Document Purpose

This document provides the integrated institutional blueprint for Standards Body.

It defines:

  • The institutional problem the project is designed to address
  • The functions that require an institutional home
  • The functions that should remain outside one institution
  • The organizational models available
  • The preferred institutional architecture
  • The separation of research, standards development, evaluation, assurance, accreditation, certification, enforcement, and legal authority
  • The structure of governing bodies, councils, committees, working groups, and operational units
  • The rights and responsibilities of members, contributors, partners, funders, evaluators, developers, public institutions, and affected parties
  • Funding and independence controls
  • Transparency and confidentiality
  • Conflicts of interest
  • Appeals, complaints, correction, and review
  • International participation and recognition
  • Incident response and institutional learning
  • Versioning, registries, records, and technical infrastructure
  • Institutional performance measurement
  • Failure recovery, succession, dissolution, and transition
  • The stages through which Standards Body may move without implying premature authority

This file is the integrated Layer 3 blueprint.

The deeper institutional modules will be governed by:

Where those approved specialist files later provide more detailed rules, they govern within their domain unless they conflict with PROJECT_IDENTITY.md.


Executive Summary

Frontier AI evaluation is developing through a fragmented collection of laboratories, government institutes, standards organizations, research groups, consultancies, auditors, regulators, and international forums.

Each institution performs useful functions.

Few institutions integrate the full chain from measurement science to standards, assurance, interoperability, incident learning, and public accountability.

The institutional gap is not simply the absence of another organization.

The gap is the absence of a coherent allocation of functions and authority.

The central design question is:

Which institution should do what, under which mandate, with what evidence, subject to which constraints, and accountable to whom?

A poorly designed frontier AI standards institution could create new risks.

It could:

  • Allow developers to govern their own evaluation
  • convert private standards into de facto law without public accountability
  • combine standard setting, evaluation, certification, accreditation, and appeals under one conflicted organization
  • use confidential evidence to make unreviewable public claims
  • privilege wealthy laboratories and evaluators
  • centralize authority in one country or technical culture
  • turn membership fees into voting power
  • become dependent on the organizations it evaluates
  • reward paperwork rather than real outcomes
  • preserve obsolete standards because the institution's status depends on them
  • imply regulatory authority without democratic legitimacy
  • become founder-controlled
  • become ceremonial rather than operational
  • create a prestige mark before the underlying science is mature

The answer is not one vertically integrated super-institution.

The preferred design is a staged, hybrid, public-interest institutional architecture with separated powers.

Preferred Long-Term Architecture

The preferred future is:

An independent nonprofit public-interest technical secretariat and standards-development institution connected to a distributed ecosystem of evaluators, reviewers, accreditation bodies, certification bodies, public authorities, research institutions, and international partners.

The institution should directly perform or steward:

  • Foundational research
  • terminology and taxonomy
  • evaluation-method research
  • protocol development and maintenance
  • standards-development processes
  • public registries
  • evaluator-competence frameworks
  • interoperability profiles
  • incident-learning infrastructure
  • capacity building
  • public-interest convening
  • independent review coordination

The institution should not ordinarily combine all of the following under one controlling body:

  • Development of requirements
  • commercial evaluation
  • certification decisions
  • accreditation decisions
  • legal enforcement
  • appeals from all of those decisions

Those functions require separation.

Institutional Layers

The blueprint contains five layers.

Layer 1: Knowledge and Measurement

Functions:

  • Research
  • evidence standards
  • evaluation science
  • task and protocol design
  • failure analysis
  • measurement infrastructure

Layer 2: Standards and Public-Interest Process

Functions:

  • Standards proposals
  • balanced participation
  • consensus and dissent
  • public review
  • versioning
  • implementation guidance

Layer 3: Independent Evaluation and Assurance Ecosystem

Functions:

  • Third-party evaluation
  • technical review
  • audit
  • inspection
  • certification
  • proficiency testing

These functions should be delivered by plural qualified actors, not monopolized by Standards Body.

Layer 4: Competence Recognition and International Interoperability

Functions:

  • Evaluator scope
  • accreditation relationships
  • recognition arrangements
  • registries
  • crosswalks
  • bridge studies
  • secure evidence exchange

Layer 5: Public Authority and Enforcement

Functions:

  • Legal obligations
  • market surveillance
  • licensing
  • sanctions
  • legally binding decisions

These functions belong to authorized governments, regulators, courts, treaty bodies, and contractual authorities.

Standards Body may inform Layer 5.

It should not claim Layer 5 authority without lawful mandate.

Recommended Organizational Form

The preferred core organization is an independent nonprofit or public-benefit entity with:

  • A governing board
  • an executive secretariat
  • a Scientific and Evaluation Council
  • a Standards Council
  • a Public Interest and Rights Council
  • an International Coordination Forum
  • an Ethics, Integrity, and Conflicts Committee
  • a Security and Confidentiality Committee
  • an independent Appeals and Review Panel
  • a Finance, Audit, and Risk Committee
  • a Contributor and Community Assembly

Operational programs should include:

  • Research and Measurement
  • Protocols and Registries
  • Standards Development
  • Independent Review
  • Assurance Ecosystem Development
  • Incident and Failure Learning
  • International Interoperability and Capacity
  • Public Communication and Education
  • Institutional Quality and Internal Audit

Governance Principle

No single constituency should control the institution.

The design should prevent control by:

  • Frontier laboratories
  • governments
  • evaluators and auditors
  • funders
  • founders
  • one country
  • one professional discipline
  • one ideological community

The mature institution should target:

  • No single constituency holding more than one third of governing-board voting seats
  • At least two thirds of governing-board members independent of organizations directly subject to the institution's active standards or evaluation programs
  • Time-limited terms
  • public conflict disclosures
  • recusal
  • recorded dissent
  • appeals
  • transparent appointment criteria
  • independent financial audit
  • periodic governance review
  • founder succession rules

Funding Principle

Funding must not purchase:

  • Voting control
  • favorable findings
  • standards language
  • confidential access beyond role
  • recognition
  • certification
  • evaluator scope
  • publication delay
  • suppression of dissent

A mature funding structure should diversify among:

  • Philanthropic grants
  • public-interest research grants
  • government grants with independence protections
  • membership dues
  • standards publications or services
  • training
  • registry and infrastructure fees
  • project funding
  • charitable contributions

Commercial service revenue should not become the dominant determinant of institutional judgment.

Standards Principle

Standards should be developed through:

  • Open proposals
  • published work programs
  • balanced participation
  • conflict disclosure
  • technical evidence
  • public comment
  • response to comments
  • dissent records
  • pilots
  • implementation evidence
  • version control
  • appeal
  • review
  • sunset and retirement

Evaluation Principle

Standards Body may design and maintain protocols and coordinate research evaluations.

When an evaluation supports a consequential claim concerning an external organization, independence should be preserved through:

  • Separate teams
  • external evaluators
  • independent review
  • protected publication rights
  • conflict controls
  • clear evidence access
  • public scope limitations

Accreditation and Certification Principle

Standards Body should initially develop:

  • Competence frameworks
  • evaluator scopes
  • proficiency tests
  • scheme concepts
  • registries
  • recognition criteria

It should not initially accredit or certify.

Formal accreditation and certification should ordinarily be performed by separate competent bodies under mature schemes.

A future decision to create or operate such a body would require a separate legal entity, governance firewall, competence assessment, independent oversight, and explicit amendment of project identity.

International Principle

The institution should support global interoperability without claiming universal representation.

International legitimacy should grow through:

  • Open participation
  • regional representation
  • multilingual work
  • local extensions
  • capacity building
  • bridge studies
  • recognition based on evidence
  • cooperation with established standards and public institutions

The preferred institution is not a world regulator.

It is a public-interest infrastructure institution supporting plural authorities.

Transition Principle

Standards Body should move through controlled stages.

  1. Foundational research and institutional design
  2. Research institute and knowledge infrastructure
  3. Protocol steward and pilot convener
  4. Standards-development organization
  5. Assurance-ecosystem and interoperability institution
  6. Possible formally recognized institution or network

Each transition requires:

  • Competence
  • governance
  • resources
  • legal review
  • public-interest justification
  • transparency
  • security
  • external evaluation
  • amendment of canonical identity

The final institutional proposition is:

The institution should be strong enough to create credible shared infrastructure, but constrained enough that no single body becomes the unquestionable authority over frontier AI evidence, standards, assurance, and public policy.


1. Foundational Institutional Propositions

1.1 Function Before Form

The organization should be designed around required functions, not around a preferred legal label or prestige model.

1.2 Authority Must Be Earned and Bounded

Authority should follow:

  • Mandate
  • competence
  • transparent process
  • public-interest legitimacy
  • review
  • accountability

1.3 No Unitary Institutional Solution

Frontier AI governance requires an ecosystem.

No single institution should control research, standards, evaluation, certification, accreditation, enforcement, and appeals.

1.4 Separation of Powers

Functions with incompatible incentives should be separated structurally, procedurally, or legally.

1.5 Technical and Democratic Legitimacy Are Distinct

Technical expertise can justify technical judgment.

It cannot by itself justify binding political authority.

1.6 Independence and Accountability Must Coexist

Independence without accountability can become private power.

Accountability without independence can become political or commercial control.

1.7 Public Interest Is a Governance Function

The public interest should be represented through actual decision structures, not ceremonial consultation.

1.8 Standards Are Infrastructure

Standards should support shared evidence and interoperability.

They should not become branding products or private regulatory shortcuts.

1.9 Assurance Requires Plural Competence

Testing, review, audit, certification, and accreditation require distinct capabilities and should remain interpretable.

1.10 Funding Is Governance

The revenue model shapes the institution's behavior.

Funding rules belong in institutional design.

1.11 International Does Not Mean Universal

International participation does not create universal representation or legal authority.

1.12 Institutional Learning

The institution should learn from:

  • Incidents
  • appeals
  • failed standards
  • evaluator disagreement
  • public criticism
  • international experience
  • internal audit

1.13 Correction Is a Core Power

The institution needs formal authority to correct, suspend, supersede, withdraw, and retire its own work.

1.14 Dissolution Must Be Possible

A credible institution should define the conditions under which it restructures, transfers functions, or dissolves.

1.15 Founder Succession

The institution must be designed to outlive its founder without preserving founder control as a permanent constitutional feature.


2. Institutional Design Objectives

The institution should optimize for several objectives at once.

2.1 Technical Credibility

The institution should possess or access competence in:

  • AI evaluation
  • measurement
  • statistics
  • cybersecurity
  • biological and chemical risk
  • agentic systems
  • standards
  • conformity assessment
  • governance
  • law
  • security
  • public-interest analysis

2.2 Independence

The institution should remain capable of publishing findings that are unfavorable to:

  • Developers
  • funders
  • governments
  • evaluators
  • partners
  • its own prior work

2.3 Legitimacy

Legitimacy should derive from:

  • Clear mandate
  • fair process
  • competence
  • representation
  • public reasoning
  • appeals
  • correction
  • bounded authority

2.4 Responsiveness

The institution should adapt faster than traditional multi-year standards cycles where urgency requires, without eliminating review.

2.5 Stability

Core definitions, procedures, and records should remain stable enough for reliance.

2.6 Security

The institution should be capable of handling:

  • Held-out tasks
  • model access
  • vulnerability information
  • incidents
  • confidential evidence
  • personal data

2.7 Accessibility

Participation should not depend entirely on:

  • Wealth
  • corporate membership
  • English fluency
  • travel
  • model access
  • institutional prestige

2.8 Interoperability

Outputs should be usable across:

  • Organizations
  • standards systems
  • sectors
  • countries
  • languages
  • legal regimes

2.9 Competition and Pluralism

The institution should avoid creating an evaluator or standards monopoly.

2.10 Durability

The institution should have:

  • Sustainable funding
  • succession
  • records
  • legal continuity
  • institutional memory
  • retirement processes

2.11 Correctability

Every major output should be reviewable and reversible.

2.12 Measurable Impact

Institutional performance should be judged by outcomes, not only publication volume, membership, or prestige.


3. Institutional Context

The institution should be designed with awareness of existing systems rather than assuming a blank institutional landscape.

3.1 International Standards Organizations

ISO and IEC provide mature examples of:

  • National-member participation
  • technical committees
  • consensus-based standards development
  • formal directives
  • committee governance
  • conformity-assessment infrastructure
  • international recognition

ISO describes itself as an independent, nongovernmental international organization whose standards are developed through consensus among national member bodies.[^iso-about][^iso-directives]

IEC combines international standards with global conformity-assessment systems and emphasizes openness, democracy, balanced participation, competence, and peer-recognition mechanisms.[^iec-ca][^iec-types]

These models demonstrate the value of:

  • Stable process
  • national participation
  • technical depth
  • formal document control
  • separation between standards development and many certification activities

They also reveal challenges:

  • Slow timelines
  • participation cost
  • uneven access to committees
  • reliance on national representation
  • standards paywalls
  • difficulty adapting to rapidly changing systems
  • potential dominance by well-resourced participants

3.2 WTO Standards Principles

The World Trade Organization's principles for international standards emphasize:

  • Transparency
  • openness
  • impartiality and consensus
  • effectiveness and relevance
  • coherence
  • the development dimension

Its Code of Good Practice also encourages standardizing bodies to avoid unnecessary duplication, publish work programs, provide comment opportunities, and treat participants without discrimination.[^wto-principles][^wto-code]

These principles should inform Standards Body even before any formal recognition.

