AI Governance - 7 min read

AI 2040 Plan A: Why Verifiable AI Governance Matters

AI 2040 Plan A proposes a verified slowdown to superintelligence. Aeon examines its compute controls, transparency regime, security assumptions, and immediate implications for boards and operators.

The AI Futures Project has published a plan to delay superintelligence until 2040. The date is debatable. The governance test it creates is immediately useful.

The AI Futures Project's new AI 2040: Plan A is easy to misread. It is not a forecast that superintelligence will arrive in 2040. It is a prescriptive scenario: a detailed attempt to describe what governments, AI companies, and society would have to do to replace a secretive race with a controlled path to more capable AI.

That distinction matters. The value of Plan A is not whether every date or technical assumption proves correct. Its value is that it forces AI governance out of the realm of principles and into operating design.

Who can see what? Which actions are permitted? How is compliance verified? What happens if a participant defects? Who receives the economic gains? Which controls remain effective when the systems being governed become more capable than the people overseeing them?

Aeon's view: Plan A's central insight is right: governance that cannot produce evidence is not control. Its central weakness is that several of the verification and security mechanisms it needs do not yet exist at the required maturity.

What Plan A proposes

Plan A imagines the United States and China reaching an international agreement in 2029 to prevent a rapid intelligence explosion. Development continues under four principles:

  1. Buy time to build confidence in safety.
  2. Make nearly all AI research transparent.
  3. Distribute frontier capability across many companies and countries.
  4. Preserve reversibility by limiting hard-to-govern progress and maintaining mutual leverage over compute.

In the scenario, AI development would otherwise reach fully automated AI research in 2030. The agreement slows the climb. Systems scale toward top-human-expert capability between 2030 and 2035, pause there while alignment work continues, and move toward superintelligence in 2040.

The proposed machinery includes chip tracking, declarations of major compute holdings, datacenter monitoring, inference-only operation during an initial training pause, secure research clusters, model-weight protection, compute and robotics controls, and mechanisms to distribute automation gains.

The strongest idea: verification before trust

Most AI governance frameworks are written as obligations: document the system, assess risk, test performance, assign accountability, and monitor outcomes.

Those are necessary, but Plan A asks the harder question: how does one party know another party is complying when the incentives favor concealment?

Its answer is a layered verification regime. Known compute would be declared and monitored. Large datacenters would be converted to inference-only operation during an initial pause. Training and experimentation would later resume inside controlled environments.

The proposal aims to place approximately 99 percent of global AI-relevant compute under the agreement, while making undeclared compute too limited to create a decisive advantage. The project's verification supplement explains the proposed compute declarations, inference-only controls, audits, and phased implementation.

This is the report's most important contribution. It treats assurance as an engineering problem, not a promise. The authors specify what must be observed, what evidence must exist, what uncertainty remains, and how the regime should become more robust over time.

The hardest problem: the verification stack is not ready

The report is candid about the gap. Its verification supplement says today's low-cost verification frontier is immature. If a high-assurance agreement had to be enforced now, powering datacenters down might be the most credible option.

Its preferred inference-only approach includes network isolation, passive traffic taps, reproducible work packets, sampled recomputation, and strong physical security. These mechanisms still require substantial research and deployment.

An independent assessment from Amodo reaches a similar conclusion. It identifies active prototypes in some areas, but multiple required components have not started or are not on track. Amodo's verification review does not invalidate Plan A. It identifies its binding implementation agenda.

Security is equally demanding. Plan A assumes that model weights and verification systems can eventually be protected against nation-state attackers. The authors describe this as a low-confidence best guess requiring extreme effort. The project's security supplement says the architecture would need to change if that level of protection proves infeasible.

The political assumption is larger than the technical one

Even a technically credible verification system would require political adoption.

Plan A asks the United States and China to conclude that a verified slowdown serves both sides better than racing, sabotage, or unilateral advantage. It also requires other compute-owning countries, frontier laboratories, chip suppliers, and datacenter operators to accept unprecedented transparency and inspection.

This is where the scenario is deliberately optimistic. Its assumptions document acknowledges that US government action in the scenario follows the authors' recommendations nearly exactly, while real-world behavior is expected to be less orderly.

The proposal also depends on compute remaining a governable bottleneck. Algorithmic breakthroughs, distributed compute, hardware smuggling, insider compromise, or rapidly improving efficiency could weaken that premise.

The correct response is neither dismissal nor endorsement. It is to separate the architecture from the probability. Plan A may be politically unlikely in its complete form while still providing a useful standard for what credible control looks like.

What executives should take from Plan A now

1. Make your AI inventory operational. Know which models, agents, datasets, tools, credentials, and compute environments each material workflow depends on. A list of use cases is not enough.

2. Turn policy into technical gates. Define what an AI system may access, execute, and disclose. Enforce those boundaries through identity, data, tool, network, and release controls.

3. Require evidence, not attestations. Retain configuration records, evaluations, approval history, security findings, agent traces, exceptions, and remediation evidence. Controls should be independently testable.

4. Design for reversibility. Maintain the ability to pause a workflow, revoke tool access, isolate data, roll back a model or prompt change, and route critical work to an alternative provider or private AI stack.

5. Govern internal AI as seriously as customer-facing AI. Systems used to write code, conduct research, manage infrastructure, or improve the next generation of AI may create the greatest concentration of capability and the least external visibility.

A better question than "Is 2040 right?"

The debate around AI 2040 will naturally focus on timelines, takeoff, geopolitics, and whether superintelligence should be slowed at all. Boards and operators do not need to resolve those questions before improving control.

The more useful question is:

If an AI system became materially more capable next quarter, would your organization know what changed, what it could reach, which actions it could take, whether its behavior remained inside policy, and how to stop or replace it?

If the answer is no, the organization does not yet have AI governance. It has AI policy.

Plan A is valuable because it makes that gap impossible to ignore. The world-scale proposal may never be implemented as written. The operating discipline behind it, visibility, bounded authority, verification, security, and reversibility, should already be part of every serious enterprise AI program.

Aeon AI Risk Management helps organizations move AI into production without losing control through implementation, private AI, CyberGuard security testing, and governance evidence. Start with the AI Control and ROI Assessment or contact info@airiskmanagement.ca.

Sources