Executive Summary

Quantifying the coordinates of a single ruling sharpens the grain of the global regulatory domino. Four commissioners stood on one record. Five violations were tied into one chain. Italy's first GDPR figure and a Korean firm's four-layer exposure stretch out behind them. The four cards below are the numeric markers of what this report will slowly unfold.

Sources: OPC News Release (May 6, 2026), Garante Provvedimento 755/2024, EU Regulation 2024/1689, Korea PIPA Amendment (2025).

Rarely can an event be condensed into a single sentence. On May 6, 2026, Canada's four privacy commissioners formally confirmed that OpenAI's ChatGPT had violated PIPEDA. The official designation is PIPEDA Findings #2026-002. Exactly three years had passed since the four-office joint investigation opened in May 2023. What made the announcement heavy is that it was more than one ruling. Four firsts landed in the same room at the same time — the G7's first formal decision, the first joint four-office finding, the first declaration that "consent after the fact is not possible," and the first direct ruling on AI training data. Any one of them would have been a historic coordinate on its own.

The reader's opening note summarized it precisely: "Canadian regulators confirmed that ChatGPT training violates PIPEDA. The first major national ruling on AI training data collection practices — global regulatory ripples expected." This report takes that line at face value and then unwinds, slowly, the four commissioners, the five violations, and the four ways the decision diverged.

1.1Four Commissioners, One Decision Document

Canada's privacy landscape can feel unfamiliar from outside. The country runs federal PIPEDA (the Personal Information Protection and Electronic Documents Act) and provincial statutes side by side. BC's PIPA, Alberta's PIPA, and Quebec's Private Sector Act each govern private-sector personal information within their own province. On the same set of facts, the consent requirements diverge in subtle ways. When a global provider was suspected of breaching PIPEDA across the whole country at once, four offices working together was the natural outcome. The cards below introduce the four commissioners and the grain of the decisions they each owned.

1.2The Verbatim That Matters — Short and Decisive

Of all the lines in the decision, the one most often quoted comes from the joint BC and Alberta position. It is short.

"OpenAI's models rely on scraped data for which OpenAI has not obtained, and cannot obtain, consent. Consent for scraped data simply cannot be obtained after the fact."

— Joint position of the BC and Alberta OIPCs (PIPEDA Findings #2026-002)

One sentence severs two things at once. First — the fact that OpenAI has not merely failed to obtain consent but cannot obtain it. Second — the legal conclusion that opt-out, correction, or deletion after the fact cannot fill the absence of consent. Between those two clauses sits the whole standard practice of the AI industry.

At the same announcement, BC Commissioner Michael Harvey went one step further. His sentence became the headline that Canadian media — the Globe and Mail, CBC — copied straight into their leads.

"ChatGPT, by design, cannot be compliant with the province's privacy law as currently written."

— Michael Harvey, Information and Privacy Commissioner for British Columbia

Read plainly — ChatGPT, in its very design, cannot meet BC's current privacy law. The diagnosis is not of an operational defect. It is of a design defect. The kind of problem remediation promises cannot fill.

Alberta's Diane McLeod left a sentence with equal weight: "OpenAI did not appear to turn its mind adequately to privacy compliance ... which is very troubling." In legal English, "to turn one's mind" asks whether a duty-bearer has genuinely considered an obligation. The reading is that a technology company met its duty only on the surface.

Federal Commissioner Dufresne, by contrast, leaned on the possibility of cure: "I've concluded that the measures that have been and that will be implemented by OpenAI will address the concerns identified." Four readings of the same record, brought into one room. The point is not whose position is correct. The real message of this decision is the multi-layered nature of a legal system in which the same data can lead to four different conclusions.

The findings confirm five violations. Read separately, each is a clean statutory breach. Read together, they form a chain — overcollection feeds the absence of consent, the absence of consent feeds inaccuracy, inaccuracy makes rights unenforceable, and the chain closes with an accountability gap. The decision treats them as a single chain because it set out to cut that chain in one stroke.

2.1Why Hallucination Becomes a Privacy Violation

The third item is the most academically novel. Paragraph 80 is blunt: "OpenAI did not comply with the accuracy requirements under the Acts." Paragraph 95 names the source of the inaccuracy: "personal information contained in sources such as social media and discussion forums — which may often be inaccurate."