3.3 Government Measurement and Standards Institutions

NIST demonstrates a government-led model that combines:

  • Measurement science
  • public-private collaboration
  • voluntary frameworks
  • standards coordination
  • technical evaluations
  • public-interest mission

As of 2026, NIST's Center for AI Standards and Innovation focuses on AI evaluations, national-security-relevant risks, guidelines, and voluntary standards support.[^caisi]

The NIST AI Consortium brings together hundreds of organizations to develop science-based and empirically backed AI measurement guidance and standards foundations.[^nist-consortium]

The U.S. policy embodied in the National Technology Transfer and Advancement Act and OMB Circular A-119 encourages government use of voluntary consensus standards where appropriate rather than unnecessary government-unique standards.[^nist-a119]

This model demonstrates:

  • Public mandate
  • measurement authority
  • convening power
  • access to government expertise
  • potential connection to procurement and policy

It also faces:

  • Political transition
  • jurisdictional limits
  • budget dependency
  • national-interest priorities
  • slower public administration

3.4 Regulatory AI Institutions

The European AI Office provides a model combining:

  • Regulatory implementation
  • supervision
  • technical expertise
  • codes of practice
  • coordination with national authorities

The EU AI Act governance system includes the AI Office, national competent authorities, the AI Board, a Scientific Panel, and an Advisory Forum.[^eu-office][^eu-governance]

The Scientific Panel launched with independent experts to advise on general-purpose AI risks, methodologies, model classification, and enforcement.[^eu-panel]

This model shows the value of:

  • Formal legal mandate
  • separation between technical advice and enforcement
  • multi-level governance
  • advisory representation
  • direct connection to market surveillance

It also demonstrates why a private research project should not claim the authority of a regulatory institution.

3.5 Government Evaluation Institutes

Government AI institutes such as the United Kingdom's AI Security Institute and NIST's CAISI illustrate models with:

  • Frontier-system access
  • technical evaluation teams
  • national-security and public-safety focus
  • research publication
  • international cooperation

These institutions can perform high-consequence work that private groups may be unable to conduct.

They also remain subject to:

  • Government mandate
  • national priorities
  • security restrictions
  • political accountability
  • changes in executive direction

3.6 International Reporting and Coordination

The OECD's Hiroshima AI Process Reporting Framework demonstrates a voluntary international reporting model.

Version 2.0 was launched in May 2026 to support transparent reporting by organizations across the advanced-AI value chain.[^haip-v2]

The model offers:

  • Standardized self-reporting
  • peer learning
  • cross-company comparison
  • international convening
  • lower entry barriers than certification

Its limitations include:

  • Reliance on participant reporting
  • no automatic verification
  • uneven completeness
  • uncertain connection to enforcement

3.7 Treaty-Based Institutions

The Council of Europe Framework Convention on Artificial Intelligence establishes a Conference of the Parties as a follow-up mechanism and expects cooperation with relevant stakeholders.[^coe-convention]

Treaty bodies can provide:

  • State legitimacy
  • legal commitments
  • reporting
  • implementation review
  • international cooperation

They are not substitutes for technical standards bodies or evaluation laboratories.

3.8 Global Accreditation Cooperation

Global Accreditation Cooperation Incorporated launched in 2026 to unify international accreditation cooperation previously organized through IAF and ILAC arrangements.[^global-aci]

The global accreditation model demonstrates:

  • Peer evaluation of accreditation bodies
  • multilateral recognition
  • scoped competence
  • cross-border acceptance
  • separation between accreditation and certification

This architecture is highly relevant to a future AI evaluator ecosystem.

Standards Body should learn from it rather than attempting to create an isolated proprietary recognition system.

3.9 International AI Standards Coordination

ISO, IEC, and ITU have expanded coordination on AI standards and global interoperability.

The International AI Standards Exchange convenes standards bodies and maintains a database of global AI standards.[^itu-exchange][^itu-joint]

This demonstrates that Standards Body should:

  • Map existing work
  • avoid duplication
  • contribute specialized evaluation infrastructure
  • seek liaison and interoperability
  • resist claims of exclusive ownership over AI standards

3.10 Institutional Design Implication

The existing ecosystem contains strong institutions.

The opportunity for Standards Body is not to replicate them.

The opportunity is to specialize in the missing connections among:

  • Frontier evaluation science
  • held-out evidence
  • high-stakes capability assessment
  • independent expert review
  • evaluator competence
  • progressive standards
  • incentive design
  • global interoperability

4. Institutional Functions

The complete future ecosystem requires the following functions.

Not every function should reside in Standards Body.

4.1 Research

  • Foundational research
  • evaluation science
  • measurement
  • institutional design
  • standards impact
  • assurance research
  • interoperability
  • public understanding

4.2 Terminology and Taxonomy

  • Canonical definitions
  • classifications
  • mappings
  • multilingual terms
  • deprecation and revision

4.3 Protocol Development

  • Evaluation protocols
  • task architectures
  • elicitation methods
  • scoring
  • uncertainty
  • lifecycle
  • security

4.4 Protocol Stewardship

  • Version control
  • task renewal
  • change requests
  • bridge studies
  • expiration
  • retirement

4.5 Standards Development

  • Proposals
  • committees
  • public review
  • consensus
  • dissent
  • approval
  • maintenance

4.6 Evaluation Administration

  • Technical evaluation
  • held-out administration
  • secure evidence handling
  • reporting

4.7 Independent Expert Review

  • Review mandates
  • panels
  • evidence access
  • findings
  • dissent
  • publication

4.8 Evaluator Competence Development

  • Scope definitions
  • competency frameworks
  • training
  • proficiency tests
  • quality systems
  • registries

4.9 Audit and Inspection

  • Criteria-based organizational and technical assurance
  • evidence review
  • control testing
  • conformity findings

4.10 Certification

  • Scheme operation
  • assessment
  • decision
  • certificate
  • surveillance
  • suspension
  • withdrawal

4.11 Accreditation

  • Assessment of conformity-assessment bodies
  • competence recognition
  • scope
  • peer review
  • surveillance

4.12 Legal and Regulatory Enforcement

  • Binding obligations
  • investigations
  • market surveillance
  • licensing
  • sanctions
  • judicial review

4.13 Incident and Failure Learning

  • Incident intake
  • taxonomy
  • protected exchange
  • root-cause analysis
  • corrective feedback
  • standards updates

4.14 Registries

  • Protocols
  • results
  • evaluators
  • standards
  • certificates
  • accreditation
  • incidents
  • recognition
  • corrections

4.15 International Interoperability

  • Crosswalks
  • recognition
  • bridge studies
  • common metadata
  • secure exchange
  • capacity building

4.16 Public Communication

  • Public summaries
  • education
  • claim correction
  • status information
  • stakeholder engagement

4.17 Appeals and Complaints

  • Procedural challenge
  • evidence challenge
  • conflict allegations
  • status disputes
  • correction

4.18 Institutional Quality

  • Internal audit
  • governance review
  • performance measurement
  • risk management
  • external evaluation

5. Functions Standards Body Should Perform Directly

At a mature nonprofit standards-infrastructure stage, Standards Body should be designed to perform the following functions directly.

5.1 Foundational Research

Maintain:

  • First principles
  • terminology
  • evidence standards
  • research methods
  • evaluation philosophy
  • institutional architecture

5.2 Evaluation-Method Research

Develop and test:

  • Dynamic protocols
  • held-out methods
  • high-stakes evaluation frameworks
  • validity arguments
  • scoring methods
  • system-identity standards

5.3 Standards Development

Operate a transparent process for:

  • Technical specifications
  • test methods
  • reporting standards
  • terminology standards
  • evaluator-competence standards
  • interoperability profiles

5.4 Protocol Stewardship

Maintain named protocols and their versions.

5.5 Public Registries

Maintain records of:

  • Protocol status
  • standards status
  • corrections
  • evaluator profiles
  • recognition decisions
  • public result metadata

5.6 Independent Review Coordination

Commission and support independent expert reviews while preserving panel independence.

5.7 Evaluator Ecosystem Development

Develop:

  • Competency frameworks
  • proficiency exercises
  • quality criteria
  • public-interest access
  • research infrastructure

5.8 Incident-Learning Infrastructure

Maintain a protected and public incident-learning system.

5.9 International Interoperability

Develop mappings, profiles, and recognition procedures.

5.10 Capacity Building

Support:

  • New evaluators
  • regional institutions
  • smaller organizations
  • open-source communities
  • public-interest researchers

5.11 Public-Interest Convening

Convene structured processes with documented participation and outcomes.

5.12 Institutional Research

Evaluate the performance and failures of standards and assurance systems.


6. Functions Standards Body Should Not Initially Perform

6.1 Regulatory Enforcement

Standards Body should not issue binding sanctions or legal prohibitions.

6.2 Licensing

It should not grant legal permission to develop or deploy AI.

6.3 Accreditation

It should not initially accredit evaluators or certification bodies.

6.4 Certification

It should not initially issue certificates of AI-system safety or conformity.

6.5 Commercial Evaluation as a Dominant Business

It should not become financially dependent on paid evaluations of the same organizations that influence its standards.

6.6 Exclusive Model Approval

It should not maintain an official approved-model list without lawful mandate and mature evidence.

6.7 Universal Risk Rating

It should not reduce systems to one public safety grade.

6.8 Government Representation

It should not claim to speak for states or international organizations.

6.9 Industry Representation

It should not claim to speak for the AI industry.

6.10 Public Representation

It should not claim to speak for the public merely because public-interest participants are included.

6.11 Private Legal Adjudication

It should not determine disputed legal obligations outside a defined contractual process.

6.12 Proprietary Standards Monopoly

It should not require exclusive use of its methods when equivalent approaches are valid.


7. Institutional Model Options

The institution should not be designed by copying one existing form.

Six major models should be considered.

7.1 Government-Led Institute

Description

A public agency or government institute responsible for evaluation, standards, or supervision.

Strengths

  • Legal mandate
  • public funding
  • access to classified or sensitive information
  • connection to enforcement
  • national measurement infrastructure
  • procurement influence

Weaknesses

  • National scope
  • political transition
  • slower adaptation
  • risk of geopolitical alignment
  • public-sector hiring constraints
  • reduced independence from government priorities

Best Use

  • National-security evaluation
  • regulatory support
  • public measurement
  • market surveillance
  • enforcement-linked work

Fit for Standards Body

Not the appropriate present form.

Standards Body could partner with government institutes.

7.2 Independent Nonprofit

Description

A mission-locked nonprofit research and standards institution.

Strengths

  • Independent identity
  • flexible research
  • philanthropic and public funding
  • international participation
  • public-interest mission
  • ability to publish criticism

Weaknesses

  • Donor dependence
  • no inherent legal authority
  • legitimacy must be built
  • potential founder or board capture
  • limited enforcement power

Best Use

  • Research
  • protocols
  • standards
  • convening
  • registries
  • capacity building

Fit for Standards Body

Strongest core organizational form.

7.3 International Intergovernmental Institution

Description

An organization created or governed by states.

Strengths

  • International legitimacy
  • diplomatic participation
  • treaty or state mandate
  • cross-border coordination
  • long-term continuity

Weaknesses

  • Slow formation
  • political negotiation
  • lowest-common-denominator risk
  • limited technical speed
  • state representation may exclude nonstate expertise

Best Use

  • Legal cooperation
  • government recognition
  • reporting
  • mutual commitments
  • global policy coordination

Fit for Standards Body

Potential partner or future network layer, not realistic initial form.

7.4 Industry Consortium

Description

A member-funded body organized around participating companies.

Strengths

  • Technical access
  • speed
  • implementation
  • market adoption
  • funding
  • interoperability

Weaknesses

  • Industry capture
  • weak affected-party power
  • membership barriers
  • conflicts
  • public trust limitations
  • standards designed around incumbents

Best Use

  • Technical interoperability
  • shared tools
  • implementation pilots
  • voluntary commitments

Fit for Standards Body

Useful participation model, unsuitable as controlling form.

7.5 Hybrid Public-Private Institution

Description

An independent or quasi-public body with government, industry, research, evaluator, and public-interest participation.

Strengths

  • Multiple sources of legitimacy
  • access
  • expertise
  • policy connection
  • public and private resources

Weaknesses

  • Complex governance
  • unclear accountability
  • risk of compromise without principle
  • difficult conflict management
  • blurred authority

Best Use

  • Standards development
  • evaluation coordination
  • shared infrastructure
  • regulatory support

Fit for Standards Body

Strong long-term ecosystem model if the nonprofit core remains independent.

