India AI Impact Summit Insights
All sessions

Setting the Rules: Global AI Standards for Growth and Governance

Contents

Executive Summary

This panel discussion at an AI summit in India brings together technical standard-setters, industry leaders, policymakers, and researchers to explore why global AI standards are critical for responsible development and deployment. The consensus view is that standards are not optional compliance mechanisms but essential tools for building consumer trust, enabling interoperability across the AI supply chain, managing novel risks, and ensuring no single actor gains unfair advantage—yet significant work remains in measurement science, governance inclusivity, and implementation speed.

Key Takeaways

  1. Standards are urgent and strategic, not performative luxury. Regulation is already moving faster than standards; the window to influence that process and establish credible, inclusive standards is now.

  2. Measurement and benchmarking are the enabling infrastructure. Until we can reliably measure and compare AI safety, reliability, and risk across models and deployments, broader governance and policy goals cannot be achieved. This is a science and engineering problem that requires coordinated, long-term investment.

  3. Process > prescriptive rules for long-term viability. As AI capabilities evolve faster than standards bodies can update them, standardizing how organizations identify and manage risks—rather than which specific controls to use—is more sustainable and flexible.

  4. The supply chain spans boundaries of control. Model developers, application builders, and deployers each have different risk management systems; standards must create a common language and map between those systems so trust can flow across the value chain.

  5. Success requires sustained collective commitment. Standards only work if all major actors (model developers, deployers, regulators, civil society, small companies) participate in setting them and are incentivized to comply over time. Market differentiation, regulatory mandate, and consumer demand all play a role; no single lever is sufficient.

Key Topics Covered

  • Definition and purpose of AI standards — what they are, why they differ from regulation, and why they're distinct from technical specifications alone
  • Types of standards — benchmarking & measurement standards, safety standards, process standards for risk management, transparency/disclosure standards, and incident reporting standards
  • Barriers to adoption — measurement credibility, lack of common language across the AI value chain, skills gaps in audit and compliance, and regulatory requirements outpacing standard development
  • Benchmarking and measurement — how to establish credible, scalable methodologies for evaluating AI safety, reliability, and risk
  • Global coordination challenges — balancing local context and use cases with global harmonization; inclusion of smaller companies and developing economies
  • Implementation and future-proofing — ensuring standards remain relevant as AI capabilities advance; collective action problems and incentive alignment
  • Language bias and equity — addressing non-English language performance and culturally specific risks
  • Interoperability and modularity — building a system of standards that don't require constant reinvention across sectors
  • Regulatory alignment — how regulation references standards; how standards provide evidence of conformity
  • Consumer trust and market differentiation — standards as signals of safety, quality, and compliance to both enterprise and individual users

Key Points & Insights

  1. Standards are consensus mechanisms, not prescriptions. Rebecca Weiss (ML Commons) emphasizes that benchmarking consists of a measurement methodology and reference implementations; the core insight is that standards represent agreement on "what is good enough," though defining that involves both scientific and political dimensions.

  2. Regulation is racing ahead of standards. Chris Mozilo (Frontier Model Forum) and Jocelyn Zou (Google DeepMind) note that jurisdictions like the US and EU have already passed regulations referencing standards that do not yet exist, creating urgency and legitimacy for the standards-setting process but also risk of standards being too abstract or low-consensus.

  3. AI standards differ fundamentally from telecom standards. Etienne Shapony (Qualcomm) observes that unlike telecom, where products cannot ship without compliance, AI safety standards currently "trail the products"—standards are developed after deployment rather than before. This creates coordination challenges.

  4. The collective action problem is real. Frontier AI developers have strong incentive to work together through formal standards to raise the "floor" on safety and prevent negative externalities (e.g., safety incidents) that could harm the entire industry. Standards provide legitimacy and credibility that industry-only or government-only approaches lack.

  5. Measurement science is the hard part. Standards require estimating uncertainty around system behavior under specific conditions, not declaring systems universally "safe." This requires rigorous taxonomy development, validated datasets, and evaluator systems—work that is still nascent and requires interdisciplinary collaboration.

  6. Smaller companies and emerging economies need accessible standards. Qualcomm emphasizes that most companies lack resources to develop internal risk management systems; standards must be open, participatory, and translatable into efficient tooling so that startups and non-Western companies can comply without massive investment.

