The AI governance debate has drifted into geopolitical improvisation. Governments are writing the rules in real time.

In recent weeks (June 2026), we have seen frontier AI models restricted (e.g., Claude Fable 5 and Claude Mythos 5) and access rules changed abruptly (e.g., OpenAI GPT-5.6 series). Governments are beginning to treat advanced models as strategic infrastructure, not ordinary products.

Some of this concern is understandable. These systems are becoming more capable. They can accelerate software development and research, but they can also amplify cyber and other security risks. Pretending there is nothing to govern would be naïve.

The competing risk is that governance becomes a private arrangement among one national government, a handful of frontier labs, and a few “trusted” companies.

That is not governance. It is control.

There is an obvious contradiction. Generative AI was not built on the knowledge of one country. Frontier models draw on vast collections of text, code, research, culture, and public expression produced around the world. People everywhere have also tested, adopted, and shaped the products built on those models.

Then the decisions arrive: who may access the most powerful systems, under what conditions, with what transparency, and according to whose idea of risk? At that point, the conversation suddenly becomes national.

A national frame is too narrow for the problem.

AI is becoming part of the world’s knowledge infrastructure. It already affects education, software development, science, and public services. Its governance cannot be reduced to a domestic procurement rule or an export control switch.

Internet governance offers a precedent, though not a blueprint.

The Internet became a global infrastructure through coordination among institutions, operators, engineers, companies, civil society groups, academics, and governments. No single state designed every rule from the center. The process was messy and imperfect, but it produced a system that people around the world could build on.

The Internet runs on shared protocols and operational norms, yet no institution governs the entire system. The IETF (Internet Engineering Task Force) develops open standards. ICANN (Internet Corporation for Assigned Names and Numbers) coordinates unique identifiers through a multistakeholder process. Regional registries manage number resources, and network operators groups (NOGs) turn the protocols into a working global network. These institutions earn legitimacy in different ways, including open participation, transparent processes, technical competence, interoperability, and, in the IETF’s case, rough consensus.

AI is not the Internet, and the analogy only goes so far. Both depend on costly physical infrastructure. But that infrastructure developed under very different conditions. The Internet grew around open protocols, shared standards, decentralized operations, and a long tradition of multistakeholder governance. Power over frontier AI is concentrated among a few labs (e.g., Anthropic, OpenAI, DeepMind, Meta Superintelligence, xAI), cloud providers (e.g., Microsoft Azure, Amazon AWS, Google GCP), chip suppliers (e.g., Nvidia, AMD, and hyperscalers/labs custom in-house silicon), and governments pursuing national security goals (e.g., USA NSPM-11, EU Artificial Intelligence Act, China AI regulations, Brazilian AI Act). That concentration makes governance harder and more urgent.

Governance breaks down when labs police themselves until a crisis, states impose opaque access rules, or incumbents write safety requirements that also keep competitors out. Safety may be the stated goal while market control becomes the result.

Any better governance model needs to separate four kinds of work.

1. Safety evaluation. Frontier systems need rigorous testing, but that testing should be auditable, scientifically grounded, and insulated from opaque political pressure.

2. Access governance. Some capabilities may need restrictions, especially when they could enable cyberattacks, biological threats, or harmful autonomous action. The rules should be clear, technically specific, open to appeal, and subject to international scrutiny and debate.

3. Incident response. When a model presents a real risk, everyone should know what happens next: disclosure, independent review, mitigation, a proportionate restriction, and, where possible, a public explanation.

4. Global representation. Countries and communities outside the US are more than “foreign users”. Their data, labor, research, markets, and societies helped make these systems possible.

One place to start is a global AI governance forum modeled on the best parts of Internet governance. It should welcome multiple stakeholders, take technical questions seriously, include participants from around the world, and work in public by default. Governments belong at the table, along with model builders, cloud providers, open-source communities, security experts, academics, civil society, standards bodies, and representatives from regions that are too often treated as consumers rather than coauthors of technology (we have been here before).

Internet governance already has a useful division of labor. ITU (International Telecommunication Union) for international public policy and telecom-related questions, and the United Nations convenes the IGF (Internet Governance Forum), where governments, civil society, businesses, and the technical community debate public policy questions. These forums do not make binding rules. The IETF, meanwhile, develops voluntary technical standards through open processes and rough consensus.

AI could use a similar pair of institutions: an IGF-like forum where stakeholders debate norms, expose disagreements, and publish recommendations, plus an IETF-like technical body that develops open evaluation methods, reporting formats, security measures, and interoperability standards. Neither would replace governments or regulators. Transparency, technical credibility, and broad adoption would give them influence and legitimacy. Legal authority would remain with governments and international agreements.

These institutions would not end conflict. Their job would be to handle disagreements in public without splintering the underlying system. AI governance needs that kind of legitimacy. We are not starting from zero. We have already lived through a transformation of comparable scale.

AI will be governed. The choice is whether we build a global public interest framework or stumble through a succession of unilateral restrictions, private lobbying campaigns, and emergency decrees.

If AI is becoming infrastructure for humanity, humanity deserves a seat at the table.

If you found this useful, please cite this op-ed as:

Müller, Lucas. (Jun 2026). No single country should decide how AI is governed. lucasmuller.com. https://notes.lucasmuller.com/p/no-single-country-should-decide-how

or

@article{lucasmuller2026default,
  title   = {No single country should decide how AI is governed},
  author  = {Müller, Lucas},
  journal = {lucasmuller.com},
  year    = {2026},
  month   = {Jun},
  url     = {https://notes.lucasmuller.com/p/no-single-country-should-decide-how}
}