Until now, hallucination has been treated as a *quality* problem of the model. When the answer is wrong, the user takes the loss, and the company tunes the model toward higher accuracy. PIPEDA #2026-002 shifts that frame. It is the first official ruling that generating or repeating inaccurate facts about an identifiable person violates PIPEDA Principle 4.6 (Accuracy). Read against the scholarship, this is a partial realization of Wachter & Mittelstadt's (2019) proposal of "A Right to Reasonable Inferences." The academic intuition — that a model issuing flawed inferences about a person infringes that person's information rights — has now landed as a legal ruling.

There is a supporting line in the literature. Carlini et al. (2021), "Extracting Training Data from Large Language Models," showed that LLMs can memorize training data and surface fragments of it in their outputs. That is the academic basis for treating personal information inside model weights as something *alive*. The fifth violation — lack of accountability — points to the same place. If training weights are themselves a store of personal information, someone has to take responsibility for the store.

2.2The Pressure of Scale — 13 Trillion Tokens

Looking briefly at scale helps weight the decision. GPT-4 is estimated to have been trained on 13 trillion tokens with 1.8 trillion parameters (per a leaked SemiAnalysis report; OpenAI does not disclose official numbers). To make 13 trillion tokens intuitive — the entire English Wikipedia is roughly 5 billion tokens. That is about 2,600 Wikipedias' worth of training data. Stanford CRFM's Foundation Model Transparency Index (Bommasani et al., 2024) reported that major LLM providers, including OpenAI, scored lowest in the training-data dimension. From the outside, there is almost no way to verify what sits inside those 13 trillion tokens.

Reading the fifth violation — accountability — against that scale changes how the decision lands. If even the provider cannot say where and how personal information about a given person lives inside 2,600 Wikipedias, who carries the duty to manage it? The decision points to an accountability vacuum in exactly that gap.

Same facts, four conclusions. That divergence is the deepest message of this decision.

3.1Four Paths from One Record

Laid out in a table, the divergence becomes legible. Same facts, different legal systems, different political weight.

3.2Why BC and Alberta Refused

Canadian law firm MLT Aikins put the legal root of the split precisely: "provincial statutes are more specific and explicit than PIPEDA regarding consent." The provincial laws (BC PIPA, Alberta PIPA) are more specific and explicit than federal PIPEDA on consent. Both provinces in particular require prospective (ex ante) consent in express terms. The timing requirement — consent before processing — is written into the statute.

Read against that timing requirement, OpenAI's remediation plan is, in essence, an attempt at ex post consent. A picture of post-hoc opt-out channels, post-hoc correction and deletion procedures, and post-hoc transparency reports for data that has already been trained on. BC and Alberta concluded that the entire picture cannot coexist with their provincial frameworks. The word "after" itself is what disqualifies the consent.

"OpenAI's models rely on scraped data for which OpenAI has not obtained, and cannot obtain, consent. Consent for scraped data simply cannot be obtained after the fact."

— Joint BC and Alberta OIPC position (verbatim, also quoted at §1.2)

3.3What "Consent After the Fact Is Impossible" Unsettles

The standard pattern of the AI training industry has been simple. Crawl → train → offer post-hoc opt-out. Collect first, train the model, then open a channel for rights. It is fast, efficient, and had become the de facto standard across both research and product. The BC and Alberta ruling declares that the sequence itself is a legally impossible model.

Academically, this is a strong embrace of one position on the timing of consent. Daniel Solove's (2013) "Privacy Self-Management and the Consent Dilemma" already critiqued the notice-and-choice paradigm — the unrealistic assumption that individuals will pre-consent to every processing activity. The EDPB's Opinion 28/2024 left the issue on a "case by case" basis in the LLM context. Canada's BC and Alberta took the same gap and chose a principled stance. Consent after the fact is not consent.

One consequence follows. On the global spectrum of consent strictness, Canada's BC and Alberta now stand at the strictest end. From China's PIPL prior consent, to GDPR's Article 6(1)(a), to federal PIPEDA, to the US sectoral approach — the BC/Alberta line sits one step harder than all of them. And the historical arc of global regulation has tended to follow the path of the strictest jurisdiction quietly becoming the standard. Just as GDPR became the global baseline, the BC/Alberta position is now a candidate for the next one.

The Canadian decision is not the first tile of the domino. It is the inflection point. Italy started it, the EU sharpened it, Korea followed, and on top of that arc Canada now etches the standard most cleanly. The very first tile fell in spring 2023, when Italy's Garante temporarily blocked ChatGPT.

