# INSTITUTION_DESIGN.md

# Standards Body Institution Design

**Project:** Standards Body  
**Primary domain:** standardsbody.ai  
**Core line:** Foundations for Frontier AI  
**Document type:** Canonical integrated blueprint for a future frontier AI evaluation, standards, assurance, and interoperability institution or institutional ecosystem  
**Version:** 1.0  
**Status:** Approved foundational source  
**Document owner:** Standards Body  
**Present institutional stage:** Foundational research and institutional design  
**Applies to:** Strategic planning, legal formation analysis, governance design, standards-development planning, evaluation programs, evaluator ecosystems, partnerships, funding, staffing, registries, pilots, international cooperation, public communication, and future institutional transition decisions  
**Related canonical sources:** `PROJECT_IDENTITY.md`, `PROJECT_MANIFESTO.md`, `FOUNDATIONS.md`, `FOUNDATIONS_APPENDIX.md`, `TERMINOLOGY.md`, `EVIDENCE_STANDARDS.md`, `RESEARCH_METHODOLOGY.md`, `TAXONOMY.md`, `EVALUATION_PHILOSOPHY.md`, and the eight foundation papers  
**Research basis reviewed through:** July 17, 2026  
**Review cycle:** Annual review, with event-triggered revision after a material change in mission, legal status, authority, governance, funding, organizational structure, standards role, evaluation role, assurance role, international role, or public-interest obligations  

---

## Authority Note

This document is an institutional-design blueprint.

It does not establish that Standards Body is currently:

- A government agency
- A regulator
- A statutory standards authority
- A formally recognized standards-development organization
- An accreditation body
- A certification body
- A conformity-assessment body
- A licensing authority
- A legal enforcement body
- An international organization
- A representative of governments, industry, civil society, evaluators, or the public as a whole

Standards Body remains an independent research and institutional-design project unless and until a lawful, transparent, competence-based, and publicly documented transition establishes a different role.

Nothing in this document grants present authority.

Nothing in this document should be cited as proof that Standards Body can:

- Approve an AI system
- prohibit deployment
- issue an official safety rating
- accredit an evaluator
- certify conformity
- impose a binding requirement
- make a legal determination
- represent international consensus

The blueprint separates functions deliberately so that future institutional growth does not convert technical expertise into unaccountable power.

---

## Document Purpose

This document provides the integrated institutional blueprint for Standards Body.

It defines:

- The institutional problem the project is designed to address
- The functions that require an institutional home
- The functions that should remain outside one institution
- The organizational models available
- The preferred institutional architecture
- The separation of research, standards development, evaluation, assurance, accreditation, certification, enforcement, and legal authority
- The structure of governing bodies, councils, committees, working groups, and operational units
- The rights and responsibilities of members, contributors, partners, funders, evaluators, developers, public institutions, and affected parties
- Funding and independence controls
- Transparency and confidentiality
- Conflicts of interest
- Appeals, complaints, correction, and review
- International participation and recognition
- Incident response and institutional learning
- Versioning, registries, records, and technical infrastructure
- Institutional performance measurement
- Failure recovery, succession, dissolution, and transition
- The stages through which Standards Body may move without implying premature authority

This file is the integrated Layer 3 blueprint.

The deeper institutional modules will be governed by:

- `GOVERNANCE_FRAMEWORK.md`
- `STANDARDS_DEVELOPMENT_PROCESS.md`
- `EVALUATOR_ACCREDITATION_FRAMEWORK.md`
- `CONTRIBUTOR_FRAMEWORK.md`
- `TRANSPARENCY_FRAMEWORK.md`
- `PARTNERSHIP_PRINCIPLES.md`
- `LONG_TERM_ROADMAP.md`

Where those approved specialist files later provide more detailed rules, they govern within their domain unless they conflict with `PROJECT_IDENTITY.md`.

---

# Executive Summary

Frontier AI evaluation is developing through a fragmented collection of laboratories, government institutes, standards organizations, research groups, consultancies, auditors, regulators, and international forums.

Each institution performs useful functions.

Few institutions integrate the full chain from measurement science to standards, assurance, interoperability, incident learning, and public accountability.

The institutional gap is not simply the absence of another organization.

The gap is the absence of a coherent allocation of functions and authority.

The central design question is:

> **Which institution should do what, under which mandate, with what evidence, subject to which constraints, and accountable to whom?**

A poorly designed frontier AI standards institution could create new risks.

It could:

- Allow developers to govern their own evaluation
- convert private standards into de facto law without public accountability
- combine standard setting, evaluation, certification, accreditation, and appeals under one conflicted organization
- use confidential evidence to make unreviewable public claims
- privilege wealthy laboratories and evaluators
- centralize authority in one country or technical culture
- turn membership fees into voting power
- become dependent on the organizations it evaluates
- reward paperwork rather than real outcomes
- preserve obsolete standards because the institution's status depends on them
- imply regulatory authority without democratic legitimacy
- become founder-controlled
- become ceremonial rather than operational
- create a prestige mark before the underlying science is mature

The answer is not one vertically integrated super-institution.

The preferred design is a staged, hybrid, public-interest institutional architecture with separated powers.

## Preferred Long-Term Architecture

The preferred future is:

> **An independent nonprofit public-interest technical secretariat and standards-development institution connected to a distributed ecosystem of evaluators, reviewers, accreditation bodies, certification bodies, public authorities, research institutions, and international partners.**

The institution should directly perform or steward:

- Foundational research
- terminology and taxonomy
- evaluation-method research
- protocol development and maintenance
- standards-development processes
- public registries
- evaluator-competence frameworks
- interoperability profiles
- incident-learning infrastructure
- capacity building
- public-interest convening
- independent review coordination

The institution should not ordinarily combine all of the following under one controlling body:

- Development of requirements
- commercial evaluation
- certification decisions
- accreditation decisions
- legal enforcement
- appeals from all of those decisions

Those functions require separation.

## Institutional Layers

The blueprint contains five layers.

### Layer 1: Knowledge and Measurement

Functions:

- Research
- evidence standards
- evaluation science
- task and protocol design
- failure analysis
- measurement infrastructure

### Layer 2: Standards and Public-Interest Process

Functions:

- Standards proposals
- balanced participation
- consensus and dissent
- public review
- versioning
- implementation guidance

### Layer 3: Independent Evaluation and Assurance Ecosystem

Functions:

- Third-party evaluation
- technical review
- audit
- inspection
- certification
- proficiency testing

These functions should be delivered by plural qualified actors, not monopolized by Standards Body.

### Layer 4: Competence Recognition and International Interoperability

Functions:

- Evaluator scope
- accreditation relationships
- recognition arrangements
- registries
- crosswalks
- bridge studies
- secure evidence exchange

### Layer 5: Public Authority and Enforcement

Functions:

- Legal obligations
- market surveillance
- licensing
- sanctions
- legally binding decisions

These functions belong to authorized governments, regulators, courts, treaty bodies, and contractual authorities.

Standards Body may inform Layer 5.

It should not claim Layer 5 authority without lawful mandate.

## Recommended Organizational Form

The preferred core organization is an independent nonprofit or public-benefit entity with:

- A governing board
- an executive secretariat
- a Scientific and Evaluation Council
- a Standards Council
- a Public Interest and Rights Council
- an International Coordination Forum
- an Ethics, Integrity, and Conflicts Committee
- a Security and Confidentiality Committee
- an independent Appeals and Review Panel
- a Finance, Audit, and Risk Committee
- a Contributor and Community Assembly

Operational programs should include:

- Research and Measurement
- Protocols and Registries
- Standards Development
- Independent Review
- Assurance Ecosystem Development
- Incident and Failure Learning
- International Interoperability and Capacity
- Public Communication and Education
- Institutional Quality and Internal Audit

## Governance Principle

No single constituency should control the institution.

The design should prevent control by:

- Frontier laboratories
- governments
- evaluators and auditors
- funders
- founders
- one country
- one professional discipline
- one ideological community

The mature institution should target:

- No single constituency holding more than one third of governing-board voting seats
- At least two thirds of governing-board members independent of organizations directly subject to the institution's active standards or evaluation programs
- Time-limited terms
- public conflict disclosures
- recusal
- recorded dissent
- appeals
- transparent appointment criteria
- independent financial audit
- periodic governance review
- founder succession rules

## Funding Principle

Funding must not purchase:

- Voting control
- favorable findings
- standards language
- confidential access beyond role
- recognition
- certification
- evaluator scope
- publication delay
- suppression of dissent

A mature funding structure should diversify among:

- Philanthropic grants
- public-interest research grants
- government grants with independence protections
- membership dues
- standards publications or services
- training
- registry and infrastructure fees
- project funding
- charitable contributions

Commercial service revenue should not become the dominant determinant of institutional judgment.

## Standards Principle

Standards should be developed through:

- Open proposals
- published work programs
- balanced participation
- conflict disclosure
- technical evidence
- public comment
- response to comments
- dissent records
- pilots
- implementation evidence
- version control
- appeal
- review
- sunset and retirement

## Evaluation Principle

Standards Body may design and maintain protocols and coordinate research evaluations.

When an evaluation supports a consequential claim concerning an external organization, independence should be preserved through:

- Separate teams
- external evaluators
- independent review
- protected publication rights
- conflict controls
- clear evidence access
- public scope limitations

## Accreditation and Certification Principle

Standards Body should initially develop:

- Competence frameworks
- evaluator scopes
- proficiency tests
- scheme concepts
- registries
- recognition criteria

It should not initially accredit or certify.

Formal accreditation and certification should ordinarily be performed by separate competent bodies under mature schemes.

A future decision to create or operate such a body would require a separate legal entity, governance firewall, competence assessment, independent oversight, and explicit amendment of project identity.

## International Principle

The institution should support global interoperability without claiming universal representation.

International legitimacy should grow through:

- Open participation
- regional representation
- multilingual work
- local extensions
- capacity building
- bridge studies
- recognition based on evidence
- cooperation with established standards and public institutions

The preferred institution is not a world regulator.

It is a public-interest infrastructure institution supporting plural authorities.

## Transition Principle

Standards Body should move through controlled stages.

1. Foundational research and institutional design
2. Research institute and knowledge infrastructure
3. Protocol steward and pilot convener
4. Standards-development organization
5. Assurance-ecosystem and interoperability institution
6. Possible formally recognized institution or network

Each transition requires:

- Competence
- governance
- resources
- legal review
- public-interest justification
- transparency
- security
- external evaluation
- amendment of canonical identity

The final institutional proposition is:

> **The institution should be strong enough to create credible shared infrastructure, but constrained enough that no single body becomes the unquestionable authority over frontier AI evidence, standards, assurance, and public policy.**

---

# 1. Foundational Institutional Propositions

## 1.1 Function Before Form

The organization should be designed around required functions, not around a preferred legal label or prestige model.

## 1.2 Authority Must Be Earned and Bounded

Authority should follow:

- Mandate
- competence
- transparent process
- public-interest legitimacy
- review
- accountability

## 1.3 No Unitary Institutional Solution

Frontier AI governance requires an ecosystem.

No single institution should control research, standards, evaluation, certification, accreditation, enforcement, and appeals.

## 1.4 Separation of Powers

Functions with incompatible incentives should be separated structurally, procedurally, or legally.

## 1.5 Technical and Democratic Legitimacy Are Distinct

Technical expertise can justify technical judgment.

It cannot by itself justify binding political authority.

## 1.6 Independence and Accountability Must Coexist

Independence without accountability can become private power.

Accountability without independence can become political or commercial control.

## 1.7 Public Interest Is a Governance Function

The public interest should be represented through actual decision structures, not ceremonial consultation.

## 1.8 Standards Are Infrastructure

Standards should support shared evidence and interoperability.

They should not become branding products or private regulatory shortcuts.

## 1.9 Assurance Requires Plural Competence

Testing, review, audit, certification, and accreditation require distinct capabilities and should remain interpretable.

## 1.10 Funding Is Governance

The revenue model shapes the institution's behavior.

Funding rules belong in institutional design.

## 1.11 International Does Not Mean Universal

International participation does not create universal representation or legal authority.

## 1.12 Institutional Learning

The institution should learn from:

- Incidents
- appeals
- failed standards
- evaluator disagreement
- public criticism
- international experience
- internal audit

## 1.13 Correction Is a Core Power

The institution needs formal authority to correct, suspend, supersede, withdraw, and retire its own work.

## 1.14 Dissolution Must Be Possible

A credible institution should define the conditions under which it restructures, transfers functions, or dissolves.

## 1.15 Founder Succession

The institution must be designed to outlive its founder without preserving founder control as a permanent constitutional feature.

---

# 2. Institutional Design Objectives

The institution should optimize for several objectives at once.

## 2.1 Technical Credibility

The institution should possess or access competence in:

- AI evaluation
- measurement
- statistics
- cybersecurity
- biological and chemical risk
- agentic systems
- standards
- conformity assessment
- governance
- law
- security
- public-interest analysis

## 2.2 Independence

The institution should remain capable of publishing findings that are unfavorable to:

- Developers
- funders
- governments
- evaluators
- partners
- its own prior work

## 2.3 Legitimacy

Legitimacy should derive from:

- Clear mandate
- fair process
- competence
- representation
- public reasoning
- appeals
- correction
- bounded authority

## 2.4 Responsiveness

The institution should adapt faster than traditional multi-year standards cycles where urgency requires, without eliminating review.

