States, institutions and companies seeking to shape post-crisis AI governance can act in advance to improve the likelihood of high-quality governance emerging.
Precedent points to certain factors that may contribute to successful governance following a crisis. Many steps towards this outcome can be taken today. These steps should provide states, institutions and companies with the tools and technical levers necessary to build a durable AI governance regime once a crisis hits.
Activate existing governance pathways
Crises tend not to trigger novel mechanisms for governance. More often, they operationalize pre-existing ones through rapid policy change. For the governance of AI, efforts should focus on:
- Developing off-the-shelf strategies such as treaties and agreements;
- Leveraging technical exchange networks to enable communication and coordination between experts and policymakers;
- Establishing policy back-channels and diplomatic coordination; and
- Evaluating and improving existing mechanisms for sharing information.
Develop off-the-shelf strategies
When a crisis occurs, decision-makers have little time to react and should not negotiate from scratch. ‘Off-the-shelf’ or ‘dormant’ strategies may provide the speed and flexibility needed.
‘Off-the-shelf’ arrangements are not a new concept. In arms control, climate change, finance, technology and trade, pre-negotiated or -drafted treaties, agreements, pacts and amendments sit patiently in government offices worldwide. When an emergency, scandal or shift in political opinion gives traction to a particular issue, these documents are in position, ready to deploy. For example, the Montreal Protocol HFC phase-down – an updated, fully drafted US-led amendment on hydrofluorocarbons (or HFCs) – was ready years before political alignment materialized around the Kigali Amendment in 2016. The pre-existing draft could be executed relatively quickly, leading to a faster global agreement on protecting the ozone layer.
For an off-the-shelf strategy to enable post-crisis governance, three things are necessary. First, its core architecture – i.e. the scope and function – must be fixed in place. This means that, at the ‘zero draft’ stage, states must align on key obligations, language (both technical and political), implementation mechanisms and, in general terms, on the management of compliance and enforcement. In the example of the Kigali Amendment, informal discussions were encouraged alongside the formal forum for negotiation, to allow countries to explore approaches, ideas and positions freely expressed and unhindered by ‘official’ positions. The UN Global Dialogue on AI series could offer opportunities for this kind of dialogue to take place.
Second, off-the-shelf strategies must have a level of operational tailoring that can be easily administered after implementation. Ideally, customization must be extended over time – for example, through a mechanism for amendments. Off-the-shelf strategies must also be modular by design. This menu-style approach means that the components – such as the sector, actors, institutions and impact – can be better matched to the crisis conditions.
Third, implementers must be ready to use established enforcement mechanisms to implement or monitor agreements at the national and international levels, as opposed to or in tandem with newly established ones.
Non- or pre-crisis conditions provide low-pressure environments. Under normal conditions, decoupling consensus from formal agreement (and formal agreement from implementation) allows states to positively signal their commitment to crisis preparedness, thus facilitating measures detailed here and in Chapter 5. Reduced urgency alleviates the need for immediate resource allocation. Nor does it demand immediate political consensus on the most contentious AI governance questions. Crisis preparedness frameworks can then confidently progress to the drafting phase, while deferring complex questions of enforcement, burden-sharing and sovereignty limitations to a future approval and ‘entry into force’ phase.
Beyond pre-negotiated treaties, institutional protocols can be activated without waiting for consensus between states. For example, the Financial Stability Board has crisis coordination arrangements that could be extended to AI-enabled financial shocks. The UN Office on Digital and Emerging Technology (ODET) could develop protocols for cross-border AI incidents. Unlike treaties, which require diplomatic agreement, institutional tools can be deployed by organizations when crises affect their mandates.
Having the off-the-shelf options allows states and others to act quickly in an emergency context such as one involving the use of AI-enabled biological weapons or autonomous military systems.
International organizations must be prepared to develop and deploy modular tools for crisis response. These tools may complement frameworks with AI-crisis-specific updates. Crucially, clarifying coordination protocols before a crisis may also mitigate the proliferation of multi-stage crises with amplified severity. Among other benefits, it would help by providing a more stable basis for post-crisis governance-building.