Regulation does not arrive all at once. One jurisdiction sends a signal, another rewrites it into its own framework, and a third turns it into a formal basis for penalty calculation. The lag between those steps is the grain of the global domino. This section reads that grain in three places — a three-year timeline, an eight-jurisdiction comparison at one moment, and the two formulas Italy and Korea have already drawn.

4.12023–2026 — A Three-Year Arc

The timeline below is not a flat chronology. It is a causal chain in which each event pulls the next into the room. Italy's temporary block became the opening signal for GDPR enforcement. The EU AI Act formalized that signal at statute level. Five months after Korea's AI Framework Act took effect, Canada's decision arranged the whole sequence into the clearest order yet.

4.2Eight Jurisdictions at a Glance

A global provider running ChatGPT-like services now faces more jurisdictions in parallel than ever. The consent standard, penalty cap, and presence of direct AI regulation in each of them line up cleanly in a single table.

4.3Inside Italy's €15M — The First GDPR Formula

The €15M that Italy's Garante imposed on OpenAI on December 20, 2024, matters less as a number than as the first published formula. The Garante applied a calculation based on the timing, scope, and user count of the violation, and surfaced an implied per-user figure of about €0.50. In the historical arc of EU data protection, it is the first substantive penalty calculation against a learning-style LLM — and a reference point for every GDPR decision that follows.

€15M is well below the GDPR cap (€20M or 4% of turnover). But the meaning is clear — confirmation that GDPR can in fact apply to a learning-style LLM. With the EU AI Act's high-risk regime activating on August 2, 2026, the AI Act's €35M / 7% ceiling stacks on top of GDPR's. The era of two statutes applying in parallel begins in earnest.

4.4Korea's Position — Two Laws, Two Clocks

In May 2026, Korea is running two clocks at the same time. One is the Personal Information Protection Act, strengthened in 2025 — the penalty cap moved from 3% to 10% of revenue. The other is the AI Framework Act, effective January 22, 2026 — mandatory impact assessments for high-impact AI, operational risk-detection-and-shutoff requirements, and registration obligations for AI businesses inside Korea. The two laws run on separate clocks, but on the lawfulness of AI training data they bind together like two clauses of one sentence. PIPA defines the threshold of lawfulness for training data, and the AI Framework Act adds an audit-trail duty at the operational layer.

In August 2025, Korea's Personal Information Protection Commission (PIPC) published a "Guide to Personal Information Handling in Generative AI," setting out a four-stage life cycle (collection · training · service · termination). The five violations in PIPEDA #2026-002 map onto that life cycle almost line for line — overcollection at the collection stage, absence of consent at the training stage, accuracy and rights at the service stage, and accountability at the termination stage. If Korea's PIPC guide laid out the operational ramp, the Canadian decision raised the chance that the ramp becomes globally aligned.

The compliance landscape that a Korean company meets when going global is no longer a single-statute picture. The era has begun in which four legal systems apply to the same training dataset at once. PIPEDA (personal information), GDPR (EU residents' personal information), the EU AI Act (direct regulation of AI systems), and Korea's AI Framework Act (domestic AI providers) — four standards from four seats, all weighed against the same training dataset.

5.1A Hypothetical Korean LLM Firm — Four-Layer Exposure

Following one scenario helps weigh the four-layer load. Imagine a Korean LLM firm with global revenue of about US$1B (≈ ₩1.4 trillion) launching a ChatGPT-like service across Canada, the EU, Korea, and the United States simultaneously. Against the same training dataset — an OpenWebText-style web crawl plus user conversations — the table below estimates what each of the four frameworks could in principle impose. Each figure is a conservative ceiling (statutory maximum), separate from the likelihood of actual enforcement.

The four numbers do not add cleanly. The scenario in which all four jurisdictions impose their maximum at once on the same act is rarely realistic. But even if each enforces only a fraction of its ceiling independently, the cumulative exposure is not small. A conservative estimate puts the maximum aggregate around US$140M (≈ ₩190B) — roughly 14% of US$1B in global revenue as the cost of a single breach. The federal PIPEDA penalty by itself is small, but with four-layer exposure comes another risk — market-access shutdown. As BC and Alberta showed, a finding that remediation cannot resolve effectively limits operations in that market.

