 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
The Linux Foundation has long transcended its roots as a steward of the Linux kernel, emerging as a “foundation of foundations” spanning everything from cloud infrastructure and security, to digital wallets, and maps.
But the organization has been on a particular tear of late, becoming home to numerous AI-focused foundations and projects in the past twelve months alone, spanning agent communication protocols, agent security and governance, AI asset exchange, while on the foundation side there’s the Agentic AI Foundation (AAIF), the Tokenomics Foundation, and — now — the Appia Foundation.
The all-new Appia Foundation sits under the auspices of the Joint Development Foundation (JDF), a Linux Foundation entity that provides the legal and administrative infrastructure for organizations producing technical specifications and standards rather than code.
Announced on Wednesday, Appia’s mission is to produce open, modular specifications that give organizations across the AI supply chain a consistent, verifiable way to demonstrate that their systems meet the trust and compliance obligations placed on them — whether those come from regulators, customers, or international standards bodies.
Google, Microsoft, and OpenAI are among the 13 inaugural members, alongside a slew of industrial heavyweights.
In most industries, proving that something’s safe is fairly routine. A new apartment block gets signed off by inspectors before the first tenant arrives. A kettle carries a safety mark because someone qualified tested it. The checking is so embedded that nobody thinks about it. AI has no equivalent yet — no common, recognized way for anyone in the supply chain to show that a system meets the bar, in a form the next party can actually rely on.
An example offered by the Appia Foundation illustrates how quickly the problem can compound in real scenarios. An AI tool used to screen job applicants wasn’t built by one organization: a developer created the underlying model, a second company adapted it for candidate assessment, a vendor connected it to the hiring systems, and the company’s own HR team configured it for their specific hiring criteria. The recruiters relying on it need to trust it’s reliable, while the applicants it screens want to know it’s fair. The company’s leaders need confidence it’s lawful. Regulators want evidence of how it performs. Each party is asking the same question — can this be trusted?
Today, most claims about AI trustworthiness amount to self-declaration — a company’s word that its system is safe, fair, or compliant, with no standardized way for anyone else to verify it. Craig Shank, executive director of the Appia Foundation, tells The New Stack that as a global, multi-stakeholder endeavor, the foundation is focused squarely on the “practical mechanics” of verifying an AI system against defined criteria, rather than merely stating that it’s trustworthy.
“Our specifications will enable transparent, attributable and traceable technical records of who demonstrated what against which criteria and when.”
“Our membership reflects the entire international value chain — the providers who build the platforms, the enterprises deploying them across critical industries, and the independent bodies that test them,” Shank says. “Our specifications will enable transparent, attributable and traceable technical records of who demonstrated what against which criteria and when. This is the exact type of objective data that courts, counterparties and regulators will need to determine where responsibility lies.”
The 13 inaugural members span a broad spectrum of industry — model and platform providers including Google, Microsoft, OpenAI, and Arm; industrial deployers including Siemens, Mastercard, Ericsson, Schneider Electric, and Mitsubishi Electric; and the assessment and governance bodies that will ultimately do the checking, including testing and certification firm Nemko, AI governance tooling company Naaia, and AI risk insurer Armilla AI.
AI regulations around the world are already moving from principles to active enforcement, and organizations are under pressure to prove that an AI system is safe and accountable. International standards bodies like ISO/IEC have done the work of defining what that should look like in principle, but translating that into something a regulator, a customer, or a procurement team can verify is another matter entirely. That gap is what Appia is built to fill.
The foundation will develop what it calls “conformity specifications” — modular, publicly available documents that translate international AI standards into concrete, assessable criteria. Think of existing ISO standards as the building code, and Appia’s specifications as the inspector’s checklist: the practical means of showing that a given AI system conforms to them.
A key feature of how the specifications are designed is what Appia calls “evidence pass-through.” Because AI systems are rarely built by a single organization — a model provider, an integrator, a deployer, and others may all have a hand — the specifications are structured so that conformity evidence produced at one layer carries forward to the next. A company deploying a third-party model, for example, wouldn’t need to re-establish what the model’s developer already demonstrated; it would only need to show conformity for its own configuration and use. Each party demonstrates what relates to its role, and no more.
The foundation is also explicit about what its specifications do and do not produce. Conformity — a technical result showing that a system meets defined criteria — is distinct from compliance, which is the legal status of having met a regulatory obligation. Appia produces the former; whether that satisfies the latter is down to the relevant regulator or jurisdiction. The specifications build on standards that already exist and produce the criteria that assessment bodies need, leaving the assessment itself to those equipped to perform it.
Appia is, by its own admission, early. The specifications are being drafted now in working groups open to all members, with initial focus areas including architecture, policy, and mapping the specs to existing regulatory obligations, among them the EU AI Act.
Jim Zemlin, CEO of the Linux Foundation, says that as AI regulation hardens into enforceable law, the industry needs somewhere neutral to do the work of building shared verification infrastructure — and that Appia is that place.
“The Appia Foundation establishes a neutrally governed environment where the entire industry can collaborate on a common assessment framework,” Zemlin says in a statement. “By building this infrastructure in the open, we are helping organizations reduce complexity, lower operational costs and build trust.”