## 2.5 Stability

Core definitions, procedures, and records should remain stable enough for reliance.

## 2.6 Security

The institution should be capable of handling:

- Held-out tasks
- model access
- vulnerability information
- incidents
- confidential evidence
- personal data

## 2.7 Accessibility

Participation should not depend entirely on:

- Wealth
- corporate membership
- English fluency
- travel
- model access
- institutional prestige

## 2.8 Interoperability

Outputs should be usable across:

- Organizations
- standards systems
- sectors
- countries
- languages
- legal regimes

## 2.9 Competition and Pluralism

The institution should avoid creating an evaluator or standards monopoly.

## 2.10 Durability

The institution should have:

- Sustainable funding
- succession
- records
- legal continuity
- institutional memory
- retirement processes

## 2.11 Correctability

Every major output should be reviewable and reversible.

## 2.12 Measurable Impact

Institutional performance should be judged by outcomes, not only publication volume, membership, or prestige.

---

# 3. Institutional Context

The institution should be designed with awareness of existing systems rather than assuming a blank institutional landscape.

## 3.1 International Standards Organizations

ISO and IEC provide mature examples of:

- National-member participation
- technical committees
- consensus-based standards development
- formal directives
- committee governance
- conformity-assessment infrastructure
- international recognition

ISO describes itself as an independent, nongovernmental international organization whose standards are developed through consensus among national member bodies.[^iso-about][^iso-directives]

IEC combines international standards with global conformity-assessment systems and emphasizes openness, democracy, balanced participation, competence, and peer-recognition mechanisms.[^iec-ca][^iec-types]

These models demonstrate the value of:

- Stable process
- national participation
- technical depth
- formal document control
- separation between standards development and many certification activities

They also reveal challenges:

- Slow timelines
- participation cost
- uneven access to committees
- reliance on national representation
- standards paywalls
- difficulty adapting to rapidly changing systems
- potential dominance by well-resourced participants

## 3.2 WTO Standards Principles

The World Trade Organization's principles for international standards emphasize:

- Transparency
- openness
- impartiality and consensus
- effectiveness and relevance
- coherence
- the development dimension

Its Code of Good Practice also encourages standardizing bodies to avoid unnecessary duplication, publish work programs, provide comment opportunities, and treat participants without discrimination.[^wto-principles][^wto-code]

These principles should inform Standards Body even before any formal recognition.

## 3.3 Government Measurement and Standards Institutions

NIST demonstrates a government-led model that combines:

- Measurement science
- public-private collaboration
- voluntary frameworks
- standards coordination
- technical evaluations
- public-interest mission

As of 2026, NIST's Center for AI Standards and Innovation focuses on AI evaluations, national-security-relevant risks, guidelines, and voluntary standards support.[^caisi]

The NIST AI Consortium brings together hundreds of organizations to develop science-based and empirically backed AI measurement guidance and standards foundations.[^nist-consortium]

The U.S. policy embodied in the National Technology Transfer and Advancement Act and OMB Circular A-119 encourages government use of voluntary consensus standards where appropriate rather than unnecessary government-unique standards.[^nist-a119]

This model demonstrates:

- Public mandate
- measurement authority
- convening power
- access to government expertise
- potential connection to procurement and policy

It also faces:

- Political transition
- jurisdictional limits
- budget dependency
- national-interest priorities
- slower public administration

## 3.4 Regulatory AI Institutions

The European AI Office provides a model combining:

- Regulatory implementation
- supervision
- technical expertise
- codes of practice
- coordination with national authorities

The EU AI Act governance system includes the AI Office, national competent authorities, the AI Board, a Scientific Panel, and an Advisory Forum.[^eu-office][^eu-governance]

The Scientific Panel launched with independent experts to advise on general-purpose AI risks, methodologies, model classification, and enforcement.[^eu-panel]

This model shows the value of:

- Formal legal mandate
- separation between technical advice and enforcement
- multi-level governance
- advisory representation
- direct connection to market surveillance

It also demonstrates why a private research project should not claim the authority of a regulatory institution.

## 3.5 Government Evaluation Institutes

Government AI institutes such as the United Kingdom's AI Security Institute and NIST's CAISI illustrate models with:

- Frontier-system access
- technical evaluation teams
- national-security and public-safety focus
- research publication
- international cooperation

These institutions can perform high-consequence work that private groups may be unable to conduct.

They also remain subject to:

- Government mandate
- national priorities
- security restrictions
- political accountability
- changes in executive direction

## 3.6 International Reporting and Coordination

The OECD's Hiroshima AI Process Reporting Framework demonstrates a voluntary international reporting model.

Version 2.0 was launched in May 2026 to support transparent reporting by organizations across the advanced-AI value chain.[^haip-v2]

The model offers:

- Standardized self-reporting
- peer learning
- cross-company comparison
- international convening
- lower entry barriers than certification

Its limitations include:

- Reliance on participant reporting
- no automatic verification
- uneven completeness
- uncertain connection to enforcement

## 3.7 Treaty-Based Institutions

The Council of Europe Framework Convention on Artificial Intelligence establishes a Conference of the Parties as a follow-up mechanism and expects cooperation with relevant stakeholders.[^coe-convention]

Treaty bodies can provide:

- State legitimacy
- legal commitments
- reporting
- implementation review
- international cooperation

They are not substitutes for technical standards bodies or evaluation laboratories.

## 3.8 Global Accreditation Cooperation

Global Accreditation Cooperation Incorporated launched in 2026 to unify international accreditation cooperation previously organized through IAF and ILAC arrangements.[^global-aci]

The global accreditation model demonstrates:

- Peer evaluation of accreditation bodies
- multilateral recognition
- scoped competence
- cross-border acceptance
- separation between accreditation and certification

This architecture is highly relevant to a future AI evaluator ecosystem.

Standards Body should learn from it rather than attempting to create an isolated proprietary recognition system.

## 3.9 International AI Standards Coordination

ISO, IEC, and ITU have expanded coordination on AI standards and global interoperability.

The International AI Standards Exchange convenes standards bodies and maintains a database of global AI standards.[^itu-exchange][^itu-joint]

This demonstrates that Standards Body should:

- Map existing work
- avoid duplication
- contribute specialized evaluation infrastructure
- seek liaison and interoperability
- resist claims of exclusive ownership over AI standards

## 3.10 Institutional Design Implication

The existing ecosystem contains strong institutions.

The opportunity for Standards Body is not to replicate them.

The opportunity is to specialize in the missing connections among:

- Frontier evaluation science
- held-out evidence
- high-stakes capability assessment
- independent expert review
- evaluator competence
- progressive standards
- incentive design
- global interoperability

---

# 4. Institutional Functions

The complete future ecosystem requires the following functions.

Not every function should reside in Standards Body.

## 4.1 Research

- Foundational research
- evaluation science
- measurement
- institutional design
- standards impact
- assurance research
- interoperability
- public understanding

## 4.2 Terminology and Taxonomy

- Canonical definitions
- classifications
- mappings
- multilingual terms
- deprecation and revision

## 4.3 Protocol Development

- Evaluation protocols
- task architectures
- elicitation methods
- scoring
- uncertainty
- lifecycle
- security

## 4.4 Protocol Stewardship

- Version control
- task renewal
- change requests
- bridge studies
- expiration
- retirement

## 4.5 Standards Development

- Proposals
- committees
- public review
- consensus
- dissent
- approval
- maintenance

## 4.6 Evaluation Administration

- Technical evaluation
- held-out administration
- secure evidence handling
- reporting

## 4.7 Independent Expert Review

- Review mandates
- panels
- evidence access
- findings
- dissent
- publication

## 4.8 Evaluator Competence Development

- Scope definitions
- competency frameworks
- training
- proficiency tests
- quality systems
- registries

## 4.9 Audit and Inspection

- Criteria-based organizational and technical assurance
- evidence review
- control testing
- conformity findings

## 4.10 Certification

- Scheme operation
- assessment
- decision
- certificate
- surveillance
- suspension
- withdrawal

## 4.11 Accreditation

- Assessment of conformity-assessment bodies
- competence recognition
- scope
- peer review
- surveillance

## 4.12 Legal and Regulatory Enforcement

- Binding obligations
- investigations
- market surveillance
- licensing
- sanctions
- judicial review

## 4.13 Incident and Failure Learning

- Incident intake
- taxonomy
- protected exchange
- root-cause analysis
- corrective feedback
- standards updates

## 4.14 Registries

- Protocols
- results
- evaluators
- standards
- certificates
- accreditation
- incidents
- recognition
- corrections

## 4.15 International Interoperability

- Crosswalks
- recognition
- bridge studies
- common metadata
- secure exchange
- capacity building

## 4.16 Public Communication

- Public summaries
- education
- claim correction
- status information
- stakeholder engagement

## 4.17 Appeals and Complaints

- Procedural challenge
- evidence challenge
- conflict allegations
- status disputes
- correction

## 4.18 Institutional Quality

- Internal audit
- governance review
- performance measurement
- risk management
- external evaluation

---

# 5. Functions Standards Body Should Perform Directly

At a mature nonprofit standards-infrastructure stage, Standards Body should be designed to perform the following functions directly.

## 5.1 Foundational Research

Maintain:

- First principles
- terminology
- evidence standards
- research methods
- evaluation philosophy
- institutional architecture

## 5.2 Evaluation-Method Research

Develop and test:

- Dynamic protocols
- held-out methods
- high-stakes evaluation frameworks
- validity arguments
- scoring methods
- system-identity standards

## 5.3 Standards Development

Operate a transparent process for:

- Technical specifications
- test methods
- reporting standards
- terminology standards
- evaluator-competence standards
- interoperability profiles

## 5.4 Protocol Stewardship

Maintain named protocols and their versions.

## 5.5 Public Registries

Maintain records of:

- Protocol status
- standards status
- corrections
- evaluator profiles
- recognition decisions
- public result metadata

## 5.6 Independent Review Coordination

Commission and support independent expert reviews while preserving panel independence.

## 5.7 Evaluator Ecosystem Development

Develop:

- Competency frameworks
- proficiency exercises
- quality criteria
- public-interest access
- research infrastructure

## 5.8 Incident-Learning Infrastructure

Maintain a protected and public incident-learning system.

## 5.9 International Interoperability

Develop mappings, profiles, and recognition procedures.

## 5.10 Capacity Building

Support:

- New evaluators
- regional institutions
- smaller organizations
- open-source communities
- public-interest researchers

## 5.11 Public-Interest Convening

Convene structured processes with documented participation and outcomes.

## 5.12 Institutional Research

Evaluate the performance and failures of standards and assurance systems.

---

# 6. Functions Standards Body Should Not Initially Perform

## 6.1 Regulatory Enforcement

Standards Body should not issue binding sanctions or legal prohibitions.

## 6.2 Licensing

It should not grant legal permission to develop or deploy AI.

## 6.3 Accreditation

It should not initially accredit evaluators or certification bodies.

## 6.4 Certification

It should not initially issue certificates of AI-system safety or conformity.

## 6.5 Commercial Evaluation as a Dominant Business

It should not become financially dependent on paid evaluations of the same organizations that influence its standards.

## 6.6 Exclusive Model Approval

It should not maintain an official approved-model list without lawful mandate and mature evidence.

## 6.7 Universal Risk Rating

It should not reduce systems to one public safety grade.

## 6.8 Government Representation

It should not claim to speak for states or international organizations.

## 6.9 Industry Representation

It should not claim to speak for the AI industry.

## 6.10 Public Representation

It should not claim to speak for the public merely because public-interest participants are included.

## 6.11 Private Legal Adjudication

It should not determine disputed legal obligations outside a defined contractual process.

## 6.12 Proprietary Standards Monopoly

It should not require exclusive use of its methods when equivalent approaches are valid.

---

# 7. Institutional Model Options

The institution should not be designed by copying one existing form.

Six major models should be considered.

## 7.1 Government-Led Institute

### Description

A public agency or government institute responsible for evaluation, standards, or supervision.

### Strengths

- Legal mandate
- public funding
- access to classified or sensitive information
- connection to enforcement
- national measurement infrastructure
- procurement influence

### Weaknesses

- National scope
- political transition
- slower adaptation
- risk of geopolitical alignment
- public-sector hiring constraints
- reduced independence from government priorities

### Best Use

- National-security evaluation
- regulatory support
- public measurement
- market surveillance
- enforcement-linked work

### Fit for Standards Body

Not the appropriate present form.

Standards Body could partner with government institutes.

## 7.2 Independent Nonprofit

### Description

A mission-locked nonprofit research and standards institution.

### Strengths

- Independent identity
- flexible research
- philanthropic and public funding
- international participation
- public-interest mission
- ability to publish criticism

### Weaknesses

- Donor dependence
- no inherent legal authority
- legitimacy must be built
- potential founder or board capture
- limited enforcement power

### Best Use

- Research
- protocols
- standards
- convening
- registries
- capacity building

### Fit for Standards Body

Strongest core organizational form.

