Demis Hassabis, the CEO and cofounder of Google DeepMind, is arguing that the world needs something it still doesn’t have for frontier AI: a real, enforceable choke point. Not just guidelines, not just voluntary testing, and not just a patchwork of national rules that can be outpaced by the speed at which the most capable models are built and deployed. In a blog post, Hassabis proposes a global AI watchdog with the authority to evaluate advanced “frontier” models before they’re released—and, crucially, to coordinate action across countries when those models appear too dangerous.
What makes Hassabis’s proposal stand out is the specific kind of power he’s describing. He isn’t talking about an advisory body that publishes reports after the fact. He’s describing an organization that could effectively “hit the brakes” if a model crosses a safety threshold—an approach closer in spirit to how certain financial regulators can restrict products or require changes before harm spreads. The analogy isn’t perfect, but the intent is clear: oversight should be able to intervene early enough to matter, and it should be structured enough to be consistent across borders.
Hassabis also argues that the United States should lead the initiative. His reasoning is pragmatic rather than ideological: the US has the economic and technical standing to set standards that others will follow, and it has the institutional capacity to convene experts and operationalize evaluation. That doesn’t mean the watchdog would be a US agency acting unilaterally. In his framing, it would be made up of leading independent experts and include representation from open source communities—suggesting a governance model designed to avoid the perception that oversight is simply another tool of corporate or national control.
To understand why this proposal is gaining attention now, it helps to look at what “frontier” AI has come to mean in practice. These systems aren’t just improving in accuracy; they’re becoming more general-purpose, more autonomous in their capabilities, and more capable of being integrated into high-impact workflows. As models get stronger, the risk profile changes. A model that can write convincing text, generate code, assist with planning, or automate complex tasks can be used for legitimate purposes—but it can also be repurposed quickly for fraud, manipulation, cyber operations, and other forms of harm. The danger isn’t only that a model will fail; it’s that it can succeed in ways that are hard to predict, hard to contain, and easy to scale.
That’s where pre-release evaluation becomes central. If oversight happens only after deployment, the world has already absorbed the model’s capabilities. Even if regulators later demand mitigations, the damage may already be done: malicious actors can study the system, replicate techniques, and build downstream tools. Pre-release scrutiny aims to reduce that window—forcing developers to demonstrate safety properties before the model reaches the public or enters widespread use.
But pre-release evaluation raises a difficult question: who gets to decide what counts as “too dangerous,” and how do you measure it? Hassabis’s proposal gestures toward a solution by emphasizing independent experts and coordination. The idea is that the watchdog would not rely solely on internal company claims or on one country’s regulatory preferences. Instead, it would bring together specialists who can assess risks using agreed-upon criteria, and it would coordinate with other jurisdictions so that safety standards don’t diverge wildly.
This is where the “global” part matters. Today, AI governance is often described as a patchwork: different countries adopt different rules, different enforcement mechanisms, and different definitions of what triggers oversight. That patchwork can create incentives for companies to deploy first in the least restrictive environment, or to structure releases around regulatory gaps. A global watchdog—if it truly has authority—could reduce those incentives by making evaluation and safety thresholds more uniform across major markets.
Still, centralized oversight is controversial, and Hassabis’s proposal invites the obvious pushback: what if a single institution becomes a bottleneck, or what if it’s captured by the very interests it’s meant to regulate? What if it slows innovation too much, or conversely, moves too slowly to keep up with rapid model iteration? What if its standards are too vague to be enforceable, or too rigid to adapt to new risks?
Hassabis appears to anticipate some of these concerns by describing the watchdog as an organization composed of independent experts and open source representation. That suggests a governance design intended to distribute legitimacy and expertise rather than concentrate it. But representation alone doesn’t solve everything. The credibility of any regulator depends on transparency, due process, and the ability to challenge decisions. If the watchdog can stop deployment, developers will want to know what evidence is required, how safety thresholds are determined, and how appeals work. If the watchdog can coordinate across countries, it will need mechanisms to prevent political interference and to ensure that decisions are based on technical risk rather than geopolitical leverage.
