HAIP is transforming transparency from a compliance burden to a competitive advantage

In our first post on the AI Wonk, Aliki Foinikopoulou, our Head of Global Public Policy, discussed the rapid evolution of the AI landscape. Less than a year later, the emergence of new technologies and a rapidly evolving regulatory landscape have added new layers of complexity. Against this backdrop, trust is more critical than ever. AI presents a generational opportunity, but harnessing it responsibly requires governments to play an active, deliberate role in shaping its development and deployment.
Salesforce was pleased to be one of the first companies to contribute to the reporting framework developed by the OECD under the Hiroshima AI Process (HAIP), and we were pleased to have contributed to the second version of the reporting framework, which offers an expanded view of the AI value chain. Over the last year, enterprise agentic AI has fundamentally shifted the business landscape, transforming organisations from simply using AI to becoming agentic enterprises. Now, more than ever, a common framework and language to articulate a path to trusted AI are critical.
The governance gap we can’t afford to ignore
The most consequential shift in artificial intelligence is not happening in a research lab. It is happening right now through decisions in boardrooms, legislatures, and the daily choices of millions of people. Governance frameworks need to keep up.
These decisions and choices are more critical today because AI has expanded beyond large, generative models that respond to prompts into the era of agentic AI, where systems autonomously plan, execute and adapt across complex, multi-step workflows. These agents can browse the web, write and run code, negotiate, make purchases and decisions. All with real-world consequences.
The AI value chain has expanded dramatically, spanning model developers, cloud infrastructure providers, orchestration platforms, data brokers, enterprise deployers and end users. Each new layer introduces fresh challenges: accountability gaps, opaque decision-making, and the potential erosion of meaningful human control.
The question is no longer whether AI should be governed. The question is how governance frameworks can keep pace.

Fragmentation is the real threat
The primary hurdle to responsible AI adoption today is not only technical but also regulatory fragmentation. As nations race to establish frameworks to govern AI, we are seeing a patchwork of rules that sometimes take different approaches. The divergent definitions of risk and transparency across jurisdictions not only create compliance headaches; they also contribute to governance gaps that small businesses cannot afford to bridge, leaving the advantage solely with the largest incumbents.
Consider a mid-sized logistics company deploying AI agents to manage cross-border freight and customs compliance. Unlike large incumbents, it has no dedicated AI governance team. In a fragmented regulatory environment, demonstrating responsible AI use means navigating a different set of voluntary and mandatory rules in every market where it operates, an effective barrier to entry that has nothing to do with the quality or safety of its technology. A harmonised framework with clear, tiered requirements based on risk level rather than company size would change that calculus entirely, enabling broader participation in the responsible AI economy.
A global bank using AI agents to automate processes is another good example. The EU requires human-interpretable reasoning trails; US regulators focus on disparate impact testing; the Monetary Authority of Singapore (MAS) applies its own Fairness, Ethics, Accountability, and Transparency (FEAT) principles. Without a common standard, the bank either builds to the most restrictive version globally, which is expensive, or limits deployment to certain markets, leaving genuine value unrealised.
These aren’t hypothetical edge cases. They are the daily reality for Salesforce customers operating across jurisdictions.
We have seen this dynamic before. In the early days of the internet, cybersecurity was a fragmented landscape of jurisdiction-specific standards. It was not until we moved toward global interoperability through frameworks such as NIST and ISO that businesses could demonstrate their security programmes at scale. AI governance must follow the same blueprint to avoid fragmentation as the final reality.
Why HAIP matters
At Salesforce, my team in the Office of Ethical and Humane Use guides the responsible design, development, and deployment of our technologies. Ethical considerations must be embedded from the start in the product design of the AI platform and the agents themselves, and not just because of regulations, but because it is what our customers expect from Salesforce. But internal commitment alone is not enough. It must be paired with strong, globally coherent governance.
That’s why we are pleased to once again participate in the HAIP reporting framework and in the process to both streamline and broaden its base of participation. The ubiquity of AI means that frameworks like this need to be accessible and relevant to companies of all sizes across markets worldwide.
HAIP matters for several reasons, including:
- A common language: The HAIP Reporting Framework provides a standardised baseline that allows regulators and companies to compare compliance processes across the industry, an essential in a world where agentic AI means different things to different people. For a company like Salesforce, whose Agentforce platform is deployed by enterprises across the EU, US, Japan, and beyond, this matters enormously. Today, a multinational client must configure separate compliance documentation for each jurisdiction, even when the underlying agent and its safeguards are identical. A common language means that responsible design, built once, can be recognised everywhere.
- Global interoperability: In a fragmented regulatory environment, HAIP acts as a diplomatic bridge, ensuring that a company’s safety commitments in San Francisco carry weight in Tokyo and Brussels. Salesforce voluntarily publishes its responsible AI practices and invests heavily in making them robust, but without interoperability, those commitments must be re-translated for every regulatory context. That is not a problem of intent; it is a problem of infrastructure. HAIP provides that infrastructure.
- From “trust me” to “show me”: By making reports public on the OECD.AI platform, HAIP transforms transparency from a compliance burden to a competitive advantage and inspires a race to the top. Companies currently publish reports, such as Salesforce’s Trusted AI and Agents Report, on a voluntary basis. Centralising this kind of information from across industries on a single platform can further bolster the industry by publicly demonstrating a strong commitment to responsible AI. Critically, it also lowers the barrier for smaller companies: a streamlined, interoperable voluntary framework means that responsible AI is no longer a signal only large incumbents can afford to send.
A blueprint worth protecting
Just as the internet required global standards to scale safely, so too does AI. Just as the Payment Card Industry Data Security Standard created a single payment security standard that allowed small businesses to accept credit cards globally without a compliance army, a coherent AI governance framework provides companies of all sizes with a clear, achievable bar rather than an ever-shifting patchwork of national rules. The Hiroshima AI Process is that tool, a shared blueprint for trust that governments and the private sector must now work together to strengthen and expand.
Realising the opportunity of agentic AI responsibly demands more than good intentions. It demands frameworks that are globally coherent, publicly accountable, and built to keep pace with the technology itself. Salesforce remains committed to that work because the future of AI should be governed by shared principles that are ethical, agile, humane, and built to last.






