7.6 Distributed Evaluator and Assurance Network

Description

A network of independent evaluator, audit, certification, accreditation, and recognition bodies using shared standards.

Strengths

  • Scalability
  • pluralism
  • regional capacity
  • reduced monopoly
  • specialized competence
  • cross-border recognition

Weaknesses

  • Inconsistent results
  • evaluator shopping
  • quality variance
  • coordination burden
  • registry complexity
  • recognition disputes

Best Use

  • Third-party assurance
  • domain specialization
  • international implementation
  • certification and accreditation

Fit for Standards Body

Essential ecosystem layer, but not the sole legal identity.


8. Model Comparison

Model Technical speed Public authority Independence from industry International reach Enforcement Capture risk Best role
Government-led Moderate High within jurisdiction High to moderate Limited to moderate High Political Evaluation and enforcement
Independent nonprofit High Low formal authority Potentially high High Low Donor and founder Research and standards
Intergovernmental Low to moderate High among parties High to moderate High Treaty-dependent State politics Coordination and recognition
Industry consortium High Low Low Moderate to high Contractual Industry Implementation and interoperability
Hybrid Moderate to high Variable Moderate High Variable Complex Standards and shared infrastructure
Distributed network Variable Distributed Variable High Scheme and legal dependent Market capture Assurance and recognition

8.1 Design Conclusion

No model alone is sufficient.

The preferred architecture combines:

  • An independent nonprofit core
  • hybrid multistakeholder standards processes
  • distributed evaluators and conformity-assessment bodies
  • government and international partnerships
  • external accreditation and legal enforcement

9. Recommended Institutional Architecture

9.1 Core Design

The recommended future architecture is:

An independent nonprofit public-interest technical secretariat and standards-development institution operating within a plural, internationally interoperable network of evaluators, reviewers, conformity-assessment bodies, public authorities, research institutions, and affected communities.

The core institution should be able to create credible common infrastructure.

It should not control every use of that infrastructure.

9.2 Institutional Components

The architecture contains:

  1. A nonprofit institutional core
  2. independent governing bodies
  3. technical and public-interest councils
  4. operational program units
  5. time-limited standards and research working groups
  6. external evaluator and assurance networks
  7. independent appeals and oversight
  8. public and controlled registries
  9. international liaison and capacity structures
  10. government and regulatory interfaces

9.3 Institutional Firewall

The following functions should have operational and decision firewalls:

  • Standards drafting
  • evaluation administration
  • certification decision
  • accreditation decision
  • appeals
  • funding allocation
  • enforcement

The same institution may support several functions only if:

  • Decision rights remain distinct
  • conflicts are disclosed
  • personnel and records are separated where necessary
  • appeals are independent
  • public claims identify the function performed

9.4 Subsidiarity

A function should be performed at the lowest institutional level capable of performing it credibly.

Examples:

  • Task maintenance by a domain working group
  • protocol stewardship by Standards Body
  • evaluation by qualified independent organizations
  • accreditation by recognized accreditation bodies
  • enforcement by governments
  • local adaptation by regional institutions

9.5 Institutional Modularity

The institution should be able to add, transfer, suspend, or retire functions without redesigning the entire organization.

9.6 Network, Not Empire

The preferred model values:

  • Shared standards
  • distributed implementation
  • reciprocal recognition
  • local competence
  • plural authority

over organizational expansion for its own sake.


10. Present-Stage Institutional Design

Standards Body is currently in the foundational research and institutional-design stage.

The present organization should remain intentionally limited.

10.1 Present Functions

Standards Body may:

  • Maintain the canonical document library
  • publish research and analysis
  • develop protocols and templates
  • maintain terminology and taxonomies
  • map standards and institutions
  • invite critique
  • develop pilot proposals
  • build source and version registries
  • convene exploratory discussions
  • form advisory relationships
  • prepare legal and organizational options

10.2 Present Non-Functions

Standards Body should not presently:

  • Issue standards as formally recognized consensus standards
  • issue certificates
  • accredit evaluators
  • make official risk classifications
  • operate regulatory enforcement
  • claim international representation
  • sell approval
  • use certification-style seals
  • create binding membership obligations presented as public law

10.3 Present Decision Authority

The project owner may approve foundational documents during the formation stage.

This authority should be treated as transitional.

Material institutional decisions should increasingly require:

  • Written rationale
  • expert review
  • recorded changes
  • conflict disclosure
  • later governance ratification

10.4 Present Advisory Structure

The project may form nonfiduciary advisory groups for:

  • Evaluation science
  • standards and conformity assessment
  • institutional design
  • public interest
  • international participation
  • security

Advisors should not be described as a governing board unless they possess actual defined governing authority.

10.5 Present Transparency

The project should publish:

  • Identity
  • mission
  • current stage
  • document status
  • authority limits
  • funding disclosures when material
  • contributor roles
  • corrections

10.6 Present Institutional Risk

The principal risk at this stage is institutional theater.

Controls:

  • No marks implying approval
  • no invented accreditation status
  • no vague claims of global consensus
  • no ceremonial boards without real responsibility
  • no use of standards language to imply authority

11. Legal and Organizational Form

11.1 Preferred Form

The preferred future core is an independent nonprofit or public-benefit legal entity.

The exact jurisdiction should be selected through a formal comparative review.

11.2 Jurisdiction Selection Criteria

Evaluate:

  • Nonprofit and charitable law
  • mission lock
  • board fiduciary duties
  • international operations
  • tax treatment
  • donor restrictions
  • employment
  • data protection
  • liability
  • research protections
  • whistleblower protections
  • public reporting
  • foreign participation
  • dissolution and asset transfer
  • recognition by partners

11.3 No Jurisdiction by Prestige

The institution should not select a jurisdiction merely because it signals international status.

11.4 Possible Structures

Single Nonprofit

One legal entity with internal separation.

Suitable for early stages.

Nonprofit With Controlled Subsidiaries

The parent maintains mission, standards, and research.

Separate subsidiaries may perform:

  • Training
  • technology services
  • evaluation operations
  • publications

Affiliated Independent Entities

Separate legal organizations perform:

  • Certification
  • accreditation
  • appeals
  • regional implementation

Foundation and Membership Association

A foundation protects mission and assets.

A member association supports participation and standards work.

Treaty or Public Recognition Layer

A later public or international arrangement may recognize specific standards or records without absorbing the nonprofit.

11.5 Preferred Evolution

A likely progression is:

  1. Independent project
  2. nonprofit research institute
  3. nonprofit standards and infrastructure institution
  4. affiliated or recognized network
  5. possible public or international recognition of specific functions

11.6 Mission Lock

The governing documents should require that assets and activities remain directed toward:

  • Credible frontier AI evaluation
  • standards
  • assurance infrastructure
  • public-interest governance
  • interoperability
  • institutional learning

11.7 Private Benefit Restriction

No insider, member, founder, funder, developer, evaluator, or partner should receive improper private benefit.

11.8 Dissolution

Upon dissolution, remaining mission assets should transfer to one or more qualified public-interest institutions with compatible purposes.

They should not revert to founders, directors, or commercial members.


12. Mission, Mandate, and Authority

12.1 Institutional Mission

To develop and maintain credible public-interest infrastructure for frontier AI evaluation, standards, assurance, and interoperability.

12.2 Mandate

The mature institution may be mandated to:

  • Conduct and publish research
  • develop and maintain evaluation protocols
  • develop standards through approved processes
  • coordinate independent review
  • maintain registries
  • develop evaluator-competence infrastructure
  • support international interoperability
  • operate incident-learning systems
  • provide training and capacity building
  • issue nonbinding technical findings within scope

12.3 Sources of Authority

Possible authority sources include:

  • Organizational charter
  • member agreement
  • standards process
  • technical competence
  • contractual adoption
  • procurement adoption
  • certification scheme recognition
  • government recognition
  • law or treaty

Each source should be stated separately.

12.4 Authority Levels

Research Authority

Authority to publish evidence-based research.

Process Authority

Authority to administer a defined process.

Standards Authority

Authority to approve documents within the institution's standards process.

Contractual Authority

Authority created when parties adopt the institution's rules by agreement.

Recognition Authority

Authority to recognize evidence or participation for a defined institutional purpose.

Public Authority

Authority created by law or government mandate.

12.5 Authority Limits

The institution should not claim a higher authority level than it possesses.

12.6 Technical Finding Versus Binding Decision

A technical finding may support a binding decision.

The binding decision remains with the authorized decision owner.


13. Constitutional Principles

The institution's governing documents should preserve the following principles.

13.1 Mission Primacy

Mission outranks revenue, membership growth, institutional prestige, and partner preference.

13.2 Human Benefit

The institution should support beneficial AI development and use while reducing serious harm.

13.3 Evidence

Material positions should be evidence-grounded and correctable.

13.4 Bounded Claims

Institutional claims should remain within actual authority and evidence.

13.5 Independence

No single constituency should control the institution.

13.6 Accountability

Power should be reviewable and explained.

13.7 Participation

People affected by standards and evaluation should have meaningful pathways to participate.

13.8 Competence

Decision roles should require relevant competence.

13.9 Pluralism

The institution should support multiple qualified evaluators, methods, and regional implementations.

13.10 Transparency With Security

Governance should be visible while sensitive information remains protected proportionately.

13.11 Due Process

Consequential decisions should support:

  • Notice
  • response
  • reasoned decision
  • appeal
  • correction

13.12 International Respect

The institution should not erase legitimate jurisdictional, cultural, or linguistic differences.

13.13 Competition

Standards and assurance should not create unjustified market exclusion or monopoly.

13.14 Revision

Standards and institutional rules should be revised or retired when evidence changes.

13.15 Institutional Humility

The institution should make clear:

  • What it knows
  • what it does not know
  • where it lacks authority
  • which alternatives remain

14. Governance Architecture

The complete governance system should contain several bodies with distinct responsibilities.

14.1 Governing Board

Primary responsibilities:

  • Mission
  • fiduciary oversight
  • executive appointment
  • strategy
  • risk
  • budget
  • institutional-stage transitions
  • major partnerships
  • governance amendments

The board should not decide ordinary technical findings.

14.2 Executive Secretariat

Primary responsibilities:

  • Operations
  • staffing
  • budget execution
  • program coordination
  • records
  • security
  • public administration
  • implementation of approved strategy

14.3 Scientific and Evaluation Council

Primary responsibilities:

  • Research quality
  • evaluation philosophy
  • protocol validity
  • evidence standards
  • technical research priorities
  • expert-review criteria

14.4 Standards Council

Primary responsibilities:

  • Standards work program
  • committee authorization
  • process compliance
  • ballot and consensus rules
  • publication
  • maintenance
  • withdrawal

14.5 Public Interest and Rights Council

Primary responsibilities:

  • Public-interest analysis
  • affected-party participation
  • rights
  • distributional impact
  • accessibility
  • small-actor concerns
  • public claims

14.6 International Coordination Forum

Primary responsibilities:

  • Regional participation
  • liaison
  • crosswalks
  • multilingual work
  • capacity building
  • recognition
  • avoidance of duplication

14.7 Ethics, Integrity, and Conflicts Committee

Primary responsibilities:

  • Conflicts
  • recusals
  • research integrity
  • misconduct procedures
  • whistleblower protections
  • sponsor influence
  • authorship and credit disputes

14.8 Security and Confidentiality Committee

Primary responsibilities:

  • Information classification
  • held-out security
  • incident response
  • dangerous-information review
  • access
  • release
  • security audit

14.9 Finance, Audit, and Risk Committee

Primary responsibilities:

  • Financial oversight
  • audit
  • funding concentration
  • reserves
  • compensation
  • enterprise risk
  • insurance
  • controls

14.10 Appeals and Review Panel

Primary responsibilities:

  • Independent review of eligible decisions
  • procedural fairness
  • conflict disputes
  • standards appeals
  • recognition disputes
  • corrections

The panel should not report to the staff whose decisions it reviews.

14.11 Contributor and Community Assembly

Primary responsibilities:

  • Contributor representation
  • proposals
  • public feedback
  • election or nomination rights where defined
  • community accountability
  • emerging issue identification

The assembly should not automatically possess authority over security-sensitive or fiduciary decisions.


15. Governing Board Design

15.1 Board Size

Recommended mature size:

  • Eleven to fifteen voting members

This is large enough for plurality and small enough for fiduciary responsibility.

15.2 Constituency Balance

Board competence should include:

  • AI evaluation science
  • standards and conformity assessment
  • public-interest governance
  • law and public institutions
  • international or regional experience
  • security and high-stakes domains
  • organizational and financial governance

15.3 Control Limits

Design targets:

  • No single constituency holds more than one third of voting seats.
  • Developer and commercial provider representatives combined do not hold one third or more.
  • Commercial evaluators and assurance providers combined do not hold one third or more.
  • At least two thirds of voting directors are independent of organizations currently subject to active Standards Body standards, evaluation, recognition, or certification-related work.
  • No funder receives an automatic board seat solely because of funding.
  • The founder does not possess a permanent veto or permanent board seat.