There’s also a deeper issue: frontier AI isn’t a single product category. It’s a moving target. A model released today might be safe under one set of assumptions, but become risky when combined with new tools, new user behaviors, or new downstream applications. That means oversight can’t be purely about the model’s raw capabilities at release time. It also needs to consider how the model will be used, what access it will have, and what safeguards will accompany it. A watchdog that evaluates only the base model without considering deployment context could miss the real-world risk.
So what would a “watchdog with brakes” actually do day-to-day? In Hassabis’s framing, it would evaluate frontier models before release and coordinate across countries on safety standards. That implies a workflow: developers submit models (or relevant information) for assessment; the watchdog runs or commissions tests; it determines whether the model meets safety criteria; and it can require changes, delay release, or block deployment if risks are too high. Coordination across countries suggests that once a decision is made, other jurisdictions align their enforcement so that companies can’t circumvent the outcome by shifting geography.
The most interesting part of this proposal is the implicit shift from “compliance” to “capability gating.” Many current approaches focus on requiring documentation, reporting, or adherence to best practices. Those are important, but they don’t necessarily stop the most dangerous systems from reaching users. Capability gating is different: it treats certain levels of capability as inherently requiring additional scrutiny and potentially additional restrictions. In other words, it recognizes that risk is not linear with model size or performance metrics alone, but that there are inflection points where the probability and severity of misuse increase sharply.
If the watchdog is designed well, it could also help solve a problem that developers face: uncertainty. Companies often struggle to interpret what regulators expect, especially when rules are new and definitions are contested. A credible, expert-led evaluation framework could provide clearer expectations for what “safe enough” looks like, reducing both the risk of over-compliance and the risk of underestimating hazards. That could, paradoxically, make innovation safer without necessarily making it slower—because developers would know what to build toward.
However, there’s a tradeoff. Clear thresholds can become targets. If safety criteria are predictable, companies might optimize for passing them rather than improving safety in a broader sense. That’s why the watchdog would need to evolve its evaluation methods and incorporate adversarial testing, red-teaming, and continuous monitoring. It would also need to account for the fact that models can be fine-tuned, prompted differently, or integrated into systems that change their behavior. A static checklist won’t be enough.
Another question is how the watchdog would handle open source models. Hassabis mentions representation from open source communities, which signals awareness that open source is both a benefit and a risk multiplier. Open models can accelerate research and democratize access, but they can also lower barriers for misuse. If the watchdog’s authority applies only to closed, commercial frontier models, it could create a perverse incentive for developers to release weights openly to avoid pre-release evaluation. On the other hand, if the watchdog tries to regulate open source too aggressively, it could conflict with the norms that make open source valuable.
A balanced approach might involve evaluating not only the model weights but also the distribution channels, documentation, and recommended usage. It could also involve requiring safety evaluations for certain “frontier” releases even if they are open, or coordinating with platforms and integrators to ensure that high-risk deployments are gated. But any such approach would require careful legal and technical design to avoid undermining open source ecosystems.
Hassabis’s call for the US to lead also deserves scrutiny. Leadership can mean many things: convening power, standard-setting, funding, and administrative capacity. But leadership can also be interpreted as dominance. For a global watchdog to work, it would need legitimacy beyond the US. Other countries would want assurance that the watchdog’s decisions are not simply extensions of US strategic interests. That’s why the composition—independent experts and open source representation—matters, but it’s also why transparency and international buy-in would be essential.
In practice, the US leading the effort could be a starting point rather than a final governance arrangement. The US could host the initial framework, draft early standards, and build the evaluation infrastructure. Over time, the governance could become more international, with rotating leadership, shared funding, and representation from multiple regions. The key is to avoid a situation where the watchdog is perceived as a US regulator with global reach. If it’s seen that way, compliance may be partial, and cooperation may be fragile.
There’s also the question of enforcement. Hassabis describes authority to evaluate and coordinate, and the power to hit the brakes. But authority without enforcement is just influence. Enforcement could take several forms: legal requirements for companies operating in certain jurisdictions; contractual requirements for model providers; platform-level restrictions; or coordinated actions among regulators. The watchdog’s effectiveness would depend on how its decisions translate into real constraints on deployment.
This is where the analogy to existing regulators becomes useful. Financial regulation works because it’s backed by enforcement mechanisms and because institutions have clear jurisdiction. An AI watchdog would need similarly clear jurisdictional hooks. If it