  7. Risk taxonomy and scope remain contested. Different jurisdictions, sectors, and stakeholders prioritize different risks (e.g., bias, security, labor displacement). Standards bodies are still defining which risks to standardize and how to control for variation across contexts.

  8. Process standards may be more future-proof than outcome standards. Chris Mozilo suggests that standardizing the process for identifying, evaluating, and mitigating risks—rather than specific thresholds or techniques—allows standards to evolve as capabilities advance without complete overhaul.

  9. Regulatory reference to standards creates minimum quality bar. Jocelyn Zou notes that when regulations explicitly reference standards as evidence of conformity, there is pressure for those standards to be substantive and rigorous rather than purely symbolic or lowest-common-denominator.

  10. Inclusivity and legitimacy are non-negotiable. Multiple panelists emphasize that standards developed only by industry, only by governments, or only by the West risk lacking credibility and adoption. Inclusion of civil society, developing nations, and affected communities is essential for both legitimacy and practical buy-in.

Notable Quotes or Statements

  • "Standards represent a consensus about what is good enough." — Rebecca Weiss (ML Commons). This captures the core function: agreement on baselines, not perfection.

  • "We're not going to tell you that your system is safe or not. What we're going to tell you is under these considerations, under these conditions, under these assumptions, the estimated likelihood of a particular risky behavior is X." — Rebecca Weiss. Emphasizes that measurement is about quantifying uncertainty, not binary declarations.

  • "If you have a good process for identifying risks, evaluating risks, that process can be a bit future-proofed; the specific evaluations will have to be updated over time." — Chris Mozilo (Frontier Model Forum). Key insight on how to make standards durable.

  • "The worst thing for adoption would be a safety incident. We have a collective incentive as an industry to make sure that we raise the floor to avoid that on all of our behalfs." — Jocelyn Zou (Google DeepMind). Frames the collective action problem as existential, not merely commercial.

  • "Standards are the tools which enable consumer trust in whatever ecosystem they are developed for, as well as enablers for the industry to ensure quality and consumer trust." — Chhat Bartla (Bureau of Indian Standards). Emphasizes dual-sided benefit: consumer protection and industry enablement.

  • "The entire community of standards bodies, whether it's in ISO or Cenelec, is already looking at how AI translates to their own processes—it's not only the people on this panel." — Etienne Shapony (Qualcomm). Pushes back on monolithic view; standards-setting is distributed.

  • "We need to figure out a way to ensure that we have some synergy built into the standards ecosystem so that we are making kind of more dynamic progress across everything at the same time." — Amanda (Microsoft). Call for interoperable, modular standards architecture.

Speakers & Organizations Mentioned

Panelists & Affiliations

  • Buchanan Sati — PWC US; adjunct professor, NYU Stern (moderator)
  • Rebecca Weiss — Executive Director, ML Commons (benchmarking & measurement)
  • Etienne Shapony — VP Technical Standards, Qualcomm
  • Wan Sui (or similar name) — Singapore Government, AI governance & policy
  • Amanda — Microsoft, Office of Responsible AI (public policy)
  • Jocelyn Zou — Google DeepMind, AI standards, governance & policy
  • Chris Mozilo — Executive Director, Frontier Model Forum
  • Esther Tetroilli — AI Standards Lead, OpenAI
  • Chhat Bartla — Bureau of Indian Standards (BIS); represents ISO/IEC JTC1 SC42

Organizations Referenced

  • ML Commons — AI benchmarking organization; open governance model
  • Qualcomm — Chipset provider; engaged in ISO, ML Commons, EU standards
  • Microsoft — Office of Responsible AI; developing internal "responsible AI standard"
  • Google DeepMind — Frontier AI developer; investing in standards to support compliance with emerging regulation
  • OpenAI — Frontier AI lab; recently certified to ISO 42001; developing safety hub and model cards
  • Frontier Model Forum — Multi-stakeholder organization advancing frontier AI safety & security best practices
  • Bureau of Indian Standards (BIS) — National standards body of India; part of ISO/IEC JTC1 SC42
  • ISO/IEC JTC1 SC42 — International standards body for AI; responsible for defining what is AI, generative AI, agentic AI
  • Cenelec — European standardization organization (radio equipment directive, etc.)
  • Future of Privacy Forum — Advocacy & research on AI governance (questioner Jules Pollynetsky)

