Papers

Topics

Authors

Recent

View all

Gemini 2.5 Flash

144 tokens/sec

GPT-4o

7 tokens/sec

Gemini 2.5 Pro Pro

46 tokens/sec

o3 Pro

4 tokens/sec

GPT-4.1 Pro

38 tokens/sec

DeepSeek R1 via Azure Pro

28 tokens/sec

2000 character limit reached

Compute Pause Button Framework

Updated 1 July 2025

Compute Pause Button is a governance, technical, and procedural system designed to halt or delay large-scale AI model training by regulating hardware and supply chain operations.
It integrates tamper-proof FLOP caps, model locking, offline licensing, and fixed-set cluster mechanisms to control compute resource usage effectively.
It employs a Governance–Enforcement–Verification (GEV) framework and traceability measures to ensure compliance and prevent circumvention at every stage.

A compute pause button is a governance, technical, and procedural mechanism designed to halt, limit, or delay the progress of large-scale AI model training by directly regulating access to computational resources at the hardware and supply chain level. The concept targets the physical substrates necessary to develop advanced AI systems, such as high-performance chips and compute clusters, and proposes a framework that is enforceable, traceable, and independently verifiable. Unlike ex post oversight of AI models, the compute pause button approach seeks to preempt the emergence of potentially hazardous capabilities by intervening at the foundational stages of AI development, leveraging a combination of technical controls, supply chain traceability, and regulatory policy.

1. Governance—Enforcement—Verification (GEV) Framework

The compute pause button is organized within a Governance–Enforcement–Verification (GEV) structure intended to ensure that rules for compute restriction are clear, that violations are detectable, and that compliance is independently verifiable. Governance involves establishing and updating global rules regarding access to and use of advanced compute, such as production quotas for chips or ceilings on aggregate compute per training run. Enforcement entails mechanisms that make these rules operable—through technical interventions (e.g., tamper-proof FLOP caps, model locking, licensing), as well as administrative actions (such as export control or production limits). Verification requires mechanisms such as audits, digital computation receipts, and supply chain monitoring to provide evidence that the enforced controls are being followed in practice.

This tripod approach necessitates that all three intervention points—technical, traceability, and regulatory—work in concert. The system is designed to be resilient both to technical failures (e.g., circumvention by hardware tampering) and to political-economy challenges (e.g., differing national interests or incomplete enforcement).

2. Technical Mechanisms for Compute Restriction

Multiple technical mechanisms have been proposed to realize the compute pause button, each aiming to control, track, or restrict advanced compute utilization.

Tamper-Proof FLOP Caps: Chips can be equipped with hardware-level restrictions on the total number of floating-point operations (FLOPs) they may execute. These caps are physically and cryptographically protected to prevent circumvention. Each chip can maintain a secure log (“receipt”) of its computation, which can be audited. The cap is formalized as:

$\text{FLOP}_{\text{total}}(W) = \sum_{k \in \text{history}(W)} f_k \leq \text{FLOP}_{\max}$

where $f_k$ denotes the FLOPs for computation step $k$ contributing to model weights $W$ .

Model Locking: Model weights may be cryptographically locked during or after training. Only authorized hardware possessing the required keys can decrypt or run the model, and third-party approval is required for release, preventing unauthorized dissemination of advanced models.
Offline Licensing: Chips may be issued a finite compute “budget” or time-limited license, renewable only through central authority oversight. Once a chip has exhausted its license, it must seek recertification or additional allocation, granting regulatory bodies active control over the availability of computational power in real time.
Fixed-Set Cluster Mechanisms: Limits on the number of chips or the bandwidth between them can act as physical caps on the maximum scale and speed of coordinated training runs, thereby bounding the aggregate compute available to any single project.
Flexible Hardware-Enabled Guarantees (flexHEGs): This conceptual mechanism envisions secure hardware modules—either built into chips or added as tamperproof “boxes”—able to enforce a variety of governance protocols, including compute capping, model auditability, and dynamically adjustable restrictions.

While some mechanisms (e.g., FLOP caps, model locking) can be implemented in hardware at fabrication, others (such as firmware-based licensing) may allow faster deployment but are less robust to circumvention.

3. Traceability Across the Compute Supply Chain

Traceability tools are necessary for maintaining end-to-end visibility and control over advanced compute resources, addressing challenges such as black-market chips, illegal exports, and coordinated circumvention attempts.

Monitoring of Key Materials and Components: Critical upstream components (e.g., EUV lithography machines, advanced EDA software, high-quality semiconductor materials) are themselves tracked and regulated, using audit trails and registered declarations akin to precursor chemical regimes in the Chemical Weapons Convention (CWC).
Global Compute Supply Registry: All manufacturers of high-performance AI chips and contract fabs are required to report production volumes, specifications, and sales. This registry, potentially established under an international mandate, is vital for cross-border coordination and risk management.
Chain-of-Custody for Advanced Chips: Every chip is assigned a unique cryptographic identifier. Its location, ownership changes, and operational status are tracked in a tamper-resistant ledger, with customs inspections and audits verifying chain integrity.
Know Your Customer (KYC) for Compute Providers: Cloud and datacenter operators are obliged to verify client identity and intended use at the point of large-scale compute rental, refusing or flagging suspicious accesses, analogous to anti-money laundering controls in finance.