## 7.3 International Intergovernmental Institution

### Description

An organization created or governed by states.

### Strengths

- International legitimacy
- diplomatic participation
- treaty or state mandate
- cross-border coordination
- long-term continuity

### Weaknesses

- Slow formation
- political negotiation
- lowest-common-denominator risk
- limited technical speed
- state representation may exclude nonstate expertise

### Best Use

- Legal cooperation
- government recognition
- reporting
- mutual commitments
- global policy coordination

### Fit for Standards Body

Potential partner or future network layer, not realistic initial form.

## 7.4 Industry Consortium

### Description

A member-funded body organized around participating companies.

### Strengths

- Technical access
- speed
- implementation
- market adoption
- funding
- interoperability

### Weaknesses

- Industry capture
- weak affected-party power
- membership barriers
- conflicts
- public trust limitations
- standards designed around incumbents

### Best Use

- Technical interoperability
- shared tools
- implementation pilots
- voluntary commitments

### Fit for Standards Body

Useful participation model, unsuitable as controlling form.

## 7.5 Hybrid Public-Private Institution

### Description

An independent or quasi-public body with government, industry, research, evaluator, and public-interest participation.

### Strengths

- Multiple sources of legitimacy
- access
- expertise
- policy connection
- public and private resources

### Weaknesses

- Complex governance
- unclear accountability
- risk of compromise without principle
- difficult conflict management
- blurred authority

### Best Use

- Standards development
- evaluation coordination
- shared infrastructure
- regulatory support

### Fit for Standards Body

Strong long-term ecosystem model if the nonprofit core remains independent.

## 7.6 Distributed Evaluator and Assurance Network

### Description

A network of independent evaluator, audit, certification, accreditation, and recognition bodies using shared standards.

### Strengths

- Scalability
- pluralism
- regional capacity
- reduced monopoly
- specialized competence
- cross-border recognition

### Weaknesses

- Inconsistent results
- evaluator shopping
- quality variance
- coordination burden
- registry complexity
- recognition disputes

### Best Use

- Third-party assurance
- domain specialization
- international implementation
- certification and accreditation

### Fit for Standards Body

Essential ecosystem layer, but not the sole legal identity.

---

# 8. Model Comparison

| Model | Technical speed | Public authority | Independence from industry | International reach | Enforcement | Capture risk | Best role |
|---|---:|---:|---:|---:|---:|---:|---|
| Government-led | Moderate | High within jurisdiction | High to moderate | Limited to moderate | High | Political | Evaluation and enforcement |
| Independent nonprofit | High | Low formal authority | Potentially high | High | Low | Donor and founder | Research and standards |
| Intergovernmental | Low to moderate | High among parties | High to moderate | High | Treaty-dependent | State politics | Coordination and recognition |
| Industry consortium | High | Low | Low | Moderate to high | Contractual | Industry | Implementation and interoperability |
| Hybrid | Moderate to high | Variable | Moderate | High | Variable | Complex | Standards and shared infrastructure |
| Distributed network | Variable | Distributed | Variable | High | Scheme and legal dependent | Market capture | Assurance and recognition |

## 8.1 Design Conclusion

No model alone is sufficient.

The preferred architecture combines:

- An independent nonprofit core
- hybrid multistakeholder standards processes
- distributed evaluators and conformity-assessment bodies
- government and international partnerships
- external accreditation and legal enforcement

---

# 9. Recommended Institutional Architecture

## 9.1 Core Design

The recommended future architecture is:

> **An independent nonprofit public-interest technical secretariat and standards-development institution operating within a plural, internationally interoperable network of evaluators, reviewers, conformity-assessment bodies, public authorities, research institutions, and affected communities.**

The core institution should be able to create credible common infrastructure.

It should not control every use of that infrastructure.

## 9.2 Institutional Components

The architecture contains:

1. A nonprofit institutional core
2. independent governing bodies
3. technical and public-interest councils
4. operational program units
5. time-limited standards and research working groups
6. external evaluator and assurance networks
7. independent appeals and oversight
8. public and controlled registries
9. international liaison and capacity structures
10. government and regulatory interfaces

## 9.3 Institutional Firewall

The following functions should have operational and decision firewalls:

- Standards drafting
- evaluation administration
- certification decision
- accreditation decision
- appeals
- funding allocation
- enforcement

The same institution may support several functions only if:

- Decision rights remain distinct
- conflicts are disclosed
- personnel and records are separated where necessary
- appeals are independent
- public claims identify the function performed

## 9.4 Subsidiarity

A function should be performed at the lowest institutional level capable of performing it credibly.

Examples:

- Task maintenance by a domain working group
- protocol stewardship by Standards Body
- evaluation by qualified independent organizations
- accreditation by recognized accreditation bodies
- enforcement by governments
- local adaptation by regional institutions

## 9.5 Institutional Modularity

The institution should be able to add, transfer, suspend, or retire functions without redesigning the entire organization.

## 9.6 Network, Not Empire

The preferred model values:

- Shared standards
- distributed implementation
- reciprocal recognition
- local competence
- plural authority

over organizational expansion for its own sake.

---

# 10. Present-Stage Institutional Design

Standards Body is currently in the foundational research and institutional-design stage.

The present organization should remain intentionally limited.

## 10.1 Present Functions

Standards Body may:

- Maintain the canonical document library
- publish research and analysis
- develop protocols and templates
- maintain terminology and taxonomies
- map standards and institutions
- invite critique
- develop pilot proposals
- build source and version registries
- convene exploratory discussions
- form advisory relationships
- prepare legal and organizational options

## 10.2 Present Non-Functions

Standards Body should not presently:

- Issue standards as formally recognized consensus standards
- issue certificates
- accredit evaluators
- make official risk classifications
- operate regulatory enforcement
- claim international representation
- sell approval
- use certification-style seals
- create binding membership obligations presented as public law

## 10.3 Present Decision Authority

The project owner may approve foundational documents during the formation stage.

This authority should be treated as transitional.

Material institutional decisions should increasingly require:

- Written rationale
- expert review
- recorded changes
- conflict disclosure
- later governance ratification

## 10.4 Present Advisory Structure

The project may form nonfiduciary advisory groups for:

- Evaluation science
- standards and conformity assessment
- institutional design
- public interest
- international participation
- security

Advisors should not be described as a governing board unless they possess actual defined governing authority.

## 10.5 Present Transparency

The project should publish:

- Identity
- mission
- current stage
- document status
- authority limits
- funding disclosures when material
- contributor roles
- corrections

## 10.6 Present Institutional Risk

The principal risk at this stage is institutional theater.

Controls:

- No marks implying approval
- no invented accreditation status
- no vague claims of global consensus
- no ceremonial boards without real responsibility
- no use of standards language to imply authority

---

# 11. Legal and Organizational Form

## 11.1 Preferred Form

The preferred future core is an independent nonprofit or public-benefit legal entity.

The exact jurisdiction should be selected through a formal comparative review.

## 11.2 Jurisdiction Selection Criteria

Evaluate:

- Nonprofit and charitable law
- mission lock
- board fiduciary duties
- international operations
- tax treatment
- donor restrictions
- employment
- data protection
- liability
- research protections
- whistleblower protections
- public reporting
- foreign participation
- dissolution and asset transfer
- recognition by partners

## 11.3 No Jurisdiction by Prestige

The institution should not select a jurisdiction merely because it signals international status.

## 11.4 Possible Structures

### Single Nonprofit

One legal entity with internal separation.

Suitable for early stages.

### Nonprofit With Controlled Subsidiaries

The parent maintains mission, standards, and research.

Separate subsidiaries may perform:

- Training
- technology services
- evaluation operations
- publications

### Affiliated Independent Entities

Separate legal organizations perform:

- Certification
- accreditation
- appeals
- regional implementation

### Foundation and Membership Association

A foundation protects mission and assets.

A member association supports participation and standards work.

### Treaty or Public Recognition Layer

A later public or international arrangement may recognize specific standards or records without absorbing the nonprofit.

## 11.5 Preferred Evolution

A likely progression is:

1. Independent project
2. nonprofit research institute
3. nonprofit standards and infrastructure institution
4. affiliated or recognized network
5. possible public or international recognition of specific functions

## 11.6 Mission Lock

The governing documents should require that assets and activities remain directed toward:

- Credible frontier AI evaluation
- standards
- assurance infrastructure
- public-interest governance
- interoperability
- institutional learning

## 11.7 Private Benefit Restriction

No insider, member, founder, funder, developer, evaluator, or partner should receive improper private benefit.

## 11.8 Dissolution

Upon dissolution, remaining mission assets should transfer to one or more qualified public-interest institutions with compatible purposes.

They should not revert to founders, directors, or commercial members.

---

# 12. Mission, Mandate, and Authority

## 12.1 Institutional Mission

> **To develop and maintain credible public-interest infrastructure for frontier AI evaluation, standards, assurance, and interoperability.**

## 12.2 Mandate

The mature institution may be mandated to:

- Conduct and publish research
- develop and maintain evaluation protocols
- develop standards through approved processes
- coordinate independent review
- maintain registries
- develop evaluator-competence infrastructure
- support international interoperability
- operate incident-learning systems
- provide training and capacity building
- issue nonbinding technical findings within scope

## 12.3 Sources of Authority

Possible authority sources include:

- Organizational charter
- member agreement
- standards process
- technical competence
- contractual adoption
- procurement adoption
- certification scheme recognition
- government recognition
- law or treaty

Each source should be stated separately.

## 12.4 Authority Levels

### Research Authority

Authority to publish evidence-based research.

### Process Authority

Authority to administer a defined process.

### Standards Authority

Authority to approve documents within the institution's standards process.

### Contractual Authority

Authority created when parties adopt the institution's rules by agreement.

### Recognition Authority

Authority to recognize evidence or participation for a defined institutional purpose.

### Public Authority

Authority created by law or government mandate.

## 12.5 Authority Limits

The institution should not claim a higher authority level than it possesses.

## 12.6 Technical Finding Versus Binding Decision

A technical finding may support a binding decision.

The binding decision remains with the authorized decision owner.

---

# 13. Constitutional Principles

The institution's governing documents should preserve the following principles.

## 13.1 Mission Primacy

Mission outranks revenue, membership growth, institutional prestige, and partner preference.

## 13.2 Human Benefit

The institution should support beneficial AI development and use while reducing serious harm.

## 13.3 Evidence

Material positions should be evidence-grounded and correctable.

## 13.4 Bounded Claims

Institutional claims should remain within actual authority and evidence.

## 13.5 Independence

No single constituency should control the institution.

## 13.6 Accountability

Power should be reviewable and explained.

## 13.7 Participation

People affected by standards and evaluation should have meaningful pathways to participate.

## 13.8 Competence

Decision roles should require relevant competence.

## 13.9 Pluralism

The institution should support multiple qualified evaluators, methods, and regional implementations.

## 13.10 Transparency With Security

Governance should be visible while sensitive information remains protected proportionately.

## 13.11 Due Process

Consequential decisions should support:

- Notice
- response
- reasoned decision
- appeal
- correction

## 13.12 International Respect

The institution should not erase legitimate jurisdictional, cultural, or linguistic differences.

## 13.13 Competition

Standards and assurance should not create unjustified market exclusion or monopoly.

## 13.14 Revision

Standards and institutional rules should be revised or retired when evidence changes.

## 13.15 Institutional Humility

The institution should make clear:

- What it knows
- what it does not know
- where it lacks authority
- which alternatives remain

---

# 14. Governance Architecture

The complete governance system should contain several bodies with distinct responsibilities.

## 14.1 Governing Board

Primary responsibilities:

- Mission
- fiduciary oversight
- executive appointment
- strategy
- risk
- budget
- institutional-stage transitions
- major partnerships
- governance amendments

The board should not decide ordinary technical findings.

## 14.2 Executive Secretariat

Primary responsibilities:

- Operations
- staffing
- budget execution
- program coordination
- records
- security
- public administration
- implementation of approved strategy

## 14.3 Scientific and Evaluation Council

Primary responsibilities:

- Research quality
- evaluation philosophy
- protocol validity
- evidence standards
- technical research priorities
- expert-review criteria

## 14.4 Standards Council

Primary responsibilities:

- Standards work program
- committee authorization
- process compliance
- ballot and consensus rules
- publication
- maintenance
- withdrawal

## 14.5 Public Interest and Rights Council

Primary responsibilities:

- Public-interest analysis
- affected-party participation
- rights
- distributional impact
- accessibility
- small-actor concerns
- public claims

## 14.6 International Coordination Forum

Primary responsibilities:

- Regional participation
- liaison
- crosswalks
- multilingual work
- capacity building
- recognition
- avoidance of duplication

## 14.7 Ethics, Integrity, and Conflicts Committee

Primary responsibilities:

- Conflicts
- recusals
- research integrity
- misconduct procedures
- whistleblower protections
- sponsor influence
- authorship and credit disputes

## 14.8 Security and Confidentiality Committee

Primary responsibilities:

- Information classification
- held-out security
- incident response
- dangerous-information review
- access
- release
- security audit

## 14.9 Finance, Audit, and Risk Committee

Primary responsibilities:

- Financial oversight
- audit
- funding concentration
- reserves
- compensation
- enterprise risk
- insurance
- controls

## 14.10 Appeals and Review Panel

Primary responsibilities:

- Independent review of eligible decisions
- procedural fairness
- conflict disputes
- standards appeals
- recognition disputes
- corrections

The panel should not report to the staff whose decisions it reviews.

