The New Standard for AI Trust Is Here. The Runtime Layer Is Not.

A week ago I wrote that the missing piece in the sovereign AI stack was the control and assurance layer above the model. The comments filled with builders saying they had already built it. I said a category was forming in real time.

This week it became infrastructure.

The Linux Foundation launched the Appia Foundation under its Joint Development Foundation, with founding members including Google, Microsoft, OpenAI, Mastercard, Arm, Ericsson, Siemens, Schneider Electric, and Mitsubishi Electric. Its premise is that AI trust requires verifiable proof. Its work is to build the open connecting layer between standards that set expectations and assessments that verify them, so conformity evidence produced once can be recognized across the value chain.

That is the most useful contribution anyone has made in this space, and the fact that it is being built on neutral ground is exactly right. When the Linux Foundation and that roster put their names to verifiable proof of trustworthy AI, the question of whether evidence matters is settled. The category is no longer forming. It is being institutionalized.

It proves the bigger point about independence

Appia is structurally a neutral, openly governed standard for how a system is measured. The whole design assumes that proof has to be portable and vendor-neutral, so that a result carries the same meaning wherever it is read.

That is the same structural argument I made about platforms. A great platform can govern its own corner with real discipline. But the proof that an institution, a regulator, and a counterparty will rely on has to sit on neutral ground. Appia is the standards-level version of the independent referee.

The one thing I would add

The current framing is assessment-time. The example the white paper uses is a system that is scored once against criteria, with evidence that then passes downstream. That is a necessary first case. It is not the last one.

The next systems do not just get scored once. They act continuously. An agent plans, calls tools, touches data, makes decisions, and escalates inside workflows that matter. For a system like that, conformity cannot be a one-time demonstration. It has to be a standing loop. It has to hold on any given day, including the morning a model is swapped under pressure, with identity, authorization, and the audit trail intact across the change.

Evidence that was true at assessment and silently stopped being true the moment the agent or the model changed is not evidence a regulator can rely on. The conformity layer needs a way to express proof that is continuous, not a snapshot. There is a name for that standing loop: Continuous Agentic Assurance.

That is the part the agentic era forces, and it is the part the specification does not yet cover. It is also exactly buildable now while the criteria are still being written.

What this looks like inside a bank

Picture a regulated institution running an agent on a model from one provider, adapted by another, and wired into its own systems and data. Appia’s design lets each party demonstrate conformity for its part and pass the evidence downstream. That is real progress.

But the agent does not sit still once it has been assessed. It acts every day. When a frontier model can be pulled from the market with three days of notice, the model underneath an agent can be swapped overnight. The moment it changes, the upstream conformity evidence describes a system that no longer exists. The institution’s obligation does not pause. Under the EU AI Act, and under supervisory regimes from OSFI in Canada to peers elsewhere, it still has to show, that Monday morning, that the swapped agent operated inside policy with an unbroken audit trail.

That is what a continuous layer does. It regenerates conformity evidence as the system changes, so the pass-through stays true after the swap and not only at the moment of assessment. It is the difference between proving something was conformant once and showing that it still is.

The voices the standard still needs

The founding membership spans the AI value chain and multiple regions. That is the point: no one builds this layer alone. But the roster is thin where it matters most. The institutions that will have to stand behind agentic systems in front of a regulator, especially in finance and other high-stakes sectors, are barely at the table. Regulated finance appears mainly as a single payments network.

The criteria that will shape AI conformity for years are being drafted now, in open working groups that already include a stream on regulatory connection covering the EU AI Act. The people who live the regulator’s Monday-morning question should help write them: the operators who run agents across jurisdictions, carry model-risk obligations, and must produce evidence when something changes. The agentic, continuous dimension belongs in that work too. This is the moment to get those voices in while the pen is still moving.

The evidence thesis is now infrastructure

For months this series has argued that in regulated industries, the layer that proves what AI did is where trust and value concentrate. This week the most credible neutral body in open technology, alongside the largest names in the field, made that argument a standard.

The work now is to make sure the proof can keep up with systems that act on their own, and to get the operators who carry the regulatory obligation into the room while the criteria take shape. The standard is the foundation. The runtime layer that produces continuous, agentic-grade evidence is the necessary complement, and it is buildable now.

Paul Goldman is Founder and CEO of iTmethods, where his team helps enterprises build and govern AI-native platforms, from model and agent control planes to the evidence and continuity that regulated industries require. He writes weekly on AI governance in the agentic era. Building the Trust Layer for Enterprise AI at itmethods.com.