15.4 Terms

Recommended:

  • Three-year terms
  • maximum two consecutive full terms
  • staggered appointment
  • cooling-off period before return

Transitional founding terms may be shorter or staggered deliberately.

15.5 Appointment

Use a transparent nomination and selection process.

Publish:

  • Role criteria
  • desired competence
  • conflicts
  • appointing body
  • term
  • constituency
  • independence status

15.6 Removal

Removal should be possible for:

  • Breach of duty
  • misconduct
  • undisclosed conflict
  • persistent nonparticipation
  • security violation
  • mission breach

Removal should require a documented process.

15.7 Board Chair

The chair should:

  • Be elected by the board
  • serve a limited term
  • not simultaneously serve as chief executive
  • not possess unilateral standards or technical authority

15.8 Founder Transition

A founder may serve during formation.

The mature institution should require:

  • Defined term
  • succession plan
  • no permanent special voting class
  • no unilateral amendment power
  • institutional ownership of canonical assets

15.9 Board Evaluation

The board should receive:

  • Annual self-evaluation
  • periodic independent governance review
  • conflict audit
  • constituency-balance review
  • performance disclosure

16. Executive Secretariat

16.1 Chief Executive

The chief executive is responsible for operations, not unrestricted institutional authority.

16.2 Appointment

The board appoints and evaluates the chief executive.

16.3 Limits

The chief executive should not unilaterally:

  • Approve standards
  • reverse appeals
  • certify systems
  • expand institutional authority
  • change mission
  • conceal material conflicts
  • override security governance without review

16.4 Senior Roles

Possible roles:

  • Executive Director
  • Research Director
  • Director of Evaluation Science
  • Director of Standards
  • Director of Institutional Assurance
  • Director of International Cooperation
  • Director of Public Interest and Participation
  • Chief Security Officer
  • General Counsel or legal lead
  • Chief Operating and Financial Officer
  • Director of Transparency and Records

16.5 Delegation

Delegated authority should be:

  • Written
  • scoped
  • time-bound where necessary
  • reviewable
  • revocable

16.6 Staff Independence

Technical staff should have protected channels for:

  • Dissent
  • integrity concerns
  • security reporting
  • conflict reporting
  • publication disputes

17. Councils and Committees

17.1 Advisory Versus Decision Bodies

Every body should be labeled as:

  • Advisory
  • recommending
  • approving
  • reviewing
  • fiduciary
  • operational

17.2 No Ceremonial Council

A council should not be created merely to display prominent names.

It should have:

  • Mandate
  • membership criteria
  • term
  • decision rights
  • records
  • review
  • removal

17.3 Cross-Council Review

High-consequence standards may require review from:

  • Scientific and Evaluation Council
  • Standards Council
  • Public Interest and Rights Council
  • Security and Confidentiality Committee

17.4 Joint Decisions

Joint approval may be required where a proposal has both technical and public-interest consequences.

17.5 Deadlock

Deadlock procedures may include:

  • Mediation
  • revised scope
  • additional evidence
  • public dissent
  • appeal
  • board review limited to process and institutional mandate

The board should not manufacture technical consensus.


18. Working Groups

18.1 Purpose

Working groups perform bounded research, protocol, or standards tasks.

18.2 Types

  • Research working group
  • protocol working group
  • standards working group
  • incident task force
  • interoperability group
  • domain expert group
  • implementation group

18.3 Charter

Every working group should have:

  • Title
  • objective
  • scope
  • non-scope
  • deliverables
  • membership
  • chair
  • decision method
  • conflicts
  • security
  • timeline
  • sunset

18.4 Membership Balance

A standards working group should include relevant:

  • Developers
  • deployers
  • evaluators
  • domain experts
  • public-interest participants
  • smaller actors
  • government or regulatory liaisons
  • international participants

Balance should reflect the issue rather than use identical quotas for every group.

18.5 Participation Funding

Provide support where possible for participants who lack institutional funding.

18.6 Chair Independence

A chair should not represent the dominant commercial interest in the work without strong counterbalances and disclosure.

18.7 Records

Maintain:

  • Attendance
  • proposals
  • evidence
  • comments
  • conflicts
  • decisions
  • dissent
  • revisions

18.8 Sunset

Working groups should dissolve or renew after completing their mandate.


19. Membership Architecture

19.1 Membership Purpose

Membership creates structured participation.

It should not purchase scientific truth, approval, or authority.

19.2 Membership Categories

Possible categories:

  • Individual expert
  • academic or research institution
  • public-interest organization
  • developer or provider
  • deployer or purchaser
  • evaluator or assurance provider
  • government or public institution
  • standards organization
  • international organization
  • regional partner
  • open-source community
  • observer

19.3 Membership Rights

Rights may include:

  • Participation
  • nominations
  • proposals
  • committee eligibility
  • access to member briefings
  • voting within defined constituencies
  • use of non-endorsement membership description

19.4 Membership Non-Rights

Membership should not create:

  • Automatic board control
  • favorable evaluation
  • standards veto
  • certification
  • accreditation
  • endorsement
  • privileged confidential access unrelated to role
  • immunity from criticism

19.5 Dues

Dues may vary by organizational size.

Fee waivers or reduced dues should support:

  • Public-interest organizations
  • individual researchers
  • low-resource regions
  • small evaluators
  • open-source communities

19.6 Member Conduct

Members should agree to:

  • Accurate public claims
  • conflict disclosure
  • confidentiality
  • nonretaliation
  • standards-process integrity
  • no misuse of affiliation

19.7 Suspension and Removal

Grounds may include:

  • Misrepresentation
  • misconduct
  • security breach
  • corruption
  • retaliation
  • repeated process abuse
  • nonpayment, where appropriate

Due process and appeal should apply.


20. Participation and Representation

20.1 Stakeholder Groups

Relevant groups include:

  • Frontier developers
  • smaller developers
  • deployers
  • users
  • affected non-users
  • evaluators
  • researchers
  • standards experts
  • governments
  • regulators
  • workers
  • civil society
  • open-source communities
  • international and regional institutions
  • high-stakes domain experts

20.2 Representation Is Not Endorsement

Participation does not imply that a participant endorses every institutional position.

20.3 Affected-Party Participation

People affected by system deployment should have pathways to influence:

  • Problem definition
  • risk classification
  • reporting
  • safeguards
  • appeals
  • standards impact review

20.4 Avoid Symbolic Representation

One participant should not be treated as representing an entire community without mandate.

20.5 Participation Quality

Measure:

  • Who participates
  • whose comments change outcomes
  • who withdraws
  • which barriers remain
  • whether minority positions are recorded

20.6 International Balance

International work should include:

  • Regional participation
  • multilingual material
  • local expertise
  • remote access
  • capacity support

20.7 Future Generations

Long-term and difficult-to-reverse consequences should be considered through:

  • Explicit impact analysis
  • long-horizon expertise
  • public-interest review

No individual can literally represent future people.


21. Decision Architecture

21.1 Decision Classes

Institutional decisions include:

  • Research approval
  • protocol approval
  • standards project approval
  • standard approval
  • publication
  • security classification
  • evaluator recognition
  • funding acceptance
  • partnership
  • correction
  • suspension
  • appeal
  • institutional transition

21.2 Decision Record

Every material decision should identify:

  • Decision owner
  • authority
  • proposal
  • evidence
  • reviewers
  • conflicts
  • comments
  • dissent
  • outcome
  • conditions
  • effective date
  • appeal
  • expiration

21.3 Decision Methods

Possible methods:

  • Executive decision
  • committee majority
  • supermajority
  • consensus
  • no sustained objection
  • expert determination
  • independent panel decision

21.4 Consensus

Consensus means broad agreement after serious efforts to address substantial objections.

It does not require unanimity.

21.5 Supermajority

Use supermajority for:

  • Mission amendments
  • institutional-stage transitions
  • merger
  • dissolution
  • creation of certification or accreditation functions
  • removal of independent appeals protections

21.6 Technical Decision Rights

Technical decisions should be made by competent bodies under approved processes.

21.7 Public-Interest Veto

The institution should avoid a vague universal veto.

A Public Interest and Rights Council may require reconsideration or escalation when a proposal presents a material unresolved rights or distributional issue.

The final process should preserve reasoned decision and dissent.

21.8 Security Decision Rights

Emergency security actions may be taken quickly.

They should be reviewed after the immediate risk is controlled.


22. Separation of Institutional Powers

22.1 Standards and Certification

The body developing a standard should not control every certification decision under that standard.

22.2 Certification and Accreditation

A certification body should not accredit itself.

22.3 Evaluation and Appeal

The evaluator should not decide the final appeal concerning its own disputed process.

22.4 Funding and Technical Findings

Fundraising personnel should not control technical conclusions.

22.5 Executive and Board

The chief executive should not chair the governing board.

22.6 Security and Publication

Security review may require redaction or delay.

It should not suppress unfavorable findings for reputational reasons.

22.7 Developer Input and Independent Review

Developers may correct facts and provide evidence.

They should not control independent conclusions.

22.8 Institutional Recognition and Commercial Services

Recognition decisions should not be linked to purchase of consulting, membership, or training.

22.9 Firewall Methods

Use:

  • Separate committees
  • distinct staff
  • separate legal entities
  • budget separation
  • information barriers
  • independent review
  • public disclosure
  • appeal

23. Standards-Development Function

23.1 Standards Work Program

The institution should publish a current work program identifying:

  • Proposed projects
  • active projects
  • responsible committees
  • stage
  • expected timeline
  • participation opportunities
  • related external standards
  • public-interest rationale

23.2 New Work Proposal

A standards project should begin with:

  • Problem
  • scope
  • affected actors
  • evidence maturity
  • existing standards
  • implementation need
  • assurance readiness
  • competition impact
  • international relevance
  • resource estimate

23.3 Approval to Begin

Approval to start a project does not imply approval of the resulting standard.

23.4 Standards Types

Standards Body may develop:

  • Terminology standards
  • protocol specifications
  • evaluation reporting standards
  • system-identity standards
  • evidence and provenance standards
  • evaluator-competence standards
  • interoperability profiles
  • incident-reporting standards
  • process standards
  • management-system requirements where mature

23.5 Standards Process

The process should include:

  1. Proposal
  2. scoping
  3. committee formation
  4. evidence review
  5. drafting
  6. pilot
  7. public comment
  8. comment disposition
  9. technical and public-interest review
  10. approval
  11. publication
  12. implementation monitoring
  13. revision or retirement

23.6 Consensus and Dissent

Publish:

  • Consensus basis
  • substantial objections
  • unresolved dissent
  • minority report where material

23.7 Public Comment

Comment periods should be long enough for meaningful review.

Urgent processes may use shorter periods only with:

  • Published reason
  • temporary status
  • rapid follow-up review
  • sunset

23.8 Standards Accessibility

The institution should seek to make core public-interest standards freely accessible.

Revenue models should not make essential safety and evaluation requirements unavailable to smaller actors.

23.9 Copyright and Licensing

Standards should have clear terms for:

  • Access
  • quotation
  • implementation
  • translation
  • software schemas
  • derivative profiles

23.10 Maintenance

Every standard should have:

  • Owner
  • version
  • review cycle
  • incident triggers
  • correction process
  • supersession
  • retirement

23.11 External Standards

Standards Body should adopt, map, or reference existing standards where appropriate.

It should avoid creating proprietary duplicates.

23.12 Government Use

Governments may adopt or reference Standards Body standards through their own lawful processes.

Such adoption does not transfer government authority to Standards Body.


24. Evaluation and Protocol Function

24.1 Protocol Stewardship

Standards Body may serve as steward for defined evaluation protocols.

Stewardship includes:

  • Construct definition
  • versioning
  • change control
  • task-governance framework
  • reporting requirements
  • expiration
  • retirement

24.2 Evaluation Research

The institution may run research evaluations to:

  • Validate protocols
  • compare methods
  • study elicitation
  • assess evaluator consistency
  • support standards development

24.3 Consequential External Evaluation

When evaluating an external organization's system for a consequential public claim, the institution should use:

  • Independent evaluator teams
  • external review
  • separate funding arrangements
  • protected publication rights
  • defined access
  • appeal
  • result expiration

24.4 Evaluation Services

If paid evaluation services are offered, they should be separated from:

  • Standards approval
  • evaluator recognition
  • membership
  • certification
  • public-interest enforcement claims

24.5 Evaluation Results

A result should identify:

  • Evaluated object
  • protocol
  • evaluator
  • conditions
  • uncertainty
  • evidence level
  • limitations
  • expiration
  • status

24.6 No General Approval

An evaluation result should not be marketed as general approval of the system.

24.7 Protocol Access

Protocol access may be:

  • Public
  • partially protected
  • controlled
  • restricted

The classification should follow validity and security needs.

