Litcius/Paper detail

Zero-PII Architecture: An Exploratory Structural Precondition for Safer Human-Machine Interaction in the Age of Cognitive Biomarkers

Murali Swayambu

2026Zenodo (CERN European Organization for Nuclear Research)7 citationsDOIOpen Access PDF

Abstract

Every human-machine interaction leaves traces. In most contexts, these traces are manageable—a click, a page view, a purchase. In specific high-risk contexts—cognitive overload, fraud pressure, emotional vulnerability, AI companionship, healthcare AI, crisis decision-making—the traces are categorically different. They are cognitive and biological in character: reaction latencies, hesitation patterns, decision reversals under stress, emotional rhythms disclosed to relational machines. If retained and linked to identity across sessions, these traces constitute a cognitive biomarker profile—a map of when and how a specific person's judgment fails under pressure. This is not standard Personally Identifiable Information. It is more intimate, more potentially exploitable, and more difficult to regulate than a name or an account number. Existing privacy regulation was not designed for it. This paper proposes Zero-PII Architecture as a structural response to this problem. Zero-PII is not a policy or a consent framework. It is an architectural principle: systems operating in high-risk human-machine interaction contexts may benefit from being designed without the capacity to retain personally identifiable or identity-adjacent data beyond the duration of a single session. Input arrives in PII form; it is anonymised at the ingestion gate before any processing occurs; session memory is held in encrypted, ephemeral blocks; output is signal-only and non-reversible; and at session end, all in-session data collapses completely. The paper defines the bio-tracker risk, the vulnerable populations most affected, the structural principle of non-retention, and the three operational roles of Zero-PII (identity stripping, session-scoped cryptographic isolation, signal-only output). It situates the architecture within the broader regulatory landscape (GDPR, EU AI Act, DPDP Act, UNESCO Neurotechnology Recommendation) and presents the PUSL (Privacy Under Structural Law) model as a distinct category of privacy protection. A companion record contains the working prototypes that demonstrate this architecture is implementable. **Keywords:** Zero-PII, privacy by architecture, cognitive biomarkers, human-machine interaction, vulnerable populations, AI companions, session collapse, ephemeral memory, exploratory framework **Status:** This is an open exploratory working paper published on Zenodo. It has not been peer-reviewed. **Companion record:** Zero-PII Architecture: Prototype Documentation and Working Code [DOI to be added]

Topics & Concepts

Session (web analytics)SAFERCognitionInternet privacyPsychologyReflexivityComputer scienceExploratory researchComputer securityIdentity (music)Cognitive psychologyArchitectureData Protection Act 1998Informed consentSocial psychologyPreconditionGeneral Data Protection RegulationCognitive resource theoryDeceptionHealth careCognitive scienceRelation (database)CryptographyRaw dataData scienceCognitive biasHuman–computer interactionIdentification (biology)AutonomyEphemeral keyBlockchain Technology Applications and SecurityCognitive Computing and NetworksArtificial Intelligence in Healthcare and Education