AI Governance Institute logo
AI Governance Institute

Intelligence for Compliance and GRC Teams

← News

Safety Pause Commitment Dropped from Anthropic's Responsible Scaling Policy Version 3.0

What happened

Anthropic released version 3.0 of its Responsible Scaling Policy (RSP) in February 2026, removing the company's original commitment to pause AI development if safety could not be guaranteed in advance. The safety pause provision had been a defining feature of Anthropic's voluntary governance framework since the RSP was first introduced in 2023. The removal represents a material shift away from a precautionary halt mechanism, though the specific replacement controls introduced in version 3.0 have not been fully detailed in public reporting. The source reporting was published by AI Coachella Valley at a briefs index page rather than a dedicated article. Organizations that have cited Anthropic's published governance commitments in vendor risk assessments, procurement due diligence, or regulatory disclosures should review whether those references remain accurate under the updated policy.

Why it matters

  • ·Regulatory exposure: Organizations that referenced Anthropic's safety pause commitment in regulatory filings or AI governance disclosures may now hold inaccurate representations of their supplier's risk controls, creating potential compliance gaps if regulators scrutinize third-party AI governance documentation.
  • ·Operational impact: Procurement and vendor management workflows that relied on the RSP's precautionary halt mechanism as a supplier-level safety assurance for Claude-based integrations must be updated to reflect the revised framework and any new or absent equivalent controls.
  • ·Organizational risk: The absence of publicly detailed replacement controls in RSP version 3.0 increases uncertainty in third-party AI risk assessments, making it harder for compliance teams to evaluate whether Anthropic's governance commitments continue to meet internal risk acceptance thresholds.

Governance controls affected

What to do now

  • Audit all internal risk documentation, regulatory disclosures, and procurement records that cite Anthropic's Responsible Scaling Policy to identify references to the safety pause commitment and update them to reflect RSP version 3.0.
  • Request updated vendor governance documentation from Anthropic or authorized resellers that details the replacement controls introduced in RSP version 3.0, and evaluate whether those controls satisfy your organization's third-party AI risk acceptance criteria.
  • Review AI vendor contract requirements for Claude-based products to determine whether contractual safety commitments were linked to specific RSP provisions and whether amendments or addenda are now needed.
  • Reassess the AI risk classification for any Claude-dependent systems under HOC-001, particularly where the safety pause mechanism was factored into the original risk tier determination.
  • Update your third-party AI risk assessment templates to include a version-tracking field for supplier governance frameworks, ensuring future policy changes by AI vendors are detected and reviewed systematically.

What to watch next

Compliance teams should monitor Anthropic's official communications and policy publications for a detailed public disclosure of the replacement controls introduced in RSP version 3.0, as the current absence of specifics limits accurate vendor risk assessment. Teams should also track whether frontier AI safety commitments become subject to mandatory disclosure requirements under emerging regulatory frameworks in the EU, UK, or US, which could affect how voluntary policies like the RSP are weighted in compliance evaluations. Any enforcement actions or regulatory guidance referencing voluntary AI governance frameworks at major labs would signal a shift toward greater scrutiny of supplier-level safety documentation.

AI Governance Weekly

Weekly intelligence on AI regulation, enforcement, and governance. Every Thursday.

Powered by Buttondown.

Related Coverage

Insight2026-06-27

Mythos 5 Partial Reinstatement Creates Government-Controlled AI Access Tiers With No Transparent Process

The US government on June 27 granted roughly 100 approved companies access to Claude Mythos 5, partially reversing a June 12 export control suspension, while Fable 5 and organizations outside the approved list remain locked out with no published selection criteria or recourse. The action is the first commercial enforcement under a new executive order framework requiring government pre-release review of frontier models, making tiered access structural rather than ad hoc.

Insight2026-07-16

Agentic Developer Tools Are the New Shadow IT, With a Larger Blast Radius

The Grok Build incident is not a data breach story. It is a category error story: organizations are applying shadow IT controls to a class of tools that bypasses those controls by design. Agentic coding assistants have codebase-level access, transmit code as part of their core function, and expose data in proportion to the developer's own privileges. The governance frameworks built for unauthorized SaaS subscriptions are not built for this.

news2026-07-16

xAI Grok Build CLI Silently Uploaded Full Repositories and Secrets Files Before Server-Side Fix; Opt-Out Did Not Block Transmission

An independent wire-level analysis of xAI's Grok Build CLI (version 0.2.93) found that the tool transmitted entire repository contents, including secrets files and git history, to xAI's servers regardless of what the AI agent was instructed to read. xAI has since disabled the upload server-side and added a privacy opt-out, though the researcher's testing found the opt-out controls data retention rather than blocking transmission. Elon Musk has publicly committed to deleting previously uploaded data, though that deletion has not yet been confirmed complete.