What the index actually measured
The Future of Life Institute, a US non-profit that has tracked AI risk for a decade, published its 2026 First-Half AI Safety Index in early July. A panel of seven independent researchers and governance experts scored nine frontier companies across six domains: risk assessment, current harms, safety frameworks, existential safety, governance and accountability, and information sharing. The companies were Anthropic, OpenAI, Google DeepMind, Meta, xAI, DeepSeek, Mistral, Alibaba and Z.ai.
No company earned an A in any single category. Anthropic took the top overall grade with a C+, OpenAI and Google DeepMind followed with C, and Meta climbed two places to a D+. xAI fell three places to seventh with a failing grade after its safety transparency thinned in the SpaceX era, with DeepSeek below it and Mistral last on its first appearance. The headline is not that one lab is unsafe. It is that the entire frontier clusters between mediocre and failing on the very safeguards these firms told governments they would keep.
Why a scorecard changes vendor selection
An independent, comparable grade is a procurement input, not an ethics footnote. Until now, a buyer weighing two model providers had marketing claims and a signed usage policy. Now there is a third-party score on the same six axes for all of them, sitting alongside the government-commissioned International AI Safety Report as a shared evidence base that regulators and large buyers can cite. When a vendor's grade on governance or information sharing is low, that is a contract-durability and liability signal you can put in front of a board, not a values argument.
The most useful line in the index is not the ranking, it is the finding that several firms have rolled back their own commitments to pause or restrict releases at defined risk thresholds. A pledge a vendor made and then quietly dropped tells you more about how it will behave under commercial pressure than any current marketing does. For an operator, the practical move is to ask each provider for its live safety framework and its current threshold policy in writing, and to treat a walked-back commitment as a red flag in the same way you would treat a weakened security certification.
The European reflex, tested
For European buyers the index lands on a tender spot. The instinct to buy European AI for sovereignty is sound as a jurisdiction and supply-chain decision, keeping data and dependency inside EU law. But the index shows sovereignty and safety are separate axes that can diverge. Mistral, the clearest European champion, scored last, and the institute's president said he was disappointed to see Europe's flagship at the bottom given the region's history of leading on AI safety. Buying European did not, in this measurement, buy a better safety posture.
The lesson is to unbundle the two cases. Choose a vendor's jurisdiction for the sovereignty reasons that actually apply to your data and your regulators, and judge its safety posture on the evidence in front of you rather than on the flag on the box. A European provider can be the right sovereignty answer and still owe you a stronger safety framework, and the honest procurement question now is to ask for both, separately, and accept an F on neither.
Read next: Google Scrapped a Near-Finished AI Model | The Owner of Evernote and WeTransfer Raised $1.68 Billion on Nasdaq



