# WIA-ai-survival-2026 PHASE 4 — INTEGRATION Specification

**Standard:** WIA-ai-survival-2026
**Phase:** 4 — INTEGRATION
**Version:** 1.0
**Status:** Stable

This document defines how an AI-survival operator
integrates with the systems that surround the AI-
governance lifecycle: the AI-system providers and
deployers in the operator's value chain (cross-
reference WIA-generative-ai + WIA-content-ai); the
AI Safety Institute network (US AISI + UK AISI + EU
AI Office + KAISI + Japan / Singapore / Canada);
the international coordination bodies (UN AI Advisory
Body, GPAI, OECD AI Network, UNESCO); the EU AI
Office and the Member-State NCAs; the US sector
regulators (FTC + EEOC + DOT NHTSA + FDA + CFPB);
the KR AI 기본법 supervisory regime; the workforce-
transition partners (educational institutions, public
employment agencies, sectoral training funds, trade
unions); the responsible-scaling-policy commitment
network (Seoul AI Summit / AI Action Summit);
the external auditor and ISO/IEC 27001 + ISO/IEC
42001 certification body; the dual-use export-
control authority; and the long-term archive.

References (CITATION-POLICY ALLOW only):

- ISO/IEC 42001:2023 + 27001:2022 + 22989 + 23053 +
  23894 + 24029 + TR 24027 + TR 24028 + 38507
- IETF RFC 8259 / 9457 / 8615 / 8288 / 9421
- ISO/IEC 17021-1:2015, ISO/IEC 17065:2012
- ISO 8601, ISO 17442 LEI
- W3C Verifiable Credentials Data Model 2.0
- NIST AI RMF + NIST AI 600-1 + NIST IR 8332
- US AISI Consortium voluntary commitments + US EO
  14110 + OMB M-24-10
- EU AI Act Articles 49 (registration), 51-55, 70
  (governance), 71 (database), 72 (post-market), 73
  (serious-incident), 74 (market surveillance), 86
  (right to lodge complaint)
- EU Code of Practice for GPAI Models
- UN AI Advisory Body + UN GA Resolution 2024 + UN
  GDC AI provisions
- International AI Safety Report 2025
- OECD AI Principles + UNESCO Ethics Recommendation
  2021
- ETSI ISG SAI
- IEC 62443
- KR AI 기본법 + KR AI 안전연구소 (KAISI) +
  KR PIPC + KR 대외무역법

---

## §1 AI-System Provider and Deployer Integration

The operator's integration with the upstream and
downstream AI-system actors:

- Provider integration — when the operator deploys
  a third-party AI system the upstream provider's
  WIA-generative-ai (or equivalent) record set
  feeds the operator's AI-system inventory.
- Deployer integration — for high-risk AI systems
  the operator's deployer obligations under EU AI
  Act Article 26 are coordinated with the system's
  provider through the published instruction-for-
  use.
- Distributor integration — distributor obligations
  under Article 24.
- Importer integration — importer obligations
  under Article 23.

## §2 AI Safety Institute Network Integration

The operator's AISI integration:

- US AISI (NIST) — the US AI Safety Institute
  Consortium voluntary participation; pre-deployment
  testing memorandum-of-understanding for frontier
  models.
- UK AISI — the UK AI Safety Institute pre-
  deployment evaluations.
- EU AI Office — the European Commission's AI
  Office for GPAI oversight under AI Act Articles
  64-70 + Code of Practice signature.
- KR AI 안전연구소 (KAISI) — the Korean AI Safety
  Institute (under MSIT) for KR-jurisdiction pre-
  deployment evaluation.
- Japan AISI / Singapore AI Verify Foundation /
  Canada AISI — bilateral and multilateral
  cooperation.
- AISI international network — bilateral
  collaboration on capability evaluation and
  systemic-risk assessment.

## §3 International-Coordination Integration

For multilateral AI governance:

- UN AI Advisory Body (Final Report 2024 follow-up)
  — operator engagement with the proposed
  international scientific panel and the Global
  Fund for AI.
- GPAI Working Groups — operator participation in
  GPAI's responsible AI / data governance / future
  of work / innovation working groups.
- OECD AI Network of Experts — OECD AI Principles
  implementation evaluation participation.
- UNESCO Recommendation 2021 implementation
  reporting through the operating jurisdiction's
  UNESCO national-commission.

## §4 EU AI Office and Member-State NCA Integration

For EU-jurisdiction operators:

- EU AI Office — for GPAI providers Article 56
  Code of Practice signatory channel; serious
  incidents under Article 55(1)(c) reporting;
  market-surveillance coordination.
- Member-State NCA (Notified Authorities) — for
  high-risk system providers and deployers the
  primary supervisory authority for AI Act
  compliance.
- AI Board (Article 65) — Member-State coordination
  on cross-border issues.
- Advisory Forum (Article 67) — civil-society +
  industry stakeholder consultation channel.
- Scientific Panel of independent experts (Article
  68) — frontier risk advisory.

## §5 US Sector Regulator Integration

For US-jurisdiction operators:

- FTC — for AI-related deception / unfairness /
  privacy enforcement.
- EEOC — for AI in employment decisions.
- DOT NHTSA — for AI in automotive safety.
- FDA — for AI/ML in medical devices (the
  pre-determined change-control plan).
- CFPB — for AI in consumer credit (cross-
  reference WIA-credit-scoring).
- DOE — for AI in critical-infrastructure (cross-
  reference WIA-energy-cloud + WIA-distributed-
  energy).
- DHS / CISA — for AI cybersecurity.