5.2PIPEDA-to-Korea Mapping — The Same Chain, Different Wording

The five PIPEDA violations map cleanly onto Korean law. The table below shows how Korea's PIPA and AI Framework Act absorb each item — a useful entry point for designing four-layer compliance in practice.

5.3Why Korean Firms Should Watch the BC/Alberta Bar

One intuition is decisive in the compliance design of Korean firms — the safest design in a four-layer era is the one tuned to the strictest jurisdiction. Even with four different standards, designing data sourcing and consent flows to meet BC and Alberta's bar will naturally satisfy the other three. The reverse is brittle. A design that meets only the most permissive seat fails immediately at the strictest one.

That intuition fits the general arc of global regulation. After GDPR took effect in 2018, most global providers normalized their design to GDPR — and that normalized design became, de facto, the standard elsewhere. The "Brussels Effect" — the strictest jurisdiction quietly setting the global floor — opens room for a Canadian-led round next, with BC and Alberta in front.

This report is the final coordinate of Pebblous's AI Governance Quartet. The quartet has followed a single hypothesis — that AI governance begins in morality, passes through scholarship, and lands in law. Morality asks *why* human dignity must be protected, scholarship designs the *how* of self-evolving learning, and law *enforces* the current. Laying the four pieces side by side makes the hypothesis self-evident.

Condensed into one sentence: Magnifica asks — what does the phrase "human dignity" mean in the age of AI? Scholarship answers along two branches. SkillOpt says, "self-evolving behavior can be learned." MUSE says, "that behavior can survive as an asset." Then law fills the last cell. PIPEDA #2026-002 enforces that the training material for that behavior — the data — must be lawful. The four pieces close as one picture.

What this coordinate means is more than a series structure. It is visible evidence that AI governance is not a one-dimensional craft. Morality alone cannot enforce. Scholarship alone cannot assign responsibility. Law alone cannot define value. Only when the three act together does governance work. Drawing those three as one series has been Pebblous's seat in the conversation.

For several years, Pebblous has moved along one premise — "make data diagnosable." DataClinic has diagnosed five signals in training data (label integrity, distribution balance, freshness, missingness, outliers). AI-Ready Data has been the output category of that diagnosis. DataGreenhouse and PebbloSim have provided the operating environments for diagnosed data. The premise that PIPEDA Findings #2026-002 introduces is the natural next step — the *legal quality* of data is now a subject of diagnosis, too.

7.1From AI-Ready Data to AI-Ready Compliance

The premise extends by one cell. A company that has diagnosed the technical quality of training data can naturally place a legal quality layer on top. This is not a new product to build — it is an expansion of the meaning of existing assets. DataClinic has already treated integrity, balance, and freshness as signals; adding "lawfulness" as a sixth signal is enough. DataGreenhouse has long reduced reliance on raw sources; that structure itself becomes the PIPEDA-style downstream infrastructure. PebbloSim's simulation-based training is a structural detour that learns without real-world personal data. Three axes already engage exactly where PIPEDA #2026-002's lawfulness requirements land.

7.2DataClinic 5 Signals + 1 — A Six-Dimensional Diagnosis

Showing in one table how the sixth signal, "lawfulness," sits on top of the existing five makes the expansion visible. The lawfulness signal then branches into five sub-items of its own — mirroring, one to one, the five violations of PIPEDA #2026-002.

The five sub-items of the lawfulness signal map one to one onto PIPEDA's five violations. The diagnostic workflow gains a thin lawfulness layer that emits both a technical and a legal verdict for the same dataset.

7.3Lawfulness as a Dimension of Model Quality

Lawfulness is not only a compliance burden. Academically, it is a dimension of model quality. The absence of lawfulness in training data degrades model quality through three direct pathways.

• • Leakage of personal information held inside weights via memorization — the training-data extraction attacks demonstrated by Carlini et al. (2021). Personal information lives inside the weights.
• • Inferential privacy harms through hallucination — Wachter & Mittelstadt's (2019) right to reasonable inferences. A model issuing flawed inferences about a person infringes that person's information rights.
• • The exploding cost of machine unlearning — research has progressed since Bourtoule's SISA (2021), but 2025's "Unlearned but Not Forgotten" (arXiv:2505.24379) showed that data-extraction attacks can recover supposedly forgotten data. Post-hoc deletion carries a fundamentally high technical cost.