## 14.11 Contributor and Community Assembly

Primary responsibilities:

- Contributor representation
- proposals
- public feedback
- election or nomination rights where defined
- community accountability
- emerging issue identification

The assembly should not automatically possess authority over security-sensitive or fiduciary decisions.

---

# 15. Governing Board Design

## 15.1 Board Size

Recommended mature size:

- Eleven to fifteen voting members

This is large enough for plurality and small enough for fiduciary responsibility.

## 15.2 Constituency Balance

Board competence should include:

- AI evaluation science
- standards and conformity assessment
- public-interest governance
- law and public institutions
- international or regional experience
- security and high-stakes domains
- organizational and financial governance

## 15.3 Control Limits

Design targets:

- No single constituency holds more than one third of voting seats.
- Developer and commercial provider representatives combined do not hold one third or more.
- Commercial evaluators and assurance providers combined do not hold one third or more.
- At least two thirds of voting directors are independent of organizations currently subject to active Standards Body standards, evaluation, recognition, or certification-related work.
- No funder receives an automatic board seat solely because of funding.
- The founder does not possess a permanent veto or permanent board seat.

## 15.4 Terms

Recommended:

- Three-year terms
- maximum two consecutive full terms
- staggered appointment
- cooling-off period before return

Transitional founding terms may be shorter or staggered deliberately.

## 15.5 Appointment

Use a transparent nomination and selection process.

Publish:

- Role criteria
- desired competence
- conflicts
- appointing body
- term
- constituency
- independence status

## 15.6 Removal

Removal should be possible for:

- Breach of duty
- misconduct
- undisclosed conflict
- persistent nonparticipation
- security violation
- mission breach

Removal should require a documented process.

## 15.7 Board Chair

The chair should:

- Be elected by the board
- serve a limited term
- not simultaneously serve as chief executive
- not possess unilateral standards or technical authority

## 15.8 Founder Transition

A founder may serve during formation.

The mature institution should require:

- Defined term
- succession plan
- no permanent special voting class
- no unilateral amendment power
- institutional ownership of canonical assets

## 15.9 Board Evaluation

The board should receive:

- Annual self-evaluation
- periodic independent governance review
- conflict audit
- constituency-balance review
- performance disclosure

---

# 16. Executive Secretariat

## 16.1 Chief Executive

The chief executive is responsible for operations, not unrestricted institutional authority.

## 16.2 Appointment

The board appoints and evaluates the chief executive.

## 16.3 Limits

The chief executive should not unilaterally:

- Approve standards
- reverse appeals
- certify systems
- expand institutional authority
- change mission
- conceal material conflicts
- override security governance without review

## 16.4 Senior Roles

Possible roles:

- Executive Director
- Research Director
- Director of Evaluation Science
- Director of Standards
- Director of Institutional Assurance
- Director of International Cooperation
- Director of Public Interest and Participation
- Chief Security Officer
- General Counsel or legal lead
- Chief Operating and Financial Officer
- Director of Transparency and Records

## 16.5 Delegation

Delegated authority should be:

- Written
- scoped
- time-bound where necessary
- reviewable
- revocable

## 16.6 Staff Independence

Technical staff should have protected channels for:

- Dissent
- integrity concerns
- security reporting
- conflict reporting
- publication disputes

---

# 17. Councils and Committees

## 17.1 Advisory Versus Decision Bodies

Every body should be labeled as:

- Advisory
- recommending
- approving
- reviewing
- fiduciary
- operational

## 17.2 No Ceremonial Council

A council should not be created merely to display prominent names.

It should have:

- Mandate
- membership criteria
- term
- decision rights
- records
- review
- removal

## 17.3 Cross-Council Review

High-consequence standards may require review from:

- Scientific and Evaluation Council
- Standards Council
- Public Interest and Rights Council
- Security and Confidentiality Committee

## 17.4 Joint Decisions

Joint approval may be required where a proposal has both technical and public-interest consequences.

## 17.5 Deadlock

Deadlock procedures may include:

- Mediation
- revised scope
- additional evidence
- public dissent
- appeal
- board review limited to process and institutional mandate

The board should not manufacture technical consensus.

---

# 18. Working Groups

## 18.1 Purpose

Working groups perform bounded research, protocol, or standards tasks.

## 18.2 Types

- Research working group
- protocol working group
- standards working group
- incident task force
- interoperability group
- domain expert group
- implementation group

## 18.3 Charter

Every working group should have:

- Title
- objective
- scope
- non-scope
- deliverables
- membership
- chair
- decision method
- conflicts
- security
- timeline
- sunset

## 18.4 Membership Balance

A standards working group should include relevant:

- Developers
- deployers
- evaluators
- domain experts
- public-interest participants
- smaller actors
- government or regulatory liaisons
- international participants

Balance should reflect the issue rather than use identical quotas for every group.

## 18.5 Participation Funding

Provide support where possible for participants who lack institutional funding.

## 18.6 Chair Independence

A chair should not represent the dominant commercial interest in the work without strong counterbalances and disclosure.

## 18.7 Records

Maintain:

- Attendance
- proposals
- evidence
- comments
- conflicts
- decisions
- dissent
- revisions

## 18.8 Sunset

Working groups should dissolve or renew after completing their mandate.

---

# 19. Membership Architecture

## 19.1 Membership Purpose

Membership creates structured participation.

It should not purchase scientific truth, approval, or authority.

## 19.2 Membership Categories

Possible categories:

- Individual expert
- academic or research institution
- public-interest organization
- developer or provider
- deployer or purchaser
- evaluator or assurance provider
- government or public institution
- standards organization
- international organization
- regional partner
- open-source community
- observer

## 19.3 Membership Rights

Rights may include:

- Participation
- nominations
- proposals
- committee eligibility
- access to member briefings
- voting within defined constituencies
- use of non-endorsement membership description

## 19.4 Membership Non-Rights

Membership should not create:

- Automatic board control
- favorable evaluation
- standards veto
- certification
- accreditation
- endorsement
- privileged confidential access unrelated to role
- immunity from criticism

## 19.5 Dues

Dues may vary by organizational size.

Fee waivers or reduced dues should support:

- Public-interest organizations
- individual researchers
- low-resource regions
- small evaluators
- open-source communities

## 19.6 Member Conduct

Members should agree to:

- Accurate public claims
- conflict disclosure
- confidentiality
- nonretaliation
- standards-process integrity
- no misuse of affiliation

## 19.7 Suspension and Removal

Grounds may include:

- Misrepresentation
- misconduct
- security breach
- corruption
- retaliation
- repeated process abuse
- nonpayment, where appropriate

Due process and appeal should apply.

---

# 20. Participation and Representation

## 20.1 Stakeholder Groups

Relevant groups include:

- Frontier developers
- smaller developers
- deployers
- users
- affected non-users
- evaluators
- researchers
- standards experts
- governments
- regulators
- workers
- civil society
- open-source communities
- international and regional institutions
- high-stakes domain experts

## 20.2 Representation Is Not Endorsement

Participation does not imply that a participant endorses every institutional position.

## 20.3 Affected-Party Participation

People affected by system deployment should have pathways to influence:

- Problem definition
- risk classification
- reporting
- safeguards
- appeals
- standards impact review

## 20.4 Avoid Symbolic Representation

One participant should not be treated as representing an entire community without mandate.

## 20.5 Participation Quality

Measure:

- Who participates
- whose comments change outcomes
- who withdraws
- which barriers remain
- whether minority positions are recorded

## 20.6 International Balance

International work should include:

- Regional participation
- multilingual material
- local expertise
- remote access
- capacity support

## 20.7 Future Generations

Long-term and difficult-to-reverse consequences should be considered through:

- Explicit impact analysis
- long-horizon expertise
- public-interest review

No individual can literally represent future people.

---

# 21. Decision Architecture

## 21.1 Decision Classes

Institutional decisions include:

- Research approval
- protocol approval
- standards project approval
- standard approval
- publication
- security classification
- evaluator recognition
- funding acceptance
- partnership
- correction
- suspension
- appeal
- institutional transition

## 21.2 Decision Record

Every material decision should identify:

- Decision owner
- authority
- proposal
- evidence
- reviewers
- conflicts
- comments
- dissent
- outcome
- conditions
- effective date
- appeal
- expiration

## 21.3 Decision Methods

Possible methods:

- Executive decision
- committee majority
- supermajority
- consensus
- no sustained objection
- expert determination
- independent panel decision

## 21.4 Consensus

Consensus means broad agreement after serious efforts to address substantial objections.

It does not require unanimity.

## 21.5 Supermajority

Use supermajority for:

- Mission amendments
- institutional-stage transitions
- merger
- dissolution
- creation of certification or accreditation functions
- removal of independent appeals protections

## 21.6 Technical Decision Rights

Technical decisions should be made by competent bodies under approved processes.

## 21.7 Public-Interest Veto

The institution should avoid a vague universal veto.

A Public Interest and Rights Council may require reconsideration or escalation when a proposal presents a material unresolved rights or distributional issue.

The final process should preserve reasoned decision and dissent.

## 21.8 Security Decision Rights

Emergency security actions may be taken quickly.

They should be reviewed after the immediate risk is controlled.

---

# 22. Separation of Institutional Powers

## 22.1 Standards and Certification

The body developing a standard should not control every certification decision under that standard.

## 22.2 Certification and Accreditation

A certification body should not accredit itself.

## 22.3 Evaluation and Appeal

The evaluator should not decide the final appeal concerning its own disputed process.

## 22.4 Funding and Technical Findings

Fundraising personnel should not control technical conclusions.

## 22.5 Executive and Board

The chief executive should not chair the governing board.

## 22.6 Security and Publication

Security review may require redaction or delay.

It should not suppress unfavorable findings for reputational reasons.

## 22.7 Developer Input and Independent Review

Developers may correct facts and provide evidence.

They should not control independent conclusions.

## 22.8 Institutional Recognition and Commercial Services

Recognition decisions should not be linked to purchase of consulting, membership, or training.

## 22.9 Firewall Methods

Use:

- Separate committees
- distinct staff
- separate legal entities
- budget separation
- information barriers
- independent review
- public disclosure
- appeal

---

# 23. Standards-Development Function

## 23.1 Standards Work Program

The institution should publish a current work program identifying:

- Proposed projects
- active projects
- responsible committees
- stage
- expected timeline
- participation opportunities
- related external standards
- public-interest rationale

## 23.2 New Work Proposal

A standards project should begin with:

- Problem
- scope
- affected actors
- evidence maturity
- existing standards
- implementation need
- assurance readiness
- competition impact
- international relevance
- resource estimate

## 23.3 Approval to Begin

Approval to start a project does not imply approval of the resulting standard.

## 23.4 Standards Types

Standards Body may develop:

- Terminology standards
- protocol specifications
- evaluation reporting standards
- system-identity standards
- evidence and provenance standards
- evaluator-competence standards
- interoperability profiles
- incident-reporting standards
- process standards
- management-system requirements where mature

## 23.5 Standards Process

The process should include:

1. Proposal
2. scoping
3. committee formation
4. evidence review
5. drafting
6. pilot
7. public comment
8. comment disposition
9. technical and public-interest review
10. approval
11. publication
12. implementation monitoring
13. revision or retirement

## 23.6 Consensus and Dissent

Publish:

- Consensus basis
- substantial objections
- unresolved dissent
- minority report where material

## 23.7 Public Comment

Comment periods should be long enough for meaningful review.

Urgent processes may use shorter periods only with:

- Published reason
- temporary status
- rapid follow-up review
- sunset

## 23.8 Standards Accessibility

The institution should seek to make core public-interest standards freely accessible.

Revenue models should not make essential safety and evaluation requirements unavailable to smaller actors.

## 23.9 Copyright and Licensing

Standards should have clear terms for:

- Access
- quotation
- implementation
- translation
- software schemas
- derivative profiles

## 23.10 Maintenance

Every standard should have:

- Owner
- version
- review cycle
- incident triggers
- correction process
- supersession
- retirement

## 23.11 External Standards

Standards Body should adopt, map, or reference existing standards where appropriate.

It should avoid creating proprietary duplicates.

## 23.12 Government Use

Governments may adopt or reference Standards Body standards through their own lawful processes.

Such adoption does not transfer government authority to Standards Body.

---

# 24. Evaluation and Protocol Function

## 24.1 Protocol Stewardship

Standards Body may serve as steward for defined evaluation protocols.

