Mandatory reporting based on training-compute or capability thresholds.
Definition & scope
The cross-jurisdiction picture below shows how each of 45 tracked instruments treats this topic. The patterns vary substantially — and 29 regimes are silent, leaving gaps that future policy work could address.
Regulatory approaches: how the binding regimes actually work
The instruments that govern this topic differ less in whether they use a compute trigger than in the reporting modality the trigger activates. The EU AI Act operates by self-notification: a provider whose general-purpose model crosses the 10^25-FLOP presumption (Art. 51(1)(a), 51(2)) must notify the European Commission "without delay and in any event within two weeks" of meeting that requirement (Art. 52(1)), and may attempt to rebut the systemic-risk classification with "sufficiently substantiated arguments" (Art. 52(2)). Anchoring the duty on training compute reflects a finding that this is currently "the most suitable metric to identify GPAI models" while serving only to trigger further scrutiny 1. A second, lower modality runs through Art. 53 and the General-Purpose AI Code of Practice (final version July 2025): providers must maintain technical documentation recording the training process, including compute used, with documentation duties attaching from a 10^23-FLOP level — a disclosure-to-file obligation distinct from the notify-the-regulator trigger.
The US federal mechanism was different in kind. Executive Order 14110 §4.2 did not itself set a reporting rule; it directed the Bureau of Industry and Security to collect periodic reports under the Defense Production Act's Industrial Base Survey power. The implementing BIS proposed rule (89 Fed. Reg. 73,612, 11 Sept. 2024) would have required ongoing, confidential reporting of training runs above 10^26 FLOP and of large computing clusters — a national-security surveillance posture, not public transparency. California SB-53 (effective 1 Jan. 2026) adds a third modality: published frontier-AI frameworks plus pre-deployment transparency reports, combined with confidential critical-safety-incident reporting to the Office of Emergency Services (California SB 53, 2025).
Key fault lines: the contested design choices
The disputes that divide jurisdictions sit beneath the shared vocabulary of "thresholds." First is the proxy question — whether training compute should anchor regulation at all. Compute's appeal as a lever is that it is "detectable, excludable, and quantifiable, and is produced via an extremely concentrated supply chain" 2. The EU treats 10^25 FLOP as a rebuttable presumption running alongside qualitative high-impact criteria (Art. 51(1)(a), 52(2)), conceding compute is one signal among several; California's Governor Newsom, vetoing SB-1047 on 29 September 2024, made the opposing case bluntly, faulting reliance on "cost and computing thresholds rather than the system's actual risks" and warning that smaller specialized models could prove "equally or even more dangerous" (Newsom Veto Message, SB-1047).
A second fault line is the threshold's numeric level and durability: the EU set 10^25 FLOP, the US BIS proposal 10^26 FLOP (89 Fed. Reg. 73,612), and SB-53 likewise anchors a 10^26 frontier line — a tenfold spread that the algorithmic-efficiency literature suggests will erode regardless of where it is drawn, since enhancement techniques can decrease training-compute usage while preserving capabilities 3 (Regulation (EU) 2024/1689, Art. 51(2)).
Third is the locus of the obligation. Most regimes place it on the model developer, but a strand of the literature argues the duty should sit on compute providers as governable intermediaries with obligations to keep records, verify activity and report frontier training 4, an approach others operationalize as a banking-style know-your-customer scheme for cloud providers 5. Fourth is the recipient and visibility of the disclosure: confidential reporting to a security agency (BIS under the Defense Production Act) versus published transparency frameworks (SB-53) versus regulator notification (EU) reflect genuinely different theories of what reporting is for — verification, accountability, or market discipline.
Trajectory: what has changed and what is pending
This topic's governance has moved faster than most, and partly in reverse. The first binding US compute-reporting obligation arrived through Executive Order 14110 (October 2023), whose §4.2 directed the Bureau of Industry and Security to require periodic reporting; BIS issued its implementing proposed rule on 11 September 2024, setting a 10^26-FLOP training-run trigger and computing-cluster reporting under the Defense Production Act (89 Fed. Reg. 73,612). That rule never took effect: Executive Order 14148 rescinded EO 14110 on 20 January 2025, and Executive Order 14179 (23 January 2025) replaced the prior posture with a deregulatory one — so the federal compute-reporting record was unwound before any durable filings accrued (90 Fed. Reg. 8237; 90 Fed. Reg. 8741).