Pre-agreed, crisis-specific ‘red lines’ can support these tools. ‘Red lines’ might pertain to levels and types of unacceptable AI risk. Breaching those ‘red lines’ would then enable the activation of certain protocols: for instance, threat reporting in AI-enabled biological weapons design. For existing international institutions (like the UN ODET and Office for Disarmament Affairs) or future ones, possessing and promoting off-the-shelf, but situation-specific, tools should ensure that crisis response is not contingent on international agreement on a comprehensive treaty.
Complete improvisation is likely to be too protracted for an AI crisis. Whether draft or binding commitments are used in crisis is still dependent on context and political will in the moment. But having the off-the-shelf options allows states and others to act quickly in an emergency context, such as one involving the use of AI-enabled biological weapons or autonomous military systems. This speed will be critical to mitigating potential harm and escalation.
Leverage existing channels to connect technical experts with policymakers
Channels that connect technical experts to policymakers are essential both for building a clear picture of the threat landscape and for implementing responses. Beyond the immediate term, such channels are also essential as a foundation for governance, helping to provide in a credible, consensus-based picture of shared risks. (The barriers to doing so are detailed in Chapter 1.)
The response to WannaCry spotlighted the role of technical expert-to-expert channels, which can work outside the constraints of national politics and ‘normal’ diplomacy. In the UK, the NCSC plays a central role in crisis response. Similarly, technical expertise was elevated and mainstreamed into regulatory mechanisms following the GFC. There is evidence that IT improved banks’ resilience. In the COVID-19 pandemic, many states centralized communication between scientific experts and government decision-makers.
On AI (and specifically AI safety and security), continued voluntary technical exchanges between experts have proven their value for fostering consensus despite national differences – for example, on the importance of context-specific ‘red lines’. Leveraging the operational offerings – information-sharing, monitoring dashboards, supervisory technologies, established interpersonal contacts, recurring meetings and so on – of pre-existing technical networks in crisis is key for generating trust, goodwill and buy-in for global crisis responses.
Establish policy dialogues and back-channels
Emergency back-channels between decision-makers are critical institutional pathways for any crisis. In some contexts, this kind of arrangement is called a ‘red phone network’, in reference to the Cold War-era hotline between Moscow and Washington, set up in the aftermath of the Cuban missile crisis for emergency communications. Similar bilateral arrangements have been considered in other fields, such as cyber diplomacy, to exchange state positions during crises and prevent unnecessary escalation. The existence of these arrangements may provide high-level guarantees for new post-crisis governance measures, such as improved monitoring and risk-notification protocols.
Indeed, many states now favour a consolidated approach to dealing with major incidents or crises in cyberspace. Many publicly declare their thresholds of acceptable or unacceptable behaviour in cyberspace, although there is still an alarming divergence between some states’ public-facing rhetoric on maintaining cyber stability and the realities of their sub-threshold cyber activities. To some cybersecurity experts, the WannaCry crisis provided important context to major international negotiations on responsible behaviour in cyberspace and mitigating shared risks, particularly in the UN First Committee. All UN member states can now meet in a designated international forum that seeks to advance an agreed set of norms for states while allowing challenge and debate.
But multilateral and consensus-driven settings have significant downsides. Their deliberative pace means that long-term open dialogues will likely be too slow-moving to be useful for an emergency response to an AI crisis. Nevertheless, multilateral meetings help provide common language, advance context-specific ‘red lines’ and signal political willingness to tackle a shared crisis. In the middle of an actual crisis, diplomatic backchannels – away from political pressures and scrutiny – can use this multilateral groundwork to build avenues for rapid, direct responses.
Evaluate and improve existing mechanisms for sharing information
Private companies control most of the information about AI system capabilities, behaviours and failures. During a crisis, such information asymmetry can hinder any attempt at a high-level response, as governments and international bodies cannot coordinate responses to threats they cannot see. To help facilitate an effective crisis response, companies should therefore:
- Expand trusted emergency communication channels with government representatives at the national level. AISIs and similar bodies already encourage communication between labs and governments.
- Build emergency communication channels into and around existing corporate institutions (including industry associations, forums and conferences) for real-time monitoring and crisis response coordination up and down the AI value and supply chains. This recommendation is relevant beyond frontier AI labs and providers. Energy, mining and telecommunications companies, for example, are also exposed to supply-chain shocks, and may have an important role to play in crisis information-sharing. These changes will lay the foundation for the improved post-crisis governance of bottlenecks, proliferation and other instability risks.
