BackOn-chip governance mechanisms

This page is still being polished. If you have thoughts, please share them via the feedback form.

Data on this page is preliminary and may change. Please do not share or cite these figures publicly.

On-chip governance mechanisms

Jones (2024)|LLM classified

Mitigation Taxonomy

1AI System

1.2Non-Model

1.2.4Security Infrastructure

Cryptographic protections, access controls, and hardware security.

Also in Non-Model

1.2.1 Guardrails & Filtering1.2.2 Runtime Environment1.2.3 Monitoring & Detection1.2.5 Provenance & Watermarking

Definition

Make alterations to AI hardware (primarily AI chips), that enable verifying or controlling the usage of this hardware.

Additional Information

Examples of on-chip mechanisms being researched are: - Chip odometers and auto-deactivation: Chips could record how much they’ve been used (e.g. how many floating point operations have been executed). They would stop working after a certain amount of use, and require reactivation with a cryptographic key. This key could be automatically issued if their usage is compliant with AI regulations. Such features could be useful for deactivating export-controlled chips that have been found to be smuggled to a prohibited party. - [Approximate location verification](https://www.iaps.ai/research/location-verification-for-ai-chips): Chips could solve timed cryptographic challenges to servers located at different points around the world, with their response times proving where roughly in the world they are. This could be used as part of chip reactivation criteria. - Usage logging: Secure logging of key events during AI model training and deployment could enable auditing of AI development processes. This could enable enforcement of future international treaties that might ban dangerous AI development (in the same way that advances in verifying compliance with the test ban enabled the [Comprehensive Nuclear-Test-Ban Treaty](https://en.wikipedia.org/wiki/Comprehensive_Nuclear-Test-Ban_Treaty)). One such scheme this could support is described in the [What does it take to catch a Chinchilla?](https://arxiv.org/pdf/2303.11341) paper. Sharing some usage logs could also be a condition of getting chips reactivated. - Model authentication: Chips could verify that only properly vetted AI models are executed on them, similar to [code signing](https://en.wikipedia.org/wiki/Code_signing). This could prevent the deployment of models that haven't undergone safety testing or certification. - Content provenance: See the [content provenance](https://adamjones.me/blog/ai-regulator-toolbox/#content-provenance) section.

LLM Classification Details

Reasoning

Hardware modifications enable cryptographic controls and usage verification of AI chips through security mechanisms.

Code: 1.2.4Version: v0.5Classified: Jan 22, 2026

Other mitigations from Jones (2024) (49)

Compute goverance

Regulate companies in the highly concentrated AI chip supply chain, given AI chips are key inputs to developing frontier AI models.

3.1.1 Legislation & Policy

Lifecycle:Other (outside lifecycle)Actor:Governance ActorAIRM:Govern

Data input controls

Filter data used to train AI models, e.g. don’t train your model with instructions to launch cyberattacks.

1.1.1 Training Data

Lifecycle:Collect and Process DataActor:DeveloperAIRM:Manage

Licensing

Require organisations or specific training runs to be licensed by a regulatory body, similar to licensing regimes in other high-risk industries.

3.1.4 Compliance Requirements

Lifecycle:Other (outside lifecycle)Actor:Governance ActorAIRM:Govern

Safety cases

Develop structured arguments demonstrating that an AI system is unlikely to cause catastrophic harm, to inform decisions about training and deployment.

2.2.4 Assurance Documentation

Lifecycle:Plan and DesignActor:Governance ActorAIRM:Measure

Evaluations (aka “evals”)

Give AI systems standardised tests to assess their capabilities, which can inform the risks they might pose.

2.2.2 Testing & Evaluation

Lifecycle:Verify and ValidateActor:Governance ActorAIRM:Measure

Red-teaming

Perform exploratory and custom testing to find vulnerabilities in AI systems, often engaging external experts.

2.2.2 Testing & Evaluation

Lifecycle:Verify and ValidateActor:Governance ActorAIRM:Measure

View all 49 mitigations from this source →

Source Document

The AI regulator’s toolbox: A list of concrete AI governance practices

Jones, Adam (2024)

This article explains concrete AI governance practices people are exploring as of August 2024. Prior summaries have mapped out high-level areas of work, but rarely dive into concrete practice details. This summary explores specific practices addressing risks from advanced AI systems. Practices are grouped into categories based on where in the AI lifecycle they best fit. The primary goal of this article is to help newcomers contribute to the field of AI governance by providing a comprehensive overview of available practices.

View source

Classification

AI Lifecycle Stage

Other (stage not listed)

Applies to a lifecycle stage not captured by the standard categories

Responsible Actor

Infrastructure Provider

Entity providing compute, platforms, or tooling for AI systems

Governance Actor

NIST AI RMF Function

Govern

Policies, processes, and accountability structures for AI risk management

Manage

Risk Domains

Primary

7.2 AI possessing dangerous capabilities

Other

6.5 Governance failure 4.2 Cyberattacks, weapon development or use, and mass harm