Executive summary
The rapid escalation of frontier artificial intelligence capabilities has pushed the global debate surrounding AI governance past abstract ethical principles and into concrete legislative and regulatory design. Within a highly compressed window in mid-2026, the three primary American frontier developers — Google, OpenAI, and Anthropic — released distinct corporate policy and governance proposals.[1]Link to footnote[2]Link to footnote[4]Link to footnote
All three converge on a risk-based, frontier-model governance paradigm that emphasizes transparency, independent evaluation, and security — but they differ sharply on how much formal power governments should hold and how far industry self-regulation should go. Anthropic pushes for a relatively hard-edged federal regime with explicit blocking authority; Google for an industry-funded FARO self-regulator under federal oversight; and OpenAI for a compliance-oriented framework that maps its existing practices onto emerging laws like California's TFAIA and the EU AI Act.[1]Link to footnote[2]Link to footnote[3]Link to footnote[4]Link to footnote[5]Link to footnote
Critically, all three now position their frameworks as complementary to, not substitutes for, government law — a shift from purely voluntary frontier safety frameworks toward hybrid regimes where company policies dovetail with statutory obligations. OpenAI's document is explicitly framed as a governance artifact mapping practice onto California's TFAIA and the EU AI Act; Anthropic's Advanced AI Framework is written for US federal legislation and argues that federal law should at least match its strength; and Google presents its white paper as input into federal policy debates, building on DeepMind's existing Frontier Safety Framework.[4]Link to footnote[5]Link to footnote[10]Link to footnote[1]Link to footnote
Beneath shared risk definitions lie fundamental disagreements on institutional architecture, state versus federal authority, and whether frontier development should pause — or accelerate.
Governance positioning matrix (mid-2026 proposals)
Policy brief (for EU and US regulators)
This section distills the full analysis into a short, neutral brief for regulators in the European Union and the United States. It assumes familiarity with the EU AI Act's systemic-risk GPAI regime and emerging US frontier AI legislation but avoids country-specific jargon.
-
Core consensus (EU + US): Frontier or "advanced" foundation models are increasingly treated as systemic-risk systems that warrant special governance, including independent technical evaluation, incident reporting, and baseline security obligations.[2]Link to footnote[3]Link to footnote[4]Link to footnote The EU AI Act mandates GPAI providers to cooperate with the EU AI Office and its Scientific Panel on systemic-risk models. In the US, California's TFAIA (SB 53), draft federal bills such as the Great American AI Act, and the June 2026 executive order on Promoting Advanced AI Innovation and Security all converge on independent evaluation and pre-release security review.[3]Link to footnote[8]Link to footnote[13]Link to footnote
-
Institutional choices now on the table: Anthropic proposes a designated federal Agency empowered to enforce obligations on frontier developers (evaluations, risk reports, security programs) and, in severe cases, block or restrict deployment of models with significant catastrophic risk.[2]Link to footnote Google advocates a Frontier AI Regulatory Organization (FARO), an industry-funded self-regulatory body under federal oversight that would set standards and coordinate audits, modeled on existing SROs like NERC or FINRA.[1]Link to footnote OpenAI offers a Frontier Governance Framework that maps its internal Preparedness and safety practices onto California's TFAIA and EU AI Act requirements, without proposing a new regulator.[4]Link to footnote
-
Main technical and governance gaps (confirmed by academic work): Frontier safety policies across labs remain prevention-heavy and coordination-light: they focus on evaluations and usage constraints but under-specify cross-actor coordination, crisis response, and robustness under adversarial conditions.[2]Link to footnote[80]Link to footnote Deployment gates and shutdown criteria are rarely formalized in public: how quantitative eval results trigger binding decisions (pauses, recalls, roll-backs) is largely left to internal judgment.[14]Link to footnote[80]Link to footnote Global equity and governance capacity in lower-capacity jurisdictions are under-addressed, despite evidence that risks and regulatory capabilities are unevenly distributed.[79]Link to footnote[17]Link to footnote
-
Near-term implementable levers for EU and US authorities:
- Codify independent technical evaluation for systemic-risk frontier models, including evaluator accreditation, conflict-of-interest rules, and minimum access rights to models and unredacted risk reports — aligned with the EU AI Office Scientific Panel and US executive-order pre-release review.[3]Link to footnote[8]Link to footnote[81]Link to footnote
- Mandate frontier AI frameworks and periodic risk reporting (e.g., six-monthly comprehensive risk reports and system cards for major releases), with clear expectations on bio, cyber, loss-of-control, and harmful-manipulation risks.[1]Link to footnote[2]Link to footnote[4]Link to footnote
- Standardize incident-reporting windows and weight-security baselines, such as a 15-day reporting window for critical safety incidents and minimum security controls for model weights and training infrastructure.[2]Link to footnote[76]Link to footnote
