Position: AI Governance Needs ISO-like Interoperability Protocols, Not Just Laws

Download PDF

Azmine Toushik Wasi, Mst Rafia Islam, Mahfuz Ahmed Anik, Taki Hasan Rafi, Md Manjurul Ahsan, Dong-Kyu Chae

Published: 30 Apr 2026, Last Modified: 24 Jun 2026ICML 2026 Position Paper Track spotlightEveryoneRevisionsBibTeXCC BY 4.0
TL;DR: AI governance works better when legal rules are paired with shared technical standards that travel with AI systems, enabling consistent accountability and trust across borders.
Abstract: As Artificial Intelligence (AI) systems become deeply integrated into critical global infrastructure, the urgency for robust governance frameworks has intensified. However, current approaches, led by jurisdiction-specific laws, policies, and voluntary frameworks such as the EU AI Act, China's algorithm governance, and the NIST AI Risk Management Framework in the U.S., create a fragmented regulatory landscape. In this position paper, we argue that ***AI governance must be built not on laws alone, but on ISO-like interoperability protocols that enable standardized, machine-readable risk communication across borders***. Drawing on the success of the GDPR, which was operationalized through standards like ISO 27001 and Privacy by Design, we propose the development of standardized AI *nutrition labels* containing unified metrics for bias, energy usage, and data provenance to facilitate cross-jurisdictional compliance. These manifests would lower barriers for small and medium enterprises (SMEs), reduce redundant regulatory efforts, and build public trust. The paper addresses concerns that standards may stifle innovation by advocating for modular, versioned protocols designed to evolve in tandem with technological change. Overall, we call for a shift from siloed legal compliance toward interoperable technical conformance, enabling a shared global language for responsible AI deployment.
Lay Summary: As artificial intelligence systems become more powerful and embedded in critical parts of society, healthcare, finance, infrastructure, governments worldwide are scrambling to regulate them. However, different countries/jurisdictions are creating their own rules (the EU AI Act, China's algorithm governance, US voluntary guidelines), which makes it nearly impossible for companies operating across borders to comply consistently. This fragmented landscape particularly hurts smaller businesses, which cannot afford to navigate multiple incompatible regulatory regimes. This paper argues that laws alone are not enough. Instead, we need a shared technical standard, like an "AI nutrition label", that all countries and companies can use to communicate AI risks in a machine-readable format. Just as the EU's data protection law (GDPR) became globally effective because it was paired with a technical standard (ISO 27001), AI governance should couple legal requirements with a standardized protocol that translates abstract safety principles into concrete, verifiable, and auditable practices. We propose that AI systems should carry a standardized manifest (a digital "label") documenting key information: how fair the model is across different demographic groups, how much energy it consumed to train and run, where its training data came from, and what safety measures are in place. This single artifact could be reused across borders, reducing regulatory burden and enabling faster, safer AI deployment worldwide. The paper also addresses a common concern: won't standards stifle innovation? We argue the opposite. When every jurisdiction requires different documentation, companies waste resources creating redundant compliance artifacts. A shared, modular standard reduces that burden and actually accelerates responsible AI development. We show how this could happen in practice: major government purchases (like Pentagon contracts) could require the label, cloud providers would integrate it into their platforms, open-source tools would make it free to use, and over time, other countries would adopt it because it is cheaper and easier than building their own system. No international treaty needed; just market incentives.
Primary Area: System Risks, Safety, and Government Policy
Keywords: AI Governance; Interoperability Standards; ISO-like Protocols; Machine-Readable Risk Labels; Cross-Border Compliance; Public Trust
Originally Submitted PDF: pdf
Submission Number: 487