On 6 July, the United Nations convenes its first Global Dialogue on AI Governance in Geneva. Every country has a seat at the table. But the conversation is still dominated by the few economies that build the technology.
Consider the geography. In a 2025 census of the world’s public AI compute, researchers at the Oxford Internet Institute found that only about 30 countries host the data centres that train and run advanced AI, and that the United States and China alone operate more than 90 percent of specialised AI data centres. Most of the world will not build these systems. It will buy them, install them, and run them.
Governance is being written for the builders. It will be lived by the deployers.
Adoption is already outpacing the rules. Across Asia, Africa, Latin America, and the Gulf, AI is moving into the institutions that hold societies together: hospitals read scans with it, banks approve loans, ministries flag fraud, utilities balance grids. These are live decision making systems about real people.
These institutions rarely resemble the firms that built the models. A teaching hospital in a middle income country has no safety research team. A regional bank runs no model evaluations function. It has a procurement department, an overstretched IT team, a vendor’s sales deck, and a deadline. The expertise frontier labs already taken for granted is not even in the building.
Almost all the energy in AI policy goes upstream, into how frontier models are trained and released. But many of the harms only materialise at deployment, when a real institution puts a model into a real decision, and governance is left unattended at that stop to the developer.
As a real life example, a tool used widely in US health systems to flag patients for extra care was found to underrate how sick its patients of colour were, because it predicted spending rather than illness, and it surfaced only because that system had researchers able to catch it. Now picture the same tool in a public hospital in an emerging economy, triaging a crowded emergency department. The vendor demonstrates accuracy, the contract is signed, and it goes live. Then the model slips on the patients coming through its doors, no one has agreed who reviews it or how a clinician overrides it, and it keeps no log anyone can audit. Six months on, it shapes care for thousands, and no one can say whether it still works. The failure would then be systematic: there is governance for the people who built the system and none for those who deployed it.
How do we close that gap? Three moves I would help.
- First, put hard obligations into the contract, where a deployer still has leverage. Before a system goes live, the buyer should be able to demand four things, and the vendor be required to deliver them. The vendor documents what the model was trained to do and where it is known to fail. The system keeps logs the institution can inspect for itself. There is a tested way to switch it off when it starts misfiring, without shutting down the hospital around it. And when a deployment causes harm, the vendor carries part of the liability, not the buyer alone. Each of these answers a failure in the story above. Together they make the vendor’s incentives match the deployer’s risk.
- Second, stop expecting each institution to police AI on its own. The expertise, as we just saw, might not be in the facility, and no plausible amount of training will put a model evaluation team inside every clinic and utility. So build it once, outside them: a few independent, publicly funded audit bodies that any deployer can call on to test a system before it goes live and while it runs, the way hospitals already rely on a medicines regulator to vet drugs they never test themselves. Fund them like infrastructure, beside the compute and connectivity emerging economies are told they need. The framework can be free. The institution that makes it enforceable can’t, and that is what the money buys.
- Third, keep the rulebook open, published, and free to adapt, because openness is what lets it cross borders. An open framework does not replace what’s taking shape in the European Union, the United States, India, and China; it rather acts as a shared reference. Because anyone can read it, a regulator or an independent auditor can map its controls onto each regime and certify, in public, that meeting is also satisfying the local rule. A deployer then proves itself once, against that open standard, and the proof is recognised elsewhere instead of rebuilt for every jurisdiction. A proprietary framework no one can inspect earns no such trust. Open frameworks travel, closed ones stay where they were written.
A single hospital or regional bank cannot win any of this alone. Setting these terms collectively, so that every deployer can rely on them, is the kind of work a global forum exists to do, and it is what makes the Geneva Dialogue worth getting right. The premise of the forum, that AI governance should answer to more than the economies most advanced in building it, is correct. It holds only if the discussion reaches past the builders to the institutions that will live with these systems, which is most institutions on earth.
The rules for AI are being written now. If they are written only for the people who build it, they will widen the very divide they claim to close. If they are written for the people who deploy it, AI can reach the rest of the world on fairer terms. The right rooms are not only the ones where AI is made, it’s the one where AI is put to work for everyone.
Anuuj Chauhan is Co-Founder and CEO of Yellow Sapphire Technologies (YS Tech), which deploys AI, digital infrastructure, and cybersecurity for governments and enterprises across the world, and has been invited to contribute to the United Nations Global Dialogue on AI Governance.