Sections

Commentary

New tools for mapping a fragmented AI governance landscape

Brooke Tanner,
Brooke Tanner photo
Brooke Tanner Research Analyst
Derek Belle, Elham Tabassi, Cameron F. Kerry,
Cam Kerry
Cameron F. Kerry Ann R. and Andrew H. Tisch Distinguished Visiting Fellow - Governance Studies, Center for Technology Innovation (CTI)

Nicoleta Kyosovska,
Nicoleta Kyosovska Research Assistant - Center for European Policy Studies
Andrea Renda, and
Photo: Andrea Renda, Center for European Policy Studies (CEPS)
Andrea Renda Senior Research Fellow and Head of Global Governance, Regulation, Innovation and the Digital Economy (GRID) - Center for European Policy Studies (CEPS)
Andrew W. Wyckoff

July 17, 2026


  • A recent FCAI dialogue centered around a report on decoding AI governance, the “Anchors and Hooks” framework it proposed, and the next steps for this effort.
  • Participants agreed that without deliberate mapping and coordination, fragmentation in governance can create challenges.
  • Transparency and disclosure were described as the foundation that makes voluntary frameworks work, and the emphasis going forward should be on building off of what already exists.
NEW YORK, NY - JANUARY 26: The American flag flies with other nation's flag outside of the United Nations on January 26, 2017 in New York City.
NEW YORK, NY - JANUARY 26: The American flag flies with other nation's flag outside of the United Nations on January 26, 2017 in New York City. (Photo by Spencer Platt/Getty Images)
Editor's note:

This background briefing guide was distributed to participants ahead of the Forum for Cooperation on AI (FCAI) dialogue on April 26, 2026. FCAI dialogues follow Chatham House rule, so remarks are anonymized.

Global artificial intelligence (AI) governance networks continue to proliferate. Addressing the complexity and sprawl of the policy space is critical to support more coherent, coordinated policymaking. This dialogue focused on a recent report on decoding AI governance, the “Anchors and Hooks” framework proposed in the report, and the next steps for this effort. It featured a short presentation by the report’s authors followed by a discussion on ways to help stakeholders navigate ongoing global governance processes. A reference list, recommended reading, and a short summary of the conversation are included at the bottom of the article. 

Released in zero-draft form, “Decoding AI Governance” proposes three interlocking conceptual tools to make sense of an increasingly fragmented global AI governance landscape. The report argues that shared frameworks for understanding governance are a precondition for achieving coherence across jurisdictions, sectors, and supply chains, designed to give policymakers and researchers a shared vocabulary and foundation to engage with governance processes. 

The proposed AI Governance Stack organizes policy instruments by their level of abstraction. From 2020-2025, the stack grew from eight to 15 distinct layers. The AI Governance Map plots instruments against thematic focus areas (transparency, safety, accountability, etc.) drawn from the  Organisation for Economic Co-operation and Development (OECD) AI Principles and the National Institute of Standards and Technology (NIST) AI Risk Management Framework. The Anchors and Hooks framework then traces how instruments interrelate: “Anchors” provide foundational context for governance efforts, and “hooks” build from them across layers or focus areas. The Hiroshima AI Process (HAIP) Reporting Framework, for instance, serves as an anchor for risk identification and management instruments while functioning as a hook when connected to the EU AI Act’s transparency obligations.  

Figure 1: Three complementary tools for AI governance

The authors argue that the AI governance system can remain coherent through well-connected instruments without needing convergence. 

This mapping follows recommendations from the FCAI 2025 report, “Network architecture for global AI policy,” where we argued that rather than consolidating global AI governance, efforts should focus on expanding the distributed global landscape to ensure that international AI governance functions are fulfilled in ways that involve the largest number of stakeholders needed to deliver effective outcomes. 

