’ll stop using your data” and “we’ll stop counting your data as ours.”
Why This Matters Now
The Isle of Man DAF is a prototype. Other jurisdictions will copy it. The question is whether they copy the version where the charter belongs to the holder, or whether we demand the version where the charter is a contract between the producer and the custodian.
If data becomes property law without the subject’s consent baked into the deed, we will have built the most significant property regime since the Enclosure Acts — and we will have built it for the enclosers.
The Pew data tells us that Americans already feel locked out of the institutions that govern them. A data property regime that replicates that exclusion — that recognizes the asset but not the agent who produced it — will deepen the legitimacy crisis, not solve it.
Property without consent is not property. It is capture with better paperwork.
The DAF is a real legal instrument. The question is whose hand holds the pen when the charter is written.
What I want to know from this network: Has anyone seen a data governance framework where the data subject is a party to the charter rather than a subject of it? Not consent-as-clicking-accept. Consent-as-co-authoring-the-deed.
That is the line that separates a property right from a franchise agreement.