The EU moved in the opposite direction. The AI Act's general-purpose-model obligations — including the Art. 52 notification duty and the Art. 53 documentation requirements operationalized by the July 2025 General-Purpose AI Code of Practice — became applicable on 2 August 2025, with transitional periods extending toward 2027. California then re-entered the field at the sub-national level: after the SB-1047 veto (September 2024), Governor Newsom signed SB-53, the Transparency in Frontier Artificial Intelligence Act, on 29 September 2025, effective 1 January 2026. The near-term picture is therefore a federal retreat, a European phase-in, and a state-level revival — none yet with an evaluable outcome record. Two structural gaps remain pending across all three: whether disclosures can actually be verified, with the technical basis for detecting unauthorized training runs and data centers still maturing 67, and the uneven global reach of compute-based governance given the divide between a "Compute North" hosting training-relevant infrastructure and a Compute South 8.
Coverage across jurisdictions
Historical primacy & cross-jurisdiction tension
First addressed by DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting) on (implicit). Subsequent regimes have either codified, diverged from, or remained silent on this baseline.
- Forum-shoppingEU AI Act↔Executive Order 14179 — Removing Barriers to American Leadership in AI
- Forum-shoppingExecutive Order 14110 on Safe, Secure, Trustworthy AI↔UK Pro-Innovation Approach to AI Regulation (White Paper)
- Forum-shoppingCalifornia SB-1047: Safe and Secure Innovation for Frontier AI Models Act↔Interim Measures for Generative AI Service Management
Compare jurisdictions: EU vs US · EU vs UK · EU vs CN
Enforcement & impact
Silent regimes — gap signal
Instruments that do not address Compute-Threshold Reporting — candidates for future policy work.
- Executive Order 14179 — Removing Barriers to American Leadership in AIUS
- UK Pro-Innovation Approach to AI Regulation (White Paper)UK
- Interim Measures for Generative AI Service ManagementCN
- G7 Hiroshima AI Process Code of ConductG7
- OECD AI Principles (Recommendation)OECD
- Council of Europe Framework Convention on AIcouncil_of_europe
- UN GA Resolution on Safe, Secure, Trustworthy AIUN
- NIST AI Risk Management FrameworkUS
- NIST AI RMF Generative AI ProfileUS
- India Digital Personal Data Protection Act + AI Advisory (MEITY)IN
- Brazil AI Bill (PL 2338/2023)BR
- ASEAN Guide on AI Governance and EthicsASEAN
- African Union Continental AI StrategyAfrican_Union
- Google DeepMind Frontier Safety FrameworkUS
- Meta Frontier AI FrameworkUS
- UK-US AI Safety Institute Memorandum of Understandingglobal
- Singapore Model AI Governance Framework for Generative AISG
- Japan METI AI Guidelines for BusinessJP
- General Data Protection Regulation (GDPR)EU
- EU General-Purpose AI Code of PracticeEU
- California SB 243: Companion ChatbotsUS
- California SB 942: AI Transparency ActUS
- Revised Product Liability Directive (Directive (EU) 2024/2853)EU
- UNESCO Recommendation on the Ethics of Artificial IntelligenceUNESCO
- Directive (EU) 2024/2831 on improving working conditions in platform workEU
- Provisions on the Administration of Deep Synthesis of Internet Information ServicesCN
- TAKE IT DOWN Act (Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act)US
- Italy Law No. 132/2025 on Artificial Intelligence (Legge 23 settembre 2025, n. 132)IT
- UN Global Digital CompactUN
See also
Further reading
25 academic & grey-literature sources bearing on this topic — catalogued metadata with a primary link; one-line findings are ✦ AI-generated summaries, labeled as such (charter §7.9). Browse the full literature index.
- Defending Compute Thresholds Against Legal Loopholes Preprint✦ AIIdentifies 'enhancement techniques that are capable of decreasing training compute usage while preserving... model capabilities', exposing loopholes in compute-reporting thresholds.
- Computing Power and the Governance of Artificial Intelligence Preprint✦ AIArgues compute is a uniquely governable lever because it is "detectable, excludable, and quantifiable, and is produced via an extremely concentrated supply chain".
- Training Compute Thresholds: Features and Functions in AI Regulation Preprint✦ AIFinds "training compute currently is the most suitable metric to identify GPAI models", but thresholds should only trigger further scrutiny, not determine risk measures alone.
- Compute North vs. Compute South: The Uneven Possibilities of Compute-based AI Governance Around the Globe Peer-reviewed✦ AICensus of hyperscale cloud regions shows a divide between "Compute North" states hosting training-relevant compute and a Compute South, shaping who can wield compute-based governance.
- Governing Through the Cloud: The Intermediary Role of Compute Providers in AI Regulation Preprint✦ AIArgues 'compute providers should have legal obligations' to secure infrastructure, keep records, verify activity and report frontier training as regulatory intermediaries.