24.8 Task Custody

Held-out tasks should be managed by:

  • Separate custodians
  • access controls
  • logs
  • rotation
  • compromise procedures
  • qualified review

24.9 Evaluator Independence

Where Standards Body maintains the protocol and also evaluates:

  • Separate protocol and evaluation teams
  • external method review
  • disclosure
  • no self-certification
  • appeal outside the evaluation team

25. Independent Review Function

25.1 Review Mandate

Standards Body may commission independent reviews of:

  • Protocols
  • evaluation results
  • standards proposals
  • incidents
  • institutional practices
  • evaluator competence frameworks

25.2 Review Panel Selection

Use:

  • Competence criteria
  • independence profiles
  • conflict disclosure
  • diverse methods
  • public-interest participation where relevant

25.3 Funding

Reviewer compensation should not depend on result direction.

25.4 Evidence Access

Reviewers should receive sufficient access for the public conclusion.

25.5 Publication Rights

The reviewed party may receive factual-review rights.

It should not control the independent conclusion.

25.6 Dissent

Preserve:

  • Minority findings
  • unresolved limitations
  • confidence differences
  • access restrictions

25.7 Review Registry

Maintain records of:

  • Mandate
  • reviewers
  • access level
  • conflicts
  • findings
  • response
  • status

26. Assurance Ecosystem Function

26.1 Institutional Purpose

Standards Body should help create a trustworthy ecosystem for:

  • Testing
  • evaluation
  • inspection
  • audit
  • validation
  • verification
  • certification
  • accreditation

26.2 Role Clarity

Each activity should retain its canonical meaning.

26.3 Competence Frameworks

Standards Body may define competence by:

  • Domain
  • method
  • system type
  • activity
  • security level
  • assurance level

26.4 Proficiency Testing

The institution may coordinate or approve proficiency exercises testing:

  • Protocol implementation
  • scoring
  • security
  • evidence handling
  • reporting
  • inter-evaluator consistency

26.5 Quality Systems

Evaluator requirements may include:

  • Governance
  • personnel
  • methods
  • records
  • security
  • conflicts
  • complaints
  • correction
  • internal audit
  • continuous competence

26.6 Evaluator Registry

The registry should distinguish:

  • Self-declared capability
  • Standards Body qualification pilot
  • external certification
  • accreditation
  • current scope
  • suspension
  • expiry

26.7 No Universal Evaluator Label

An evaluator should not be described as generally approved for all AI evaluation.

Scope is essential.

26.8 Market Development

Support:

  • New evaluator entry
  • regional capacity
  • shared tools
  • training
  • public-interest funding
  • open protocols
  • inter-evaluator studies

26.9 Market Safeguards

Monitor:

  • Client concentration
  • evaluator shopping
  • result dependence
  • service bundling
  • standards influence
  • market concentration

27. Accreditation Relationship

27.1 Initial Position

Standards Body should not initially operate as an accreditation body.

27.2 Preferred Role

It may develop:

  • Evaluator competence standards
  • technical scopes
  • proficiency tests
  • scheme guidance
  • registry metadata
  • AI-specific interpretation

27.3 External Accreditation

Recognized accreditation bodies may assess conformity-assessment bodies against:

  • General accreditation criteria
  • AI-specific standards
  • defined technical scopes

27.4 Cooperation

Standards Body may cooperate with national, regional, and global accreditation systems.

27.5 Accreditation Claims

Public records should state:

  • Accreditation body
  • criteria
  • scope
  • locations
  • status
  • expiration

27.6 Future Accreditation Entity

Any future accreditation function should require:

  • Separate legal and governance analysis
  • conformity-assessment competence
  • impartiality
  • peer evaluation
  • international recognition strategy
  • independent appeals
  • financial separation
  • amendment of project identity

27.7 No Self-Accreditation

Standards Body cannot declare itself accredited or recognized without an external valid process.


28. Certification Relationship

28.1 Initial Position

Standards Body should not initially issue AI safety certificates.

28.2 Scheme Development

The institution may research or develop certification-scheme requirements only when:

  • The certified object is defined
  • requirements are mature
  • methods are valid
  • evaluators exist
  • surveillance is possible
  • claims are understandable
  • withdrawal can be enforced

28.3 Certification Object

Potential objects may include:

  • Management system
  • evaluation process
  • protocol implementation
  • system configuration
  • reporting process
  • personnel competence

A broad certification of "safe AI" should be rejected.

28.4 Certification Body Separation

Certification decisions should ordinarily be made by separate qualified certification bodies.

28.5 Scheme Owner Role

Standards Body may become a scheme owner only with:

  • Governance
  • technical competence
  • public claim controls
  • complaints
  • surveillance
  • financial model
  • independent oversight

28.6 Certificate Registry

A certificate record should identify:

  • Scheme
  • body
  • certified object
  • scope
  • date
  • expiry
  • status
  • surveillance
  • suspension

28.7 Mark Control

Any mark should be:

  • Scope-specific
  • time-limited
  • revocable
  • protected against misleading use
  • unrelated to membership purchase

29. Enforcement Relationships

29.1 Public Enforcement

Binding enforcement belongs to authorized institutions.

Examples:

  • Regulators
  • market-surveillance authorities
  • courts
  • procurement authorities
  • licensing bodies
  • treaty institutions

29.2 Standards Body Support

Standards Body may support enforcement through:

  • Standards
  • protocols
  • evidence
  • registries
  • expert analysis
  • incident information
  • evaluator competence frameworks

29.3 No Private Penalty Without Basis

Standards Body may enforce:

  • Membership rules
  • contracts
  • confidentiality
  • marks
  • registry status
  • standards-process conduct

It should not impose public-law penalties without authority.

29.4 Regulatory Recognition

A regulator may recognize:

  • A standard
  • protocol
  • evaluator
  • certificate
  • registry

Recognition should state legal effect and conditions.

29.5 Enforcement Independence

The technical institution should be able to publish evidence even when public authorities choose a different policy response.

29.6 Government Requests

Requests for evidence should follow:

  • Law
  • contracts
  • security
  • privacy
  • due process
  • transparency where permitted

30. Incident and Failure-Learning Function

30.1 Purpose

The institution should convert incidents and near misses into improvements.

30.2 Incident Intake

Accept reports from:

  • Developers
  • deployers
  • users
  • workers
  • evaluators
  • researchers
  • public institutions
  • affected parties
  • whistleblowers

30.3 Intake Channels

Provide:

  • Public reporting
  • confidential reporting
  • protected disclosure
  • partner channels
  • emergency security channel

30.4 Triage

Assess:

  • Credibility
  • severity
  • urgency
  • system
  • AI role
  • evidence
  • disclosure risk
  • jurisdiction

30.5 Investigation

Standards Body may:

  • Preserve records
  • coordinate expert review
  • refer to competent authorities
  • compare protocols
  • conduct root-cause research

It should not obstruct official investigations.

30.6 Public and Protected Records

Publish the maximum safe learning while protecting:

  • Personal data
  • active vulnerabilities
  • confidential systems
  • legal process
  • national security

30.7 Feedback

Incidents should trigger review of:

  • Protocols
  • tasks
  • safeguards
  • standards
  • evaluator scopes
  • certificates
  • public claims
  • research agenda

30.8 Nonretaliation

The institution should prohibit retaliation within its own programs against good-faith reporting.

30.9 Incident Independence

Incident review should not be controlled by the organization whose system is involved.


31. Registry and Knowledge Infrastructure

31.1 Registry Purpose

Registries make status visible.

31.2 Core Registries

Potential registries include:

  • Standards registry
  • protocol registry
  • evaluation-result registry
  • evaluator registry
  • review registry
  • certificate registry
  • accreditation mapping
  • incident registry
  • recognition registry
  • correction registry

31.3 Registry Minimum

Each record should include:

  • Identifier
  • owner
  • scope
  • version
  • status
  • effective date
  • expiration
  • evidence
  • correction history

31.4 Federated Architecture

Registries should support exchange with external systems.

Standards Body should not require one centralized global database as the only source of legitimacy.

31.5 Integrity

Use:

  • Version control
  • signatures where appropriate
  • audit logs
  • status propagation
  • archived records
  • correction notices

31.6 Public Access

Public status should be freely accessible.

Restricted technical evidence may remain controlled.

31.7 Registry Governance

Registry operators should have:

  • Update duties
  • challenge procedures
  • correction
  • security
  • availability targets
  • succession plans

32. Transparency and Confidentiality

32.1 Transparency Baseline

The institution should publish:

  • Mission
  • authority
  • governance
  • board and councils
  • funding
  • conflicts
  • work program
  • standards process
  • public decisions
  • corrections
  • annual performance

32.2 Confidentiality Categories

Use:

  • Public
  • controlled
  • confidential
  • restricted
  • highly restricted

32.3 Protected Information

Protection may apply to:

  • Held-out tasks
  • vulnerabilities
  • model weights
  • system prompts
  • personal data
  • incidents
  • contractual information
  • national-security information

32.4 Public Minimum for Restricted Work

Publish:

  • Purpose
  • broad scope
  • responsible bodies
  • review type
  • result status
  • limitations
  • reason for restriction
  • review date

32.5 Confidentiality Authority

No one staff member should have unlimited power to classify information permanently.

32.6 Classification Review

Restricted status should have:

  • Owner
  • rationale
  • review date
  • release conditions
  • appeal

32.7 Sponsor Confidentiality

Commercial confidentiality should not be used to conceal:

  • Material public harm
  • evaluator conflict
  • invalid result
  • misleading public claim

Legal obligations should be reviewed carefully.


33. Conflicts and Independence

33.1 Conflict Categories

  • Financial
  • employment
  • ownership
  • client
  • funding
  • intellectual
  • political
  • personal
  • reputational
  • access dependence

33.2 Conflict Register

Maintain public and controlled conflict records.

33.3 Recusal

Material conflicts may require:

  • Disclosure
  • limited participation
  • independent review
  • recusal
  • removal

33.4 Revolving Door

Create cooling-off rules for:

  • Developer executives
  • regulators
  • certification personnel
  • accreditation personnel
  • senior staff

The rule should be proportionate to the role.

33.5 Client Concentration

A service unit should monitor dependence on major clients.

33.6 Funding Conflict

Funders should not select:

  • Reviewers
  • evaluators
  • standard language
  • findings

outside transparent role-based processes.

33.7 Intellectual Conflict

People who created a protocol may contribute expertise.

They should not be the sole validators of its success.

33.8 Independence Statement

Major reports should state:

  • Funding
  • selection
  • access
  • method control
  • publication rights
  • conflicts

34. Funding Model

34.1 Funding Objectives

Funding should support:

  • Independence
  • competence
  • continuity
  • access
  • security
  • public goods
  • correction

34.2 Revenue Sources

A diversified mature model may include:

  • Philanthropic grants
  • government research grants
  • international grants
  • membership dues
  • publications
  • training
  • conferences
  • registry services
  • protocol licensing where appropriate
  • technical infrastructure fees
  • commissioned research
  • charitable contributions
  • endowment income

34.3 Prohibited Funding Conditions

Reject funding conditioned on:

  • Favorable outcome
  • publication suppression
  • standards control
  • board control
  • confidential access beyond role
  • certification
  • recognition
  • exclusion of competitors
  • political endorsement

34.4 Funding Concentration Targets

Suggested design targets:

Formation Stage

No single funder should ordinarily provide more than 35 percent of annual operating revenue without public disclosure, board approval, and a diversification plan.

Institutionalization Stage

Target no single funder above 25 percent.

Mature Stage

Target no single funder above 15 percent.

These are governance targets, not universal accounting rules.

Exceptions should be:

  • Temporary
  • disclosed
  • independently reviewed
  • accompanied by safeguards

34.5 Reserves

Target an operating reserve sufficient for:

  • Six to twelve months of core operations
  • security incidents
  • litigation or disputes
  • funder withdrawal
  • publication independence

34.6 Restricted Grants

Restricted funding should not distort the institution's overall priorities.

34.7 Membership Revenue

Membership should not become a pay-to-govern system.

34.8 Standards Revenue

Core safety and public-interest documents should remain accessible.

34.9 Service Revenue

Separate commercial services from standards and recognition decisions.

34.10 Endowment

A future endowment may protect independence.

Its investment and donor rules should align with mission.

34.11 Financial Transparency

Publish:

  • Audited financial statements
  • major funder categories
  • concentration
  • related-party transactions
  • executive compensation principles
  • reserves
  • service revenue

35. Staffing and Competence

35.1 Competence Model

The institution needs combined competence in:

  • AI and machine learning
  • evaluation science
  • statistics and measurement
  • cybersecurity
  • biological and chemical risk
  • human factors
  • standards development
  • conformity assessment
  • accreditation
  • law and regulation
  • governance
  • economics and competition
  • security
  • privacy
  • international relations
  • public communication

35.2 Core Staff and Networks

Not all competence must be permanent staff.