-
Open design questions that require political choice, not just technical input:
- Should systemic-risk frontier models be overseen primarily by a public agency with blocking authority, a co-regulatory SRO like FARO, or a polycentric mix of national regulators and private standards bodies?[2]Link to footnote[1]Link to footnote[81]Link to footnote
- How far should EU-level rules (EU AI Act) and US federal law preempt sub-national rules (Member State law, US states) in the frontier domain, and what minimum criteria must federal or EU-level regimes meet before any preemption is justified?[2]Link to footnote[3]Link to footnote[13]Link to footnote
- What minimum crisis-coordination mechanisms (shared incident taxonomies, escalation pathways, scenario exercises) are needed so that frontier governance does not fail precisely when catastrophic risks materialize?[80]Link to footnote[86]Link to footnote
-
Immediate questions regulators can ask labs today (Anthropic, Google, OpenAI):
- "Show us, in detail, how your evaluation results translate into deployment gates, recalls, and shutdowns for bio, cyber, loss-of-control, and influence-operation risks, and where independent experts are involved in these decisions."
- "Explain your long-term plan for independent evaluation ecosystems: who funds evaluators, who accredits them, how randomization and cooling-off periods prevent evaluator shopping, and how governments can build their own evaluation capacity."
- "Describe your commitments to support regulators and researchers in low-capacity jurisdictions (EU Member States with limited resources, non-OECD countries) so that globally deployed models are not de facto governed only by US and EU federal institutions."
This brief is designed to be pasted directly into internal notes or slide decks for DG CONNECT, the EU AI Office, US federal agencies, or legislative staff, while the rest of the document provides full technical and institutional analysis.
Core similarities and emerging industry consensus
An examination of the three proposals reveals several areas of structural convergence, indicating a maturing consensus on how the private sector believes frontier models should be categorized, monitored, and secured. All three treat frontier or general-purpose models as qualitatively different from ordinary AI systems and accept that they can create catastrophic risks in domains like cyber offense, biological weapons, and loss of control. Anthropic explicitly centers four enumerated catastrophic risk categories — biological weapons, offensive cyber operations, loss of control, and automated R&D in risky domains — while OpenAI's Frontier Governance Framework focuses on cyber offense, CBRN risks, harmful manipulation, and loss of control, and Google's paper highlights frontier capabilities in cyber and CBRN as the primary national-security concern.[2]Link to footnote[4]Link to footnote[1]Link to footnote
Independent observers note that the US and EU now agree frontier models pose systemic risks requiring independent evaluation — a consensus reflected in the EU AI Office's Scientific Panel and the June 2026 US executive order pre-release security review framework.[8]Link to footnote[9]Link to footnote
Shared risk taxonomy
Universal national-security priorities
Statutory alignment
Shaped by bicoastal US and EU law
All three proposals embrace structured risk assessment, transparency reports, incident reporting, and security obligations for frontier developers — aligning closely with the template emerging in US state frontier laws (e.g., California's SB 53) and the EU AI Act's rules for systemic-risk GPAI models. Anthropic proposes safety frameworks, six-monthly risk reports, detailed system cards, critical safety incident reporting within 15 days, independent evaluation, and robust security programs; Google advocates frontier AI frameworks and annual procedural audits overseen by FARO; and OpenAI's framework publicly documents how its existing Preparedness practices satisfy transparency, reporting, and safety expectations in the TFAIA and EU AI Act Code of Practice.[2]Link to footnote[3]Link to footnote[4]Link to footnote[1]Link to footnote
There is also industry-wide acceptance that independent, technically competent evaluation is necessary — labs cannot be the sole judge of their own systems. Anthropic calls for licensed, conflict-free independent evaluators with access to unredacted risk reports and models; Google's FARO would coordinate cross-industry standards and audits by professional firms; and OpenAI's framework explicitly references external expert input, while regulators in both the EU and US are simultaneously building their own independent assessment capacities (EU AI Scientific Panel, US executive-order pre-release testing).[2]Link to footnote[1]Link to footnote[4]Link to footnote[8]Link to footnote[9]Link to footnote
Transition to capability-based scaling
While early regulatory efforts relied heavily on static compute-based thresholds — Google initially uses a 10²⁶ FLOPs placeholder for FARO membership, while Anthropic's covered-developer floor is 10²⁵ FLOPs — all three proposals advocate for rapid transition to dynamic, capability-based standards as post-training optimization allows dangerous capabilities to emerge below historical compute baselines.[1]Link to footnote[2]Link to footnote
Regulatory attention shift: compute triggers → capability benchmarks
Basic governance and regulatory architecture
The baseline structural choices made by each company demonstrate how they seek to position themselves relative to emerging state, federal, and international frameworks.