Stewardship includes:

- Construct definition
- versioning
- change control
- task-governance framework
- reporting requirements
- expiration
- retirement

## 24.2 Evaluation Research

The institution may run research evaluations to:

- Validate protocols
- compare methods
- study elicitation
- assess evaluator consistency
- support standards development

## 24.3 Consequential External Evaluation

When evaluating an external organization's system for a consequential public claim, the institution should use:

- Independent evaluator teams
- external review
- separate funding arrangements
- protected publication rights
- defined access
- appeal
- result expiration

## 24.4 Evaluation Services

If paid evaluation services are offered, they should be separated from:

- Standards approval
- evaluator recognition
- membership
- certification
- public-interest enforcement claims

## 24.5 Evaluation Results

A result should identify:

- Evaluated object
- protocol
- evaluator
- conditions
- uncertainty
- evidence level
- limitations
- expiration
- status

## 24.6 No General Approval

An evaluation result should not be marketed as general approval of the system.

## 24.7 Protocol Access

Protocol access may be:

- Public
- partially protected
- controlled
- restricted

The classification should follow validity and security needs.

## 24.8 Task Custody

Held-out tasks should be managed by:

- Separate custodians
- access controls
- logs
- rotation
- compromise procedures
- qualified review

## 24.9 Evaluator Independence

Where Standards Body maintains the protocol and also evaluates:

- Separate protocol and evaluation teams
- external method review
- disclosure
- no self-certification
- appeal outside the evaluation team

---

# 25. Independent Review Function

## 25.1 Review Mandate

Standards Body may commission independent reviews of:

- Protocols
- evaluation results
- standards proposals
- incidents
- institutional practices
- evaluator competence frameworks

## 25.2 Review Panel Selection

Use:

- Competence criteria
- independence profiles
- conflict disclosure
- diverse methods
- public-interest participation where relevant

## 25.3 Funding

Reviewer compensation should not depend on result direction.

## 25.4 Evidence Access

Reviewers should receive sufficient access for the public conclusion.

## 25.5 Publication Rights

The reviewed party may receive factual-review rights.

It should not control the independent conclusion.

## 25.6 Dissent

Preserve:

- Minority findings
- unresolved limitations
- confidence differences
- access restrictions

## 25.7 Review Registry

Maintain records of:

- Mandate
- reviewers
- access level
- conflicts
- findings
- response
- status

---

# 26. Assurance Ecosystem Function

## 26.1 Institutional Purpose

Standards Body should help create a trustworthy ecosystem for:

- Testing
- evaluation
- inspection
- audit
- validation
- verification
- certification
- accreditation

## 26.2 Role Clarity

Each activity should retain its canonical meaning.

## 26.3 Competence Frameworks

Standards Body may define competence by:

- Domain
- method
- system type
- activity
- security level
- assurance level

## 26.4 Proficiency Testing

The institution may coordinate or approve proficiency exercises testing:

- Protocol implementation
- scoring
- security
- evidence handling
- reporting
- inter-evaluator consistency

## 26.5 Quality Systems

Evaluator requirements may include:

- Governance
- personnel
- methods
- records
- security
- conflicts
- complaints
- correction
- internal audit
- continuous competence

## 26.6 Evaluator Registry

The registry should distinguish:

- Self-declared capability
- Standards Body qualification pilot
- external certification
- accreditation
- current scope
- suspension
- expiry

## 26.7 No Universal Evaluator Label

An evaluator should not be described as generally approved for all AI evaluation.

Scope is essential.

## 26.8 Market Development

Support:

- New evaluator entry
- regional capacity
- shared tools
- training
- public-interest funding
- open protocols
- inter-evaluator studies

## 26.9 Market Safeguards

Monitor:

- Client concentration
- evaluator shopping
- result dependence
- service bundling
- standards influence
- market concentration

---

# 27. Accreditation Relationship

## 27.1 Initial Position

Standards Body should not initially operate as an accreditation body.

## 27.2 Preferred Role

It may develop:

- Evaluator competence standards
- technical scopes
- proficiency tests
- scheme guidance
- registry metadata
- AI-specific interpretation

## 27.3 External Accreditation

Recognized accreditation bodies may assess conformity-assessment bodies against:

- General accreditation criteria
- AI-specific standards
- defined technical scopes

## 27.4 Cooperation

Standards Body may cooperate with national, regional, and global accreditation systems.

## 27.5 Accreditation Claims

Public records should state:

- Accreditation body
- criteria
- scope
- locations
- status
- expiration

## 27.6 Future Accreditation Entity

Any future accreditation function should require:

- Separate legal and governance analysis
- conformity-assessment competence
- impartiality
- peer evaluation
- international recognition strategy
- independent appeals
- financial separation
- amendment of project identity

## 27.7 No Self-Accreditation

Standards Body cannot declare itself accredited or recognized without an external valid process.

---

# 28. Certification Relationship

## 28.1 Initial Position

Standards Body should not initially issue AI safety certificates.

## 28.2 Scheme Development

The institution may research or develop certification-scheme requirements only when:

- The certified object is defined
- requirements are mature
- methods are valid
- evaluators exist
- surveillance is possible
- claims are understandable
- withdrawal can be enforced

## 28.3 Certification Object

Potential objects may include:

- Management system
- evaluation process
- protocol implementation
- system configuration
- reporting process
- personnel competence

A broad certification of "safe AI" should be rejected.

## 28.4 Certification Body Separation

Certification decisions should ordinarily be made by separate qualified certification bodies.

## 28.5 Scheme Owner Role

Standards Body may become a scheme owner only with:

- Governance
- technical competence
- public claim controls
- complaints
- surveillance
- financial model
- independent oversight

## 28.6 Certificate Registry

A certificate record should identify:

- Scheme
- body
- certified object
- scope
- date
- expiry
- status
- surveillance
- suspension

## 28.7 Mark Control

Any mark should be:

- Scope-specific
- time-limited
- revocable
- protected against misleading use
- unrelated to membership purchase

---

# 29. Enforcement Relationships

## 29.1 Public Enforcement

Binding enforcement belongs to authorized institutions.

Examples:

- Regulators
- market-surveillance authorities
- courts
- procurement authorities
- licensing bodies
- treaty institutions

## 29.2 Standards Body Support

Standards Body may support enforcement through:

- Standards
- protocols
- evidence
- registries
- expert analysis
- incident information
- evaluator competence frameworks

## 29.3 No Private Penalty Without Basis

Standards Body may enforce:

- Membership rules
- contracts
- confidentiality
- marks
- registry status
- standards-process conduct

It should not impose public-law penalties without authority.

## 29.4 Regulatory Recognition

A regulator may recognize:

- A standard
- protocol
- evaluator
- certificate
- registry

Recognition should state legal effect and conditions.

## 29.5 Enforcement Independence

The technical institution should be able to publish evidence even when public authorities choose a different policy response.

## 29.6 Government Requests

Requests for evidence should follow:

- Law
- contracts
- security
- privacy
- due process
- transparency where permitted

---

# 30. Incident and Failure-Learning Function

## 30.1 Purpose

The institution should convert incidents and near misses into improvements.

## 30.2 Incident Intake

Accept reports from:

- Developers
- deployers
- users
- workers
- evaluators
- researchers
- public institutions
- affected parties
- whistleblowers

## 30.3 Intake Channels

Provide:

- Public reporting
- confidential reporting
- protected disclosure
- partner channels
- emergency security channel

## 30.4 Triage

Assess:

- Credibility
- severity
- urgency
- system
- AI role
- evidence
- disclosure risk
- jurisdiction

## 30.5 Investigation

Standards Body may:

- Preserve records
- coordinate expert review
- refer to competent authorities
- compare protocols
- conduct root-cause research

It should not obstruct official investigations.

## 30.6 Public and Protected Records

Publish the maximum safe learning while protecting:

- Personal data
- active vulnerabilities
- confidential systems
- legal process
- national security

## 30.7 Feedback

Incidents should trigger review of:

- Protocols
- tasks
- safeguards
- standards
- evaluator scopes
- certificates
- public claims
- research agenda

## 30.8 Nonretaliation

The institution should prohibit retaliation within its own programs against good-faith reporting.

## 30.9 Incident Independence

Incident review should not be controlled by the organization whose system is involved.

---

# 31. Registry and Knowledge Infrastructure

## 31.1 Registry Purpose

Registries make status visible.

## 31.2 Core Registries

Potential registries include:

- Standards registry
- protocol registry
- evaluation-result registry
- evaluator registry
- review registry
- certificate registry
- accreditation mapping
- incident registry
- recognition registry
- correction registry

## 31.3 Registry Minimum

Each record should include:

- Identifier
- owner
- scope
- version
- status
- effective date
- expiration
- evidence
- correction history

## 31.4 Federated Architecture

Registries should support exchange with external systems.

Standards Body should not require one centralized global database as the only source of legitimacy.

## 31.5 Integrity

Use:

- Version control
- signatures where appropriate
- audit logs
- status propagation
- archived records
- correction notices

## 31.6 Public Access

Public status should be freely accessible.

Restricted technical evidence may remain controlled.

## 31.7 Registry Governance

Registry operators should have:

- Update duties
- challenge procedures
- correction
- security
- availability targets
- succession plans

---

# 32. Transparency and Confidentiality

## 32.1 Transparency Baseline

The institution should publish:

- Mission
- authority
- governance
- board and councils
- funding
- conflicts
- work program
- standards process
- public decisions
- corrections
- annual performance

## 32.2 Confidentiality Categories

Use:

- Public
- controlled
- confidential
- restricted
- highly restricted

## 32.3 Protected Information

Protection may apply to:

- Held-out tasks
- vulnerabilities
- model weights
- system prompts
- personal data
- incidents
- contractual information
- national-security information

## 32.4 Public Minimum for Restricted Work

Publish:

- Purpose
- broad scope
- responsible bodies
- review type
- result status
- limitations
- reason for restriction
- review date

## 32.5 Confidentiality Authority

No one staff member should have unlimited power to classify information permanently.

## 32.6 Classification Review

Restricted status should have:

- Owner
- rationale
- review date
- release conditions
- appeal

## 32.7 Sponsor Confidentiality

Commercial confidentiality should not be used to conceal:

- Material public harm
- evaluator conflict
- invalid result
- misleading public claim

Legal obligations should be reviewed carefully.

---

# 33. Conflicts and Independence

## 33.1 Conflict Categories

- Financial
- employment
- ownership
- client
- funding
- intellectual
- political
- personal
- reputational
- access dependence

## 33.2 Conflict Register

Maintain public and controlled conflict records.

## 33.3 Recusal

Material conflicts may require:

- Disclosure
- limited participation
- independent review
- recusal
- removal

## 33.4 Revolving Door

Create cooling-off rules for:

- Developer executives
- regulators
- certification personnel
- accreditation personnel
- senior staff

The rule should be proportionate to the role.

## 33.5 Client Concentration

A service unit should monitor dependence on major clients.

## 33.6 Funding Conflict

Funders should not select:

- Reviewers
- evaluators
- standard language
- findings

outside transparent role-based processes.

## 33.7 Intellectual Conflict

People who created a protocol may contribute expertise.

They should not be the sole validators of its success.

## 33.8 Independence Statement

Major reports should state:

- Funding
- selection
- access
- method control
- publication rights
- conflicts

---

# 34. Funding Model

## 34.1 Funding Objectives

Funding should support:

- Independence
- competence
- continuity
- access
- security
- public goods
- correction

## 34.2 Revenue Sources

A diversified mature model may include:

- Philanthropic grants
- government research grants
- international grants
- membership dues
- publications
- training
- conferences
- registry services
- protocol licensing where appropriate
- technical infrastructure fees
- commissioned research
- charitable contributions
- endowment income

## 34.3 Prohibited Funding Conditions

Reject funding conditioned on:

- Favorable outcome
- publication suppression
- standards control
- board control
- confidential access beyond role
- certification
- recognition
- exclusion of competitors
- political endorsement

## 34.4 Funding Concentration Targets

Suggested design targets:

### Formation Stage

No single funder should ordinarily provide more than 35 percent of annual operating revenue without public disclosure, board approval, and a diversification plan.

### Institutionalization Stage

Target no single funder above 25 percent.

### Mature Stage

Target no single funder above 15 percent.

These are governance targets, not universal accounting rules.

Exceptions should be:

- Temporary
- disclosed
- independently reviewed
- accompanied by safeguards

## 34.5 Reserves

Target an operating reserve sufficient for:

- Six to twelve months of core operations
- security incidents
- litigation or disputes
- funder withdrawal
- publication independence

## 34.6 Restricted Grants

Restricted funding should not distort the institution's overall priorities.

## 34.7 Membership Revenue

Membership should not become a pay-to-govern system.

## 34.8 Standards Revenue

Core safety and public-interest documents should remain accessible.

## 34.9 Service Revenue

Separate commercial services from standards and recognition decisions.

## 34.10 Endowment

A future endowment may protect independence.

Its investment and donor rules should align with mission.

## 34.11 Financial Transparency

Publish:

- Audited financial statements
- major funder categories
- concentration
- related-party transactions
- executive compensation principles
- reserves
- service revenue

---

# 35. Staffing and Competence

## 35.1 Competence Model

The institution needs combined competence in:

- AI and machine learning
- evaluation science
- statistics and measurement
- cybersecurity
- biological and chemical risk
- human factors
- standards development
- conformity assessment
- accreditation
- law and regulation
- governance
- economics and competition
- security
- privacy
- international relations
- public communication

## 35.2 Core Staff and Networks

Not all competence must be permanent staff.

