The Public Compute Commons Becomes AI Governance
Treat public AI compute as mere research support and you miss the point. It is an institutional answer to a field where model capability, safety scrutiny, and scientific agenda-setting increasingly depend on access to machines.
The useful distinction is access versus capacity: a brokered commons can widen entry, while durable public capacity changes who can bargain, reproduce, audit, and refuse.
The governance question is not only how many GPUs enter the portal. It is whether public institutions can preserve evidence, review partner terms, reserve safety capacity, protect sensitive data, and leave users with skills and infrastructure after a credit expires.
Compute as Institution
The first politics of artificial intelligence is not always visible in a model card, benchmark score, chatbot interface, or safety policy. It begins earlier, with the question of who can afford to run the machine.
Modern AI research depends on a stack of hardware, networking, storage, software, data access, engineering support, security process, and electricity. That stack is expensive, scarce, and unevenly distributed. The result is not merely a market fact. It is an epistemic fact. The people with access to large-scale compute can ask different questions, test different systems, train different models, inspect different failure modes, and set different expectations for the field.
For this essay, a public compute commons is a governed public-interest access system for AI compute and adjacent resources: accelerators, cloud credits, storage, networking, datasets, model access, software, secure environments, training, and user support. It is not free GPUs for anyone who asks. It is an institution around the hardware: who can apply, what they can run, what evidence must be preserved, what safety rules apply, what data is protected, what publication or reciprocity duties attach, what exit rights exist, and what public benefit is expected in return.
The sharper distinction is between an access commons and a capacity commons. An access commons brokers credits, accounts, datasets, APIs, queues, training, and support across existing providers. A capacity commons owns, operates, or durably controls enough public infrastructure to set terms, preserve evidence, and sustain independent work when a partner leaves. The first can democratize entry. The second changes bargaining power. A serious public-interest technology regime needs both, or at least a visible path from borrowed access to public competence.
A commons is therefore not defined by generosity alone. It is defined by enforceable public terms: allocation criteria, identity controls, data rules, security baselines, user support, portability, publication expectations, appeals, public-interest reserves, and a record of who received usable capacity. Without those terms, "commons" becomes a friendly word for a sponsored queue.
This is why public compute has become a compute governance issue. A society that leaves advanced AI infrastructure almost entirely inside a few corporations also leaves much of its independent research, safety evaluation, education, public-interest experimentation, and policy capacity downstream of corporate permission. The issue is not whether companies should build. They will. The issue is whether everyone else must understand the machine from outside the fence.
The U.S. National AI Research Resource, or NAIRR, is one of the clearest attempts to answer that problem institutionally. It treats compute, datasets, models, software, training, and support as shared research infrastructure. That sounds administrative. It is more important than that. It is a proposal for a public on-ramp into a technical world whose defaults otherwise favor the richest labs.
Current Context
As of June 25, 2026, public compute has moved from proposal to operating policy. NSF's current NAIRR materials describe a next phase that would establish a lean, long-term operating structure while continuing partnerships with technology companies. NSF reports a "28 Private + 14 Federal" partner count, roughly $100 million in private-sector in-kind contributions, more than 600 research and education projects, and more than 6,000 students supported across all 50 states, Washington, D.C., and Puerto Rico.
The current U.S. policy frame is explicitly industrial as well as academic. America's AI Action Plan calls for partnering with leading technology companies to expand research access to private-sector computing, models, data, and software through NAIRR, and for building a sustainable NAIRR operations capability. That means the compute commons is not only a university support program. It is part of national AI capacity, workforce policy, open-model policy, and strategic competition. The same structure that democratizes access can also route public research through private infrastructure, so public benefit depends on allocation rules, partner terms, disclosure, and exit options.
Canada's Sovereign AI Compute Strategy makes the capacity question explicit. Its current strategy page describes C$2 billion over five years across three pillars: up to C$700 million to mobilize private-sector AI data-center capacity, up to C$1 billion for public supercomputing infrastructure, and up to C$300 million for an AI Compute Access Fund. In April 2026, Canada opened applications for a sovereign AI supercomputing infrastructure program intended to design, build, operate, and maintain Canadian-owned AI-optimized high-performance computing. That is not the same institutional design as NAIRR, but it exposes the same policy choice: credits and portals widen access, while owned or controlled infrastructure changes strategic dependence.