Basic governance architecture
| Institutional design comparison | ||||
|---|---|---|---|---|
| Issue | OpenAIFGF | AnthropicAdvanced AI Framework | GooglePragmatic approach | |
| Independent standards | Who sets the bar? | Mostly company-defined; outside input optional | Mandatory independent evaluators with publish rights | Company frameworks first; FARO + NIST benchmarks later |
| Governance model | Core architecture | Internal Preparedness + Safety Advisory Group | Designated federal agency with enforcement powers | Industry-funded FARO under federal oversight |
| Regulatory body | New regulator? | Works within CA + EU regimes; no new body | New agency: reports, evals, blocking authority | Private FARO modeled on FINRA / NERC |
| Coverage scope | Who is covered? | TFAIA + EU systemic-risk models deployed externally | >10²⁵ FLOPs AND ($500M AI revenue OR $1B AI R&D) | 10²⁶ FLOPs placeholder → capability-based frontier standard |
Key differences in governance models and corporate risk tolerances
From a safety and governance perspective, the most meaningful divergences are about (a) who holds real power, (b) how enforcement works, and (c) how far the proposals go beyond frontier-model risk into broader societal impacts.[4]Link to footnote[1]Link to footnote[2]Link to footnote
Beneath these shared definitions lie fundamental disagreements regarding institutional architecture, the authority of state versus federal actors, and the commercial limits of regulatory compliance.
Institutional design: co-regulation versus binding agency oversight
Anthropic explicitly proposes giving a designated federal Agency authority to block or deter deployments that pose significant catastrophic risk, with remedies including fines scaled to global revenue, prohibitions on deploying new covered models, and — in extreme cases — requirements to restrict usage or access to already-deployed models.[2]Link to footnote[7]Link to footnote Google's FARO model instead emulates self-regulatory organizations like NERC or FINRA: an industry-funded body writes and enforces binding rules on its members under federal agency supervision, but Google's paper emphasizes procedural audits and compliance attestation more than hard deployment bans, and does not spell out explicit government recall or blocking powers beyond existing national-security programs.[1]Link to footnote[11]Link to footnote OpenAI's Frontier Governance Framework is not a regulatory proposal at all; it describes how OpenAI's internal Preparedness Framework meets existing legal obligations, leaning on incident reporting, internal risk tiers, and cooperation with regulators under emerging laws rather than advocating new statutory blocking authorities.[4]Link to footnote[5]Link to footnote
This tension between self-regulatory organizations and public agencies is also a central focus of Brundage et al. (2025), "A Framework for the Private Governance of Frontier Artificial Intelligence Systems" (arXiv:2504.11501) — a high-profile but not yet peer-reviewed preprint from researchers at OpenAI, the University of Oxford, and the Center for Security and Emerging Technology.[81]Link to footnote They argue for hybrid public–private governance arrangements in which private institutions (such as an SRO like FARO) operate under strong public oversight, and caution that without clear statutory guardrails, such bodies risk regulatory capture and misalignment with public interests — concerns directly relevant to Google's FARO proposal. Brundage et al. further suggest that frontier AI should be governed by a polycentric system of overlapping authorities rather than a single gatekeeper, which implies that Anthropic's single-agency model and Google's FARO-centric design will in practice need to coexist with other national regulators, standard-setting bodies, and international organizations.[81]Link to footnote
Scope, thresholds, and who is covered
Anthropic uses concrete thresholds — models trained with more than 10²⁵ FLOPs plus developers above $500M annual AI revenue or $1B annual AI R&D spend — to define covered developers, combined with an expectation that criteria will evolve toward capability-based thresholds as compute requirements fall.[2]Link to footnote Google suggests that FARO membership should attach when a developer trains a frontier model, initially using the 10²⁶ FLOPs placeholder seen in other regulations but quickly moving toward a capability-based standard focused on facilitating serious cyber or CBRN misuse.[1]Link to footnote OpenAI's coverage is largely inherited from TFAIA and the EU AI Act's GPAI rules; its framework is about how OpenAI will comply with those definitions rather than proposing its own thresholds, reflecting a more reactive stance.[4]Link to footnote[3]Link to footnote[5]Link to footnote
