Industry consortia, standards bodies, AI ITSM governance (May 2026)
Source report: /tmp/industry-consortia-standards-2026.md (808 lines, 40KB).
Standards / consortia targets — facts and effort
| Target | Facts | Effort |
|---|---|---|
| ISO/IEC 42001 | As of May 2026, held by Atomicwork/ServiceNow/Salesforce (3-way tie). Becoming AI’s SOC 2 Type II equivalent (40% EU / 25% NA RFP exposure). 12-18 month lead time. | $50-100k |
| PeopleCert ITIL 5 AI Governance Extension Module | Launched April 12, 2026. | $1.5-3K total, 4-8 weeks per cert |
| Linux Foundation MCP working group (AAIF) | Free contribution. | Free |
| SOC 2 Type II | Already operational (see ai-itsm-compliance-roadmap-2026) | $25-80k |
| GTIA + one MSP peer group (ASCII for breadth, The 20 for shared-services, TruMethods for framework) | MSP channel-distribution. | $5-10k membership |
A2A Protocol — fills the “agent-to-agent governance plane” buyer-slot from cap-table research.
Time-sensitive standards 2026
- Linux Foundation Agentic AI Foundation (AAIF) — formed 2026; MCP + A2A both housed here.
- MCP 2025-11-25 spec — async Tasks + OAuth Client ID Metadata Documents + OpenID Connect Discovery. See oss-agent-infra-2026.
- A2A Protocol — surpassed 150 organizations; in major cloud platforms; first-year enterprise production use.
- PeopleCert ITIL 5 AI Governance Extension Module — launched April 12, 2026.
- NIST AI RMF Agent Interop Profile — Q4 2026.
- CEN-CENELEC prEN 18286 — Q4 2026 (EU AI Act technical standards).
- NIST SP 800-218 Rev 1 — published Dec 2025 (Secure Software Development Framework).
- CSA STAR for AI Level 1 — viable near-term; Level 2 is the longer-horizon target paired with ISO 42001.
- MLCommons AILuminate safety benchmark — agent safety benchmark accepting submissions.
Coverage (8 buckets)
AI standards
- MCP / AAIF — free.
- A2A Protocol — free.
- OpenAI Agents SDK — no formal governance.
- MAS — absorbed by A2A.
ITSM
- ITIL 5 + AI Governance Extension — $1.5-3K.
- ISO/IEC 20000.
- NIST SP 800-218 Rev 1.
AI ethics
- NIST AI RMF (+ Agent Interop Profile Q4 2026)
- ISO 42001
- EU AI Act / CEN-CENELEC (prEN 18286 Q4 2026)
- OECD AI Principles
- Partnership on AI
- CAIDP
Security
- SOC 2 (operational)
- ISO 27001
- CSA STAR + STAR for AI + CSAI Foundation
CIO communities
- Evanta (Gartner C-level)
- HMG Strategy CIO Summit
- CIO Executive Council
- TBM Council
- CISO communities
MSP industry
- GTIA (largest)
- The 20 (shared-services)
- ASCII Group (breadth)
- TruMethods (framework)
AI / agent industry
- AI Alliance
- Frontier Model Forum — Init Intelligence doesn’t qualify
- MLCommons (AILuminate benchmark submission)
- CAIDP
Enterprise SaaS communities
- SaaStr (event May 12-14, 2026)
- Pavilion (CRO / CMO community)
- Sapphire Ventures CoE (portfolio-only)
Critical sequencing constraint
SOC 2 + ISO 27001 + ISO 42001 bundle with one audit firm (startup-tier firms: Schellman / A-LIGN / Prescient). Separate firms triple cost and time.
Notes
- ISO 42001 holders as of May 2026: Atomicwork (Sept 2025), ServiceNow (Dec 2025), Salesforce (late 2025). 12-18 month certification timeline. See responsible-ai-positioning-2026.
- MCP + A2A working-group engagement is free (oss-agent-infra-2026).
- PeopleCert ITIL 5 AI Governance Extension: $1.5-3K.
- GTIA + The 20 are MSP-channel distribution gates per the MSP universe research.
- Init Intelligence does not qualify for Frontier Model Forum.
- Q4 2026 standards window: NIST AI RMF Agent Interop Profile + CEN-CENELEC prEN 18286 both land then.
Related
- ai-itsm-compliance-roadmap-2026 — 5-framework critical path
- oss-agent-infra-2026 — MCP + A2A engineering integration
- msp-universe-2026 — GTIA / The 20 / ASCII / TruMethods
- channel-partnership-roadmap-2026
- atomicwork — ISO 42001 benchmark
- Init Intelligence