Use:

  • Core staff
  • fellows
  • contracted experts
  • working groups
  • partner laboratories
  • regional institutions
  • independent reviewers

35.3 Hiring

Hiring should consider:

  • Demonstrated work
  • judgment
  • integrity
  • interdisciplinary ability
  • security eligibility
  • conflicts
  • public communication

35.4 Continuing Competence

Require:

  • Training
  • proficiency
  • peer review
  • domain updates
  • standards education
  • security exercises

35.5 Compensation

Compensation should be sufficient to reduce dependence on conflicted external work.

35.6 Staff Dissent

Protect good-faith technical and institutional dissent.

35.7 Research Independence

Researchers should have defined publication and review protections.

35.8 Personnel Security

Sensitive roles may require:

  • Background checks where lawful
  • access agreements
  • training
  • least privilege
  • monitoring
  • exit controls

36. Security Architecture

36.1 Security Objectives

Protect:

  • People
  • models
  • tasks
  • evidence
  • vulnerabilities
  • personal data
  • systems
  • institutional continuity

36.2 Security Governance

The Chief Security Officer should have:

  • Operational authority
  • escalation rights
  • direct access to the board risk committee
  • independence from commercial pressure

36.3 Security Controls

Use:

  • Least privilege
  • strong authentication
  • network segmentation
  • secure environments
  • logging
  • encryption
  • data-loss prevention
  • backups
  • incident response
  • vendor review
  • physical security

36.4 Held-Out Infrastructure

Task banks should use:

  • Separate custody
  • controlled administration
  • signed artifacts
  • exposure tracking
  • rotation
  • compromise review

36.5 Model Access

Model access should be governed by:

  • Purpose
  • scope
  • provider agreement
  • security
  • logging
  • destruction or return
  • reviewer access

36.6 Insider Risk

Use:

  • Separation of duties
  • behavior-independent controls
  • access review
  • reporting channels
  • leave and exit procedures

36.7 Security Audit

Conduct:

  • Internal testing
  • external penetration testing
  • access audits
  • incident simulations
  • recovery tests

36.8 Emergency Authority

Emergency security actions should be:

  • Necessary
  • proportionate
  • logged
  • time-limited
  • reviewed after action

37. International Architecture

37.1 International Goal

Support interoperable evidence and standards across plural legal and institutional systems.

37.2 Participation Model

Use:

  • Regional partners
  • national standards liaisons
  • public institutions
  • international organizations
  • evaluator networks
  • research institutions
  • civil society

37.3 No One-Country Control

A mature international institution should avoid:

  • Board dominance by one country
  • all leadership in one region
  • English-only participation
  • dependence on one national funder
  • standards based only on one legal system

37.4 Common Core and Local Extensions

Maintain:

  • Shared terminology
  • metadata
  • evidence standards
  • protocol principles
  • status records

Allow local extensions for:

  • Law
  • language
  • culture
  • sectors
  • risk tolerance
  • institutional structure

37.5 Recognition

Recognition should be:

  • Purpose-specific
  • evidence-based
  • versioned
  • conditional where needed
  • reviewable
  • revocable

37.6 Regional Capacity

Support:

  • Training
  • fellowships
  • shared evaluation facilities
  • translation
  • local task development
  • regional evaluator organizations

37.7 International Liaisons

Seek liaison or cooperation with:

  • Standards organizations
  • accreditation networks
  • public AI institutes
  • treaty bodies
  • regional organizations
  • professional associations

37.8 Avoid Duplication

Before beginning international standards work, map:

  • Existing standards
  • work programs
  • legal instruments
  • reporting frameworks
  • evaluator initiatives

37.9 International Claims

Use:

  • International participation
  • cross-regional
  • multi-jurisdictional

only when supported.

Avoid:

  • Globally approved
  • worldwide authority
  • universal consensus

38. Partnerships

38.1 Partnership Purpose

Partnerships should provide:

  • Expertise
  • access
  • implementation
  • capacity
  • interoperability
  • public benefit

38.2 Partner Categories

  • Research
  • government
  • standards
  • evaluator
  • accreditation
  • certification
  • industry
  • civil society
  • philanthropy
  • international
  • regional

38.3 Partnership Review

Assess:

  • Mission fit
  • conflicts
  • reputation
  • security
  • funding
  • control
  • public claims
  • exit

38.4 No Implied Endorsement

Participation or partnership should not imply approval of all partner activities.

38.5 Public Agreement Summary

Publish the purpose, funding, governance, and claim limits of material partnerships.

38.6 Data and Intellectual Property

Agreements should define:

  • Ownership
  • licenses
  • publication
  • confidentiality
  • evidence access
  • termination
  • correction

38.7 Exit

The institution should be able to end a partnership after:

  • Mission conflict
  • interference
  • misconduct
  • security breach
  • misleading public claims

39. Public Interest, Rights, and Social Consequence

39.1 Public-Interest Function

Public-interest review should examine:

  • Harm
  • benefit
  • rights
  • access
  • distribution
  • competition
  • labor
  • environment
  • democracy
  • vulnerable populations

39.2 Technical Scope

The institution should remain technically serious.

Public-interest review should not become a substitute for measurement.

39.3 Rights Analysis

Where standards may affect rights, obtain qualified expertise and affected-party input.

39.4 Distribution

Assess who bears:

  • Cost
  • risk
  • compliance burden
  • exclusion
  • benefit
  • uncertainty

39.5 Competition

Standards should not unnecessarily:

  • Entrench incumbents
  • require proprietary access
  • prevent equivalent methods
  • exclude open-source systems
  • create one evaluator monopoly

39.6 Environmental and Resource Impact

Evaluate institutional and technical requirements for:

  • Compute
  • energy
  • hardware
  • travel
  • storage
  • specialist labor

39.7 Public Explanation

Provide understandable explanations of:

  • Standards
  • evaluations
  • status
  • uncertainty
  • authority

40. Small Actors and Open Ecosystems

40.1 Inclusion Goal

The institution should support meaningful participation by:

  • Startups
  • independent researchers
  • small evaluators
  • nonprofits
  • public-interest groups
  • open-source communities
  • lower-resource regions

40.2 Barriers

Potential barriers include:

  • Fees
  • travel
  • compute
  • legal cost
  • model access
  • security infrastructure
  • English
  • specialist staffing

40.3 Access Measures

Use:

  • Reduced fees
  • travel support
  • remote participation
  • compute grants
  • shared secure facilities
  • open tooling
  • template support
  • translated materials

40.4 Functional Equivalence

Permit alternative methods where they provide equivalent evidence.

40.5 Open-Weight Systems

Account for:

  • Forks
  • distributed deployment
  • community maintainers
  • uncertain operators
  • model lineage
  • safeguard modification

40.6 No Exemption by Size From Severe Risk

Proportionality should reduce unnecessary burden.

It should not erase severe-risk obligations where capability and deployment justify them.


41. Appeals, Complaints, and Procedural Justice

41.1 Eligible Appeals

Appeals may concern:

  • Standards process
  • protocol status
  • evaluator recognition
  • membership discipline
  • conflict decisions
  • publication corrections
  • registry status
  • confidentiality classification
  • certification or accreditation relationships where applicable

41.2 Appeal Grounds

Possible grounds:

  • Procedural error
  • material factual error
  • undisclosed conflict
  • insufficient evidence
  • unequal treatment
  • unreasonable scope
  • new material evidence
  • authority exceeded

41.3 Appeals Panel

The Appeals and Review Panel should be:

  • Independent of the original decision team
  • competent in the issue
  • conflict-screened
  • able to obtain necessary records
  • required to give reasons

41.4 Appeal Outcomes

  • Affirm
  • modify
  • remand
  • suspend
  • reverse
  • require correction
  • find outside jurisdiction

41.5 Complaints

Complaints may concern:

  • Staff conduct
  • member conduct
  • evaluator conduct
  • security
  • retaliation
  • misuse of marks
  • misleading claims
  • governance
  • accessibility

41.6 Whistleblower Channel

Provide a protected channel independent of ordinary management.

41.7 Nonretaliation

Retaliation should be prohibited and independently reviewable.

41.8 Time Limits

Time limits should balance:

  • Finality
  • access
  • complexity
  • new evidence
  • security

41.9 Public Record

Publish decisions and reasons where possible.

Protect:

  • Personal data
  • security
  • confidential evidence
  • legal privilege

42. Institutional Performance

42.1 Performance Philosophy

The institution should not measure success primarily through:

  • Number of standards
  • number of members
  • media attention
  • certificates issued
  • revenue
  • partnerships
  • institutional prestige

42.2 Outcome Categories

Measure:

Evidence Quality

  • Validity
  • reproducibility
  • correction
  • current status
  • decision usefulness

Standards Quality

  • Adoption
  • implementation
  • burden
  • interoperability
  • revision
  • outcome improvement

Evaluation Quality

  • Protocol reliability
  • task integrity
  • evaluator consistency
  • predictive validity
  • incident relevance

Institutional Quality

  • Independence
  • participation
  • conflict control
  • appeals
  • transparency
  • security
  • financial resilience

Ecosystem Quality

  • Number and diversity of competent evaluators
  • regional capacity
  • market concentration
  • recognition
  • small-actor access

Public-Interest Outcomes

  • Harm reduction
  • safer beneficial deployment
  • better public understanding
  • stronger correction
  • rights protection
  • reduced duplication

42.3 Annual Report

Publish:

  • Work completed
  • outcomes
  • failed projects
  • corrections
  • standards status
  • funding
  • conflicts
  • participation
  • security summary
  • institutional risks
  • next-year priorities

42.4 Independent Evaluation

Commission periodic independent evaluation of the institution.

Recommended cadence:

  • Every three years during institutionalization
  • Every five years at mature stage
  • Immediately after a major institutional failure

42.5 Public Dashboard

A public dashboard may include:

  • Current standards
  • active projects
  • open comments
  • corrections
  • appeals
  • funding concentration
  • participation metrics
  • registry health

Avoid vanity metrics.

42.6 Institutional Research

Publish negative findings about the institution when supported.


43. Internal Audit and Quality System

43.1 Quality Scope

The quality system should cover:

  • Research
  • protocols
  • standards
  • registries
  • review
  • security
  • records
  • conflicts
  • complaints
  • funding
  • partnerships

43.2 Internal Audit

Audit against:

  • Governing documents
  • canonical files
  • approved procedures
  • security requirements
  • financial controls
  • applicable law

43.3 Audit Independence

Internal audit should have direct access to the board Audit and Risk Committee.

43.4 Corrective Action

Findings should receive:

  • Owner
  • deadline
  • evidence
  • verification
  • closure
  • escalation

43.5 External Audit

Use qualified external audit for:

  • Financial statements
  • security
  • governance
  • standards process
  • quality systems

43.6 Management Review

Leadership should review:

  • Performance
  • risks
  • incidents
  • audit
  • complaints
  • resources
  • competence
  • independence

43.7 Quality Records

Preserve records sufficient to reconstruct material institutional decisions.


44. Emergency and Crisis Governance

44.1 Emergency Types

  • Security breach
  • task-bank compromise
  • major AI incident
  • legal injunction
  • loss of critical funding
  • infrastructure failure
  • misconduct
  • public misinformation
  • geopolitical disruption

44.2 Emergency Authority

Emergency authority may permit:

  • Access suspension
  • publication delay
  • protocol suspension
  • registry warning
  • temporary operational changes
  • evidence preservation

44.3 Limits

Emergency authority should not permit permanent:

  • Mission change
  • elimination of appeal
  • undisclosed censorship
  • standards adoption
  • board entrenchment
  • transfer of assets

44.4 Emergency Record

Record:

  • Trigger
  • authority
  • action
  • evidence
  • duration
  • affected rights
  • review
  • termination

44.5 Review

An independent or board-level review should occur after immediate control.

44.6 Public Notice

Publish a safe summary when the emergency affects public reliance.


45. Failure Recovery, Succession, and Dissolution

45.1 Institutional Failure Types

  • Mission drift
  • founder capture
  • corporate capture
  • political capture
  • donor dependency
  • standards failure
  • evaluator misconduct
  • security breach
  • financial insolvency
  • public trust collapse
  • obsolete mission
  • leadership failure

45.2 Recovery Tools

  • Leadership change
  • board reconstitution
  • independent review
  • function suspension
  • standards withdrawal
  • funding firewall
  • legal restructuring
  • transfer of registry
  • external administration
  • merger
  • dissolution

45.3 Succession

Maintain:

  • Leadership succession
  • protocol stewardship succession
  • registry continuity
  • key-person risk controls
  • documentation
  • emergency access

45.4 Canonical Asset Ownership

The institution, not an individual founder, should own or control:

  • Domains
  • canonical files
  • registries
  • trademarks
  • protocol identifiers
  • institutional records

subject to legal formation and licensing arrangements.

45.5 Function Transfer

If the institution cannot perform a critical function, transfer it to a competent mission-aligned institution under documented conditions.

45.6 Dissolution Trigger

Possible triggers:

  • Insolvency
  • inability to fulfill mission
  • sustained governance failure
  • legal impossibility
  • merger into a stronger public-interest institution
  • supermajority decision after independent review

45.7 Asset Transfer

Mission assets should transfer to compatible nonprofit or public-interest institutions.