All three pathways show that lawfulness is no longer a job for the legal team alone — it is a job for data scientists and ML engineers. A dataset's lawfulness grade is tied directly to a model's quality grade, and a lack of lawfulness becomes technical debt at the operations layer. AI-Ready Compliance, as a premise, rests on this tight coupling.

7.4A 5-Step Playbook for Korean Firms

A practical five-step playbook for Korean firms in the four-layer era. Each step is tuned to the strictest jurisdiction (BC/Alberta) bar so that the other three follow naturally.

7.5The Empty Seat in the Market — An AI Compliance Category

Gartner estimates that the AI TRiSM (Trust, Risk, Security Management) market will grow from US$3.1B (2025) to US$13.8B (2030), a 35% CAGR. The AI Governance Platform market is expected to move from US$492M (2026) to over US$1B by 2030. Inside that growth, one seat sits visibly empty. "Training-data lawfulness diagnosis" — the category that grades a dataset against PIPEDA, GDPR, and the AI Act at once — does not really exist yet. Established players like OneTrust, TrustArc, BigID, Credo AI, and Holistic AI either focus on a single jurisdiction or operate at the AI-system governance layer. A tool that diagnoses lawfulness at the training-dataset layer, tuned to Korean language and Korean business context, is effectively absent.

Pebblous's place sits naturally on that empty seat. DataClinic = data *quality* diagnosis. AI-Ready Data = the technical axis of the premise. Add a *lawfulness signal*, and it extends to AI-Ready Compliance. DataGreenhouse + PebbloSim = lawful alternative-data infrastructure. The integration of those three axes is the entry ramp on the empty seat. Nothing newly invented — five years of assets aligning precisely with the PIPEDA decision. We note this not in the shape of an ad but in the shape of an observation. An AI-Ready Compliance era has arrived, and we have spent a long time near the work it requires.

Read the decisive line again — "consent cannot be obtained after the fact." Seven words. They do not cut one product at one company. They cut the standard practice of an era. The picture in which a company crawls, trains, then offers opt-out is now legally closed. From that close, one question follows — how is consent *before* training technically possible, or how is training feasible only with lawfully-consented data sources?

The most natural answer to both questions is synthetic data and simulation-based training. If the training material does not depend on real-world personal data, the after-the-fact-consent problem dissolves structurally. Gartner projects that synthetic data will overtake real-world data by 2030. The current is no longer purely an academic or industrial trend. It has entered the era of being accelerated by legal enforcement. PIPEDA #2026-002 is the first inflection point of that acceleration.

An honest admission is needed. Synthetic data is not a complete answer on its own. The lawfulness of the seed data used to generate it, defense against membership inference attacks, bias in the synthetic distribution — three new validation items follow. Machine unlearning may be recognized in the short term as a *good faith effort*, but it is academically incomplete. No single technique resolves PIPEDA's five violations at once. What is clear is that combinations of techniques open a new path. On top of synthetic data, simulation-based training, differential privacy (DP-SGD), machine unlearning, and data sourcing audits, the practical blueprint for AI-Ready Compliance can be drawn.

The questions the decision leaves behind start exactly where this report ends. How will Korean firms align their data sourcing to the BC/Alberta bar within six months? At what cost, and through what techniques, will personal information latent in training weights be addressed? Who chairs the four-layer governance board, and on what agenda do its quarterly meetings run? These are not questions a single report can close. They are the seats Pebblous will slowly fill in the writing that follows.

References

Primary sources (decision documents and statutes), the GDPR · AI Act · Korea's AI Framework Act, academic papers, law-firm analyses, market reports, and prior Pebblous series pieces — grouped by source. Verbatim quotations from the primary decision can be verified on the OPC's official page.

Primary sources — government and international bodies

• 1.Office of the Privacy Commissioner of Canada. (2026). PIPEDA Findings #2026-002: Joint Investigation of OpenAI OpCo, LLC. May 6, 2026.
• 2.Office of the Privacy Commissioner of Canada. (2026, May 6). News Release: Joint investigation by Canadian privacy regulators.
• 3.Government of Canada. (2015). Personal Information Protection and Electronic Documents Act (PIPEDA).
• 4.European Parliament & Council. (2024). Regulation (EU) 2024/1689 (AI Act).
• 5.European Parliament & Council. (2016). Regulation (EU) 2016/679 (GDPR).
• 6.European Data Protection Board. (2024, December 17). Opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models.
• 7.Garante per la protezione dei dati personali. (2024, December 20). Provvedimento n. 755/2024 (OpenAI €15M).
• 8.Republic of Korea. (2026). Framework Act on the Promotion of the Artificial Intelligence Industry and the Establishment of a Trustworthy Foundation (Korea's AI Framework Act). Effective January 22, 2026.
• 9.Personal Information Protection Commission (PIPC), Republic of Korea. (2025, August). Guide to Personal Information Handling in Generative AI (four-stage life cycle).
• 10.The New York Times Co. v. OpenAI & Microsoft. (2023). S.D.N.Y. Case 1:23-cv-11195.