- Verification methods for international AI agreements Preprint✦ AISurveys '10 verification methods that could detect... unauthorized AI training... and unauthorized data centers', mapping the technical basis for compute-disclosure regimes.
- Open Problems in Technical AI Governance Preprint✦ AICatalogs open problems in 'technical analysis and tools for supporting the effective governance of AI', including compute measurement, verification and reporting gaps.
- What does it take to catch a Chinchilla? Verifying Rules on Large-Scale Neural Network Training via Compute Monitoring Preprint✦ AIProposes chip-level monitoring (on-chip logging, supply-chain oversight) giving governments "high confidence that no actor uses large quantities of specialized ML chips" in violation of rules.
- Oversight for Frontier AI through a Know-Your-Customer Scheme for Compute Providers Preprint✦ AIProposes a banking-style KYC regime for cloud compute providers because 'compute is emerging as a node for oversight', enabling record-keeping and reporting of high-risk training.
- Deceptive Alignment PreprintHubinger, E., et al. (2019), 'Risks from Learned Optimization in Advanced Machine Learning Systems.'
- Mesa-Optimization PreprintHubinger, E., et al. (2019), 'Risks from Learned Optimization in Advanced Machine Learning Systems.'
- Capability Elicitation PreprintQi, X., Zeng, Y., Xie, T., Chen, P.-Y., Jia, R., Mittal, P., Henderson, P. (2023), 'Fine-tuning Aligned Language Models Compromises Safety, Even When Users Do Not Intend To!'
- Policy Instrument Peer-reviewedLascoumes, P. & Le Galès, P. (2007). Introduction: Understanding Public Policy through Its Instruments — From the Nature of Instruments to the Sociology of Public Policy Instrumentation. Governance 20(1): 1-21. See also Hood (1983) The Tools of Government, ch. 1-2; Salamon (2002) The Tools of Government: A Guide to the New Governance, pp. 1-47; Howlett (2011) Designing Public Policies, ch. 3-5.
- Multi-Turn Evaluation PreprintZheng, L., et al. (2023), 'Judging LLM-as-a-Judge with MT-Bench and Chatbot Arena' — operationalises the multi-turn evaluation protocol for foundation models.
- Model Distillation Risk PreprintHinton, G., Vinyals, O., Dean, J. (2015), 'Distilling the Knowledge in a Neural Network' — the foundational distillation paper; the governance-relevant adaptation runs through Alpaca/Vicuna (2023) and DeepSeek-R1 (2025).
- Inference-Time Compute PreprintSnell, C., Lee, J., Xu, K., Kumar, A. (2024), 'Scaling LLM Test-Time Compute Optimally can be More Effective than Scaling Model Parameters' — establishes inference-time-compute scaling as a first-class capability lever.
- Sandbagging Preprintvan der Weij, T., Hofstätter, F., Jaffe, O., Brown, S., Ward, F. (2024), 'AI Sandbagging: Language Models can Strategically Underperform on Evaluations.'
- In-Context Learning PreprintBrown, T., et al. (2020), 'Language Models are Few-Shot Learners' (GPT-3 paper) — the canonical articulation of in-context learning as an emergent capability.
- AI Risk Management Framework | NIST Standards body✦ AIUS voluntary AI risk-management framework (Govern/Map/Measure/Manage).
- ISO/IEC JTC 1/SC 42 - Artificial intelligence Standards body✦ AIInternational committee developing AI standards.
- OECD AI Incidents Monitor, an evidence base for trustworthy AI - OECD.AI Incident database✦ AIOECD tracker of real-world AI incidents and hazards.
- Capturing the Potential of Generative AI’s Use in Health and Medicine Requires Collaboration and Oversight, Consideration of Risks, Says NAM Special Publication Research institute✦ AINAM special publication on generative AI in health & medicine.
- One Hundred Year Study on Artificial Intelligence (AI100) Research institute✦ AIStanford's standing century-long study of AI's societal impact.
- Measuring up | Ada Lovelace Institute Civil society✦ AIAda Lovelace Institute policy briefing.
- Anthropomorphic AI terms create gaps in accountability | Brookings Think tank✦ AICommentary on how anthropomorphic AI language obscures accountability.
References
Sources cited inline in the analysis (linked from the superscript markers), then the primary instrument sources behind the classifications.
