AI Standards and Interoperability in 2026

In December 2025, Anthropic donated the Model Context Protocol to the Agentic AI Foundation, a new directed fund inside the Linux Foundation, co-founded with Block and OpenAI. A year earlier, MCP was a single-vendor experiment shipped quietly alongside Claude Desktop. By the donation, Anthropic was reporting on the order of 97 million monthly SDK downloads and more than ten thousand active public MCP servers, with OpenAI, Microsoft Copilot, Cursor, Visual Studio Code, and the Gemini ecosystem already wired in. That arc — from “Anthropic protocol” to “neutral foundation infrastructure” in roughly a year — is the single best illustration of where AI standards actually live in 2026: not in formal standards bodies first, but in widely adopted reference implementations that later get handed to a neutral steward.

This post walks through the layers of that shared plumbing — the protocols, the management standards, the safety benchmarks, and the supply-chain conventions — and where each one really sits.

AI standards and interoperability 2026

Layer 1: model-to-tool plumbing — MCP#

Model Context Protocol is the closest thing the industry has to a default for model-to-tool integration. The technical posture is deliberately Language Server Protocol-shaped: servers expose tools, resources, and prompt templates; clients (chat apps, IDEs, agents) consume them through a single message format. Adoption inflection points were clear and public — OpenAI added MCP support in March 2025, Google confirmed Gemini support in April 2025, ChatGPT shipped MCP-backed app integrations in September 2025, and enterprise surveys late in 2025 and into 2026 reported the majority of enterprise AI teams running at least one MCP-backed agent.

What MCP has not solved on its own is authentication at scale, multi-tenant deployment, and discovery — finding and validating servers across an open ecosystem. The November 2025 spec release tightened authentication semantics; the Linux Foundation governance transition is meant to give multi-vendor security work a credible home.

Layer 2: agent-to-agent plumbing — A2A and the convergence question#

Google’s Agent-to-Agent (A2A) protocol covers a different problem than MCP. MCP standardizes how a single model talks to tools and data. A2A standardizes how autonomous agents talk to each other — capability discovery, delegation, and result reconciliation across agent boundaries that may be owned by different teams or different companies.

In 2026 the practical question is not “which one wins.” It is “where does the seam sit.” The emerging pattern: agents use MCP locally to reach tools and data, and A2A (or A2A-like protocols) at the edges to delegate to other agents. Anthropic, Google, and OpenAI have all signaled that the layered split is roughly correct, and the Agentic AI Foundation is the most plausible host for the convergence work over the next two years.

Layer 3: function and tool-call schemas — OpenAI Functions, OpenAPI, JSON Schema#

Underneath both MCP and A2A, the actual data format for tool descriptions and arguments is now almost universally JSON Schema, lightly extended. OpenAI’s original Functions / Tools API anchored that pattern in 2023; OpenAPI has become the de facto way to describe larger tool surfaces, and OASIS-stewarded specs underpin a lot of the security tooling around it. None of this is exciting, and that is the point: the schema layer is boring enough that vendors quietly converged.

Layer 4: management-system standards — ISO/IEC 42001 and NIST AI RMF#

If MCP is the bottom-of-stack plumbing, ISO/IEC 42001 is the top-of-stack management standard. Published in late 2023, ISO/IEC 42001 specifies requirements for an AI Management System (AIMS) — the AI analogue of ISO/IEC 27001 for information security or ISO 9001 for quality. By 2026, neither 42001 nor NIST’s AI Risk Management Framework is legally required in most jurisdictions, but both are increasingly used as a procurement gate. Large buyers — central banks, public-sector tenders, and several Tier-1 enterprise procurement teams — now ask vendors for ISO/IEC 42001 conformity or a NIST AI RMF mapping before signing.

The 42001 versus NIST AI RMF question is the most common confusion. They are not rivals:

ISO/IEC 42001 is a management-system standard — it tells you what processes, roles, and documentation you must have to claim a working AI program. It is certifiable.
NIST AI RMF is a risk-management framework — it gives a vocabulary (Govern, Map, Measure, Manage) for identifying and treating risks inside your AI program. It is not certifiable, but it is widely used as the working framework inside 42001 conformity work.

Mature programs in 2026 typically pursue ISO/IEC 42001 certification for the credential and use NIST AI RMF as the operating model inside the management system. EU AI Act conformity work increasingly bolts onto the same scaffolding rather than running parallel.

Layer 5: safety benchmarks — AILuminate and the AISIs#

Standardized safety evaluation has moved faster than many expected. The most credible cross-vendor benchmark in 2026 is MLCommons’ AILuminate v1.0, with v1.1 in active development. AILuminate evaluates models against on the order of 24,000 prompts across twelve hazard categories — violent crimes, non-violent crimes, sex-related crimes, child sexual exploitation, indiscriminate weapons, suicide and self-harm, intellectual property, privacy, defamation, hate, sexual content, and specialized advice. MLCommons publishes a public 1,200-prompt practice set and holds the official test set private.