- Participate in international networks and task-forces dedicated to government exchanges and work in tandem with corporate counterparts – in the technology sector and others – on synchronized responses according to pre-agreed ‘red lines’, necessitating model shutdowns, patch deployment and ‘circuit breakers’.
- Close, or at least reduce, unnecessary information gaps and commit to sharing intelligence that does not have national security or competition implications (such as explainability and transparency indicators and methods, public benefit applications, or legal interpretations of data protection). Given that global consensus on transparency and risk mitigation is realistically years away, frontier AI labs and model providers should leverage existing efforts – for instance, the Hiroshima AI Process Reporting Framework – to generate alignment on minimum expectations of information-sharing in crisis.
Concentrate legitimate authority
If given enough authority, actors with credible and legitimate technical expertise can help bypass bottlenecks in times of crisis. Measures that will assist in this task include:
- Positioning AISIs as technical authorities;
- Establishing national crisis response units; and
- Clarifying emergency decision-making powers.
Position AI safety institutes as technical authorities
The member organizations of the international network of AISIs are strong candidates to act as trusted public authorities on AI, particularly when trust in the technology industry is low. AISIs have existing research collaborations on benchmarks, evaluations and joint testing, plus agreements with frontier labs, that provide access other institutions lack. Expanding AISI mandates to give them formal roles in crisis response alongside research functions, positioning staff in proximity to centres of political power and strengthening networks into industry can elevate these institutions’ technical expertise into wider public technical authority. To make this work, politicians must deal with competing national institutional authorities and ensure AISIs’ political legitimacy and financial sustainability.
Establish crisis decision-making prerogatives
As observed in the case studies, the scale of harm caused by a crisis is often contingent on the speed of response. Governments should therefore seek to craft a domestic regime of contingency powers ready to be deployed or, alternatively, ensure that existing frameworks for intervention are updated with crisis-relevant components and new incident authorities. These regimes should be:
- Automatically activated under specific, pre-defined ‘trigger’ conditions. (This may be facilitated by the incorporation of AI-related risks into countries’ national risk registers, or the integration of AI-specific risks in national emergency response mechanisms.)
- Inclusive of powers aimed at agile decision-making, such as the capacity to request data from controllers rapidly on reasonable grounds and according to data protection principles; impose temporary operational restrictions; and activate international channels for crisis response (including technical exchanges and back-channels, intelligence-sharing arrangements and coordination under international bodies like Interpol).
- Subject to scrutiny, judicial boundaries and a strict regime of transparency to prevent misuse of additional contingency powers. (The goal is not to create a regime of exception that avoids democratic accountability, but rather to enable governments to take quick, decisive action in a crisis.)
Enable technical intervention
AI systems are increasingly autonomous, globally distributed and controlled by private actors. Their governance may demand the development of technical intervention capabilities that do not yet exist at scale. Technology developers, providers and their regulators must therefore:
- Build circuit breakers and ‘kill switches’ into system design;
- Establish forensics and attribution capabilities;
- Deploy monitoring and early-warning systems;
- Create rapid technical-response teams;
- Ensure access and verification mechanisms; and
- Foster investment in governance-enabling technologies.
Build circuit breakers and ‘kill switches’ into system design
Many autonomous AI systems are already globally diffused. Confronting a growing evidence base of model bias, deceptive behaviours, security vulnerabilities, weaponization risks and ‘ego-centric’ coordination in existing AI models and systems, many experts have strongly advocated for a human-in-the-loop approach to development. Notwithstanding the type of crisis trigger (whether non-AI or AI-enabled, such as malicious use or loss of control), the possibility of AI systems operating without sufficient human control in crisis conditions is a legitimate cause for concern.
But globally agreed, binding actions on preventing crisis escalation with and through autonomous systems are decades away at best. Acknowledging this reality, private developers of advanced AI systems should urgently consider two measures that will enable crisis management and build trusted governance mechanisms in a post-crisis environment.
- Circuit breakers ‘trip’ if certain output conditions are fulfilled (for instance, the generation of model outputs with significant uplift potential for malicious misuse, such as solving a technical problem that was the main obstacle preventing someone from carrying out a bio-chemical attack). This rerouting process aims to make AI models intrinsically safe and more robust to potentially adversarial acts or crisis conditions.