- Heim & Koessler (2024) Training Compute Thresholds: Features and Functions in AI Regulation, arXiv. arXiv:2405.10799 — Finds "training compute currently is the most suitable metric to identify GPAI models", but thresholds should only trigger further scrutiny, not determine risk measures alone. ↩
- Sastry, Heim, Belfield, Anderljung, Brundage, et al. (2024) Computing Power and the Governance of Artificial Intelligence, arXiv. arXiv:2402.08797 — Argues compute is a uniquely governable lever because it is "detectable, excludable, and quantifiable, and is produced via an extremely concentrated supply chain". ↩
- Matteo Pistillo, Pablo Villalobos (2025) Defending Compute Thresholds Against Legal Loopholes, arXiv (cs.CY). arXiv:2502.00003 — Identifies 'enhancement techniques that are capable of decreasing training compute usage while preserving... model capabilities', exposing loopholes in compute-reporting thresholds. ↩
- Lennart Heim, Tim Fist, Janet Egan, Sihao Huang, Stephen Zekany, Robert Trager, Michael A. Osborne, Noa Zilberman (2024) Governing Through the Cloud: The Intermediary Role of Compute Providers in AI Regulation, arXiv (cs.CY). arXiv:2403.08501 — Argues 'compute providers should have legal obligations' to secure infrastructure, keep records, verify activity and report frontier training as regulatory intermediaries. ↩
- Janet Egan, Lennart Heim (2023) Oversight for Frontier AI through a Know-Your-Customer Scheme for Compute Providers, arXiv (cs.CY); GovAI. arXiv:2310.13625 — Proposes a banking-style KYC regime for cloud compute providers because 'compute is emerging as a node for oversight', enabling record-keeping and reporting of high-risk training. ↩
- Akash R. Wasil, Tom Reed, Jack William Miller, Peter Barnett (2024) Verification methods for international AI agreements, arXiv (cs.CY). arXiv:2408.16074 — Surveys '10 verification methods that could detect... unauthorized AI training... and unauthorized data centers', mapping the technical basis for compute-disclosure regimes. ↩
- Shavit (2023) What does it take to catch a Chinchilla? Verifying Rules on Large-Scale Neural Network Training via Compute Monitoring, arXiv. arXiv:2303.11341 — Proposes chip-level monitoring (on-chip logging, supply-chain oversight) giving governments "high confidence that no actor uses large quantities of specialized ML chips" in violation of rules. ↩
- Lehdonvirta, Wú & Hawkins (2024) Compute North vs. Compute South: The Uneven Possibilities of Compute-based AI Governance Around the Globe, AIES Proceedings. 10.1609/aies.v7i1.31683 — Census of hyperscale cloud regions shows a divide between "Compute North" states hosting training-relevant compute and a Compute South, shaping who can wield compute-based governance. ↩
- EU-AIA-2024: Art. 51(2) + Annex XIII (10²⁵ FLOP presumption)
- US-EO-14110: §4.2(a)(i) — 10²⁶ FLOP threshold
- BLETCHLEY-2023: Declaration §6 calls for capability evaluation but does not specify compute thresholds
- SEOUL-2024: Safety Commitments invoke capability thresholds; compute is one proxy
- CA-SB-1047: Cal. SB-1047 §22603(b) — annual reporting of training compute + safety determination
- ANTHROPIC-RSP-2024: RSP v2 capability evaluations triggered by capability rather than pure compute; compute is one signal
- OPENAI-PREPAREDNESS-2023: Capability-tier evaluations are the primary trigger; compute is a coincident signal
- WH-VOLUNTARY-2023: Self-reporting through commitments framework; binding compute thresholds came via EO 14110 §4.2(a)
- OMB-M-24-10: §3(a)(iv)–(v) annual public AI use-case inventory + quarterly AI procurement reporting to OMB
- GSA-AI-GUIDE-2024: Guide routes AI acquisitions through existing governmentwide vehicles (MAS IT / Best-in-Class GWACs) rather than a dedicated generative-AI vehicle or new AI-specific SINs
- DOD-RAI-2022: Tenet 1 (RAI Governance) + Tenet 3 (Acquisition Lifecycle) — clarifies CDAO + OUSD(A&S) roles in AI procurement oversight; tracking + reporting emerge through standard DoD acquisition reporting channels
- FEDRAMP-AI-2024: FedRAMP authorisation enables ATO; agency-AI-use disclosure flows through OMB M-24-10 inventory + quarterly procurement reporting rather than through FedRAMP itself
- DFARS-252-204: Cyber-incident reporting under 252.204-7012(c) — 72-hour DoD notification covers AI-system compromise events including model-weight theft + prompt-injection-based credential exposure; broader AI-use disclosure flows through M-24-10 not DFARS
- CA-SB-53: Bus. & Prof. Code § 22757.11 uses a 10^26 FLOP compute threshold to SCOPE the regulated class + § 22757.12 ties disclosure to compute-defined frontier models; no standalone compute-figure reporting mandate to a regulator
- NY-RAISE-2025: N.Y. Gen. Bus. Law § 1420(6),(9) — the frontier-model / large-developer compute figures SCOPE the regulated class; no standalone compute-figure reporting duty to a regulator. (The Mar. 27, 2026 chapter amendment revised the large-developer threshold to align more closely with California's criteria; the verdict — coverage-scoping, not a reporting duty — is unchanged by the specific figure.)