Discussion questions

  • What kinds of tools would be most helpful in managing the complexity of the ecosystem, how might you use them, and where could these efforts deliver the most value? 
    • The paper offers three tools to manage the complexity of the AI governance ecosystem. Thinking about your own work, where would these tools deliver the most value, and what kind of tool or capability is still missing? 
    • Do the three tools work as an integrated system? Does using one improve how you use the others, or do they feel like three separate lenses? Where do they overlap or conflict? 
  • To what extent would categorizing governance instruments into an AI governance stack, both as a concept and as implemented in the draft paper, be useful and/or limited, and how can the concept and/or the proposed implementation evolve to be more useful?  
    • What layers should be added or collapsed? 
    • Are the current “functions” of each layer accurate, or what would you change? More specifically, how do we account for the fact that the ideal functional goal of a specific layer might not reflect how it operates in practice?  
  • To what extent is the AI governance Map, both as a concept and as implemented in the draft paper, useful and/or limited, and how can the concept and/or the proposed implementation frameworks evolve to be more useful? 
  • To what extent are anchors and hooks, both as a concept and as implemented in the frameworks in the draft paper, useful and/or limited, and how can the concept and/or the proposed implementation frameworks evolve to be more useful?  
    • In what contexts is flexibility helpful for maintaining coherence as varying governance models evolve and need to work in concert?  
    • What are three instruments you think currently are acting or should act as anchors in the AI governance space, and why? 

Meeting summary

This discussion opened with an overview of the global AI governance landscape, with framing from the “Decoding AI Governance” report; participants described the landscape as potentially broader and deeper than a few years ago. They broadly agreed that the proliferation of instruments is not, in itself, the problem. It reflects the speed and scale of AI’s development and deployment, and a degree of fragmentation is a natural byproduct of iterating toward shared norms. 

Without deliberate mapping and coordination, however, fragmentation can create challenges. Requirements diverge across jurisdictions in terminology, definitions, and scope. Some participants argued that the resulting energy spent reconciling overlapping obligations rather than improving the underlying practices falls hardest on smaller organizations and public-sector adopters. 

Harmonization carries its own risk of drifting toward a lowest-common-denominator outcome, so the landscape should preserve room for jurisdictions to raise the bar and to share evidence of what approaches work. One speaker drew a line between genuine divergence and the appearance of divergence that arises when actors are simply iterating toward a common direction at different speeds. 

Much of the discussion moved past the question of which instruments exist toward how they are operationalized inside governments and organizations. One government official described a generally hands-off approach, with regulation limited to specific harms and policy refreshed roughly every six months to keep pace with changing technology.

Singapore provides an example of such an approach, releasing open-source operational toolkits—including AI Verify and the Project Moonshot evaluation harness—as freely available resources for others to adopt rather commercial products. Its AI assurance sandbox matches companies’ deployments with third-party testers for specific concerns, such as confabulations or hiring discrimination. The sandbox builds testing methodologies and lifts assurance standards by matching supply with demand, without needing addition legislation. Strong uptake prompted a complementary accreditation program for third-party testers. For novel questions (such as legal liability in agentic workflows), discussion papers were offered as a model for deliberation in place of premature rules. 

The most forward-looking thread concerned how high-level norms become operative controls, particularly for agentic AI systems. One framing placed standards within a value chain: societal discourse, then principles, then regulation, then standards that show how regulation can be implemented, and, finally, assurance and (where relevant) certification. The EU’s decades-old New Legislative Framework was cited as a codified handoff between regulation and standards that other jurisdictions approximate less formally.

Figure 2: Standards as a value chain

For agentic systems, emerging protocols (such as the Model Context Protocol) set a shared baseline for how tools are invoked and what data passes between them. One participant argued for broad agreement on governance steps—for example, predefining high-risk actions an AI agent should be barred from taking—while keeping that list agile enough to change over time, across technologies, and from one jurisdiction to another. Such steps, the participant added, should be enforced by real-time guardrails that produce auditable receipts. 