Academic papers

• 11.Bourtoule, L., Chandrasekaran, V., Choquette-Choo, C. A., Jia, H., Travers, A., Zhang, B., Lie, D., & Papernot, N. (2021). Machine Unlearning. IEEE SP. arXiv:1912.03817.
• 12.Yao, J., Chien, E., Du, M., et al. (2024). Machine Unlearning of Pre-trained Large Language Models. ACL 2024. arXiv:2402.15159.
• 13.Carlini, N., Tramèr, F., Wallace, E., et al. (2021). Extracting Training Data from Large Language Models. USENIX Security 2021.
• 14.Abadi, M., Chu, A., Goodfellow, I., et al. (2016). Deep Learning with Differential Privacy. CCS '16. arXiv:1607.00133.
• 15.Biega, A. J., Potash, P., Daumé III, H., Diaz, F., & Finck, M. (2020). Operationalizing the Legal Principle of Data Minimization for Personalization. SIGIR 2020.
• 16.Wachter, S., & Mittelstadt, B. (2019). A Right to Reasonable Inferences: Re-Thinking Data Protection Law in the Age of Big Data and AI. Columbia Business Law Review, 2019(2), 443-493.
• 17.Bommasani, R., Klyman, K., Longpre, S., et al. (2024). The 2024 Foundation Model Transparency Index. Stanford CRFM. arXiv:2407.12929.
• 18.Gebru, T., Morgenstern, J., Vecchione, B., et al. (2021). Datasheets for Datasets. Communications of the ACM. arXiv:1803.09010.
• 19.Solove, D. J. (2013). Privacy Self-Management and the Consent Dilemma. Harvard Law Review, 126, 1880.
• 20.Anonymous. (2025). Unlearned but Not Forgotten. arXiv:2505.24379.

Legal analyses · press

• 21.MLT Aikins LLP. (2026). Practical Takeaways from Landmark Privacy Investigation into OpenAI's ChatGPT.
• 22.McMillan LLP. (2026). OpenAI Investigation Highlights the Need for Privacy Law Reform in Canada.
• 23.The Globe and Mail. (2026, May 6). OpenAI violated Canadian privacy laws in developing first ChatGPT model.
• 24.CBC News. (2026, May 6). OpenAI didn't respect Canadian privacy law when it trained ChatGPT.
• 25.PPC Land. (2026). Canadian regulators find ChatGPT privacy rules broken from the start.

Market and quantitative reports

• 26.Stanford HAI. (2025). AI Index Report 2025, Chapter 6 — Policy and Governance.
• 27.Gartner. (2026, February 17). Press Release: Global AI Regulations Fuel Billion-Dollar Market for AI Governance Platforms.
• 28.McKinsey & Company. (2025, November). The State of AI 2025.
• 29.CMS Law. (2025/2026). GDPR Enforcement Tracker Report.
• 30.Cooley LLP. (2026, January 27). South Korea AI Basic Act: Overview and Key Takeaways.

Pebblous AI Governance Quartet

• 31.Pebblous (2026-05-25). Magnifica Humanitas — Human Dignity in the Age of AI. Quartet I · morality and theology track.
• 32.Pebblous (2026-05-27). When Skill Documents Started Learning — A Deep Read of Microsoft SkillOpt. Quartet II · scholarship and optimizer track.
• 33.Pebblous (2026-05-28). Skills Accumulate Experience, Too — MUSE-Autoskill's Five-Stage Life Cycle. Quartet III · scholarship and lifecycle track.
• 34.Pebblous (2026-05). Upstage Sovereign AI Report. (Adjacent: Korean AI policy.)
• 35.Pebblous (2026-04). OpenMetadata × AI-Ready Data. (Adjacent: DataClinic signals.)