Appia Foundation: ARM, Google, and OpenAI Set AI Rules

Appia Foundation: ARM, Google, and OpenAI Set the AI Rules

The Linux Foundation launched the Appia Foundation on Wednesday: a technical layer enabling AI systems to demonstrate their regulatory compliance in a standardized format, similar to the CE marking. Thirteen founders, including Arm, Google, OpenAI, and Schneider Electric, are involved in this initiative.

A building must meet a construction code recognized by all regulatory bodies. Similarly, an electrical outlet bears the CE marking because it has been tested according to established standards. However, despite the AI Act coming into effect in 2025 and three years of accumulated sector regulations, AI still lacked a common system allowing each player in the chain to reliably prove that a system meets its obligations. The Appia Foundation was created to fill this gap.

The Missing Layer Between ISO Standards and Regulation

To illustrate the relevance of Appia, let’s consider an AI-based recruitment tool. Such tools are rarely designed in isolation: they rely on a language model developed by one company, adapted by another for candidate evaluation, connected to HR systems by a service provider, and configured by the internal HR team. When proof of compliance with the AI Act is required (which classifies this type of system as high-risk), or when a rejected candidate requests explanations regarding the decision made, who is responsible for providing this information, based on what criteria, and in a format recognized by all?

The solution proposed by Appia revolves around a “compliance chain”: applicable obligations (regulations, contracts, sector standards) feed into technical specifications that translate them into assessable criteria. This builds on existing ISO/IEC and CEN/CENELEC standards without replacing them. A dedicated workstream for the European AI Act, which is more demanding than other legal frameworks, was launched from the outset. The specifications are designed modularly and linked to the role of each actor: the developer of the base model proves what falls within their scope, the deployer proves theirs, without each having to redo what the other has already established.

It is important to note that Schneider Electric, a French industrial group, is among the founding members alongside Siemens, Ericsson, Mitsubishi Electric, and Omron, all of whom are directly subject to the AI Act for their high-risk systems. This initiative should be distinguished from the Agentic AI Foundation, created by the Linux Foundation in December 2025 to standardize the technical interoperability of AI agents (MCP, Goose, AGENTS.md): the two coexist under the same banner to address distinct issues.

Thirteen Giants Writing the Rules They Must Follow

The governance of the foundation deserves particular attention. Arm, Google, Microsoft, and OpenAI, which provide models, platforms, and chips, sit as founders alongside Ericsson, Mastercard, Siemens, and Schneider Electric. They are also surrounded by assessment bodies such as Nemko and Naaia, as well as Armilla AI, an insurer whose business model relies on the insurability of AI systems that Appia will help make certifiable.

The Linux Foundation has managed similar configurations in open source, with varied results. The JDF (Joint Development Foundation) framework ensures at least neutrality: no single shareholder, shared intellectual property, open governance. This model was adopted by a similar coalition to fund the security infrastructure of open source after having benefited from it extensively. An advisory board involving academia, governments, and civil society is planned to broaden perspectives beyond the members; the specifications will be public and accessible to the entire industry.

AI has been awaiting its CE marking since the AI Act came into effect. Appia proposes to draft the technical criteria for it. For now, the fact that the main model providers regulated by this act are among the authors of the specifications is considered a detail.