Use:

- Core staff
- fellows
- contracted experts
- working groups
- partner laboratories
- regional institutions
- independent reviewers

## 35.3 Hiring

Hiring should consider:

- Demonstrated work
- judgment
- integrity
- interdisciplinary ability
- security eligibility
- conflicts
- public communication

## 35.4 Continuing Competence

Require:

- Training
- proficiency
- peer review
- domain updates
- standards education
- security exercises

## 35.5 Compensation

Compensation should be sufficient to reduce dependence on conflicted external work.

## 35.6 Staff Dissent

Protect good-faith technical and institutional dissent.

## 35.7 Research Independence

Researchers should have defined publication and review protections.

## 35.8 Personnel Security

Sensitive roles may require:

- Background checks where lawful
- access agreements
- training
- least privilege
- monitoring
- exit controls

---

# 36. Security Architecture

## 36.1 Security Objectives

Protect:

- People
- models
- tasks
- evidence
- vulnerabilities
- personal data
- systems
- institutional continuity

## 36.2 Security Governance

The Chief Security Officer should have:

- Operational authority
- escalation rights
- direct access to the board risk committee
- independence from commercial pressure

## 36.3 Security Controls

Use:

- Least privilege
- strong authentication
- network segmentation
- secure environments
- logging
- encryption
- data-loss prevention
- backups
- incident response
- vendor review
- physical security

## 36.4 Held-Out Infrastructure

Task banks should use:

- Separate custody
- controlled administration
- signed artifacts
- exposure tracking
- rotation
- compromise review

## 36.5 Model Access

Model access should be governed by:

- Purpose
- scope
- provider agreement
- security
- logging
- destruction or return
- reviewer access

## 36.6 Insider Risk

Use:

- Separation of duties
- behavior-independent controls
- access review
- reporting channels
- leave and exit procedures

## 36.7 Security Audit

Conduct:

- Internal testing
- external penetration testing
- access audits
- incident simulations
- recovery tests

## 36.8 Emergency Authority

Emergency security actions should be:

- Necessary
- proportionate
- logged
- time-limited
- reviewed after action

---

# 37. International Architecture

## 37.1 International Goal

Support interoperable evidence and standards across plural legal and institutional systems.

## 37.2 Participation Model

Use:

- Regional partners
- national standards liaisons
- public institutions
- international organizations
- evaluator networks
- research institutions
- civil society

## 37.3 No One-Country Control

A mature international institution should avoid:

- Board dominance by one country
- all leadership in one region
- English-only participation
- dependence on one national funder
- standards based only on one legal system

## 37.4 Common Core and Local Extensions

Maintain:

- Shared terminology
- metadata
- evidence standards
- protocol principles
- status records

Allow local extensions for:

- Law
- language
- culture
- sectors
- risk tolerance
- institutional structure

## 37.5 Recognition

Recognition should be:

- Purpose-specific
- evidence-based
- versioned
- conditional where needed
- reviewable
- revocable

## 37.6 Regional Capacity

Support:

- Training
- fellowships
- shared evaluation facilities
- translation
- local task development
- regional evaluator organizations

## 37.7 International Liaisons

Seek liaison or cooperation with:

- Standards organizations
- accreditation networks
- public AI institutes
- treaty bodies
- regional organizations
- professional associations

## 37.8 Avoid Duplication

Before beginning international standards work, map:

- Existing standards
- work programs
- legal instruments
- reporting frameworks
- evaluator initiatives

## 37.9 International Claims

Use:

- International participation
- cross-regional
- multi-jurisdictional

only when supported.

Avoid:

- Globally approved
- worldwide authority
- universal consensus

---

# 38. Partnerships

## 38.1 Partnership Purpose

Partnerships should provide:

- Expertise
- access
- implementation
- capacity
- interoperability
- public benefit

## 38.2 Partner Categories

- Research
- government
- standards
- evaluator
- accreditation
- certification
- industry
- civil society
- philanthropy
- international
- regional

## 38.3 Partnership Review

Assess:

- Mission fit
- conflicts
- reputation
- security
- funding
- control
- public claims
- exit

## 38.4 No Implied Endorsement

Participation or partnership should not imply approval of all partner activities.

## 38.5 Public Agreement Summary

Publish the purpose, funding, governance, and claim limits of material partnerships.

## 38.6 Data and Intellectual Property

Agreements should define:

- Ownership
- licenses
- publication
- confidentiality
- evidence access
- termination
- correction

## 38.7 Exit

The institution should be able to end a partnership after:

- Mission conflict
- interference
- misconduct
- security breach
- misleading public claims

---

# 39. Public Interest, Rights, and Social Consequence

## 39.1 Public-Interest Function

Public-interest review should examine:

- Harm
- benefit
- rights
- access
- distribution
- competition
- labor
- environment
- democracy
- vulnerable populations

## 39.2 Technical Scope

The institution should remain technically serious.

Public-interest review should not become a substitute for measurement.

## 39.3 Rights Analysis

Where standards may affect rights, obtain qualified expertise and affected-party input.

## 39.4 Distribution

Assess who bears:

- Cost
- risk
- compliance burden
- exclusion
- benefit
- uncertainty

## 39.5 Competition

Standards should not unnecessarily:

- Entrench incumbents
- require proprietary access
- prevent equivalent methods
- exclude open-source systems
- create one evaluator monopoly

## 39.6 Environmental and Resource Impact

Evaluate institutional and technical requirements for:

- Compute
- energy
- hardware
- travel
- storage
- specialist labor

## 39.7 Public Explanation

Provide understandable explanations of:

- Standards
- evaluations
- status
- uncertainty
- authority

---

# 40. Small Actors and Open Ecosystems

## 40.1 Inclusion Goal

The institution should support meaningful participation by:

- Startups
- independent researchers
- small evaluators
- nonprofits
- public-interest groups
- open-source communities
- lower-resource regions

## 40.2 Barriers

Potential barriers include:

- Fees
- travel
- compute
- legal cost
- model access
- security infrastructure
- English
- specialist staffing

## 40.3 Access Measures

Use:

- Reduced fees
- travel support
- remote participation
- compute grants
- shared secure facilities
- open tooling
- template support
- translated materials

## 40.4 Functional Equivalence

Permit alternative methods where they provide equivalent evidence.

## 40.5 Open-Weight Systems

Account for:

- Forks
- distributed deployment
- community maintainers
- uncertain operators
- model lineage
- safeguard modification

## 40.6 No Exemption by Size From Severe Risk

Proportionality should reduce unnecessary burden.

It should not erase severe-risk obligations where capability and deployment justify them.

---

# 41. Appeals, Complaints, and Procedural Justice

## 41.1 Eligible Appeals

Appeals may concern:

- Standards process
- protocol status
- evaluator recognition
- membership discipline
- conflict decisions
- publication corrections
- registry status
- confidentiality classification
- certification or accreditation relationships where applicable

## 41.2 Appeal Grounds

Possible grounds:

- Procedural error
- material factual error
- undisclosed conflict
- insufficient evidence
- unequal treatment
- unreasonable scope
- new material evidence
- authority exceeded

## 41.3 Appeals Panel

The Appeals and Review Panel should be:

- Independent of the original decision team
- competent in the issue
- conflict-screened
- able to obtain necessary records
- required to give reasons

## 41.4 Appeal Outcomes

- Affirm
- modify
- remand
- suspend
- reverse
- require correction
- find outside jurisdiction

## 41.5 Complaints

Complaints may concern:

- Staff conduct
- member conduct
- evaluator conduct
- security
- retaliation
- misuse of marks
- misleading claims
- governance
- accessibility

## 41.6 Whistleblower Channel

Provide a protected channel independent of ordinary management.

## 41.7 Nonretaliation

Retaliation should be prohibited and independently reviewable.

## 41.8 Time Limits

Time limits should balance:

- Finality
- access
- complexity
- new evidence
- security

## 41.9 Public Record

Publish decisions and reasons where possible.

Protect:

- Personal data
- security
- confidential evidence
- legal privilege

---

# 42. Institutional Performance

## 42.1 Performance Philosophy

The institution should not measure success primarily through:

- Number of standards
- number of members
- media attention
- certificates issued
- revenue
- partnerships
- institutional prestige

## 42.2 Outcome Categories

Measure:

### Evidence Quality

- Validity
- reproducibility
- correction
- current status
- decision usefulness

### Standards Quality

- Adoption
- implementation
- burden
- interoperability
- revision
- outcome improvement

### Evaluation Quality

- Protocol reliability
- task integrity
- evaluator consistency
- predictive validity
- incident relevance

### Institutional Quality

- Independence
- participation
- conflict control
- appeals
- transparency
- security
- financial resilience

### Ecosystem Quality

- Number and diversity of competent evaluators
- regional capacity
- market concentration
- recognition
- small-actor access

### Public-Interest Outcomes

- Harm reduction
- safer beneficial deployment
- better public understanding
- stronger correction
- rights protection
- reduced duplication

## 42.3 Annual Report

Publish:

- Work completed
- outcomes
- failed projects
- corrections
- standards status
- funding
- conflicts
- participation
- security summary
- institutional risks
- next-year priorities

## 42.4 Independent Evaluation

Commission periodic independent evaluation of the institution.

Recommended cadence:

- Every three years during institutionalization
- Every five years at mature stage
- Immediately after a major institutional failure

## 42.5 Public Dashboard

A public dashboard may include:

- Current standards
- active projects
- open comments
- corrections
- appeals
- funding concentration
- participation metrics
- registry health

Avoid vanity metrics.

## 42.6 Institutional Research

Publish negative findings about the institution when supported.

---

# 43. Internal Audit and Quality System

## 43.1 Quality Scope

The quality system should cover:

- Research
- protocols
- standards
- registries
- review
- security
- records
- conflicts
- complaints
- funding
- partnerships

## 43.2 Internal Audit

Audit against:

- Governing documents
- canonical files
- approved procedures
- security requirements
- financial controls
- applicable law

## 43.3 Audit Independence

Internal audit should have direct access to the board Audit and Risk Committee.

## 43.4 Corrective Action

Findings should receive:

- Owner
- deadline
- evidence
- verification
- closure
- escalation

## 43.5 External Audit

Use qualified external audit for:

- Financial statements
- security
- governance
- standards process
- quality systems

## 43.6 Management Review

Leadership should review:

- Performance
- risks
- incidents
- audit
- complaints
- resources
- competence
- independence

## 43.7 Quality Records

Preserve records sufficient to reconstruct material institutional decisions.

---

# 44. Emergency and Crisis Governance

## 44.1 Emergency Types

- Security breach
- task-bank compromise
- major AI incident
- legal injunction
- loss of critical funding
- infrastructure failure
- misconduct
- public misinformation
- geopolitical disruption

## 44.2 Emergency Authority

Emergency authority may permit:

- Access suspension
- publication delay
- protocol suspension
- registry warning
- temporary operational changes
- evidence preservation

## 44.3 Limits

Emergency authority should not permit permanent:

- Mission change
- elimination of appeal
- undisclosed censorship
- standards adoption
- board entrenchment
- transfer of assets

## 44.4 Emergency Record

Record:

- Trigger
- authority
- action
- evidence
- duration
- affected rights
- review
- termination

## 44.5 Review

An independent or board-level review should occur after immediate control.

## 44.6 Public Notice

Publish a safe summary when the emergency affects public reliance.

---

# 45. Failure Recovery, Succession, and Dissolution

## 45.1 Institutional Failure Types

- Mission drift
- founder capture
- corporate capture
- political capture
- donor dependency
- standards failure
- evaluator misconduct
- security breach
- financial insolvency
- public trust collapse
- obsolete mission
- leadership failure

## 45.2 Recovery Tools

- Leadership change
- board reconstitution
- independent review
- function suspension
- standards withdrawal
- funding firewall
- legal restructuring
- transfer of registry
- external administration
- merger
- dissolution

## 45.3 Succession

Maintain:

- Leadership succession
- protocol stewardship succession
- registry continuity
- key-person risk controls
- documentation
- emergency access

## 45.4 Canonical Asset Ownership

The institution, not an individual founder, should own or control:

- Domains
- canonical files
- registries
- trademarks
- protocol identifiers
- institutional records

subject to legal formation and licensing arrangements.

## 45.5 Function Transfer

If the institution cannot perform a critical function, transfer it to a competent mission-aligned institution under documented conditions.

## 45.6 Dissolution Trigger

Possible triggers:

- Insolvency
- inability to fulfill mission
- sustained governance failure
- legal impossibility
- merger into a stronger public-interest institution
- supermajority decision after independent review

## 45.7 Asset Transfer

Mission assets should transfer to compatible nonprofit or public-interest institutions.