45.8 Record Preservation

Preserve:

  • Standards
  • corrections
  • public decisions
  • version history
  • research
  • institutional lessons

46. Institutional Transition Stages

Stage 0: Independent Foundational Project

Functions:

  • Canonical documents
  • research
  • concept development
  • source mapping
  • early public communication

Authority:

  • Research and publication only

Transition requirements:

  • Coherent library
  • identity control
  • funding disclosure
  • correction process

Stage 1: Organized Research Initiative

Functions:

  • Research programs
  • advisory network
  • contributor process
  • project registry
  • external review

Authority:

  • Research coordination

Transition requirements:

  • Basic governance
  • conflict rules
  • research methodology
  • security controls
  • financial records

Stage 2: Nonprofit Research Institute

Functions:

  • Staff
  • grants
  • research partnerships
  • protocol pilots
  • incident research
  • public registries

Authority:

  • Organizational and research authority

Transition requirements:

  • Legal entity
  • board
  • mission lock
  • audited finances
  • institutional policies
  • independent review

Stage 3: Protocol Steward and Pilot Convener

Functions:

  • Versioned protocols
  • held-out infrastructure
  • multi-evaluator pilots
  • proficiency studies
  • interoperability pilots

Authority:

  • Protocol and pilot process authority

Transition requirements:

  • Security
  • evaluator competence
  • quality system
  • appeals
  • external audit
  • public limitations

Stage 4: Standards-Development Organization

Functions:

  • Formal work program
  • committees
  • public comment
  • consensus
  • standards publication
  • maintenance

Authority:

  • Standards-process authority within the institution

Transition requirements:

  • Balanced participation
  • standards governance
  • public comment
  • appeals
  • WTO and recognized standards-principle alignment
  • external process review

Stage 5: Assurance-Ecosystem Institution

Functions:

  • Evaluator standards
  • proficiency testing
  • registries
  • scheme development
  • recognition
  • cooperation with accreditation bodies

Authority:

  • Technical scheme and recognition authority as defined

Transition requirements:

  • Mature methods
  • market analysis
  • independent oversight
  • no pay-to-play recognition
  • international cooperation

Stage 6: Formally Recognized Network or Institution

Possible functions:

  • Government or procurement recognition
  • international recognition
  • formally adopted standards
  • recognized scheme ownership
  • treaty or public-institution liaison

Authority:

  • Only authority explicitly granted

Transition requirements:

  • Legal mandate
  • competence
  • legitimacy
  • international representation
  • external governance review
  • project-identity amendment

46.1 No Automatic Progression

The stages are not a promise.

The institution may remain at an earlier stage.

46.2 Partial Progression

One function may mature faster than another.

Example:

Standards development may mature while certification remains inappropriate.

46.3 Regression

The institution should move backward or suspend a function after failure.


47. Formation and Implementation Plan

Phase 1: Constitutional Preparation

Complete:

Prepare:

  • Draft charter
  • authority map
  • conflict policy
  • funding policy
  • security plan
  • correction policy

Phase 2: Advisory Formation

Recruit a bounded advisory network with competence in:

  • Evaluation science
  • standards
  • conformity assessment
  • governance
  • public interest
  • international cooperation
  • security

Publish roles and conflicts.

Phase 3: Legal Options Study

Compare jurisdictions and structures.

Produce:

  • Legal memorandum
  • cost analysis
  • governance comparison
  • tax and funding analysis
  • data and security analysis
  • international operations analysis

Phase 4: Initial Board Formation

Use:

  • Open or structured nomination
  • competence matrix
  • independence analysis
  • founder-transition rules
  • public biographies
  • term limits

Phase 5: Nonprofit Formation

Establish:

  • Legal entity
  • banking
  • accounting
  • insurance
  • employment
  • contracts
  • intellectual-property ownership
  • domain and record ownership

Phase 6: Core Operational Policies

Adopt:

  • Research
  • evidence
  • conflicts
  • security
  • records
  • whistleblowing
  • funding
  • procurement
  • publication
  • correction
  • data protection

Phase 7: First Integrated Pilot

Use the Frontier Evaluation Integrity and Assurance Pilot described in FOUNDATIONS_APPENDIX.md.

Phase 8: External Institutional Review

Commission independent review of:

  • Governance
  • competence
  • security
  • public claims
  • standards readiness
  • funding

Phase 9: Standards-Process Pilot

Run one public standards-development exercise without implying formal external recognition.

Phase 10: Transition Decision

Determine whether the institution is ready to become a formal standards-development organization.


48. First Twenty-Four-Month Institutional Work Program

Months 1 to 3

  • Complete canonical institutional files
  • establish project register
  • establish source and version control
  • publish authority boundaries
  • draft advisory charters
  • map partners and conflicts

Months 4 to 6

  • Recruit advisory network
  • conduct legal-form analysis
  • conduct funding analysis
  • draft governance charter
  • draft security and transparency architecture
  • begin protocol pilot design

Months 7 to 12

  • Form legal entity if approved
  • appoint initial board
  • hire minimal core staff
  • establish accounting and audit
  • launch public registry prototype
  • conduct first external methodological review
  • publish annual institutional report

Months 13 to 18

  • Run multi-party evaluation pilot
  • test working-group process
  • launch contributor framework
  • run evaluator proficiency exercise
  • develop international crosswalk
  • perform security audit

Months 19 to 24

  • Publish pilot findings
  • conduct institutional review
  • revise governance
  • decide standards-process readiness
  • publish funding and participation audit
  • define next-stage transition

48.1 Minimum Initial Team

A credible initial nonprofit team may include:

  • Executive or project director
  • research and evaluation lead
  • standards and institutional lead
  • operations and finance lead
  • security and infrastructure support
  • research staff
  • external legal counsel
  • independent reviewers

The exact size should follow funding and scope.

48.2 No Premature Scale

Do not build a large institution before:

  • Mission
  • governance
  • quality
  • security
  • funding
  • initial use

are tested.


49. Institutional Maturity Model

Level 0: Founder-Dependent Project

Characteristics:

  • Personal authority
  • informal decisions
  • incomplete records
  • no independent oversight

Level 1: Documented Initiative

Characteristics:

  • Mission
  • canonical files
  • public authority limits
  • source and version control
  • advisory input

Level 2: Governed Research Organization

Characteristics:

  • Legal form
  • board
  • staff
  • conflicts
  • financial controls
  • research governance
  • corrections

Level 3: Operational Infrastructure Institution

Characteristics:

  • Protocols
  • registries
  • security
  • pilots
  • multi-party review
  • contributor system
  • performance reporting

Level 4: Credible Standards Institution

Characteristics:

  • Balanced standards process
  • public comment
  • consensus and dissent
  • maintenance
  • external review
  • international liaisons

Level 5: Interoperable Assurance-Ecosystem Institution

Characteristics:

  • Evaluator frameworks
  • proficiency
  • external accreditation relationships
  • recognition
  • incident exchange
  • regional capacity
  • public trust

49.1 Maturity Rule

Institutional maturity depends on demonstrated operation.

Documents alone do not create maturity.


50. Consolidated Institutional Failure Register

50.1 Ceremonial Institution

Failure:

The institution has boards, councils, and titles without operational competence.

Control:

Mandates, performance, records, and removal.

50.2 Authority Inflation

Failure:

Research outputs are presented as official approval.

Control:

Identity rules and public-claim review.

50.3 Founder Permanence

Failure:

The founder retains permanent control.

Control:

Term limits, succession, no veto, institutional asset ownership.

50.4 Corporate Capture

Failure:

Developers dominate governance and standards.

Control:

Constituency limits, public-interest councils, conflict disclosure.

50.5 Government Capture

Failure:

One government controls priorities or findings.

Control:

Funding diversity, international governance, publication independence.

50.6 Donor Capture

Failure:

A major donor sets agenda or blocks findings.

Control:

Concentration limits and funding conditions.

50.7 Auditor Capture

Failure:

Assurance firms design standards around their services.

Control:

Role balance and separation.

50.8 Standards Monopoly

Failure:

The institution rejects equivalent methods to preserve control.

Control:

Performance-based requirements and interoperability.

50.9 Membership Government

Failure:

Large fee-paying members purchase decision power.

Control:

No direct fee-to-vote relationship and constituency balancing.

50.10 Participation Theater

Failure:

Public comments are collected but do not influence work.

Control:

Comment disposition and participation-impact review.

50.11 Security Secrecy

Failure:

Security becomes a reason to hide weak governance.

Control:

Public minimum and independent confidential review.

50.12 Transparency Recklessness

Failure:

Sensitive evidence is released to signal openness.

Control:

Classification and responsible disclosure.

50.13 Standards Proliferation

Failure:

The institution creates documents for relevance rather than need.

Control:

New-work criteria and retirement.

50.14 Certification Prematurity

Failure:

A badge is launched before requirements and surveillance are mature.

Control:

Readiness gates and external review.

50.15 Evaluation Service Conflict

Failure:

Paid clients shape standards or findings.

Control:

Financial and operational separation.

50.16 International Tokenism

Failure:

International participants are included without influence.

Control:

Regional decision roles and capacity funding.

50.17 Incumbent Entrenchment

Failure:

Requirements are affordable only to large laboratories.

Control:

Competition review and proportional pathways.

50.18 Mission Drift

Failure:

The institution becomes a consulting, media, or lobbying organization detached from core purpose.

Control:

Mission tests and portfolio review.

50.19 Obsolete Institution

Failure:

The organization persists after its functions are better performed elsewhere.

Control:

External evaluation, transfer, merger, dissolution.

50.20 Appeal Capture

Failure:

Appeals are decided by the original authority.

Control:

Independent Appeals and Review Panel.


51. Serious Objections and Responses

Objection 1: The ecosystem already has enough institutions

The ecosystem has many institutions.

The design gap remains in the integration of frontier evaluation, held-out evidence, independent review, evaluator competence, progressive standards, incentives, and interoperability.

Standards Body should proceed only where it adds distinct value.

Objection 2: A nonprofit lacks authority

A nonprofit lacks inherent regulatory authority.

It can still create:

  • Research
  • standards
  • protocols
  • registries
  • coordination
  • contractual infrastructure

Formal authority should remain with authorized bodies.

Objection 3: Multistakeholder governance produces lowest-common-denominator standards

It can.

Controls include:

  • Evidence thresholds
  • technical councils
  • public dissent
  • independent review
  • advanced profiles
  • no requirement for universal agreement

Objection 4: Industry participation creates capture

Excluding developers can reduce access and implementation quality.

The answer is constrained participation, not blind trust or total exclusion.

Objection 5: Government participation politicizes the institution

Government participation can create political pressure.

It also provides public mandate, legal knowledge, and enforcement connection.

No government should control the institution.

Objection 6: Separation of functions creates inefficiency

Separation creates cost.

It also prevents conflicts that can invalidate the entire system.

Shared infrastructure and coordination can reduce unnecessary duplication.

Objection 7: International governance is too slow

Global consensus can be slow.

Use a common core, optional profiles, regional implementation, and rapid provisional outputs.

Objection 8: Open standards cannot fund the institution

Funding can combine grants, services, training, membership, and infrastructure.

Core public-interest access should not depend entirely on document sales.

Objection 9: No institution can remain independent of funders and access providers

Complete independence is impossible.

The goal is governed dependence with:

  • Diversification
  • disclosure
  • publication rights
  • conflict management
  • alternatives

Objection 10: The project is too early for institutional design

Early design is necessary to prevent later improvisation.

The design should remain provisional in organizational details and strict in authority boundaries.


52. Institutional Design Scorecard

Dimension Core question
Mission Is the public-interest mission clear and locked?
Authority Are present and future powers bounded?
Function Are necessary functions identified?
Separation Are incompatible functions separated?
Legal form Does the form support mission, independence, and continuity?
Board Is the board competent, plural, independent, and term-limited?
Founder Can the institution outlive the founder without permanent control?
Executive Is operational authority supervised and bounded?
Councils Do technical and public-interest bodies have real mandates?
Working groups Are groups chartered, balanced, recorded, and time-limited?
Membership Does membership create participation without pay-to-govern?
Participation Can affected and under-resourced actors influence outcomes?
Decisions Are decision rights, evidence, dissent, and appeals documented?
Standards Is the standards process open, evidence-based, and maintainable?
Evaluation Are protocol and evaluation conflicts controlled?
Assurance Are testing, audit, certification, and accreditation distinct?
Enforcement Is legal authority left to authorized bodies?
Incidents Can incidents update protocols and standards?
Registries Are status, scope, version, and correction visible?
Transparency Is governance public?
Confidentiality Is sensitive evidence protected proportionately?
Conflicts Are financial, client, intellectual, and political conflicts managed?
Funding Is funding diversified and noncontrolling?
Staffing Does the institution possess or access required competence?
Security Can the institution handle protected evidence safely?
International Is participation plural, multilingual, and nonhegemonic?
Competition Does the design avoid monopoly and incumbent entrenchment?
Appeals Are consequential decisions reviewable independently?
Performance Are outcomes measured beyond institutional activity?
Audit Are internal and external quality controls present?
Emergency Are emergency powers limited and reviewable?
Failure recovery Can functions be suspended, transferred, or dissolved?
Transition Are institutional stages explicit and evidence-based?

