brand logo
Who should govern AI?

Who should govern AI?

05 Jul 2026 | By Dr. Chandrika Subramaniyan


  • Google’s blueprint for AI regulation in America and what it means for others

Artificial Intelligence (AI) is no longer a futuristic concept. AI is here and it is evolving faster than any regulatory framework yet devised to govern it. That is the central challenge addressed in Google’s landmark June 2026 policy paper, ‘A Pragmatic Approach to AI Governance in America’. 

Rather than calling for blanket regulation or unfettered innovation, Google proposes a carefully calibrated, dual-track approach – one that distinguishes between the most powerful frontier AI systems and the everyday AI applications already woven into modern life.

 

Core problem: Two very different kinds of AI


The first and perhaps most important insight in Google’s paper is that not all AI is created equal and lumping it together in a single regulatory basket is a mistake. It identifies two categories.

  1. Frontier AI: The most powerful, cutting-edge AI models developed by leading laboratories. These systems are capable of advanced reasoning in areas like cybersecurity and biology, and their capabilities raise genuine national security concerns. For example, AI equivalent of nuclear or chemical research which require specialised oversight.
  2. Widely-deployed AI: The AI tools most people encounter daily, such as chatbots, personalised tutors, content generators, and recommendation algorithms. These raise consumer protection, privacy, and social welfare concerns, but they are categorically different from frontier systems.

Google’s central argument is that these two categories demand entirely different regulatory regimes. 


Governing frontier AI: FARO proposal


Google proposes the creation of a Frontier AI Regulatory Organisation (FARO), an independent, industry-funded body operating under Federal Government oversight for the most advanced AI systems.

It would be modelled on existing self-regulatory organisations that Americans already rely on, such as:

  • The Financial Industry Regulatory Authority (FINRA), which oversees securities firms under the supervision of the Securities and Exchange Commission
  • The North American Electric Reliability Corporation, which sets standards for the power grid
  • State bar associations, which regulate lawyers under the supervision of state supreme courts  

These bodies are experts in their fields, combining the best of both worlds – industry expertise and public accountability. They move faster than government, pay salaries that attract top talent, and still answer to regulators.


What would a FARO do?


The three core functions proposed for FARO are:

  1. Set safety standards: The FARO would develop and enforce objective, science-based benchmarks for frontier AI, particularly around the risk of AI being used to assist in cyberattacks or the development of Chemical, Biological, Radiological, or Nuclear (CBRN) weapons.   
  2. Conduct annual audits: Frontier AI companies would be subject to independent procedural audits on an annual basis. Initially, these audits would assess whether companies are following their own published safety frameworks. Over time, move towards substantive compliance .  
  3. Promote transparency: Every developer of a frontier model would be required to publish and adhere to a comprehensive safety framework covering risk thresholds, cybersecurity practices, incident response plans, and internal governance.

Importantly, it emphasises that frontier AI companies should provide the US Government with early access to models that advance sensitive national security domains, ensuring that intelligence and defence agencies are not caught off guard by emerging capabilities.


Governing everyday AI: 6 policy priorities


Google argues that entirely new regulatory regimes are largely unnecessary. Instead, it calls for adapting and clarifying existing laws to address real-world harms. Six policy areas are highlighted:

  1. Workforce and economic opportunity: AI’s job impact remains uncertain. Rather than speculating, Google calls for better data, workforce reskilling programmes, and – only if evidence demands it – stronger unemployment safety nets.
  2. Protecting children and families: Chatbots must carry disclaimers, ban manipulative gamification, and automatically redirect young users to crisis resources when self-harm topics arise. AI’s educational upside is real, but child safety guardrails must come first.
  3. Energy infrastructure: AI data centres are power-hungry but Google reframes this as opportunity; large-scale data centre investment can modernise the grid and lower electricity costs for ordinary households, provided permitting reform unlocks faster infrastructure construction.
  4. Information integrity and provenance: Deepfakes demand technical solutions, not just labels. Mandatory watermarking and cryptographic provenance standards should be embedded in generative AI outputs so authenticity can be verified when it genuinely matters.
  5. Creativity and copyright: Training AI on public web data is fair use – legally protected and non-expressive. Copyright enforcement should target outputs that reproduce existing works, not the training process, while rights holders receive meaningful value-sharing arrangements.
  6. Protecting privacy: Move beyond ‘privacy by design’ to ‘privacy by innovation,’ where companies compete on privacy as a product quality. Investment in privacy-enhancing technologies and data minimisation principles must be embedded into AI systems from the ground up.


A critical assessment: Strengths and questions


Several elements in Google’s proposal deserve commendation.

The frontier/widely-deployed distinction is analytically sound and practically important. Regulatory frameworks that treat a chatbot and an advanced biological research model as the same category of risk will inevitably get the calibration wrong in both directions.

The FARO concept draws on genuine precedent. Self-regulatory organisations with government oversight are not untested in theory; they have governed financial markets, electricity grids, and professional services for decades. Applying that model to AI is creative and pragmatic.

The evidence-based approach to workforce policy is intellectually honest. Too much AI policy is driven by speculation about automation. Google’s call for better data before committing to major policy responses is sensible.

However, some questions merit further public debate:

  • Independence and capture: Self-regulatory organisations in finance have sometimes been criticised for regulatory capture, prioritising industry interests over public protection. How would a FARO avoid the same fate, particularly when its members are among the wealthiest corporations in history?
  • Global coordination: AI development is global. A US-focused FARO, however well designed, cannot address the risks posed by frontier AI developed in other jurisdictions. The paper acknowledges this briefly but does not resolve it.
  • Definitional challenges: Who counts as a frontier AI developer? The paper references a threshold of floating-point operations – a technical measure most policymakers cannot assess – while acknowledging that even the industry debates whether this is the right criterion.
  • Speed of legislative action: The paper is premised on Congress acting. In a polarised legislative environment, the timeline for establishing a FARO is genuinely uncertain.


What it means to others


Whether you are a parent worried about your child’s relationship with AI chatbots, a worker concerned about AI’s impact on your industry, a business leader navigating AI adoption, or a policymaker trying to craft sensible rules, Google’s paper is worth understanding.

Its central message is one that cuts across political lines: AI governance is not a choice between innovation and safety. The choice is between governance that is thoughtful, targeted, and evidence-based – or governance that is either absent or ambiguous.

The paper captures the challenge perfectly in the conclusion: regulate too early, before you understand what you’re regulating, and you choke beneficial innovation; regulate too late, and you cannot undo the harms already done. The window for getting this right is open, but it will not stay open indefinitely.    

The conversation about AI governance is one that belongs to all of us – not only to the companies building these systems or to the governments that will regulate them, but to the citizens, workers, families, and communities whose lives they will shape. Informed public engagement with proposals like Google’s is not optional. It is essential.


(The writer is a Principal Solicitor and Barrister admitted to the Supreme Court of NSW and the High Court of Australia, as well as a certified AI Governance Professional advising on ISO/IEC 42001)


(The views and opinions expressed in this article are those of the writer and do not necessarily reflect the official position of this publication)




More News..