BEIJING, CHINA - MAY 14: U.S. President Donald Trump and Chinese President Xi Jinping attend a bilateral meeting at the Great Hall of the People on May 14, 2026 in Beijing, China. President Trump is meeting with President Xi Jinping in Beijing to establish new bilateral boards for economic and AI oversight. (Photo by Alex Wong/Getty Images)Getty ImagesThe United States and China are locked in a contest over semiconductors, supply chains, and technological primacy. Europe writes some of the world’s most demanding AI rules, often at the cost of speed. India and many countries in the Global South evaluate AI governance differently, focusing on who has access to frontier models and under what conditions. This is the Great Fragmentation in plain view. The global technology stack is splintering into rival blocs that no longer share standards, priorities, or even a common definition of winning.Yet the rivalry conceals a surprise. On the narrow question of AI’s most catastrophic risks, the major powers are beginning to agree.The evidence is scattered but consistent. China and the UAE have published frontier risk frameworks. Brazil and South Korea have passed laws. The EU and India have issued guidance. The U.S. Congress and a dozen state legislatures are actively debating thresholds and reporting rules. In May, U.S. Treasury Secretary Scott Bessent told CNBC that Washington and Beijing would establish a protocol to keep the most advanced models out of the hands of terrorists and other rogue actors, a sign that the convergence extends even to the two powers least inclined to agree on anything. A new report from the Strategic Foresight Group, The Essential Convergence: A Global Compact on Extreme AI Risks, to be launched in Geneva on July 6, argues this is not a coincidence. Across very different political systems, policymakers are circling the same short list of dangers.The four risks nobody disputesStrip away the regional language and four concerns recur.The first is cyber escalation. Advanced models can be turned on critical infrastructure or used to probe nuclear command and control systems, and this is not hypothetical. Government threat intelligence teams have already documented hostile state actors using frontier models to automate cyberattacks, and the risk now sits at the center of U.S. policy rather than at its speculative edge.The second is biological and chemical uplift. A capable model can lower the barrier for a terrorist or rogue actor to design a novel pathogen, and almost no government dissents from this one.The third is large scale persuasion and manipulation, at a precision and scale that earlier propaganda could never reach.MORE FOR YOUThe fourth point is the most debated and difficult to define. A highly autonomous system could behave in ways its operators cannot reliably predict or control. Although the scientific understanding remains uncertain, this issue still appears in national threat assessments.The vocabulary differs and the legal instruments are often incompatible, yet the underlying worry converges on something a Chinese regulator and an American legislator would both recognize.Drawing the line on what counts as frontierShared anxiety is not a policy. The harder task is deciding which systems deserve heightened scrutiny, and here too a rough consensus is forming around compute.South Korea’s AI Framework Act and its implementing decree flag high-performance systems by a blend of compute scale, capability, and societal impact, with roughly 10²⁶ FLOPs as a reference point. China’s TC260 framework carves out a dedicated tier for advanced systems near the same marker. The Great American AI Act, the bipartisan discussion draft released in June by Representatives Jay Obernolte and Lori Trahan, which runs 269 pages, aims to set a comparable threshold for compute in defining the most powerful systems it would regulate.These point to a workable reference band in which systems are trained at or above roughly 10²⁶ to 10²⁷ FLOPs, paired with demonstrated capabilities well beyond the prior state of the art. The Strategic Foresight Group argues that such a band is achievable as an international anchor, provided it is reviewed as algorithms improve and remains tightly scoped to the four ultimate risks rather than becoming a license for sweeping global regulation.Test before you deployThe strongest point of agreement is also the most practical one. Frontier models should be evaluated for dangerous capabilities before they reach the public.US President Donald Trump (Top 2ndL) reacts next to Open AI CEO Sam Altman and Google DeepMind Demis Hassabis, South during a working lunch meeting of G7 members, partner countries, and artificial intelligence business leaders as part of the G7 summit, in Evian, eastern France, on June 17, 2026. (Photo by Julia Demaree Nikhinson / POOL / AFP via Getty Images)POOL/AFP via Getty ImagesWashington moved in June, when President Trump signed an executive order, Promoting Advanced Artificial Intelligence Innovation and Security, directing federal agencies to design a voluntary framework under which developers grant the government up to 30 days of access to covered frontier models before release. It is built around cybersecurity, and it pointedly rejects mandatory licensing or preclearance. Whatever one thinks of the politics, it is a template other governments can adapt, and most intend to demand some version of testing before deployment regardless.They are already building it. China’s Shanghai AI Lab, working with Concordia, requires empirical testing of extreme risk capabilities before release, and its TC260 standards point in the same direction. The UAE’s G42 framework escalates scrutiny as capabilities cross defined thresholds. The EU AI Act imposes systemic risk obligations on the most capable general purpose models. What unites these efforts is less an ideology of regulation than a shared instinct that the four specific dangers should be tested for, by someone, before a model ships. Some of those evaluations will be classified while others can be standardized by scientists for open international use.When something goes wrongThe final convergence concerns what happens after deployment. California’s SB 53 mandates reporting of “critical safety incidents,” including theft of model weights and events involving loss of control. New York’s RAISE Act sets a notification window of about 72 hours. China’s frameworks require rapid reporting of serious incidents, and G42’s model incorporates transparency and escalation.The core principle is clear and long overdue: companies must not conceal serious AI safety issues. Instead, they should notify, investigate, and resolve them promptly. A standard definition of a critical AI safety incident could include unauthorized model weight exfiltration, autonomous cyberattacks that cause harm, failure of biological safeguards, deception that bypasses safety measures, behaviors outside intended limits, and a significant loss of control. Adopting a reporting window of about 72 hours would align with protocols already used in industries such as aviation, nuclear power, and public health emergencies. These industries didn't wait for international treaties to implement such standards.Instruments, not ideologyThat history is the real lesson. States almost never begin by negotiating a comprehensive governance regime for a new technology. They all start with narrow, practical risk reduction, and the architecture grows from there. Civil aviation, nuclear safety, and disease surveillance all followed that path.Frontier AI can follow it too. The pieces emerging independently across Washington, Beijing, Brussels, Seoul, and Abu Dhabi do not add up to a world government in waiting. A shared list of ultimate risks, a threshold based on compute, testing before deployment, and incident reporting are interoperable instruments, nothing more. As Sundeep Waslekar, president of the Strategic Foresight Group and the report’s principal author, frames it, these threshold mechanisms should focus solely on preventing the four ultimate risks, rather than imposing centralized global regulation.The powers will continue fighting over chips, capital, and capability. The case for cooperation rests on something narrower and far more durable, namely the handful of outcomes that would be catastrophic for all of them simultaneously.
The U.S. And China Agree On Almost Nothing Except AI’s Deadliest Risks
The US and China agree on almost nothing. Yet on AI's deadliest risks, rival powers are quietly converging on a shared global compact.