Independent standards, audits, and evaluator shopping
All three affirm independent evaluation and standards, but with different institutional homes. Anthropic wants government-set obligations on developers, a licensed evaluator ecosystem, and eventually government capacity to perform core evaluation functions itself; safeguards like randomized evaluator assignment and cooling-off periods are meant to prevent evaluator shopping.[2]Link to footnote[12]Link to footnote Google's FARO would sit at the center of the standards universe, maintaining evaluation benchmarks alongside NIST, ANSI, and ISO, coordinating procedural and later substantive audits, and seeking reciprocal recognition across jurisdictions — effectively anchoring standards in a powerful industry-run body.[1]Link to footnote[11]Link to footnote OpenAI, by contrast, positions its FGF as aligning with external standards being set by governments (TFAIA, EU AI Act Code of Practice), and mentions external expert input but does not propose new independent institutions beyond what law already requires.[4]Link to footnote[5]Link to footnote[6]Link to footnote
Preemption of subnational and state legislation
Anthropic is explicit that Congress should not broadly preempt state AI law unless a strong federal regime at least matches its framework; any preemption should be surgical, limited to specific frontier functions, not a broad safe harbor. It also calls for anonymous internal reporting channels and whistleblower protections against retaliation.[2]Link to footnote[10]Link to footnote[7]Link to footnote Google's paper is largely silent on preemption and whistleblowers, focusing instead on federal leadership and FARO's relationship with federal agencies and existing sectoral laws.[1]Link to footnote OpenAI tacitly accepts a multi-level governance landscape — mapping onto California's TFAIA and the EU AI Act — without taking public positions on US federal preemption debates; it aligns with emerging federal drafts such as the Great American AI Act, which experiments with limited preemption, independent verification organizations, and whistleblower protections but stops short of full licensing or mandatory pre-clearance.[4]Link to footnote[5]Link to footnote[13]Link to footnote
Societal resilience versus widely deployed AI policy
Anthropic devotes the second half of its framework to societal resilience, proposing cross-government investments in biosurveillance, gene-synthesis screening, microbial forensics, open-source and legacy software hardening, AI-enabled breach remediation, and strategic reserves of operational-technology hardware to cope with AI-accelerated bio and cyber threats.[2]Link to footnote Google instead offers a package of policy proposals for widely deployed AI below the frontier: workforce skilling and unemployment modernization, stringent child-safety rules for chatbots, major grid and data-center investments, provenance and watermarking (SynthID, C2PA) for information integrity, copyright/value-exchange mechanisms, and evolving privacy standards.[1]Link to footnote OpenAI's FGF largely stays within the frontier-model safety lane and does not attempt a full treatment of workforce, copyright, or infrastructure policy; those questions are addressed elsewhere in OpenAI's public communications and products.[4]Link to footnote[6]Link to footnote
The recursive self-improvement and pause debate
Anthropic's June 2026 paper "When AI builds itself" sounds alarms over recursive self-improvement and proposes a globally coordinated, verifiable pause if other major developers participate — framed within its broader Policy on the AI Exponential.[2]Link to footnote[10]Link to footnote Neither Google nor OpenAI supports a developmental pause. Google rejects developmental freezes in its white paper; OpenAI's FGF focuses on compliance mapping rather than developmental moratoria.[1]Link to footnote[4]Link to footnote
OpenAI
Compliance artifact
Anthropic
Federal law + resilience
Dual track
Catastrophic risks and capability thresholds
How each framework conceptualizes catastrophic thresholds reveals underlying tolerance for existential and systemic risk.