Regulatory/Policy References

  • US state-level frontier AI regulations — some US states have passed requirements for frontier AI developers to have risk frameworks, without specifying content
  • EU regulations — reference standards (e.g., radio equipment directive)
  • India AI governance guidelines — framework referenced; Prime Minister Modi's focus on "manav" (human-centric) AI and alignment with welfare, governance

Technical Concepts & Resources

Standards & Frameworks

  • ISO 42001 — Risk management standard for AI systems; referenced by OpenAI as recent certification
  • ISO/IEC JTC1 SC42 — International standardization committee responsible for AI taxonomy and definitions
  • Cenelec — EU standardization body; coordinates standards across sectors
  • ML Commons MLCommons — Open-governance benchmarking organization; developing measurement methodologies and reference implementations
  • Frontier Model Forum's Risk Management Framework — emerging best practices for frontier AI risk management
  • Model Cards — OpenAI's approach to transparency; performance metrics across variety of use cases
  • OpenAI Safety Hub — regularly updated disclosure of safety methodologies and performance metrics

Measurement & Benchmarking Concepts

  • Benchmarking triad: taxonomy, dataset, evaluator system — Rebecca Weiss's framework for credible measurement
  • Uncertainty estimation — central goal of benchmarking; not binary "safe/unsafe" declarations
  • Process standards for risk management — identify risk → evaluate risk → mitigate/control risk (Chris Mozilo framework)
  • Evaluation science — methodologies for measuring model safety, reliability, alignment across contexts
  • Certification — formal recognition that a system meets agreed-upon standards; distinguished from benchmarking
  • Red teaming — testing methodology referenced as part of risk evaluation

Risk Categories & Areas

  • Testing methodologies — standardization of how to test AI systems
  • Transparency & disclosure — standardized formats for sharing model information, behavior, limitations
  • Incident reporting & monitoring — standardized processes for documenting and responding to AI failures
  • Language bias and language coverage — performance across non-English languages and linguistic diversity (22+ official languages in India noted as example)
  • Frontier AI-specific risks — novel risks not covered by existing standards (cost, coordination, security implications)

Datasets & Resources

  • MMLU (Massive Multitask Language Understanding) — benchmark for evaluating model performance across languages
  • India-specific QA test/dataset — OpenAI reference to language-specific evaluation (details sparse in transcript)
  • Evaluations for non-English languages — mentioned as area requiring community participation and data collection
  • Safety test suite & safety prompts — referenced as necessary for different languages and contexts

Methodologies

  • Supply chain mapping of risk controls — translating between different organizations' risk management frameworks
  • Comparative model assessment — ability to compare safety and quality across models to enable "race to the top"
  • Modular, interoperable standards approach — building standards that can be combined across sectors and use cases without duplication
  • Participatory standard-setting — inclusion of civil society, developing nations, small companies in standard development

Caveats & Limitations

  • Transcript lacks depth on specific technical details. While concepts like "taxonomy," "evaluator systems," and "uncertainty estimation" are mentioned, concrete examples of what these look like are limited.
  • Name and affiliation clarity issues. Some panelist names are unclear or incomplete (e.g., "Wan Sui," "Amanda," "Jocelyn"); full institutional details are sometimes missing.
  • Regulatory landscape specificity. References to specific regulations (e.g., US state laws, EU directives) are mentioned but not exhaustively detailed.
  • Implementation examples sparse. While OpenAI's ISO 42001 certification and safety hub are cited as concrete examples, most standards and frameworks discussed are still under development.
  • Language bias discussion limited. The student's question about language bias triggers important discussion, but solutions remain largely aspirational and community-dependent.

Overall Assessment

This panel represents a rare moment of alignment among competing interests—AI developers, chipmakers, standard-setters, government, and civil society voices—on the necessity of global AI standards. The core tension is clear: urgent regulatory momentum is outpacing scientific and consensus-building progress, yet all parties recognize that standards developed too quickly or without inclusion risk being ineffective, illegitimate, or harmful. The path forward emphasizes process over prescription, measurement as the foundation, and sustained collective commitment over individual corporate or national advantage. Success will depend on speed (standards bodies moving faster), inclusivity (ensuring non-Western, non-corporate voices shape definitions), and practical tooling (making compliance accessible to small companies and emerging economies).