Verification methods include digital receipt systems, surprise physical audits, cross-border customs enforcement, and distributed registry reconciliation.

4. Regulatory and Policy Mechanisms

Institutional and legal measures provide the necessary authority and scope for technical and traceability systems:

Production Controls (Quotas and Licensing): Licensing and quotas limit the number (and type) of advanced AI chips that may be manufactured annually, analogous to OPEC oil production caps or DEA quotas in pharmaceuticals. Only licensed actors may produce, hold, or sell high-performance compute, and licenses can be revoked on evidence of noncompliance.
Export Controls: Drawing from the Wassenaar Arrangement and other dual-use technology regimes, countries restrict the export of frontier chips or relevant manufacturing equipment, with licensing, customer validation, and record keeping. These controls are particularly important given the highly concentrated and traceable semiconductor manufacturing ecosystem.

The interplay of these mechanisms translates core policy choices (e.g., what compute ceilings are deemed safe) into enforceable, verifiable actions at every relevant point in the semiconductor and AI development supply chain.

5. Analogues from Other Global Governance Domains

The feasibility and design of a compute pause button draw heavily from experience in other domains where material technologies must be constrained for safety or strategic reasons:

Nuclear Non-Proliferation (NPT/IAEA): Implementation relies on layered oversight, facility licensing, inspections, and material accounting—all directly analogous to chip registry, facilities audits, and computation receipts.
Chemical Weapons Convention/OPCW: Regulatory coverage of both precursor materials and finished products, combined with global reporting registries and challenge inspections, provides a template for multi-stage supply chain control.
Pharmaceutical Supply Chain (DEA quotas/Track-and-Trace): Controlled manufacturing and chain-of-custody for scheduled drugs and active ingredients mirror chip production and downstream go-to-market controls.
Operation Warp Speed (pandemic response) and Wassenaar Arrangement: Illustrate rapid, large-scale public-private coordination, and harmonized export controls for dual-use technologies.

While no analogy is perfect, the cumulative record of these regimes indicates that ambitious, hardware-level global governance is technologically and institutionally plausible provided sufficient political support and early action.

6. Challenges and Credible Solutions

Technical and institutional challenges for a universal compute pause button include potential circumvention via distributed or clandestine hardware, the risk of hardware-level exploits or counterfeit components, enforcement in a multipolar world with uneven political incentives, and the potential chilling effect on beneficial, lower-risk AI innovation. Proposed solutions include:

Layered defense: Combining hardware tamper-proofing, traceability, and regulatory infrastructure ensures redundancy, such that defeat of one layer does not compromise the entire framework.
Gradual ramp-up and modular design: Early implementation favors transparency, voluntary registries, and soft-law, moving to hard regulation as consensus and technical readiness mature.
Use of semiconductor chokepoints: The global concentration of advanced chip production in a small number of countries and companies provides early leverage for supply control and coordination.
Dynamic adaptation: Updating compute ceilings and restrictions through regular expert panel review as technical capabilities and threat assessments evolve.

7. Urgency, Timing, and Strategic Window

The argument for immediate implementation is motivated by rapid historical growth in compute for frontier AI models (1.5 billion-fold in 14 years), the proliferation risk as advanced capabilities and hardware diffuse, and the risk that post-hoc oversight will be impossible once hardware and trained models are widely distributed. Early establishment of these controls is positioned as both plausible—leveraging current material chokepoints—and necessary, as the strategic window for effective intervention will close if current trends continue.

Table: Key Controls in the Compute Pause Button Framework

Mechanism	GEV Function	Example/Spec
Tamper-Proof FLOP Caps	Enforcement & Verification	≤ $10^{25}$ FLOPs per device
Model Locking	Enforcement & Verification	Cryptographic keys required for model access
Offline Licensing	Governance, Enforcement	Time-limited/usage-limited chip licenses
Chain of Custody	Verification	Device serial number tracking and audits
KYC for Compute	Verification, Enforcement	Client ID/liveness for large compute rentals
Export Controls/Quotas	Governance & Enforcement	Chip export licensing; production ceilings

In summary, the compute pause button is a multi-level, pragmatic architecture for intervening in the material supply chain of advanced AI development. It leverages a combination of technical, traceability, and regulatory mechanisms to enforce credible, independently verifiable restrictions on access to and use of high-performance compute—with the goal of preventing, pausing, or delaying the training of potentially catastrophic AI systems before their capabilities become unmanageable.

PDF Markdown Chat (Upgrade)