AI Risk Manifests

ISO-like interoperability protocols for AI governance

ICML 2026 · 🏆 Spotlight

Position Paper Track

AI Risk Manifests

Machine-readable nutrition labels

AI Governance Needs ISO-like Interoperability Protocols, Not Just Laws

Azmine Toushik Wasi, Mst Rafia Islam, Mahfuz Ahmed Anik, Taki Hasan Rafi, Md Manjurul Ahsan, Dong-Kyu Chae

Computational Intelligence and Operations Laboratory (CIOL) • Shahjalal University of Science and Technology (SUST) • Independent University, Bangladesh (IUB) • Hanyang University • University of Oklahoma

Correspondence: dongkyu@hanyang.ac.kr

Accepted to the Forty-Third International Conference on Machine Learning (ICML 2026), Seoul, South Korea

📄 OpenReview

As AI systems integrate into critical global infrastructure, governance has fragmented into jurisdiction-specific laws and voluntary frameworks. We argue that AI governance must be built not on laws alone, but on ISO-like interoperability protocols that enable standardized, machine-readable risk communication across borders. We propose AI risk manifests (AI nutrition labels): modular, versioned artifacts that encode comparable metrics for bias, energy use, and data provenance, letting a system carry an interoperable compliance credential across jurisdictions.

Overview: fragmented regimes feeding a shared machine-readable AI risk manifest layer that yields interoperable conformance

The Standardization Vacuum

Similar architectures, data, and risk pathways are governed by sharply divergent regulatory philosophies. Without a shared technical language, the same system can be classified high-risk in one jurisdiction and low-risk in another, producing compliance uncertainty, duplicated assessments, and barriers to cross-border deployment. The result is structural fragmentation that acts as a non-tariff barrier, disproportionately burdening SMEs while favoring large incumbents.

Jurisdiction	Regulatory approach	Risk / compliance focus	What a manifest would standardize
European Union	Binding, risk-based regulation (EU AI Act)	Tiered risk classification; conformity assessment; post-market monitoring	Risk classification, intended use, audit artifacts, monitoring metrics
China	Algorithm registration and security governance	Algorithm filing; data security; public opinion and social risk	System id, deployment context, jurisdictional registry refs, security controls
United States	Sectoral, voluntary, lifecycle-oriented guidance	Risk management practices across development and deployment	Risk management profile, evaluation metrics, governance controls
ASEAN	Non-binding regional guidance	Harmonization, innovation enablement, trust-building	Baseline risk summary, transparency fields, versioned schema

These regimes reflect shared governance objectives but incompatible operational implementations. Fragmentation is not merely legal: there is no shared schema through which risk information can be consistently expressed and interpreted.

Our Position

Laws are indispensable for setting normative thresholds and enforcement authority, but they are insufficient to ensure consistent operationalization across heterogeneous AI systems and jurisdictions. We do not propose replacing existing regulatory regimes. We argue for a complementary technical layer that enables shared, machine-readable representations of AI risk.

In short: laws define what constitutes acceptable AI behavior; technical standards specify how compliance is demonstrated in practice. This approach supports domain-specific variation while preserving stable interoperability primitives.

Precedent: GDPR Succeeded Through Standardized Implementation

GDPR reshaped global data protection not from legal authority alone, but through reinforcement by interoperable technical standards. ISO 27001 supplied an Information Security Management System for structuring risk assessment and controls, while Privacy by Design embedded safeguards into system architectures. Together they turned an abstract legal mandate into concrete, auditable, repeatable practice.

GDPR requirement / principle	Corresponding ISO 27001 / Privacy by Design principle	Operational implication / benefit
Data Protection by Design & Default	Proactive not reactive; end-to-end security	Privacy embedded from initial design; continuous protection across the data lifecycle
Data Minimization	A.14 system acquisition / development / maintenance	Reduced data exposure; processing only necessary personal data
Lawfulness, Fairness, Transparency	A.5 information security policies; clear documentation	Clear data-handling processes; increased visibility and trust
Accountability	Systematic risk assessment; defined roles & responsibilities	Documented procedures; clear ownership for data protection
Security of Processing	A.9 access control; data encryption; incident response	Robust technical and organizational safeguards; effective incident management
Data Subject Rights	Operational procedures for data subject rights	Streamlined processes for fulfilling individual privacy requests

Caveat: the analogy is instructive, not equivalent

ISO 27001 governs organizational process; AI manifests must govern product outputs — how a deployed model behaves. AI behavior is stochastic and emergent: the same model may produce different outputs under distributional shift or novel prompts not covered at certification time. GDPR-style mechanisms are therefore necessary but insufficient without complementary, evolvable technical standards.

The Proposal: Machine-Readable AI Risk Manifests

We reframe the AI nutrition label from a descriptive summary into a structured, machine-readable AI risk manifest — analogous to a software bill of materials — that can be parsed, validated, and compared programmatically. It integrates into MLOps pipelines, procurement systems, and regulatory workflows while preserving the communicative clarity of the nutrition-label metaphor.

Minimum viable baseline: three dimensions in a shared vocabulary

01 — FAIRNESS

Bias

Report at least one global fairness metric and one subgroup metric (e.g., Equalized Odds, Disparate Impact) via a standardized schema. Document metric selection, proxy use, and known limitations.

must report

should stratify by group

02 — SUSTAINABILITY

Energy

Report inference-time energy under a standardized setting (task, hardware, protocol). Disclose full measurement context to normalize across hardware families. Distilled models link a teacher_model_ref.

must disclose hw context

03 — LINEAGE

Data provenance

Provide a dataset lineage summary: sources, geographic scope, licensing constraints. Support W3C PROV / ISO provenance, with optional poisoning-detection and integrity-check fields.

must hash dataset artifacts

These metrics do not harmonize legal thresholds. They establish a shared technical substrate so jurisdiction-specific obligations can be interpreted through one common interoperability layer.

