Global artificial intelligence (AI) governance networks continue to proliferate. Addressing the complexity and sprawl of the policy space is critical to support more coherent, coordinated policymaking. This dialogue focused on a recent report on decoding AI governance, the “Anchors and Hooks” framework proposed in the report, and the next steps for this effort. It featured a short presentation by the report’s authors followed by a discussion on ways to help stakeholders navigate ongoing global governance processes. A reference list, recommended reading, and a short summary of the conversation are included at the bottom of the article. 

Released in zero-draft form, “Decoding AI Governance” proposes three interlocking conceptual tools to make sense of an increasingly fragmented global AI governance landscape. The report argues that shared frameworks for understanding governance are a precondition for achieving coherence across jurisdictions, sectors, and supply chains, designed to give policymakers and researchers a shared vocabulary and foundation to engage with governance processes. 

The proposed AI Governance Stack organizes policy instruments by their level of abstraction. From 2020-2025, the stack grew from eight to 15 distinct layers. The AI Governance Map plots instruments against thematic focus areas (transparency, safety, accountability, etc.) drawn from the  Organisation for Economic Co-operation and Development (OECD) AI Principles and the National Institute of Standards and Technology (NIST) AI Risk Management Framework. The Anchors and Hooks framework then traces how instruments interrelate: “Anchors” provide foundational context for governance efforts, and “hooks” build from them across layers or focus areas. The Hiroshima AI Process (HAIP) Reporting Framework, for instance, serves as an anchor for risk identification and management instruments while functioning as a hook when connected to the EU AI Act’s transparency obligations.  

This discussion opened with an overview of the global AI governance landscape, with framing from the “Decoding AI Governance” report; participants described the landscape as potentially broader and deeper than a few years ago. They broadly agreed that the proliferation of instruments is not, in itself, the problem. It reflects the speed and scale of AI’s development and deployment, and a degree of fragmentation is a natural byproduct of iterating toward shared norms. 

Without deliberate mapping and coordination, however, fragmentation can create challenges. Requirements diverge across jurisdictions in terminology, definitions, and scope. Some participants argued that the resulting energy spent reconciling overlapping obligations rather than improving the underlying practices falls hardest on smaller organizations and public-sector adopters. 

Harmonization carries its own risk of drifting toward a lowest-common-denominator outcome, so the landscape should preserve room for jurisdictions to raise the bar and to share evidence of what approaches work. One speaker drew a line between genuine divergence and the appearance of divergence that arises when actors are simply iterating toward a common direction at different speeds. 

Much of the discussion moved past the question of which instruments exist toward how they are operationalized inside governments and organizations. One government official described a generally hands-off approach, with regulation limited to specific harms and policy refreshed roughly every six months to keep pace with changing technology.

Singapore provides an example of such an approach, releasing open-source operational toolkits—including AI Verify and the Project Moonshot evaluation harness—as freely available resources for others to adopt rather commercial products. Its AI assurance sandbox matches companies’ deployments with third-party testers for specific concerns, such as confabulations or hiring discrimination. The sandbox builds testing methodologies and lifts assurance standards by matching supply with demand, without needing addition legislation. Strong uptake prompted a complementary accreditation program for third-party testers. For novel questions (such as legal liability in agentic workflows), discussion papers were offered as a model for deliberation in place of premature rules. 

The most forward-looking thread concerned how high-level norms become operative controls, particularly for agentic AI systems. One framing placed standards within a value chain: societal discourse, then principles, then regulation, then standards that show how regulation can be implemented, and, finally, assurance and (where relevant) certification. The EU’s decades-old New Legislative Framework was cited as a codified handoff between regulation and standards that other jurisdictions approximate less formally.

For agentic systems, emerging protocols (such as the Model Context Protocol) set a shared baseline for how tools are invoked and what data passes between them. One participant argued for broad agreement on governance steps—for example, predefining high-risk actions an AI agent should be barred from taking—while keeping that list agile enough to change over time, across technologies, and from one jurisdiction to another. Such steps, the participant added, should be enforced by real-time guardrails that produce auditable receipts. 