52.1 Critical Failures

The following normally prevent transition into a formal standards or assurance role:

  • No legal entity or accountable owner
  • founder veto or permanent control
  • one constituency controls governance
  • funder control over findings
  • no conflict policy
  • no standards appeals
  • no security for protected evidence
  • no public authority disclaimer
  • standards, certification, and accreditation collapsed
  • paid recognition
  • no correction or withdrawal process
  • no independent financial oversight
  • no succession
  • no institutional performance review

52.2 No Composite Institutional Rating

Do not average the scorecard into one universal rating.

A critical governance failure cannot be offset by technical competence elsewhere.


53. Institutional Charter Template

Institution name:
Legal form:
Jurisdiction:
Version:
Effective date:

Mission

Public-Interest Purpose

Functions

Prohibited Functions

Authority and Limits

Governing Bodies

Board Composition and Terms

Executive Authority

Standards Authority

Evaluation Authority

Assurance Relationships

Funding Principles

Conflicts and Recusal

Transparency and Confidentiality

Participation and Membership

Appeals and Complaints

Security

International Cooperation

Amendment

Succession

Dissolution and Asset Transfer


54. Institutional Function Allocation Template

Function Primary owner Reviewer Appeal body Funding source Public status Separation requirement
Research
Protocol development
Task custody
Evaluation
Independent review
Standards development
Certification
Accreditation
Enforcement
Registry
Incident response

55. Institutional Transition Decision Template

Current stage:
Proposed stage:
Decision owner:
Date:

Proposed New Functions

Authority Requested

Public-Interest Need

Evidence of Competence

Governance Readiness

Funding Readiness

Security Readiness

Participation and Legitimacy

Conflict Analysis

Legal Analysis

International Impact

Alternatives

Risks

Independent Review

Public Comment

Decision

  • Approve
  • approve with conditions
  • pilot
  • defer
  • reject

Required Identity Amendments

Review Date


56. Funding Independence Review Template

Fiscal period:
Reviewer:

Revenue by Source

Largest Funders

Concentration

Restricted Funding

Related Parties

Client Revenue

Membership Revenue

Standards and Service Revenue

Conditions and Publication Rights

Conflicts

Reserves

Diversification Plan

Independence Conclusion


57. Canonical Standards Body Institutional Positions

Standards Body adopts the following working positions.

  1. Institutional design should follow function, incentives, legitimacy, and failure analysis.

  2. Technical proposals require an institutional home.

  3. No single institution should control standards, evaluation, certification, accreditation, enforcement, and appeals.

  4. The preferred architecture is plural and interoperable.

  5. The preferred core form is an independent nonprofit public-interest technical and standards institution.

  6. Government and international institutions remain essential partners.

  7. Developers should participate without controlling the institution.

  8. Evaluators and assurance firms should participate without controlling standards.

  9. Funders should not receive governance control solely through funding.

  10. Membership should not purchase favorable treatment or authority.

  11. The founder should not possess permanent institutional control.

  12. Governing-board terms should be limited and staggered.

  13. No single constituency should hold more than one third of governing-board votes.

  14. Technical and public-interest legitimacy should both be represented.

  15. Advisory bodies should have real mandates or should not be created.

  16. Standards working groups should be chartered, balanced, recorded, and sunsetted.

  17. Consensus is broad agreement after addressing substantial objections, not unanimity.

  18. Material dissent should remain visible.

  19. Core public-interest standards should be accessible.

  20. Existing standards should be adopted or mapped where appropriate.

  21. Standards Body may steward protocols without monopolizing evaluation.

  22. Consequential external evaluation requires independence controls.

  23. Paid evaluation should be separated from standards and recognition decisions.

  24. Standards Body should initially develop evaluator frameworks rather than accredit evaluators.

  25. Standards Body should initially avoid broad AI certification.

  26. Formal certification and accreditation should ordinarily be performed by separate competent bodies.

  27. Legal enforcement belongs to authorized public institutions.

  28. Registries should make scope, version, status, expiry, and correction visible.

  29. Security and transparency should coexist.

  30. Confidentiality should not conceal invalid evidence or conflicts.

  31. Funding concentration should decline as the institution matures.

  32. No outcome-dependent funding is acceptable.

  33. The institution should maintain sufficient reserves for publication independence and crisis.

  34. Staff should have protected channels for dissent and integrity concerns.

  35. International participation should be multilingual and regionally meaningful.

  36. International does not mean universally representative.

  37. Standards should preserve competition and functional alternatives.

  38. Small actors and open ecosystems require practical access pathways.

  39. Appeals should be independent of original decision makers.

  40. Whistleblowers and good-faith incident reporters should be protected within institutional scope.

  41. Institutional success should be measured through evidence quality and improved decisions.

  42. The institution should publish failures and corrections.

  43. Emergency power should be narrow, temporary, and reviewed.

  44. Critical functions should have succession and transfer plans.

  45. Institutional assets should not remain personally controlled by founders.

  46. Dissolution and mission-aligned asset transfer should be defined.

  47. Institutional transitions should require competence, governance, legal review, security, and public-interest justification.

  48. No stage transition is automatic.

  49. A function may be suspended or moved backward after failure.

  50. Standards Body should remain capable of deciding that it should not become the final institution for a given function.


58. Relationship to Other Canonical Files

PROJECT_IDENTITY.md

Defines present status, mission, public role, and authority boundaries.

This document cannot expand present authority by implication.

PROJECT_MANIFESTO.md

Defines the deeper purpose and institutional ambition.

FOUNDATIONS.md

Defines the eight technical and institutional foundations.

FOUNDATIONS_APPENDIX.md

Integrates the foundations into an end-to-end institutional system.

TERMINOLOGY.md

Defines institutional, standards, assurance, certification, accreditation, and authority terms.

EVIDENCE_STANDARDS.md

Defines the evidence needed for institutional claims and decisions.

RESEARCH_METHODOLOGY.md

Governs research programs and institutional-design studies.

TAXONOMY.md

Classifies organizations, roles, authority, standards, assurance, incidents, and decisions.

EVALUATION_PHILOSOPHY.md

Defines the evaluation worldview the institution should operationalize.

GOVERNANCE_FRAMEWORK.md

Will define detailed decision rights, board processes, committees, recusals, and accountability.

STANDARDS_DEVELOPMENT_PROCESS.md

Will define the complete standards lifecycle.

EVALUATOR_ACCREDITATION_FRAMEWORK.md

Will define evaluator competence, scopes, recognition, proficiency, surveillance, and accreditation relationships.

CONTRIBUTOR_FRAMEWORK.md

Will define contributor participation, credit, conduct, and removal.

TRANSPARENCY_FRAMEWORK.md

Will define disclosure classes, records, reports, and confidential review.

PARTNERSHIP_PRINCIPLES.md

Will define partnership approval, claims, funding, and exit.

LONG_TERM_ROADMAP.md

Will convert institutional stages into a strategic sequence.


59. Final Institutional Position

Frontier AI standards cannot become credible through documents alone.

They require institutions capable of:

  • Maintaining methods
  • protecting evidence
  • assembling expertise
  • hearing dissent
  • managing conflicts
  • coordinating evaluators
  • correcting error
  • supporting international use
  • accepting that some authority belongs elsewhere

The greatest institutional risk is not weakness alone.

It is concentrated power disguised as technical neutrality.

An organization that writes the standard, sells the evaluation, issues the certificate, accredits itself, controls the registry, hears its own appeals, and influences enforcement may appear efficient.

It is not institutionally credible.

The better architecture is layered.

Research develops knowledge.

Standards processes convert mature knowledge into shared requirements.

Independent evaluators produce evidence.

Certification bodies make scoped conformity decisions.

Accreditation bodies assess competence.

Governments and authorized institutions determine legal consequences.

Registries preserve status.

Appeals correct error.

International networks make evidence portable.

Standards Body should seek to become the institution that makes these layers coherent without trying to own all of them.

Its success should not be measured by how much authority it accumulates.

It should be measured by whether frontier AI claims become:

  • More precise
  • more current
  • more independently reviewable
  • more secure
  • more interoperable
  • more accountable
  • easier to correct

The defining institutional rule is:

Build shared infrastructure, separate conflicting powers, earn authority through competence and process, and preserve the ability of others to challenge, replace, or outgrow the institution.


References and Research Basis

[^iso-about]: International Organization for Standardization, About ISO and Structure and Governance. https://www.iso.org/about and https://www.iso.org/structure.html

[^iso-directives]: International Organization for Standardization and International Electrotechnical Commission, ISO/IEC Directives, Part 1, Procedures for the Technical Work. https://www.iso.org/sites/directives/current/consolidated/index.html

[^iec-ca]: International Electrotechnical Commission, Conformity Assessment and What Is Conformity Assessment? https://www.iec.ch/conformity-assessment and https://www.iec.ch/conformity-assessment/what-conformity-assessment

[^iec-types]: International Electrotechnical Commission, Types of Conformity Assessment. https://www.iec.ch/conformity-assessment/types-conformity-assessment

[^wto-principles]: World Trade Organization, Principles for the Development of International Standards, Guides and Recommendations. https://www.wto.org/english/tratop_e/tbt_e/principles_standards_tbt_e.htm

[^wto-code]: World Trade Organization, TBT Agreement, Annex 3, Code of Good Practice for the Preparation, Adoption and Application of Standards. https://www.wto.org/english/docs_e/legal_e/17-tbt_e.htm

[^caisi]: National Institute of Standards and Technology, Center for AI Standards and Innovation. https://www.nist.gov/caisi

[^nist-consortium]: National Institute of Standards and Technology, NIST AI Consortium, expanded and renamed in 2026. https://www.nist.gov/artificial-intelligence/nist-ai-consortium

[^nist-a119]: National Institute of Standards and Technology, Key Federal Law and Policy Documents, NTTAA and OMB Circular A-119. https://www.nist.gov/standardsgov/key-federal-law-and-policy-documents-nttaa-omb-119

[^eu-office]: European Commission, European AI Office. https://digital-strategy.ec.europa.eu/en/policies/ai-office

[^eu-governance]: European Commission, Governance and Enforcement of the AI Act. https://digital-strategy.ec.europa.eu/en/policies/ai-act-governance-and-enforcement

[^eu-panel]: European Commission, AI Act Scientific Panel, launched June 2026. https://digital-strategy.ec.europa.eu/en/policies/ai-scientific-panel

[^haip-v2]: OECD.AI, OECD Launches Hiroshima AI Process Reporting Framework 2.0, May 29, 2026. https://oecd.ai/en/haip-2-launch

[^coe-convention]: Council of Europe, Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law. https://www.coe.int/en/web/artificial-intelligence/the-framework-convention-on-artificial-intelligence

[^global-aci]: Global Accreditation Cooperation Incorporated, Launch Unifies International Accreditation Organizations and Strengthens Worldwide Trust, January 1, 2026. https://iaf.news/2026/01/01/global-accreditation-cooperation-incorporated-launch-unifies-international-accreditation-organizations-and-strengthens-worldwide-trust/

[^itu-exchange]: International Telecommunication Union, ISO, and IEC, International AI Standards Exchange. https://aiforgood.itu.int/ai-standards/

[^itu-joint]: International Telecommunication Union, Key International Organizations Align on AI Standards, December 2, 2025. https://www.itu.int/hub/2025/12/key-international-organizations-align-on-ai-standards/

[^oecd-regulatory]: OECD, Regulatory Policy Outlook 2025, including stakeholder engagement and ex-post evaluation. https://www.oecd.org/en/publications/oecd-regulatory-policy-outlook-2025_56b60e39-en.html

[^iso-37000]: International Organization for Standardization, ISO 37000, Governance of Organizations, Guidance. https://committee.iso.org/ISO_37000_Governance


Revision Record

Version 1.0

Date: July 17, 2026

Change type: Complete foundational edition

Summary: Establishes the canonical integrated institutional blueprint for Standards Body. Defines the institutional context, required functions, non-functions, six organizational models, preferred hybrid nonprofit and distributed-network architecture, present-stage limits, legal form, mission, mandate, authority, constitutional principles, governing bodies, board design, executive secretariat, councils, working groups, membership, representation, decisions, separation of powers, standards development, evaluation, independent review, assurance, accreditation and certification relationships, enforcement, incidents, registries, transparency, conflicts, funding, staffing, security, international coordination, partnerships, public interest, small-actor access, appeals, performance, audit, crisis governance, failure recovery, transition stages, implementation, maturity, failure modes, objections, scorecard, templates, canonical positions, and research basis.

Status: Approved foundational source.