- ‘Kill switches’, on the other hand, trigger a more immediate shutdown or operational pause in the use of AI systems.
Both are key tools to build trust and certainty in attempts at post-crisis governance, and prevent a further escalation.
Assurance and risk mechanisms like these will help build ‘good faith’ between industry and government, and could give states more time to develop medium- to long-term governance pathways after the initial ‘moment’ of crisis.
Create allied rapid-response teams of technical experts
During and immediately following crisis, rapid-response teams working across borders have an important role. Such teams are often used by WHO to convene cross-border medical experts during outbreaks and in cybersecurity incident response, with many countries appointing computer incident response teams to coordinate on threat identification and response. These teams should play both an advisory and operational role, assisting with threat diagnosis, mitigating escalation and, ideally, facilitating coordinated international responses. The activities of cross-border rapid-response teams formed in crisis may inform governance innovation – for instance, in institutionalizing frontier monitoring capabilities or formalizing new mechanisms for cross-border information-sharing.
The most feasible path forward could be the establishment of rapid-response teams among allied nations’ institutes with existing foundations of trust and intelligence-sharing agreements.
The international network of AISIs is likely the most viable future institutional ‘home’ for this work, given existing research collaborations (such as those on benchmarks, evaluations and joint testing) and agreements between frontier AI labs and national institutes. Participating governments might consider expanding the network’s mandate to better formalize its role responding to AI-enabled crises. Some AI experts have advocated for a ‘CERN for AI’. A formal international organization for crisis coordination and response may be feasible in the future. But, in the current geopolitical environment, an expansion of the international AISI network to host rapid-response teams of technical experts would be the best starting point, given the talent concentrations in participating national institutes. Drawing from existing foundations of trust and intelligence-sharing agreements, such as ASEAN, the EU, the G7 or the countries in the ‘Five Eyes’ intelligence-sharing network, is a potential path forward.
Deploy stop-gap monitoring solutions
Intervention requires the detection of crisis triggers. Basic monitoring requirements are found in most governance systems. However, AI systems operate at speeds and scales that exceed human monitoring capacity. Most AI systems operate on private infrastructure with no visibility to authorities, and there are strong incentives against transparency on AI capabilities in both the private and public sectors.
Under these conditions, external behavioural monitoring by third parties could track AI system outputs, behaviours or effects by detecting unusual patterns through public-facing interfaces, similarly to the way financial regulators monitor market behaviour before inspecting internal practices. While insufficient, these approaches may provide partial visibility while comprehensive monitoring remains politically infeasible. Should a crisis expose the costs of opacity, stronger requirements may become acceptable in time.
Foster investment in governance-enabling technologies
Some forms of AI governance will likely depend on technologies that do not exist at scale, such as chips with ‘call-home’ functionality tracking deployment and usage, model watermarking or secure ‘sandboxes’ for regulatory development and auditing. The expansion of procurement markets or public–private investment in governance-enabling technologies may be necessary to incentivize the development of these technologies before they become urgently needed.
Prepare effective framing
Crisis incidents must be framed as collective international threats requiring coordinated response. Minilateral or international framing efforts are an essential part of the preparations for trusted, credible governance, even where global consensus is lacking or geopolitical tension prevents it. Supporting these collective governance efforts must be a post-crisis aim. Measures to build preparedness include:
- Joint attribution for shared narratives; and
- Table-top exercises that practice framing.
Establish joint-attribution mechanisms and audit crisis-prevention strategies
Country-to-country intelligence-sharing and joint investigations during and after a crisis can lead to public attribution of crisis triggers. Operationalizing information about crisis triggers opens the door to policy change. After the GFC, for example, forensic accounting measures like investigations into systemic vulnerabilities and deceptive practices (such as sub-prime mortgage fraud) were essential to uncovering fraud and evidencing the need for post-crisis reforms.
The UK and EU’s joint attribution of a cyber threat to Russia in December 2024 demonstrated the importance of attribution as a powerful political signal and declared a united cybersecurity front against future malign action. But, as in the COVID-19 pandemic, attribution is not always straightforward. Due to a lack of evidence and ongoing research into the disease, contested accounts of the virus’s origins emerged that stoked political division and conspiracy theories – damaging, rather than laying, the foundations for a better future response.