Parallel to that, the UK AI Safety Institute and US AI Safety Institute have built out structured pre-deployment evaluation programs with major labs. The MOUs they signed with frontier labs in 2024 are now operational — frontier models are evaluated before launch on a defined battery of capability, persuasion, biosecurity, and cyber-misuse tests. That work is not “the standard” yet in any formal sense, but it is rapidly becoming the de facto pre-release gate for frontier systems.

Layer 6: model documentation and supply-chain — SBOM, AIBOM, and Hugging Face#

Hugging Face has done more for de facto model documentation standardization than any formal body. Model cards, dataset cards, and the conventions around licensing fields, intended-use sections, and evaluation reports started as Hugging Face platform features and have ended up as the working pattern across enterprise AI registries.

On the supply-chain side, the AI Bill of Materials (AIBOM) discussion has matured from “should this exist?” into actual format proposals — extensions of CycloneDX and SPDX SBOM formats that add training-data provenance, model lineage, and dataset attestation fields. By 2026, several Tier-1 procurement teams require an AIBOM at vendor onboarding the way they require an SBOM for software.

Layer 7: web and accessibility — W3C and the slow lane#

W3C work on AI is real but unhurried. The interesting threads are around content provenance (C2PA, the Content Authenticity Initiative work that ended up on the W3C track), accessibility guidance for AI-generated content, and a slow conversation about identity and authentication primitives for agentic web traffic — what a “logged-in agent” looks like when it is not a human and not a server. None of this is shipped as a final recommendation yet, but the working drafts are public and have informed how Anthropic, OpenAI, and Google are thinking about agent identity on the open web.

Layer 8: de facto standards from frontier labs — responsible scaling policies#

The most interesting “non-standard standard” in 2026 is the responsible scaling family of policies. Anthropic’s Responsible Scaling Policy, OpenAI’s Preparedness Framework, and Google DeepMind’s Frontier Safety Framework are not standards in any ISO sense. But because the major labs cross-reference each other’s tiers, and because the AISIs evaluate against them, they have become the practical compliance reference that frontier deployment decisions are made against. Standards bodies are working to formalize the underlying ideas — capability thresholds, deployment gates, model-weight security — but the lived reality is that the labs’ frameworks are the operating standard, and the formal bodies are catching up.

The Bletchley follow-on and the international coordination layer#

The Bletchley Park summit in late 2023 produced a declaration that mattered more for what it signalled — that the major AI powers would talk to each other about frontier-system safety — than for what it bound. The follow-on summits in Seoul and Paris through 2024 and 2025 produced concrete commitments around frontier-model evaluation, capability thresholds, and shared incident reporting, and the working groups that came out of them now feed into the AILuminate benchmark cadence and the AISI evaluation programs.

The interesting structural shift in 2026 is that international coordination on AI safety is no longer a single annual summit. It is a continuous set of working groups across the AISIs, the AI Safety Institute network, the OECD’s AI policy observatory, and the Global Partnership on AI. None of these are standards bodies in the formal sense, but each contributes input that ISO, NIST, and IEEE pick up downstream.

IEEE and the older standards bodies#

IEEE’s 7000 series — ethically aligned design, transparency of autonomous systems, algorithmic bias considerations, child and student data governance — predates most of the current AI boom and continues to mature. The 7000 standards are increasingly cited inside ISO/IEC 42001 conformity work as the engineering-detail layer underneath the management-system requirements. In practice, an enterprise team running an ISO/IEC 42001 program in 2026 will reach for IEEE 7000 series guidance for the parts of the program that need engineering specificity rather than management-system language.

What this actually means for buyers and builders#

Enterprise buyers in 2026 should ask for a stack of artifacts, not a single certification:

An ISO/IEC 42001 conformity statement, with NIST AI RMF mapping for risks
Model cards plus an AIBOM for any model the vendor ships
A description of which benchmark suites — AILuminate at minimum, domain-specific evals where relevant — the vendor runs and at what cadence
A statement of MCP server inventory, A2A boundaries, and how authentication is handled
For frontier-adjacent capability: which AISI program (UK, US, or both) the vendor’s underlying models have been evaluated under

That bundle, not a single logo, is the closest thing to “AI compliance” that exists this year.

Where pdpspectra fits#

Most of our standards-adjacent work is not writing policy. It is the production engineering that makes a standard actually hold — wiring MCP servers behind an enterprise AI gateway, implementing the eval harnesses that ISO/IEC 42001 conformity assumes you already have, and building the data lineage that an AIBOM is supposed to document. That sits across our AI and LLM integration practice, the ML and MLOps practice for the evaluation side, and data engineering for the lineage work.

When buyers come to us asking “how do we get to 42001-ready in twelve months without freezing the AI program,” that is the conversation.

/blog/mcp-model-context-protocol-2026 — MCP in production deployment terms
/blog/ai-evaluation-suites-2026 — how the eval layer underneath these standards actually works
/blog/ai-government-deployment-2026 — public-sector procurement and the rise of standards as gates

Closing#

The story of AI standards in 2026 is not “the standards bodies finally caught up.” It is “the reference implementations got donated to neutral foundations, and the management standards got serious enough to function as procurement gates.” Both are real. Neither is a finished system.

If you are working through what an internal AI standards posture should look like — what to certify, what to map, and what to defer — get in touch.