Catastrophic risk definitions and coverage
| Risk taxonomy comparison | ||||
|---|---|---|---|---|
| Issue | OpenAI | Anthropic | ||
| Catastrophic threshold | Numeric definition | >50 fatalities or >$1B damage (single incident) | Material contribution to significant death, injury, or damage | No numeric threshold; evidence-based capability standards |
| Cyber offense | Tiering detail | Three tiers: public resources → hardened autonomous exploit | Enumerated + broad cyber resilience measures | Scientific benchmarks for cyber capability testing |
| CBRN | National-security focus | Detailed CBRN tiering; nuclear hard to assess outside classified contexts | Biological weapons enumerated; gene-synthesis screening, biosurveillance | Cyber and CBRN as two main frontier benchmark domains |
| Loss of control | Explicit category? | Three-tier scheme: autonomy, deception, evasion | Enumerated; deceptive subversion = critical incident | Not major explicit category in frontier section |
| Harmful manipulation | Election / influence ops | Explicit category; post-deployment monitoring focus | Not one of four enumerated frontier risks | Information integrity for widely deployed AI only |
| Automated R&D risk | Self-improving research | Not separately enumerated | Explicit enumerated risk category | Not separately enumerated |
AI task horizons and governance windows (days)
Anthropic
RSP v3.1 — 6-mo evals; 3–6-mo risk reports; 30-day risk disclosure; annual audit
OpenAI
FGF, May 2026 — 12-mo assessment; 30-day material updates; statutory incident deadlines
Google DeepMind
Frontier Safety Framework v3.1 — annual review; pre-release CCL gates; no fixed incident window
METR's 2026 evaluations show frontier agent task horizons already measured in hours (~2h 17m for GPT-5), with 5-day autonomous tasks projected by April 2028 — a capability curve doubling roughly every seven months. Against that pace, governance windows diverge: Anthropic's RSP v3.1 commits to 6-monthly evaluations, 3–6-monthly risk reports, and 30-day risk disclosures; OpenAI's FGF aligns with 12-month assessments and statutory incident deadlines; Google's FSF v3.1 relies on annual reviews and event-driven pre-release gates without fixed incident timelines.[2]Link to footnote[4]Link to footnote[22]Link to footnote Anthropic's separate Advanced AI Framework additionally proposes a 15-day federal critical-incident reporting window — tighter than its current RSP operational commitments.[2]Link to footnote
Technical and structural critique: omissions, weaknesses, and gaps
Comparative analyses of frontier safety frameworks — including the International AI Safety Report 2026 and AIGL's comparative analysis — find that documents from Anthropic, OpenAI, and Google DeepMind remain weak on explicit criteria linking evaluation results to deployment or shutdown decisions, despite sophisticated threat modeling and incident channels.[14]Link to footnote[16]Link to footnote
The International AI Safety Report 2026 and AIGL's comparative analysis are multi-stakeholder policy reports and expert blog analyses rather than peer-reviewed academic articles; they nevertheless synthesize practices across labs and regulators and highlight similar weaknesses in explicit deployment criteria and systemic-risk treatment.[14]Link to footnote[16]Link to footnote By contrast, Mengesha (2026), in a peer-reviewed conference paper also available as a preprint titled "The coordination gap in frontier AI safety policies" (arXiv:2603.10015), finds that current frontier AI safety policies across major labs focus heavily on preventing misuse (capability evaluations, deployment gates, usage constraints) while systematically neglecting institutional coordination capacity and robustness under adversarial conditions.[80]Link to footnote This supports the claim that the Anthropic, OpenAI, and Google proposals remain weak on explicit criteria linking evaluation results to binding deployment or shutdown decisions.