A related trend is organizations beginning to use AI systems to implement governance, which participants felt warrants scrutiny to ensure it is grounded in practical frameworks rather than a substitution for them. 

One participant clarified that interoperability properly applies at the technical and semantic layers, where systems exchange and use information. At the organizational and legal layers, the more accurate goal is compatibility, where distinct rules can coexist and preserve policy differences. Conflating the two risks treating contested policy choices as technical necessities or technical constraints as settled policy. 

Participants disagreed on embedding human rights requirements directly into technical standards. One participant held that standards derive their strength from not being political instruments and that politicizing them erodes the cross-jurisdiction consensus they depend on; the counterpoint was that standards development must remain attuned to human rights frameworks, constitutional commitments, and international law. 

Standards were described as a consolidating force given that they package an approach acceptable to many stakeholders, so they coalesce on one standard rather than writing dozens. Even so, some participants pointed out that ISO processes are relatively inaccessible to civil society and small organizations, that EU AI Act standards may set a de facto global watermark through a process that is hard for non-EU organizations to influence, and that fast-moving private standards (for example, emerging agentic-interface efforts) remain opaque. Good standards, others argued, should specify failure conditions as explicitly as success conditions, particularly when AI agents and models interact in ways their original specifications never anticipated.

Building on the Anchors and Hooks framework, the discussion focused less on definitions than on how an instrument earns and keeps anchor status. The HAIP Reporting Framework was cited as an example of an anchor consolidating across approaches. Participants cautioned against “anchor inflation”: Designating too many instruments as foundational could dilute the organizing power that makes an anchor useful. The OECD AI Principles and definition were seen among the closest to a universal anchor. Interoperability “maps” were offered as practical connective tissue. For example, mapping a national framework to the NIST AI Risk Management Framework, the G7 Code of Conduct, and ISO/IEC 42001 would show firms that complying with one largely satisfies the others, reducing duplication and friction. 

Participants offered concrete guidance on where the stack, map, and anchors and hooks deliver value and where they should evolve. Most frequently, they asked that the stack and map be kept live and not static, given that the landscape can shift in a single week. They suggested adding a sector lens, particularly for heavily regulated sectors such as health care and finance, and accounting for roles that overlap and change. A layer’s intended function may not match its function in practice, and institutions can migrate between roles over time (for instance, a safety institute shifting from horizon-scanning toward enforcement); the tools should capture this rather than assume fixed roles. 

They also recommended investment in shared taxonomies—common terminologies, definitions, and benchmarks—covering incidents (distinguishing near misses from failures), shifting terms (such as “safety” and “security”), and who is in scope as reporting extends from model providers to downstream providers. Beyond cataloguing instruments, participants wanted the mapping exercises to become learning opportunities, capturing what is working to mitigate risk and letting stakeholder input port across venues through clearer points of entry. 

Finally, they aimed at cross-border recognition and compatibility. The building blocks identified were common taxonomies, benchmarks, and conformity-assessment procedures that enable mutual recognition. Participants saw divergence as mostly about language and infrastructure, rather than underlying goals. 

Transparency and disclosure were described as the foundation that makes voluntary frameworks work. Anthropic’s Mythos model was cited as a reminder of how dependent these frameworks are on continued information sharing. 

Going forward, the emphasis is on building from what already exists rather than starting over, drawing on OECD resources such as the Policy Navigator (policies and instruments across more than 80 countries), the Catalogue of Tools and Metrics (standards, benchmarks, and evaluation tools, largely from nongovernment actors), and the HAIP reporting frameworkwhich together approximate a full-stack view from policy to practice. 

A concrete next step floated was to integrate these resources and align them with the report’s stack, with some participants mentioning the work of an existing OECD expert group on AI risk and accountability.