A Proposed ISO-like Schema

The manifest standardizes core governance fields — model identification, purpose and deployment context, data provenance, performance and limitations, fairness, energy, security, transparency, and an explicit regulatory alignment crosswalk — while remaining modular and extensible. A single manifest functions as a reusable compliance artifact across jurisdictions; regulators apply their own enforcement logic to a common technical substrate.

Illustrative AI nutrition label (short-form, JSON)

{
  "model_id": "RawModel-1",
  "purpose": "Healthcare triage decision support",
  "data_provenance": {
    "source": "clinical notes",
    "region": "EU hospitals"
  },
  "bias_metrics": {
    "equalized_odds_score": 0.92,
    "disparate_impact_ratio": 0.87
  },
  "energy_use": {
    "training_co2_tons": 75,
    "inference_kwh_per_1k": 0.05
  },
  "limitations": [
    "not validated for pediatric patients"
  ],
  "regulatory_alignment": {
    "eu_ai_act_risk_tier": "high_risk",
    "nist_ai_rmf_function": "MANAGE"
  }
}

A full protocol-level worked example — JSON and YAML representations, cryptographic attestation hooks, and a regulatory crosswalk — is provided in the paper appendix.

Regulatory crosswalk: manifest fields to obligations

Manifest field	EU AI Act-style obligation (concept)	NIST AI RMF
`system.*`	System identification, versioning, traceability for technical documentation and auditability	GOVERN
`intended_use.*`	Defined purpose, user context, and prohibited uses (scope control; misuse prevention)	MAP
`risk_classification.*`	Risk tiering and regime applicability (high-risk triggers, conformity expectations)	GOVERN / MAP
`data_provenance.*`	Data governance: origin, licensing, representativeness gaps relevant to bias and legality	MAP / MEASURE
`evaluation.*`	Evidence of performance and robustness testing under declared conditions	MEASURE
`fairness.*`	Bias monitoring and non-discrimination reporting (disaggregated metrics + mitigation)	MEASURE / MANAGE
`privacy_security.*`	Security/privacy controls, retention, and abuse monitoring consistent with risk controls	GOVERN / MANAGE
`monitoring.*`	Post-market monitoring: drift, incidents, corrective actions, defined fallback behavior	MANAGE
`conformity.`, `attestations.`	Conformity hooks: audit artifact hashes, third-party reports, signed attestations	GOVERN / MANAGE

Verifiability: integrity vs. truthfulness

Cryptographic attestations (signed hashes) guarantee integrity — values were not altered after signing — but not truthfulness, that the underlying evaluation was representative. The manifest is a minimum verifiable baseline, not a truth oracle. Key fields (data provenance, evaluation, attestation) are designed to be cross-verified by independent auditors who can re-run evaluations against the same hashed dataset artifacts. This shifts governance from narrative transparency to evidence-backed, machine-checkable assurance, and raises the cost of misrepresentation against Goodhart-style gaming.

Answering the Alternative Views

Alternative View 1

Standards lag behind innovation

Critics argue formal standards cannot keep pace with rapid model evolution and risk locking in suboptimal designs.

OUR REPLY

This assumes the absence of standards preserves agility. It overlooks the coordination costs that fragmented requirements already impose at scale, forcing developers to re-adapt the same system per jurisdiction. Modular, versioned standards evolve in parallel with technology.

Alternative View 2

Standards entrench incumbents

Compliance with formal schemas and audits may favor large firms and raise barriers for SMEs and new entrants.

OUR REPLY

Uncoordinated fragmentation already costs small actors more, forcing them to navigate multiple incompatible regimes. Outcome-oriented standards specify what must be demonstrated, not how — acting as enabling infrastructure, not gatekeeping. A single reusable artifact replaces many bespoke requirements.

Recommendations and Call to Action

R1 — Establish a shared technical baseline. Standards bodies should prioritize a minimal, machine-readable baseline for AI risk manifests reusable across regimes, anchored in existing institutions (ISO, IEC) to avoid governance duplication while enabling jurisdiction-specific enforcement.
R2 — Tie standards to incentives, not only mandates. Governments, funders, and large procurers should reward adherence through procurement criteria and certification pathways. Incentive-based adoption accelerates uptake while preserving flexibility and lowering entry barriers for smaller actors.
R3 — Invest in inclusive, multi-stakeholder stewardship. Governance must include transparency, balanced participation, and capacity building, particularly for low-resource contexts, with sustained roles for academia, civil society, and open-source communities.
R4 — Fund and formalize the science of AI evaluation. The manifest's utility depends on scientifically valid, reproducible metrics. Invest in robust fairness benchmarks, hardware-agnostic energy protocols, and rigorous automated red-teaming so the manifest enables accountability rather than compliance theater.

Overcoming the cold-start problem

Full global consensus is neither required nor expected. Partial convergence around a minimal interoperable schema is sufficient for procurement, auditing, and compliance workflows. Diffusion proceeds through market access and transaction-cost reduction rather than treaty negotiation.

Citation

Please cite the paper as below:

@inproceedings{
wasi2026aigovernance,
title={Position: {AI} Governance Needs {ISO}-like Interoperability Protocols, Not Just Laws},
author={Azmine Toushik Wasi and Mst Rafia Islam and Mahfuz Ahmed Anik and Taki Hasan Rafi and Md Manjurul Ahsan and Dong-Kyu Chae},
booktitle={Forty-third International Conference on Machine Learning Position Paper Track},
year={2026},
url={https://openreview.net/forum?id=TE3ceHd4YU},
note={Spotlight}
}