When workers become ‘skills’: Governance gaps in AI systems

Digital immortality has long been imagined primarily in science fiction such as The Matrix. In practice, it is already emerging in a more mundane form: not as an uploaded consciousness, but as callable “skills”.

A recent controversy on the Chinese internet illustrates this shift. Shortly after the death of Zhang Xuefeng, a well-known Chinese university admissions consultant, a project titled “Zhang Xuefeng.skill” appeared on GitHub. Its creator claimed that, by drawing on Zhang’s books, interviews, and public materials, the package distilled a reusable thinking framework and communication style capable of answering questions in Zhang’s voice. The debate quickly moved beyond memorialisation and raised a more pressing concern: whether turning a person into a callable skill constitutes a new form of digital appropriation?

This is not an isolated case. Recent developments in AI systems are increasingly enabling organisations and individuals to convert human experience into reusable digital modules, often described as “Agent Skills”. These are reusable capabilities that package instructions, tools, and workflows into callable units. They can be invoked across contexts, enabling the repeated use of encoded knowledge and practices (Ling et al., 2026). As a result, corporations can transform employees’ documents, emails, and work activity traces into operational assets.

While some optimists believe a new era of human-machine collaboration has arrived, recent reports reveal a more complex reality. The giant technology company Meta has introduced tracking systems to capture employees’ interactions, including mouse movements, clicks, and keystrokes, to train AI systems and build autonomous agents (Reuters, 2026). In China, similar practices have sparked controversy, with firms reportedly using former employees’ chat histories, documents, and decision-making patterns to train AI digital workers that continue to perform the employees’ tasks after their departure (Caixin, 2026). These developments suggest that what may replace workers is the systems built from their own knowledge, practices, and traces. In this process, forms of control and value are quietly shifting. We argue that the use of agent skills exposes a set of governance gaps that existing regulatory frameworks are not well equipped to address: the ownership gap, the use and benefit gap, and the responsibility gap.

Ownership gap

The first gap concerns ownership. Agent skills are developed through the extraction and distillation of human knowledge, including personal experience, modes of judgment, behavioral patterns, and creative output. This raises a fundamental question: who owns these forms of knowledge?

In an employment relationship, workers exchange labor for compensation. However, this does not imply the transfer of personally embedded tacit knowledge, such as judgment and ways of acting developed through practice. Emerging corporate practices seek to capture such knowledge under the banner of knowledge management by transforming everyday work activities into data, a process often described as labor datafication (Mccann & Cruz-Santiago, 2022). This process can be understood as introducing an additional layer of digital labor, beyond the formal scope of employment.

At the same time, many of these forms of knowledge are closely tied to individual traits and lived experience. It is often difficult to distinguish whether skills arise from organisational training or personal development. Some elements, such as experience and decision-making styles, may also involve aspects of personal identity and privacy. In this context, extracting and packaging such capabilities into reusable skills further blurs the boundary between personal labor and organisational property.

Data protection regimes such as the General Data Protection Regulation (GDPR) and China’s Personal Information Protection Law primarily govern the collection and processing of personal data, while intellectual property law covers authored works. By contrast, personal knowledge and capabilities, especially in tacit forms, are harder to define and fall outside these frameworks.

Use and benefit gap

The second is the use and benefit gap. Once human knowledge and experience are encoded into a reusable AI agent, the question shifts from ownership to control. Who can access these capabilities, under what conditions, and who benefits from their repeated use?

Unlike traditional forms of labor, agent skills can be invoked across contexts without the ongoing involvement of the individuals from whom they were derived. This enables the reuse of knowledge at scale, turning situated practices into repeatable functions. In organisational settings, such capabilities can be integrated into workflows and deployed continuously, often without clear mechanisms for consent or oversight.

The case discussed above, in which former employees’ knowledge and skills were used to build agent skills, highlights this tension. Even after leaving their positions, workers’ accumulated experience and operational practices can be encoded into AI systems and repeatedly deployed. In such cases, individuals often lack both the right to refuse this use and the ability to share in its benefits.

This asymmetry echoes broader debates about whether data should be understood as a form of labor (Jonker, 2025), where individuals contribute to value creation yet have little bargaining power over how their contributions are used or monetised. In this sense, the gap between contribution and benefit reflects a deeper structural imbalance.

Responsibility gap

The third gap concerns responsibility. When AI systems act on encoded human experience, it becomes difficult to determine who should be held accountable for their outputs and the consequences that follow.

On the one hand, when agent skills are closely associated with personal traits, their outputs are often perceived as reflecting the thoughts, judgments, and actions of the individuals from whom they were derived. As a result, these outputs begin to stand in for the person. However, the individuals themselves typically have little ability to correct or revise these representations, and they are neither in a position to control how such outputs are used nor to bear or contest the consequences of their misuse.

On the other hand, as AI systems become more autonomous, responsibility is dispersed across multiple actors, forming accountability clusters (Tóth et al., 2022). The knowledge embedded in AI systems originates with individuals, developers design them, organisations deploy them, and users invoke them in different contexts. Yet none of these actors can fully account for the outcomes produced. This makes it necessary to further examine how responsibility should be meaningfully allocated across different actors.

This challenge is increasingly recognised in emerging regulatory efforts. For example, a recent draft regulation in China distinguishes among multiple responsible actors in digital human services, including technology providers, service providers, users, and distribution platforms, and requires users to share responsibilities with service providers in areas such as identity disclosure, content review, and risk response.

Conclusion

Addressing these gaps requires governance frameworks that move beyond traditional categories of data and content and instead focus on how human-derived knowledge and capabilities are extracted, deployed, and governed throughout their lifecycle.

First, greater clarity is needed about ownership of such knowledge and capabilities, particularly when tacit knowledge and work practices are encoded into reusable AI resources. This calls for stronger transparency and consent mechanisms, so that individuals can understand when and how their knowledge and experience are being encoded and used, and have meaningful ways to permit or limit such processes.

Second, mechanisms are needed to regulate how these capabilities are accessed and reused. This includes defining the conditions under which organisations can invoke them or make them available in broader markets, as well as exploring models that allow individuals to share in the benefits generated by the repeated deployment of their knowledge and creative output. Governments may help establish broader regulatory frameworks and provide external oversight, while companies, unions, and workers negotiate how such capabilities are used and how benefits are shared.

Third, responsibility must be made traceable throughout the lifecycle of agent skills. Rather than assigning accountability solely to developers or operators, governance frameworks should consider how responsibility is distributed among those who design, deploy, and benefit from these systems, and introduce mechanisms that enable clearer attribution of liability and more effective responses to harm.