A related trend is organizations beginning to use AI systems to implement governance, which participants felt warrants scrutiny to ensure it is grounded in practical frameworks rather than a substitution for them. 

One participant clarified that interoperability properly applies at the technical and semantic layers, where systems exchange and use information. At the organizational and legal layers, the more accurate goal is compatibility, where distinct rules can coexist and preserve policy differences. Conflating the two risks treating contested policy choices as technical necessities or technical constraints as settled policy. 

Participants disagreed on embedding human rights requirements directly into technical standards. One participant held that standards derive their strength from not being political instruments and that politicizing them erodes the cross-jurisdiction consensus they depend on; the counterpoint was that standards development must remain attuned to human rights frameworks, constitutional commitments, and international law. 

Standards were described as a consolidating force given that they package an approach acceptable to many stakeholders, so they coalesce on one standard rather than writing dozens. Even so, some participants pointed out that ISO processes are relatively inaccessible to civil society and small organizations, that EU AI Act standards may set a de facto global watermark through a process that is hard for non-EU organizations to influence, and that fast-moving private standards (for example, emerging agentic-interface efforts) remain opaque. Good standards, others argued, should specify failure conditions as explicitly as success conditions, particularly when AI agents and models interact in ways their original specifications never anticipated.

Building on the Anchors and Hooks framework, the discussion focused less on definitions than on how an instrument earns and keeps anchor status. The HAIP Reporting Framework was cited as an example of an anchor consolidating across approaches. Participants cautioned against “anchor inflation”: Designating too many instruments as foundational could dilute the organizing power that makes an anchor useful. The OECD AI Principles and definition were seen among the closest to a universal anchor. Interoperability “maps” were offered as practical connective tissue. For example, mapping a national framework to the NIST AI Risk Management Framework, the G7 Code of Conduct, and ISO/IEC 42001 would show firms that complying with one largely satisfies the others, reducing duplication and friction. 

Participants offered concrete guidance on where the stack, map, and anchors and hooks deliver value and where they should evolve. Most frequently, they asked that the stack and map be kept live and not static, given that the landscape can shift in a single week. They suggested adding a sector lens, particularly for heavily regulated sectors such as health care and finance, and accounting for roles that overlap and change. A layer’s intended function may not match its function in practice, and institutions can migrate between roles over time (for instance, a safety institute shifting from horizon-scanning toward enforcement); the tools should capture this rather than assume fixed roles. 

They also recommended investment in shared taxonomies—common terminologies, definitions, and benchmarks—covering incidents (distinguishing near misses from failures), shifting terms (such as “safety” and “security”), and who is in scope as reporting extends from model providers to downstream providers. Beyond cataloguing instruments, participants wanted the mapping exercises to become learning opportunities, capturing what is working to mitigate risk and letting stakeholder input port across venues through clearer points of entry. 

Finally, they aimed at cross-border recognition and compatibility. The building blocks identified were common taxonomies, benchmarks, and conformity-assessment procedures that enable mutual recognition. Participants saw divergence as mostly about language and infrastructure, rather than underlying goals. 

Transparency and disclosure were described as the foundation that makes voluntary frameworks work. Anthropic’s Mythos model was cited as a reminder of how dependent these frameworks are on continued information sharing. 

Going forward, the emphasis is on building from what already exists rather than starting over, drawing on OECD resources such as the Policy Navigator (policies and instruments across more than 80 countries), the Catalogue of Tools and Metrics (standards, benchmarks, and evaluation tools, largely from nongovernment actors), and the HAIP reporting frameworkwhich together approximate a full-stack view from policy to practice. 

A concrete next step floated was to integrate these resources and align them with the report’s stack, with some participants mentioning the work of an existing OECD expert group on AI risk and accountability. 

Authors

The Brookings Institution is committed to quality, independence, and impact.
We are supported by a diverse array of funders. In line with our values and policies, each Brookings publication represents the sole views of its author(s).