Verifiable proof of trustworthy AI just became an open standard. The Linux Foundation launched the Appia Foundation with Google, Microsoft, OpenAI, Mastercard, and others.
The part the agentic era still forces: proof that holds continuously, as agents act and models change.
Our CEO Paul Goldman in The Trust Layer: https://t.co/on2O89pORi
1/ Canada is building sovereign AI, and RBC just mapped the stack: models, compute, data centres, research. It is excellent, and one layer is still to build.
2/ No Canadian champion sits on the control and assurance layer above the model, the layer that makes sovereignty operational and provable. Last week's frontier-model recall showed why it is the whole game.
3/ The layer still to build is software, not steel.
Our founder Paul Goldman on the one layer Canada should least want to outsource:
https://t.co/WpcetDiGjx
1/ On Friday, the most capable AI model on the public market disappeared. Not throttled. Pulled off every customer on earth by a U.S. export-control order, not a vendor decision.
2/ Not one customer did anything wrong, and the model vanished from all of them anyway. You cannot govern, encrypt, or self-host your way around a model that no longer exists for you to call.
3/ Single-model dependency is a single point of failure.
The control layer outranks the model.
Our founder Paul Goldman on what the recall means for regulated institutions: https://t.co/WRJ5IPoZm1
This is not a moment for outrage. It is a moment for governance infrastructure.
What FINOS CC4AI is. Why it matters. What regulated enterprises should actually do this quarter.
https://t.co/ir893lUI5Q
/end
Yesterday: most AI governance tools were built for the wrong problem.
Today: a live industry pattern is making that argument concrete in every regulated enterprise.
SaaS vendors are training AI on customer data by default.
Thread 👇
The FINOS answer is already on the table: CC4AI — Common Controls for AI Services.
Backed by BMO, Citi, Microsoft, Morgan Stanley, RBC, Bank of America, Google Cloud, Red Hat, AWS.
A common evidence artifact format so vendors attest once and every consuming institution can inherit the assurance.
5/5
114 days isn't a lot of time to rebuild this from scratch.
The enterprises that will make the deadline aren't writing better policies. They're building the infrastructure that makes evidence a byproduct of operation.
Full read from @paulgoldman100 → https://t.co/SVCNFbRiAi
#AIGovernance #EUAIAct
1/5
114 days until EU AI Act high-risk enforcement.
Most enterprises are still in "policy and spreadsheet" mode.
Here's what regulators will actually ask for on August 2, 2026 🧵
4/5
What "governance infrastructure" actually means:
→ Policy-as-code enforcement at the system layer
→ Audit trails generated automatically, not assembled reactively
→ Model & agent inventories that stay current on their own
→ Evidence production ready on demand
🧵 Anthropic just launched Claude Managed Agents.
Managed hosting. Auto-scaling. Sandboxed execution. Built-in monitoring.
They looked at production agent infrastructure and said: "This is too hard. We'll do it for you."
They're right. But here's what they're not doing: 1/5
The managed agents announcement is genuinely significant.
It lowers the build barrier. It accelerates enterprise adoption. That's real.
But adoption without governance is exactly how we got here.
4/5