Critical gaps by proposer
Technology governance literature cross-check
From a policy analyst's view, none of the three proposals fully grapples with global equity and the needs of low-capacity regulators — despite clear evidence that AI risk and governance capacity are uneven across regions.[17]Link to footnote[18]Link to footnote OECD work on Adopting and Governing AI in the Public Sector (OECD Digital Government Studies) and subsequent policy briefs on global AI governance highlight that governance capacity and risk exposure are deeply uneven across regions, and that many low- and middle-income countries lack the institutional infrastructure to implement complex frontier-model regimes.[18]Link to footnote Academic and policy literature on global AI governance similarly argues that US-centric and EU-centric frameworks must be complemented by targeted support for regulators in regions with limited technical and financial resources — including the not yet peer-reviewed preprint "Governing AI Beyond the Pretraining Frontier" (arXiv:2502.15719).[17]Link to footnote[79]Link to footnote None of the three corporate proposals provides a detailed plan for such capacity-building, which represents a significant omission given their models' global deployment.
Deployment gates, evaluations, and auditing
The operational mechanisms proposed to gate and verify a model's safety before public deployment exhibit varying levels of independent scrutiny and statutory teeth. Anthropic's safeguards — randomized evaluator assignment and cooling-off periods — are designed to prevent evaluator shopping, a concern documented in recent academic work.[2]Link to footnote[12]Link to footnote
Deployment gates and audit authority
| Pre-release verification comparison | ||||
|---|---|---|---|---|
| Issue | OpenAI | Anthropic | ||
| Recall authority | Post-release withdrawal | No explicit external recall authority | Remedies to restrict deployed models in extreme cases | No explicit recall; pre-release verification focus |
| Blocking authority | External deployment veto | Internal blocking only via residual risk gate | Express government power to block dangerous deployments | Soft pre-release gate via FARO attestation |
| Independent evaluations | Mandatory third-party audits | External experts as available; not mandatory regime | Qualified evaluators with unredacted access + publish rights | Procedural audits now; substantive audits once benchmarks mature |
| Auditor access | Model and report access | Expert input as appropriate; no statutory access rights | Unredacted reports, system cards, most capable models | Standardized document sets; IP-protective remediation window |
Trajectory of proposals and influence on policy
In the near term, elements already aligned with existing or imminent law are most likely to be implemented: frontier AI frameworks, transparency reports, critical safety incident reporting, independent evaluation, and baseline security obligations. California SB 53, New York and Illinois frontier bills, the EU AI Act's GPAI rules, and the draft Great American AI Act all incorporate such features — and all three corporate proposals both influence and respond to this legislative pattern.[2]Link to footnote[3]Link to footnote[13]Link to footnote
Independent technical evaluation is particularly likely to become mandatory: the EU AI Office Scientific Panel and the US executive order's pre-release security review directly reflect the consensus that frontier models can no longer be evaluated solely by their creators.[8]Link to footnote[9]Link to footnote
Salient differences at a glance
| Mid-2026 frontier governance proposals | ||||
|---|---|---|---|---|
| Dimension | Anthropic | OpenAI | ||
| Primary aim | Core objective | Federal law + societal resilience investments | Compliance artifact for TFAIA + EU AI Act | FARO for frontier; sectoral policy for everyday AI |
| Government authority | Blocking / fines | Agency: fine, block, restrict deployed models; judicial safeguards | Cooperate under existing law; no new blocking power | FARO SRO under Commerce/Treasury/Energy oversight |
| Coverage thresholds | Who is covered | >10²⁵ FLOPs + $500M AI revenue or $1B AI R&D | TFAIA + EU GPAI definitions; no proprietary threshold | 10²⁶ FLOPs placeholder → capability-based frontier standard |
| Risk focus | Primary vectors | Bio weapons, offensive cyber, loss of control, automated R&D | Cyber offense, CBRN, harmful manipulation, loss of control | Cyber + CBRN frontier; broader social issues for non-frontier AI |
| Evaluation and audits | Independent scrutiny | Licensed evaluators; anti-evaluator-shopping; gov eval capacity over time | External expert input; satisfies regulatory expectations | Annual procedural audits; substantive audits as standards mature |
