6.3.2 Shared Model Governance
Original Problem in the Paper
Motivation: distribute control over model training/inference so operations require agreement by multiple parties; use cases include pooled investment, actor-specific training requirements, and international collaboration. Open problems: proof-of-concept and efficacy for model splitting; SMPC/HE approaches despite high overhead; TEE-based shared governance demonstrations; reducing HE/SMPC performance costs.
July 2026 Update & Trajectory
Cryptographic and TEE building blocks improved, but I found no verified 2026 production-grade shared governance system for frontier model training/inference where multiple parties technically co-authorize every operation. TEEs, Caliptra, OpenTitan, and confidential GPU computing make prototypes more tractable; HE/SMPC overhead and operational complexity remain blockers.
Deployed / Operationalized
- Narrow data-privacy uses of split learning/SMPC/HE and confidential-computing enclaves; not clearly deployed as multi-party governance of frontier model control.
- Multi-party authorization for model-weight access in lab security programs is operational governance-adjacent, but not distributed inference/training control.
New Tractable Vectors
- TEE-based co-signing / policy-enforced enclaves where parties approve code and receive attestation before releasing keys, weights, or shares.
- Hybrid systems: use TEEs to reduce SMPC/HE overhead while preserving auditability and multi-party veto.
- Governance protocols for shared international model projects with cryptographic logs and threshold controls.
Key Open Questions
- Efficient shared control for trillion-parameter training/inference without 100x-style overheads or unacceptable latency.
- Preventing one party from reconstructing, distilling, or side-channel extracting the whole model from its share/API access.
- Legal/accountability design for threshold governance when parties disagree, revoke keys, or jurisdictions conflict.
Evidence & Primary Sources
- NVIDIA H100 confidential computing provides hardware-attested execution and tenant attestation flows that could host shared-governance prototypes. (2023-08-03): https://developer.nvidia.com/blog/confidential-computing-on-h100-gpus-for-secure-and-trustworthy-ai/
- Caliptra supplies identity, measured boot, and attestation for datacenter SoCs, useful for multi-party verification of code/hardware state. (2026): https://github.com/chipsalliance/Caliptra
- Anthropic operationalizes multi-party authorization for production code/weight access, but as internal security control rather than shared model governance. (2026-05-26): https://www.anthropic.com/responsible-scaling-policy