## 45.8 Record Preservation

Preserve:

- Standards
- corrections
- public decisions
- version history
- research
- institutional lessons

---

# 46. Institutional Transition Stages

## Stage 0: Independent Foundational Project

Functions:

- Canonical documents
- research
- concept development
- source mapping
- early public communication

Authority:

- Research and publication only

Transition requirements:

- Coherent library
- identity control
- funding disclosure
- correction process

## Stage 1: Organized Research Initiative

Functions:

- Research programs
- advisory network
- contributor process
- project registry
- external review

Authority:

- Research coordination

Transition requirements:

- Basic governance
- conflict rules
- research methodology
- security controls
- financial records

## Stage 2: Nonprofit Research Institute

Functions:

- Staff
- grants
- research partnerships
- protocol pilots
- incident research
- public registries

Authority:

- Organizational and research authority

Transition requirements:

- Legal entity
- board
- mission lock
- audited finances
- institutional policies
- independent review

## Stage 3: Protocol Steward and Pilot Convener

Functions:

- Versioned protocols
- held-out infrastructure
- multi-evaluator pilots
- proficiency studies
- interoperability pilots

Authority:

- Protocol and pilot process authority

Transition requirements:

- Security
- evaluator competence
- quality system
- appeals
- external audit
- public limitations

## Stage 4: Standards-Development Organization

Functions:

- Formal work program
- committees
- public comment
- consensus
- standards publication
- maintenance

Authority:

- Standards-process authority within the institution

Transition requirements:

- Balanced participation
- standards governance
- public comment
- appeals
- WTO and recognized standards-principle alignment
- external process review

## Stage 5: Assurance-Ecosystem Institution

Functions:

- Evaluator standards
- proficiency testing
- registries
- scheme development
- recognition
- cooperation with accreditation bodies

Authority:

- Technical scheme and recognition authority as defined

Transition requirements:

- Mature methods
- market analysis
- independent oversight
- no pay-to-play recognition
- international cooperation

## Stage 6: Formally Recognized Network or Institution

Possible functions:

- Government or procurement recognition
- international recognition
- formally adopted standards
- recognized scheme ownership
- treaty or public-institution liaison

Authority:

- Only authority explicitly granted

Transition requirements:

- Legal mandate
- competence
- legitimacy
- international representation
- external governance review
- project-identity amendment

## 46.1 No Automatic Progression

The stages are not a promise.

The institution may remain at an earlier stage.

## 46.2 Partial Progression

One function may mature faster than another.

Example:

Standards development may mature while certification remains inappropriate.

## 46.3 Regression

The institution should move backward or suspend a function after failure.

---

# 47. Formation and Implementation Plan

## Phase 1: Constitutional Preparation

Complete:

- `GOVERNANCE_FRAMEWORK.md`
- `STANDARDS_DEVELOPMENT_PROCESS.md`
- `CONTRIBUTOR_FRAMEWORK.md`
- `TRANSPARENCY_FRAMEWORK.md`
- `PARTNERSHIP_PRINCIPLES.md`
- `LONG_TERM_ROADMAP.md`

Prepare:

- Draft charter
- authority map
- conflict policy
- funding policy
- security plan
- correction policy

## Phase 2: Advisory Formation

Recruit a bounded advisory network with competence in:

- Evaluation science
- standards
- conformity assessment
- governance
- public interest
- international cooperation
- security

Publish roles and conflicts.

## Phase 3: Legal Options Study

Compare jurisdictions and structures.

Produce:

- Legal memorandum
- cost analysis
- governance comparison
- tax and funding analysis
- data and security analysis
- international operations analysis

## Phase 4: Initial Board Formation

Use:

- Open or structured nomination
- competence matrix
- independence analysis
- founder-transition rules
- public biographies
- term limits

## Phase 5: Nonprofit Formation

Establish:

- Legal entity
- banking
- accounting
- insurance
- employment
- contracts
- intellectual-property ownership
- domain and record ownership

## Phase 6: Core Operational Policies

Adopt:

- Research
- evidence
- conflicts
- security
- records
- whistleblowing
- funding
- procurement
- publication
- correction
- data protection

## Phase 7: First Integrated Pilot

Use the Frontier Evaluation Integrity and Assurance Pilot described in `FOUNDATIONS_APPENDIX.md`.

## Phase 8: External Institutional Review

Commission independent review of:

- Governance
- competence
- security
- public claims
- standards readiness
- funding

## Phase 9: Standards-Process Pilot

Run one public standards-development exercise without implying formal external recognition.

## Phase 10: Transition Decision

Determine whether the institution is ready to become a formal standards-development organization.

---

# 48. First Twenty-Four-Month Institutional Work Program

## Months 1 to 3

- Complete canonical institutional files
- establish project register
- establish source and version control
- publish authority boundaries
- draft advisory charters
- map partners and conflicts

## Months 4 to 6

- Recruit advisory network
- conduct legal-form analysis
- conduct funding analysis
- draft governance charter
- draft security and transparency architecture
- begin protocol pilot design

## Months 7 to 12

- Form legal entity if approved
- appoint initial board
- hire minimal core staff
- establish accounting and audit
- launch public registry prototype
- conduct first external methodological review
- publish annual institutional report

## Months 13 to 18

- Run multi-party evaluation pilot
- test working-group process
- launch contributor framework
- run evaluator proficiency exercise
- develop international crosswalk
- perform security audit

## Months 19 to 24

- Publish pilot findings
- conduct institutional review
- revise governance
- decide standards-process readiness
- publish funding and participation audit
- define next-stage transition

## 48.1 Minimum Initial Team

A credible initial nonprofit team may include:

- Executive or project director
- research and evaluation lead
- standards and institutional lead
- operations and finance lead
- security and infrastructure support
- research staff
- external legal counsel
- independent reviewers

The exact size should follow funding and scope.

## 48.2 No Premature Scale

Do not build a large institution before:

- Mission
- governance
- quality
- security
- funding
- initial use

are tested.

---

# 49. Institutional Maturity Model

## Level 0: Founder-Dependent Project

Characteristics:

- Personal authority
- informal decisions
- incomplete records
- no independent oversight

## Level 1: Documented Initiative

Characteristics:

- Mission
- canonical files
- public authority limits
- source and version control
- advisory input

## Level 2: Governed Research Organization

Characteristics:

- Legal form
- board
- staff
- conflicts
- financial controls
- research governance
- corrections

## Level 3: Operational Infrastructure Institution

Characteristics:

- Protocols
- registries
- security
- pilots
- multi-party review
- contributor system
- performance reporting

## Level 4: Credible Standards Institution

Characteristics:

- Balanced standards process
- public comment
- consensus and dissent
- maintenance
- external review
- international liaisons

## Level 5: Interoperable Assurance-Ecosystem Institution

Characteristics:

- Evaluator frameworks
- proficiency
- external accreditation relationships
- recognition
- incident exchange
- regional capacity
- public trust

## 49.1 Maturity Rule

Institutional maturity depends on demonstrated operation.

Documents alone do not create maturity.

---

# 50. Consolidated Institutional Failure Register

## 50.1 Ceremonial Institution

Failure:

The institution has boards, councils, and titles without operational competence.

Control:

Mandates, performance, records, and removal.

## 50.2 Authority Inflation

Failure:

Research outputs are presented as official approval.

Control:

Identity rules and public-claim review.

## 50.3 Founder Permanence

Failure:

The founder retains permanent control.

Control:

Term limits, succession, no veto, institutional asset ownership.

## 50.4 Corporate Capture

Failure:

Developers dominate governance and standards.

Control:

Constituency limits, public-interest councils, conflict disclosure.

## 50.5 Government Capture

Failure:

One government controls priorities or findings.

Control:

Funding diversity, international governance, publication independence.

## 50.6 Donor Capture

Failure:

A major donor sets agenda or blocks findings.

Control:

Concentration limits and funding conditions.

## 50.7 Auditor Capture

Failure:

Assurance firms design standards around their services.

Control:

Role balance and separation.

## 50.8 Standards Monopoly

Failure:

The institution rejects equivalent methods to preserve control.

Control:

Performance-based requirements and interoperability.

## 50.9 Membership Government

Failure:

Large fee-paying members purchase decision power.

Control:

No direct fee-to-vote relationship and constituency balancing.

## 50.10 Participation Theater

Failure:

Public comments are collected but do not influence work.

Control:

Comment disposition and participation-impact review.

## 50.11 Security Secrecy

Failure:

Security becomes a reason to hide weak governance.

Control:

Public minimum and independent confidential review.

## 50.12 Transparency Recklessness

Failure:

Sensitive evidence is released to signal openness.

Control:

Classification and responsible disclosure.

## 50.13 Standards Proliferation

Failure:

The institution creates documents for relevance rather than need.

Control:

New-work criteria and retirement.

## 50.14 Certification Prematurity

Failure:

A badge is launched before requirements and surveillance are mature.

Control:

Readiness gates and external review.

## 50.15 Evaluation Service Conflict

Failure:

Paid clients shape standards or findings.

Control:

Financial and operational separation.

## 50.16 International Tokenism

Failure:

International participants are included without influence.

Control:

Regional decision roles and capacity funding.

## 50.17 Incumbent Entrenchment

Failure:

Requirements are affordable only to large laboratories.

Control:

Competition review and proportional pathways.

## 50.18 Mission Drift

Failure:

The institution becomes a consulting, media, or lobbying organization detached from core purpose.

Control:

Mission tests and portfolio review.

## 50.19 Obsolete Institution

Failure:

The organization persists after its functions are better performed elsewhere.

Control:

External evaluation, transfer, merger, dissolution.

## 50.20 Appeal Capture

Failure:

Appeals are decided by the original authority.

Control:

Independent Appeals and Review Panel.

---

# 51. Serious Objections and Responses

## Objection 1: The ecosystem already has enough institutions

The ecosystem has many institutions.

The design gap remains in the integration of frontier evaluation, held-out evidence, independent review, evaluator competence, progressive standards, incentives, and interoperability.

Standards Body should proceed only where it adds distinct value.

## Objection 2: A nonprofit lacks authority

A nonprofit lacks inherent regulatory authority.

It can still create:

- Research
- standards
- protocols
- registries
- coordination
- contractual infrastructure

Formal authority should remain with authorized bodies.

## Objection 3: Multistakeholder governance produces lowest-common-denominator standards

It can.

Controls include:

- Evidence thresholds
- technical councils
- public dissent
- independent review
- advanced profiles
- no requirement for universal agreement

## Objection 4: Industry participation creates capture

Excluding developers can reduce access and implementation quality.

The answer is constrained participation, not blind trust or total exclusion.

## Objection 5: Government participation politicizes the institution

Government participation can create political pressure.

It also provides public mandate, legal knowledge, and enforcement connection.

No government should control the institution.

## Objection 6: Separation of functions creates inefficiency

Separation creates cost.

It also prevents conflicts that can invalidate the entire system.

Shared infrastructure and coordination can reduce unnecessary duplication.

## Objection 7: International governance is too slow

Global consensus can be slow.

Use a common core, optional profiles, regional implementation, and rapid provisional outputs.

## Objection 8: Open standards cannot fund the institution

Funding can combine grants, services, training, membership, and infrastructure.

Core public-interest access should not depend entirely on document sales.

## Objection 9: No institution can remain independent of funders and access providers

Complete independence is impossible.

The goal is governed dependence with:

- Diversification
- disclosure
- publication rights
- conflict management
- alternatives

## Objection 10: The project is too early for institutional design

Early design is necessary to prevent later improvisation.

The design should remain provisional in organizational details and strict in authority boundaries.

---

# 52. Institutional Design Scorecard

| Dimension | Core question |
|---|---|
| Mission | Is the public-interest mission clear and locked? |
| Authority | Are present and future powers bounded? |
| Function | Are necessary functions identified? |
| Separation | Are incompatible functions separated? |
| Legal form | Does the form support mission, independence, and continuity? |
| Board | Is the board competent, plural, independent, and term-limited? |
| Founder | Can the institution outlive the founder without permanent control? |
| Executive | Is operational authority supervised and bounded? |
| Councils | Do technical and public-interest bodies have real mandates? |
| Working groups | Are groups chartered, balanced, recorded, and time-limited? |
| Membership | Does membership create participation without pay-to-govern? |
| Participation | Can affected and under-resourced actors influence outcomes? |
| Decisions | Are decision rights, evidence, dissent, and appeals documented? |
| Standards | Is the standards process open, evidence-based, and maintainable? |
| Evaluation | Are protocol and evaluation conflicts controlled? |
| Assurance | Are testing, audit, certification, and accreditation distinct? |
| Enforcement | Is legal authority left to authorized bodies? |
| Incidents | Can incidents update protocols and standards? |
| Registries | Are status, scope, version, and correction visible? |
| Transparency | Is governance public? |
| Confidentiality | Is sensitive evidence protected proportionately? |
| Conflicts | Are financial, client, intellectual, and political conflicts managed? |
| Funding | Is funding diversified and noncontrolling? |
| Staffing | Does the institution possess or access required competence? |
| Security | Can the institution handle protected evidence safely? |
| International | Is participation plural, multilingual, and nonhegemonic? |
| Competition | Does the design avoid monopoly and incumbent entrenchment? |
| Appeals | Are consequential decisions reviewable independently? |
| Performance | Are outcomes measured beyond institutional activity? |
| Audit | Are internal and external quality controls present? |
| Emergency | Are emergency powers limited and reviewable? |
| Failure recovery | Can functions be suspended, transferred, or dissolved? |
| Transition | Are institutional stages explicit and evidence-based? |

## 52.1 Critical Failures

The following normally prevent transition into a formal standards or assurance role:

- No legal entity or accountable owner
- founder veto or permanent control
- one constituency controls governance
- funder control over findings
- no conflict policy
- no standards appeals
- no security for protected evidence
- no public authority disclaimer
- standards, certification, and accreditation collapsed
- paid recognition
- no correction or withdrawal process
- no independent financial oversight
- no succession
- no institutional performance review

## 52.2 No Composite Institutional Rating

Do not average the scorecard into one universal rating.