| State law and preemption | Federalism | Opposes broad preemption; surgical, function-specific only | Neutral; works within CA/EU regimes and Great American AI Act drafts | Federal leadership via FARO; silent on preemption debates |
| Whistleblowers | Protections | Explicit: anonymous channels, anti-retaliation | Aligns with state provisions; not foregrounded | Not prominently addressed |
| Beyond frontier | Societal scope | Bio/cyber resilience: biosurveillance, gene screening, OT reserves | Frontier lane only; broader issues elsewhere | Jobs, child safety, energy grid, provenance, copyright, privacy |
Near-term vs aspirational elements
Anthropic's stronger enforcement agenda — government blocking authority, revenue-scaled penalties, and restrictions on already-deployed models — faces a complex path. It resonates with civil-society advocates and some legislative drafts but must overcome concerns about overreach, due process, and innovation chill; the framework itself proposes judicial review and cabined discretion.[2]Link to footnote[7]Link to footnote
Google's FARO could plausibly inform a US self-regulatory approach in sectors accustomed to SROs (finance, energy), but policymakers may treat it as one layer in a multi-institutional ecosystem rather than the central authority — especially given broader calls for direct public-sector leadership in AI governance.[16]Link to footnote[20]Link to footnote
OpenAI's FGF, because it is primarily descriptive of current practice, is immediately usable as a compliance template for other labs and as input into codes of practice, but is less likely to drive new statutory design on its own; legislators will draw from it where it matches their own risk-management agendas, especially around cyber and CBRN, but will look elsewhere for institutional blueprints.[4]Link to footnote[5]Link to footnote[16]Link to footnote
In Europe, the June 2026 suspension of access to Anthropic's frontier models has heightened political appetite for stricter oversight, making Anthropic's assertive enforcement proposals particularly salient in EU debates even though they were drafted with US federal law in mind.[21]Link to footnote
Conflicts of interest and competitive positioning
Each company's framework implicitly advances a governance design aligned with its commercial position. Anthropic's strict thresholds and government blocking authority could entrench incumbents favoring a "safety-first" brand, even as independent assessments rate frontier risk-management maturity as weak across leading labs.[14]Link to footnote[15]Link to footnote Google's FARO centralizes standard-setting in an industry-funded body where dominant incumbents would likely hold key seats — raising familiar financial-regulation capture concerns — while its widely-deployed AI agenda dovetails with data-center and energy infrastructure expansion.[20]Link to footnote[11]Link to footnote[1]Link to footnote OpenAI's FGF signals that it already meets emerging obligations, potentially framing more stringent future regulation as unnecessary duplication — an understandable stance for a firm with strong market share that regulators must interrogate critically.[5]Link to footnote[14]Link to footnote
According to the arXiv paper evaluating frontier AI safety frameworks, Anthropic scored the highest for risk governance with a score of 49%. For context, the median score across the 12 evaluated providers in the risk governance dimension was 20%.
Critical inquiries for policymakers, civil society, and researchers
Cross-cutting questions
Safety research, policy analysis, and institutional design
Recent preprints on frontier data governance, such as Santos et al. (2024), "Towards Data Governance of Frontier AI Models" (arXiv:2412.03824) — not yet peer-reviewed — emphasize the need for shared incident taxonomies, cross-sector data-sharing protocols, and standardized logging practices to enable robust detection and response across multiple labs and regulators.[86]Link to footnote These technical recommendations reinforce the argument that without agreed coordination mechanisms, even well-designed preventive controls at individual labs will fail to deliver systemic safety during multi-actor incidents.[80]Link to footnote[86]Link to footnote
Questions for Anthropic
- How exactly are evaluation results translated into deployment decisions and shutdown thresholds for loss-of-control and automated R&D — can those criteria be made externally auditable?[2]Link to footnote[7]Link to footnote[16]Link to footnote