## §6 KR AI 기본법 and KAISI Integration

For KR-jurisdiction operators:

- KR 인공지능 발전 및 신뢰 기반 조성 등에 관한 기본법
  — the operator's high-impact-AI / generative-AI
  / fundamental-AI obligations under the AI Basic
  Act.
- KR AI 안전연구소 (KAISI) — pre-deployment
  evaluation cooperation.
- KR PIPC — for personal-information-related AI
  obligations.
- KR 산업통상자원부 — for industrial AI policy
  alignment.
- KR MSIT — for AI R&D and digital-platform
  policy.

## §7 Workforce-Transition Partner Integration

The workforce-transition partner integration:

- Educational institutions — university and
  technical-college reskilling partnerships.
- Public employment agencies — KR 고용노동부 +
  US Department of Labor + EU EURES + the
  jurisdiction's equivalent.
- Sectoral training funds — labour-market
  retraining funds operating in the operator's
  sector.
- Trade unions — collective-bargaining engagement
  on AI-driven workforce changes.
- Industry associations — sector-wide reskilling
  programmes.

## §8 Responsible-Scaling Commitment Network
       Integration

For frontier-AI providers participating in the
voluntary commitment network:

- Seoul AI Summit 2024 commitments — published
  scaling policies, frontier evaluations, system-
  card disclosure.
- AI Action Summit Paris 2025 commitments —
  updated commitments published per the summit's
  declaration.
- White House Voluntary Commitments (2023) for
  US-jurisdiction operators.
- AISI Consortium voluntary commitments at
  national level.

## §9 External Audit and AIMS Certification

The operator's ISMS is certified against ISO/IEC
27001:2022; the AIMS is certified against ISO/IEC
42001:2023. The certification body operates under
ISO/IEC 17021-1; the conformity-assessment body for
WIA-ai-survival-2026 operates under ISO/IEC 17065.
EU AI Act Article 43 third-party conformity
assessment is exercised for high-risk systems where
required by Annex III.

## §10 Dual-Use Export-Control Integration

For operators subject to dual-use controls:

- US BIS (Bureau of Industry and Security) for
  EAR.
- US DDTC (Directorate of Defense Trade Controls)
  for ITAR.
- EU Member-State export-control authority for
  Reg (EU) 2021/821.
- Wassenaar Arrangement national point-of-contact.
- KR 산업통상자원부 + 전략물자관리원 for KR-
  jurisdiction.

## §11 Long-Term Archival Integration

Records governed by the operator's retention
horizons (EU AI Act Article 18 ten-year retention
for high-risk systems; US OMB M-24-10 federal-use-
case-inventory annual; KR AI 기본법 retention) are
migrated to the long-term archive at the close of
the active retention window. The archive preserves
the AI-system inventory, the AIMS records, the
safety-test reports, the incident records, the
frontier-policy amendments, the supply-chain
attestations, the dual-use licences, the workforce-
transition programme records, and the audit-event
trail.

## §12 Compute-Provider and Cloud-AI Integration

For operators dependent on third-party compute /
cloud-AI providers:

- Compute-provider tier reporting per AI Act
  Article 53 + the operator's compute-budget
  declaration.
- Per-provider cloud-AI service-level agreement
  including the provider's safety attestation.
- Cross-cloud portability + vendor-lock-in risk
  mitigation.
- Sovereign-cloud and data-localisation discipline
  per the operating jurisdiction's data-protection
  regime.

## §13 Civil-Society and Affected-Communities
        Integration

For inclusive AI governance:

- Stakeholder engagement under EU AI Act Article
  27 FRIA + ISO/IEC 42001 Clause 4 interested-
  parties.
- Affected-rights-holder consultation through
  published comment periods + targeted outreach.
- Independent AI auditor coordination (Algorithmic
  Justice League, AI Now Institute, Distributed AI
  Research Institute, KAIST AI 정책연구센터, KOREA
  AI 윤리연구회, etc.) where the operator
  participates.
- Right to lodge a complaint per AI Act Article 86
  routed through the operator's complaint channel
  to the Member-State NCA.

## §14 Public-Sector AI Use-Case Inventory Integration

For US-jurisdiction federal-agency operators:

- US OMB M-24-10 federal AI use-case inventory
  annual submission.
- Public publication of safety-impacting and
  rights-impacting AI use cases.

For other jurisdictions:

- EU public-sector AI Act Article 49 register
  entries.
- KR 인공지능 행정기본법 administrative AI registry.

## §15 Conformance

Implementations claiming PHASE-4 conformance maintain
the AISI-network, EU AI Office, US sector regulator,
KR AI 안전연구소, workforce-transition, responsible-
scaling, dual-use, and compute-provider integrations,
hold the ISO/IEC 42001 + 27001 certifications, and
operate the long-term archival integration described
above.

---

**Document Information:**

- **Version:** 1.0
- **Phase:** 4 — INTEGRATION
- **Status:** Stable
- **Standard:** WIA-ai-survival-2026
- **Last Updated:** 2026-04-29