A critical governance failure cannot be offset by technical competence elsewhere.

---

# 53. Institutional Charter Template

**Institution name:**  
**Legal form:**  
**Jurisdiction:**  
**Version:**  
**Effective date:**  

## Mission

## Public-Interest Purpose

## Functions

## Prohibited Functions

## Authority and Limits

## Governing Bodies

## Board Composition and Terms

## Executive Authority

## Standards Authority

## Evaluation Authority

## Assurance Relationships

## Funding Principles

## Conflicts and Recusal

## Transparency and Confidentiality

## Participation and Membership

## Appeals and Complaints

## Security

## International Cooperation

## Amendment

## Succession

## Dissolution and Asset Transfer

---

# 54. Institutional Function Allocation Template

| Function | Primary owner | Reviewer | Appeal body | Funding source | Public status | Separation requirement |
|---|---|---|---|---|---|---|
| Research | | | | | | |
| Protocol development | | | | | | |
| Task custody | | | | | | |
| Evaluation | | | | | | |
| Independent review | | | | | | |
| Standards development | | | | | | |
| Certification | | | | | | |
| Accreditation | | | | | | |
| Enforcement | | | | | | |
| Registry | | | | | | |
| Incident response | | | | | | |

---

# 55. Institutional Transition Decision Template

**Current stage:**  
**Proposed stage:**  
**Decision owner:**  
**Date:**  

## Proposed New Functions

## Authority Requested

## Public-Interest Need

## Evidence of Competence

## Governance Readiness

## Funding Readiness

## Security Readiness

## Participation and Legitimacy

## Conflict Analysis

## Legal Analysis

## International Impact

## Alternatives

## Risks

## Independent Review

## Public Comment

## Decision

- Approve
- approve with conditions
- pilot
- defer
- reject

## Required Identity Amendments

## Review Date

---

# 56. Funding Independence Review Template

**Fiscal period:**  
**Reviewer:**  

## Revenue by Source

## Largest Funders

## Concentration

## Restricted Funding

## Related Parties

## Client Revenue

## Membership Revenue

## Standards and Service Revenue

## Conditions and Publication Rights

## Conflicts

## Reserves

## Diversification Plan

## Independence Conclusion

---

# 57. Canonical Standards Body Institutional Positions

Standards Body adopts the following working positions.

1. Institutional design should follow function, incentives, legitimacy, and failure analysis.

2. Technical proposals require an institutional home.

3. No single institution should control standards, evaluation, certification, accreditation, enforcement, and appeals.

4. The preferred architecture is plural and interoperable.

5. The preferred core form is an independent nonprofit public-interest technical and standards institution.

6. Government and international institutions remain essential partners.

7. Developers should participate without controlling the institution.

8. Evaluators and assurance firms should participate without controlling standards.

9. Funders should not receive governance control solely through funding.

10. Membership should not purchase favorable treatment or authority.

11. The founder should not possess permanent institutional control.

12. Governing-board terms should be limited and staggered.

13. No single constituency should hold more than one third of governing-board votes.

14. Technical and public-interest legitimacy should both be represented.

15. Advisory bodies should have real mandates or should not be created.

16. Standards working groups should be chartered, balanced, recorded, and sunsetted.

17. Consensus is broad agreement after addressing substantial objections, not unanimity.

18. Material dissent should remain visible.

19. Core public-interest standards should be accessible.

20. Existing standards should be adopted or mapped where appropriate.

21. Standards Body may steward protocols without monopolizing evaluation.

22. Consequential external evaluation requires independence controls.

23. Paid evaluation should be separated from standards and recognition decisions.

24. Standards Body should initially develop evaluator frameworks rather than accredit evaluators.

25. Standards Body should initially avoid broad AI certification.

26. Formal certification and accreditation should ordinarily be performed by separate competent bodies.

27. Legal enforcement belongs to authorized public institutions.

28. Registries should make scope, version, status, expiry, and correction visible.

29. Security and transparency should coexist.

30. Confidentiality should not conceal invalid evidence or conflicts.

31. Funding concentration should decline as the institution matures.

32. No outcome-dependent funding is acceptable.

33. The institution should maintain sufficient reserves for publication independence and crisis.

34. Staff should have protected channels for dissent and integrity concerns.

35. International participation should be multilingual and regionally meaningful.

36. International does not mean universally representative.

37. Standards should preserve competition and functional alternatives.

38. Small actors and open ecosystems require practical access pathways.

39. Appeals should be independent of original decision makers.

40. Whistleblowers and good-faith incident reporters should be protected within institutional scope.

41. Institutional success should be measured through evidence quality and improved decisions.

42. The institution should publish failures and corrections.

43. Emergency power should be narrow, temporary, and reviewed.

44. Critical functions should have succession and transfer plans.

45. Institutional assets should not remain personally controlled by founders.

46. Dissolution and mission-aligned asset transfer should be defined.

47. Institutional transitions should require competence, governance, legal review, security, and public-interest justification.

48. No stage transition is automatic.

49. A function may be suspended or moved backward after failure.

50. Standards Body should remain capable of deciding that it should not become the final institution for a given function.

---

# 58. Relationship to Other Canonical Files

## `PROJECT_IDENTITY.md`

Defines present status, mission, public role, and authority boundaries.

This document cannot expand present authority by implication.

## `PROJECT_MANIFESTO.md`

Defines the deeper purpose and institutional ambition.

## `FOUNDATIONS.md`

Defines the eight technical and institutional foundations.

## `FOUNDATIONS_APPENDIX.md`

Integrates the foundations into an end-to-end institutional system.

## `TERMINOLOGY.md`

Defines institutional, standards, assurance, certification, accreditation, and authority terms.

## `EVIDENCE_STANDARDS.md`

Defines the evidence needed for institutional claims and decisions.

## `RESEARCH_METHODOLOGY.md`

Governs research programs and institutional-design studies.

## `TAXONOMY.md`

Classifies organizations, roles, authority, standards, assurance, incidents, and decisions.

## `EVALUATION_PHILOSOPHY.md`

Defines the evaluation worldview the institution should operationalize.

## `GOVERNANCE_FRAMEWORK.md`

Will define detailed decision rights, board processes, committees, recusals, and accountability.

## `STANDARDS_DEVELOPMENT_PROCESS.md`

Will define the complete standards lifecycle.

## `EVALUATOR_ACCREDITATION_FRAMEWORK.md`

Will define evaluator competence, scopes, recognition, proficiency, surveillance, and accreditation relationships.

## `CONTRIBUTOR_FRAMEWORK.md`

Will define contributor participation, credit, conduct, and removal.

## `TRANSPARENCY_FRAMEWORK.md`

Will define disclosure classes, records, reports, and confidential review.

## `PARTNERSHIP_PRINCIPLES.md`

Will define partnership approval, claims, funding, and exit.

## `LONG_TERM_ROADMAP.md`

Will convert institutional stages into a strategic sequence.

---

# 59. Final Institutional Position

Frontier AI standards cannot become credible through documents alone.

They require institutions capable of:

- Maintaining methods
- protecting evidence
- assembling expertise
- hearing dissent
- managing conflicts
- coordinating evaluators
- correcting error
- supporting international use
- accepting that some authority belongs elsewhere

The greatest institutional risk is not weakness alone.

It is concentrated power disguised as technical neutrality.

An organization that writes the standard, sells the evaluation, issues the certificate, accredits itself, controls the registry, hears its own appeals, and influences enforcement may appear efficient.

It is not institutionally credible.

The better architecture is layered.

Research develops knowledge.

Standards processes convert mature knowledge into shared requirements.

Independent evaluators produce evidence.

Certification bodies make scoped conformity decisions.

Accreditation bodies assess competence.

Governments and authorized institutions determine legal consequences.

Registries preserve status.

Appeals correct error.

International networks make evidence portable.

Standards Body should seek to become the institution that makes these layers coherent without trying to own all of them.

Its success should not be measured by how much authority it accumulates.

It should be measured by whether frontier AI claims become:

- More precise
- more current
- more independently reviewable
- more secure
- more interoperable
- more accountable
- easier to correct

The defining institutional rule is:

> **Build shared infrastructure, separate conflicting powers, earn authority through competence and process, and preserve the ability of others to challenge, replace, or outgrow the institution.**

---

# References and Research Basis

[^iso-about]: International Organization for Standardization, **About ISO** and **Structure and Governance**. https://www.iso.org/about and https://www.iso.org/structure.html

[^iso-directives]: International Organization for Standardization and International Electrotechnical Commission, **ISO/IEC Directives, Part 1, Procedures for the Technical Work**. https://www.iso.org/sites/directives/current/consolidated/index.html

[^iec-ca]: International Electrotechnical Commission, **Conformity Assessment** and **What Is Conformity Assessment?** https://www.iec.ch/conformity-assessment and https://www.iec.ch/conformity-assessment/what-conformity-assessment

[^iec-types]: International Electrotechnical Commission, **Types of Conformity Assessment**. https://www.iec.ch/conformity-assessment/types-conformity-assessment

[^wto-principles]: World Trade Organization, **Principles for the Development of International Standards, Guides and Recommendations**. https://www.wto.org/english/tratop_e/tbt_e/principles_standards_tbt_e.htm

[^wto-code]: World Trade Organization, **TBT Agreement, Annex 3, Code of Good Practice for the Preparation, Adoption and Application of Standards**. https://www.wto.org/english/docs_e/legal_e/17-tbt_e.htm

[^caisi]: National Institute of Standards and Technology, **Center for AI Standards and Innovation**. https://www.nist.gov/caisi

[^nist-consortium]: National Institute of Standards and Technology, **NIST AI Consortium**, expanded and renamed in 2026. https://www.nist.gov/artificial-intelligence/nist-ai-consortium

[^nist-a119]: National Institute of Standards and Technology, **Key Federal Law and Policy Documents, NTTAA and OMB Circular A-119**. https://www.nist.gov/standardsgov/key-federal-law-and-policy-documents-nttaa-omb-119

[^eu-office]: European Commission, **European AI Office**. https://digital-strategy.ec.europa.eu/en/policies/ai-office

[^eu-governance]: European Commission, **Governance and Enforcement of the AI Act**. https://digital-strategy.ec.europa.eu/en/policies/ai-act-governance-and-enforcement

[^eu-panel]: European Commission, **AI Act Scientific Panel**, launched June 2026. https://digital-strategy.ec.europa.eu/en/policies/ai-scientific-panel

[^haip-v2]: OECD.AI, **OECD Launches Hiroshima AI Process Reporting Framework 2.0**, May 29, 2026. https://oecd.ai/en/haip-2-launch

[^coe-convention]: Council of Europe, **Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law**. https://www.coe.int/en/web/artificial-intelligence/the-framework-convention-on-artificial-intelligence

[^global-aci]: Global Accreditation Cooperation Incorporated, **Launch Unifies International Accreditation Organizations and Strengthens Worldwide Trust**, January 1, 2026. https://iaf.news/2026/01/01/global-accreditation-cooperation-incorporated-launch-unifies-international-accreditation-organizations-and-strengthens-worldwide-trust/

[^itu-exchange]: International Telecommunication Union, ISO, and IEC, **International AI Standards Exchange**. https://aiforgood.itu.int/ai-standards/

[^itu-joint]: International Telecommunication Union, **Key International Organizations Align on AI Standards**, December 2, 2025. https://www.itu.int/hub/2025/12/key-international-organizations-align-on-ai-standards/

[^oecd-regulatory]: OECD, **Regulatory Policy Outlook 2025**, including stakeholder engagement and ex-post evaluation. https://www.oecd.org/en/publications/oecd-regulatory-policy-outlook-2025_56b60e39-en.html

[^iso-37000]: International Organization for Standardization, **ISO 37000, Governance of Organizations, Guidance**. https://committee.iso.org/ISO_37000_Governance

---

# Revision Record

## Version 1.0

**Date:** July 17, 2026

**Change type:** Complete foundational edition

**Summary:** Establishes the canonical integrated institutional blueprint for Standards Body. Defines the institutional context, required functions, non-functions, six organizational models, preferred hybrid nonprofit and distributed-network architecture, present-stage limits, legal form, mission, mandate, authority, constitutional principles, governing bodies, board design, executive secretariat, councils, working groups, membership, representation, decisions, separation of powers, standards development, evaluation, independent review, assurance, accreditation and certification relationships, enforcement, incidents, registries, transparency, conflicts, funding, staffing, security, international coordination, partnerships, public interest, small-actor access, appeals, performance, audit, crisis governance, failure recovery, transition stages, implementation, maturity, failure modes, objections, scorecard, templates, canonical positions, and research basis.

**Status:** Approved foundational source.