Universal acceptance of attribution of a crisis is rarely achievable for all audiences. The prevalence of mis- and dis-information is a growing issue in crisis response and governance. Continued efforts must be made to ensure independent verified sources, evidence and forensics are available, specialized knowledge and expertise are prominent in the information space, and sufficient resources are given to addressing public perception, resilience and trust.
In the short term, even informal connections between AISIs and other allied technical experts, intelligence agencies, independent bodies and news media can support rapid baseline framings. An essential part of this is by auditing crisis prevention strategies – asking what worked, what did not, and where innovation is required to build more robust governance. Locating this audit within an institutional body – such as an empowered international network of AISIs or the UN’s Scientific Panel – is preferable to make the audit process more inclusive.
Strengthen ‘muscle memory’ through mutual learning and scenario exercises
Interviewees and literature underscored the value that could be gained by decision-makers through scenario exercises, table-tops and wargames. For example, Chatham House’s scenario exercises have pushed participants to consider the broader governance implications of their policy options. As technology-enabled crises grow in frequency and likelihood, many traditional games have been updated to reflect new dynamics, such as networked problems, interdependent solutions and unpredictable technological advancements. Civil society organizations and policy institutes, in particular, can play a key role in building multi-stakeholder capacity on AI futures and crises. Stakeholders can then tackle questions of public framing, multilateral cooperation and points of contention between the main actors.
Where possible, exercises should be informed by key learnings (whether best practice or cautionary tales) gathered through information-sharing. Protocols for mutual learning are already well established in different crisis response areas. Cybersecurity researchers have long relied on different platforms for exchanging and analysing incident data, which helps inform both a clearer picture of the threat landscape and the policy reaction. International bodies like the WHO serve similar functions for outbreak incidents, while the Financial Stability Board’s mandate promotes coordination and information exchange among authorities. Where competitive incentives create barriers to information-sharing, though, anonymized or aggregated reporting that protects proprietary details while capturing systemic patterns are a short-term substitute.
Align incentives
After a crisis, short-term policy change is possible, even with misaligned incentives between and among governments, international institutions and companies. But durable governance reform requires a minimum threshold of sustained incentive alignment. To achieve this, actors must:
- Build capacity in low-income and developing economies; and
- Develop competition-proof coordination.
Build crisis governance capacity in low-income and developing economies
Crises can exacerbate existing global inequities. Inability to respond in crisis can amplify post-crisis harms in low-income and developing economies. Crisis responses also risk reproducing or entrenching power dynamics, such as the exclusion of low-income and developing economies from multilateral decision-making. International institutions should include tailored crisis preparation protocols in technical assistance and capacity-building programmes offered to states with limited digital infrastructure, regulatory capacity or international bargaining power.
Most AI governance attention focuses on US–China competition. But crisis negotiations depend on ‘middle powers’ (e.g. Canada, Germany, India, the Netherlands, Qatar, Singapore, Switzerland, the UAE and the UK) who can provide neutral venues, hold swing votes in multilateral settings, and control supply-chain chokepoints. This could include establishing regional crisis hubs and creating shared forensic and monitoring facilities that lower-capacity states can rely on.
Explore competition-proof coordination protocols
In crisis, private companies have various legal duties to their shareholders and users. This should entail acting responsibly and resolving incidents that may impact the consumers of their products and services, their business partners and – to some extent – members of the public.
AI providers and AI-exposed companies operating across sectors should establish collective, flexible protocols clarifying in-crisis roles and responsibilities, including non-binding rules and expectations to facilitate coordination. Crucially, such a framework must supersede competition and incentivize buy-in. Stability and certainty must be framed as a common business interest.
Corporate protocols are highly unfavourable in the current competitive, hyper-politicized AI ecosystem. However, a framework marketed as ‘apolitical’ – i.e. focused on evidence-gathering and stability – may be an effective foundation. This may comprise existing corporate or international regimes like the Financial Stability Board or loose corporate coalitions on technology and risk, as seen in cybersecurity, counter-terrorism and attempts to counter misuse of AI around elections.