- What safeguards ensure government blocking authority is used proportionately, and how will marginalized stakeholders be represented in catastrophic-risk determinations?[7]Link to footnote[17]Link to footnote[2]Link to footnote
- How will Anthropic demonstrate that its Responsible Scaling Policy materially exceeds industry baselines given independent assessments of weak frontier risk-management maturity?[14]Link to footnote[15]Link to footnote[2]Link to footnote
Questions for OpenAI
- Where does the FGF go beyond minimum legal compliance in risk tiers, security practices, or incident response — and how can external experts verify those claims?[6]Link to footnote[4]Link to footnote[5]Link to footnote
- What concrete deployment gates or model restrictions are triggered by crossing cyber or CBRN risk tiers — aligned with independent assessments or internal judgment only?[22]Link to footnote[4]Link to footnote[6]Link to footnote
- How will OpenAI mitigate conflicts between rapid product roll-out and rigorous frontier safety governance in high-stakes agentic applications?[5]Link to footnote[14]Link to footnote
Questions for Google
- How will FARO avoid regulatory capture and ensure smaller labs, civil society, and public-sector actors have meaningful voice in standard-setting?[20]Link to footnote[11]Link to footnote[1]Link to footnote
- What enforcement powers, beyond audits and attestation, will FARO and supervising agencies wield over unsafe frontier deployments?[11]Link to footnote[8]Link to footnote[1]Link to footnote
- In the widely-deployed AI agenda, how will workforce, child-safety, energy, provenance, copyright, and privacy policies reflect independent evidence rather than legitimizing incumbent expansion?[20]Link to footnote[1]Link to footnote[11]Link to footnote
Incident response and weight security
| Issue | OpenAI | Anthropic | ||
|---|---|---|---|---|
| Critical incidents | Reporting protocol | Internal IR plan; external reporting where required | 15-day agency reporting + federal lab sharing | Framework IR plans verified by FARO pre-release |
| Weight security | Model parameter protection | Encryption, access controls, insider-threat program | Full development environment security program | Cybersecurity practices for unreleased weights |
| Model extraction | Copying attacks | Not foregrounded as separate topic | Explicit monitoring + reporting requirement | Not explicitly foregrounded |
| Penetration testing | Red team cadence | Red teaming, pen testing, vulnerability disclosure | Regular red team over weights + infrastructure; gov reporting | Audit-focused; pen testing not separately required |
Footnotes
- 1.Google — A Pragmatic Approach to AI Governance in America (June 2026).
- 2.Anthropic — Advanced AI Framework (June 2026).
- 4.OpenAI — Frontier Governance Framework (June 2026).
- 3.European Commission — EU AI Act regulatory framework.
- 5.Humphrey Theodore — OpenAI Frontier Governance Framework analysis.
- 10.Anthropic — Policy on the AI Exponential.
- 8.White House — Promoting Advanced Artificial Intelligence Innovation and Security (June 2026 executive order).
- 13.Future of Privacy Forum — Frontier AI goes federal: the Great American AI Act compared to state laws.
- 80.Mengesha — The coordination gap in frontier AI safety policies (arXiv:2603.10015; peer-reviewed conference paper, also available as preprint).
- 14.International AI Safety Report — International AI Safety Report 2026.
- 79.arXiv — Governing AI Beyond the Pretraining Frontier (preprint; not yet peer-reviewed).
- 17.AIGL — Global approaches to AI governance.
- 81.Brundage et al. — A Framework for the Private Governance of Frontier Artificial Intelligence Systems (arXiv:2504.11501; preprint; not yet peer-reviewed).
- 76.California Department of Technology — Transparency in Frontier AI Act (TFAIA) (incident reporting and security obligations for covered developers).
- 86.Santos et al. — Towards Data Governance of Frontier AI Models (arXiv:2412.03824; preprint; not yet peer-reviewed).
- 9.LatticeFlow — The US and EU agree frontier AI models pose risks and require independent evaluation.
- 7.The Indian Express — Anthropic wants tougher AI rules.
- 11.Google — White paper on AI regulation.
- 12.arXiv — Evaluator shopping and frontier safety audits.
- 6.StartupHub AI — OpenAI rolls out Frontier Governance Framework.
- 22.METR — Frontier risk report (May 2026).
- 16.AIGL — Safety frameworks and standards: a comparative analysis.
- 18.OECD — Adopting and governing AI in government (Digital Government Outlook 2026).
- 20.Atlantic Council — Governance of AI.
- 21.Renew Europe — Suspension of access to Anthropic's frontier AI models (June 2026).
- 15.Papadatos — Frontier risk-management maturity ratings.


