Demis Hassabis, the CEO and cofounder of Google DeepMind, is arguing that the world needs something it still doesnât have for frontier AI: a real, enforceable choke point. Not just guidelines, not just voluntary testing, and not just a patchwork of national rules that can be outpaced by the speed at which the most capable models are built and deployed. In a blog post, Hassabis proposes a global AI watchdog with the authority to evaluate advanced âfrontierâ models before theyâre releasedâand, crucially, to coordinate action across countries when those models appear too dangerous.
What makes Hassabisâs proposal stand out is the specific kind of power heâs describing. He isnât talking about an advisory body that publishes reports after the fact. Heâs describing an organization that could effectively âhit the brakesâ if a model crosses a safety thresholdâan approach closer in spirit to how certain financial regulators can restrict products or require changes before harm spreads. The analogy isnât perfect, but the intent is clear: oversight should be able to intervene early enough to matter, and it should be structured enough to be consistent across borders.
Hassabis also argues that the United States should lead the initiative. His reasoning is pragmatic rather than ideological: the US has the economic and technical standing to set standards that others will follow, and it has the institutional capacity to convene experts and operationalize evaluation. That doesnât mean the watchdog would be a US agency acting unilaterally. In his framing, it would be made up of leading independent experts and include representation from open source communitiesâsuggesting a governance model designed to avoid the perception that oversight is simply another tool of corporate or national control.
To understand why this proposal is gaining attention now, it helps to look at what âfrontierâ AI has come to mean in practice. These systems arenât just improving in accuracy; theyâre becoming more general-purpose, more autonomous in their capabilities, and more capable of being integrated into high-impact workflows. As models get stronger, the risk profile changes. A model that can write convincing text, generate code, assist with planning, or automate complex tasks can be used for legitimate purposesâbut it can also be repurposed quickly for fraud, manipulation, cyber operations, and other forms of harm. The danger isnât only that a model will fail; itâs that it can succeed in ways that are hard to predict, hard to contain, and easy to scale.
Thatâs where pre-release evaluation becomes central. If oversight happens only after deployment, the world has already absorbed the modelâs capabilities. Even if regulators later demand mitigations, the damage may already be done: malicious actors can study the system, replicate techniques, and build downstream tools. Pre-release scrutiny aims to reduce that windowâforcing developers to demonstrate safety properties before the model reaches the public or enters widespread use.
But pre-release evaluation raises a difficult question: who gets to decide what counts as âtoo dangerous,â and how do you measure it? Hassabisâs proposal gestures toward a solution by emphasizing independent experts and coordination. The idea is that the watchdog would not rely solely on internal company claims or on one countryâs regulatory preferences. Instead, it would bring together specialists who can assess risks using agreed-upon criteria, and it would coordinate with other jurisdictions so that safety standards donât diverge wildly.
This is where the âglobalâ part matters. Today, AI governance is often described as a patchwork: different countries adopt different rules, different enforcement mechanisms, and different definitions of what triggers oversight. That patchwork can create incentives for companies to deploy first in the least restrictive environment, or to structure releases around regulatory gaps. A global watchdogâif it truly has authorityâcould reduce those incentives by making evaluation and safety thresholds more uniform across major markets.
Still, centralized oversight is controversial, and Hassabisâs proposal invites the obvious pushback: what if a single institution becomes a bottleneck, or what if itâs captured by the very interests itâs meant to regulate? What if it slows innovation too much, or conversely, moves too slowly to keep up with rapid model iteration? What if its standards are too vague to be enforceable, or too rigid to adapt to new risks?
Hassabis appears to anticipate some of these concerns by describing the watchdog as an organization composed of independent experts and open source representation. That suggests a governance design intended to distribute legitimacy and expertise rather than concentrate it. But representation alone doesnât solve everything. The credibility of any regulator depends on transparency, due process, and the ability to challenge decisions. If the watchdog can stop deployment, developers will want to know what evidence is required, how safety thresholds are determined, and how appeals work. If the watchdog can coordinate across countries, it will need mechanisms to prevent political interference and to ensure that decisions are based on technical risk rather than geopolitical leverage.