- JP-AIPROMO-2025: Act No. 53 of 2025, Art. 12
Cite this article 8 formats · BibTeX, RIS, APA, Chicago, … · 1-click copy
Persistent identifier: https://policywindow.org/wiki/compute-reporting — committed-stable URL with content-versioning via ?asOf= (rollout pending per methodology §7). DOIs via Zenodo are on the roadmap.
Article tools — track changes, suggest an edit
View history — every captured revision of this article · What links here
16 instruments tracked.
Does governance work? — the social-science evidence
What the peer-reviewed social science shows: whether the harm this topic addresses is empirically real, and whether governance of it works. The badge is the epistemic status of the evidence(not the policy debate) — “thin” or “absent” efficacy evidence is itself a finding (the “second silence”). Each epistemic-status label is Policy Window's editorial assessment of the cited evidence base (a structured classification), not a verdict any single source issues.
Whether training-compute (FLOP) is a defensible proxy for governance-relevant capability is genuinely contested in the literature. The strongest empirical pressure against it is algorithmic efficiency: Ho, Besiroglu, Erdil et al. (2024) estimate the compute needed to reach a fixed language-model performance level has halved roughly every eight months (95% CI ~5-14 months, i.e. ~3x/year), so any static FLOP-to-capability mapping decays quickly; Hooker (2024) argues FLOP measures operations rather than end-performance, since techniques such as fine-tuning, retrieval, chain-of-thought and tool use can add large capability gains without proportional training compute, and Ord (2025) shows inference-time scaling further decouples deployed capability from training compute. Honest caveat: defenders (Heim & Koessler 2024; Pilz, Heim & Brown 2025) note compute remains the most quantifiable, externally verifiable, and ex-ante measurable correlate of frontier capability currently available, while themselves conceding it is an imperfect proxy that should not be used in isolation — the disagreement is about durability and precision, not whether any correlation exists.
Sources: Ho, Besiroglu, Erdil, Owen, Rahman, Guo, Atkinson, Thompson & Sevilla 2024, Algorithmic progress in language models, NeurIPS 2024 (arXiv:2403.05812; Epoch AI); Hooker 2024, On the Limitations of Compute Thresholds as a Governance Strategy (arXiv:2407.05694); Ord 2025, Inference Scaling Reshapes AI Governance (arXiv:2503.05705); Heim & Koessler 2024, Training Compute Thresholds: Features and Functions in AI Regulation (arXiv:2405.10799); Pilz, Heim & Brown 2025, Increased Compute Efficiency and the Diffusion of AI Capabilities (AAAI 2025; arXiv:2311.15377)
There is no rigorous evidence that compute-threshold reporting reduces harm or achieves its stated aim, because the regimes have not produced an evaluable record. The US 10^26-FLOP reporting obligation (Executive Order 14110, invoking the Defense Production Act) was revoked on 20 January 2025 (by EO 14148) before its recurring binding reporting rule was finalized — the implementing BIS notice of proposed rulemaking (Sept 2024) never took effect, so no durable reporting record materialized; and the EU AI Act's 10^25-FLOP systemic-risk obligations for general-purpose models only became applicable on 2 August 2025 (with transitional periods into 2027), so no outcome evaluation yet exists. Moreover the 10^25 figure is a rebuttable presumption sitting alongside qualitative high-impact criteria (Art. 51(1)(a) and (2), rebuttable under Art. 52(2)), not a validated risk cutoff. The closest analogue is the broader regulatory-disclosure-mandate literature (Fung, Graham & Weil 2007), which documents that transparency policies' effects on outcomes are highly heterogeneous and frequently ineffective or counterproductive absent enforcement and downstream use — implying that the reporting trigger working as intended is an open empirical question, not a documented result.
Sources: U.S. Executive Order 14110 (2023), Sec. 4.2 (10^26 FLOP, Defense Production Act); revoked by Executive Order 14148 (Jan 20, 2025); EU AI Act, Reg. (EU) 2024/1689, Art. 51 (10^25 FLOP systemic-risk rebuttable presumption; applicable Aug 2, 2025); Fung, Graham & Weil 2007, Full Disclosure: The Perils and Promise of Transparency (Cambridge University Press)