Thereâs also a deeper issue: frontier AI isnât a single product category. Itâs a moving target. A model released today might be safe under one set of assumptions, but become risky when combined with new tools, new user behaviors, or new downstream applications. That means oversight canât be purely about the modelâs raw capabilities at release time. It also needs to consider how the model will be used, what access it will have, and what safeguards will accompany it. A watchdog that evaluates only the base model without considering deployment context could miss the real-world risk.
So what would a âwatchdog with brakesâ actually do day-to-day? In Hassabisâs framing, it would evaluate frontier models before release and coordinate across countries on safety standards. That implies a workflow: developers submit models (or relevant information) for assessment; the watchdog runs or commissions tests; it determines whether the model meets safety criteria; and it can require changes, delay release, or block deployment if risks are too high. Coordination across countries suggests that once a decision is made, other jurisdictions align their enforcement so that companies canât circumvent the outcome by shifting geography.
The most interesting part of this proposal is the implicit shift from âcomplianceâ to âcapability gating.â Many current approaches focus on requiring documentation, reporting, or adherence to best practices. Those are important, but they donât necessarily stop the most dangerous systems from reaching users. Capability gating is different: it treats certain levels of capability as inherently requiring additional scrutiny and potentially additional restrictions. In other words, it recognizes that risk is not linear with model size or performance metrics alone, but that there are inflection points where the probability and severity of misuse increase sharply.
If the watchdog is designed well, it could also help solve a problem that developers face: uncertainty. Companies often struggle to interpret what regulators expect, especially when rules are new and definitions are contested. A credible, expert-led evaluation framework could provide clearer expectations for what âsafe enoughâ looks like, reducing both the risk of over-compliance and the risk of underestimating hazards. That could, paradoxically, make innovation safer without necessarily making it slowerâbecause developers would know what to build toward.
However, thereâs a tradeoff. Clear thresholds can become targets. If safety criteria are predictable, companies might optimize for passing them rather than improving safety in a broader sense. Thatâs why the watchdog would need to evolve its evaluation methods and incorporate adversarial testing, red-teaming, and continuous monitoring. It would also need to account for the fact that models can be fine-tuned, prompted differently, or integrated into systems that change their behavior. A static checklist wonât be enough.
Another question is how the watchdog would handle open source models. Hassabis mentions representation from open source communities, which signals awareness that open source is both a benefit and a risk multiplier. Open models can accelerate research and democratize access, but they can also lower barriers for misuse. If the watchdogâs authority applies only to closed, commercial frontier models, it could create a perverse incentive for developers to release weights openly to avoid pre-release evaluation. On the other hand, if the watchdog tries to regulate open source too aggressively, it could conflict with the norms that make open source valuable.
A balanced approach might involve evaluating not only the model weights but also the distribution channels, documentation, and recommended usage. It could also involve requiring safety evaluations for certain âfrontierâ releases even if they are open, or coordinating with platforms and integrators to ensure that high-risk deployments are gated. But any such approach would require careful legal and technical design to avoid undermining open source ecosystems.
Hassabisâs call for the US to lead also deserves scrutiny. Leadership can mean many things: convening power, standard-setting, funding, and administrative capacity. But leadership can also be interpreted as dominance. For a global watchdog to work, it would need legitimacy beyond the US. Other countries would want assurance that the watchdogâs decisions are not simply extensions of US strategic interests. Thatâs why the compositionâindependent experts and open source representationâmatters, but itâs also why transparency and international buy-in would be essential.
In practice, the US leading the effort could be a starting point rather than a final governance arrangement. The US could host the initial framework, draft early standards, and build the evaluation infrastructure. Over time, the governance could become more international, with rotating leadership, shared funding, and representation from multiple regions. The key is to avoid a situation where the watchdog is perceived as a US regulator with global reach. If itâs seen that way, compliance may be partial, and cooperation may be fragile.
Thereâs also the question of enforcement. Hassabis describes authority to evaluate and coordinate, and the power to hit the brakes. But authority without enforcement is just influence. Enforcement could take several forms: legal requirements for companies operating in certain jurisdictions; contractual requirements for model providers; platform-level restrictions; or coordinated actions among regulators. The watchdogâs effectiveness would depend on how its decisions translate into real constraints on deployment.
This is where the analogy to existing regulators becomes useful. Financial regulation works because itâs backed by enforcement mechanisms and because institutions have clear jurisdiction. An AI watchdog would need similarly clear jurisdictional hooks. If it