The same pattern is visible elsewhere. The United Kingdom's AI Research Resource, or AIRR, provides access through named public clusters, including Isambard-AI and Dawn, and is intended to address a shortage of publicly available AI compute. The European Union's AI Factories program, run through EuroHPC, had established 19 AI Factories and 13 AI Factory Antennas by the current review period, offering AI-optimized supercomputing and support services to startups, SMEs, industry, and scientific users. The European Commission's AI Continent plan also links those factories to proposed AI gigafactories and a broader data-center buildout. Read beside The AI Factory Becomes Industrial Policy, the point is not just access to chips. It is the public allocation of model-making capacity.
The governance lesson is that public compute is becoming a statecraft layer. Governments are not only writing rules about finished AI systems. They are deciding whether public institutions, smaller firms, scientists, safety evaluators, and educators will have enough infrastructure to build, test, reproduce, and contest AI systems on terms other than those offered by the largest platforms.
The source-status lesson is just as important. A pilot, an operations-center solicitation, an access fund, an announced supercomputer, an operational factory, and a proposed gigafactory are different evidentiary states. Public compute governance improves when those stages are named instead of collapsed into one broad claim that "access exists."
What NAIRR Is
NAIRR began as an idea in the National AI Initiative Act of 2020, which directed the National Science Foundation and the White House Office of Science and Technology Policy to form a task force and study a national AI research resource. The task force released its final report on January 24, 2023, describing a roadmap for national infrastructure that would broaden access to the resources needed for AI research and development.
The pilot launched in January 2024. By 2026, NSF described NAIRR as a national approach to AI infrastructure, led by NSF with more than a dozen federal partners and 28 private-sector partners. NSF's public NAIRR page says the effort has supported 600+ research and education projects and 6,000+ students across all 50 states, Washington, D.C., and Puerto Rico.
The structure is deliberately broader than a supercomputer queue. NSF describes operational focus areas including NAIRR for Research, NAIRR Secure, NAIRR Data and Models, and NAIRR Classroom. The resource category in the NAIRR Operations Center solicitation includes computational resources, data resources, educational tools and services, AI testbeds, and other resources useful to the research and education community.
The Operations Center solicitation also clarifies a crucial boundary. The NAIRR-OC is intended to coordinate operations, stakeholders, portals, metrics, and community services; it is not funded to acquire or operate the physical hardware that supports researchers' projects, and it is not funded to run competitions for selecting resources to be made available through NAIRR. That makes NAIRR a brokered commons rather than a self-contained public cloud. Its strength is coordination across resources. Its vulnerability is dependence on the terms, continuity, telemetry, security posture, and business incentives of resource providers.
In a brokered commons, the terms are part of the resource. Identity proofing, acceptable-use rules, egress rights, publication rights, software portability, log retention, provider access to telemetry, incident reporting, and project closeout are not side details. They determine whether public users are entering a public research environment or a public queue for private environments.
That breadth matters. AI capacity is not only GPUs. A researcher may need cloud credits, access to a model, a curated dataset, a privacy-preserving environment, a benchmark harness, domain expertise, documentation, training, or help translating a scientific question into a computable workflow. Public compute policy becomes serious when it governs the whole access system rather than pretending the chip is the only bottleneck.
Why Access Matters
The compute divide is a research divide.
Stanford HAI's 2026 AI Index reports that industry produced over 90 percent of notable AI models in 2025, while several of the most resource-intensive systems no longer disclose training code, parameter counts, dataset sizes, or training duration. That split is revealing. Universities still generate knowledge, critique, methods, and talent. But the frontier model layer increasingly comes from companies with the money, chips, data pipelines, engineering teams, deployment channels, and disclosure discretion to operate at scale.
The problem is not nostalgia for an academic golden age. It is institutional independence. When the most socially consequential systems are built behind corporate walls, independent researchers can be left evaluating artifacts released under limited terms, studying open-weight substitutes, or interpreting company disclosures. They may inspect effects, but not mechanisms. They may audit outputs, but not training data. They may evaluate visible behavior, but not the internal choices that produced it.
Public compute does not dissolve that asymmetry. It cannot instantly give every lab the capacity of a hyperscaler. But it changes the floor. It lets researchers and educators ask questions that require real resources: safety evaluations, robustness testing, domain models for science and medicine, data-quality studies, energy-efficient architectures, multilingual systems, accessibility tools, open model work, and reproducibility studies.
That floor should include evaluation compute, not only build compute. A commons that funds training but leaves red-teaming, replication, security testing, carbon accounting, and post-deployment audits to scraps will reproduce the same imbalance in a more public costume. The ability to scrutinize systems is itself a capacity need.
That makes public compute a democratic instrument in the narrow practical sense. It expands who can participate in technical knowledge production, not by issuing a slogan about inclusion, but by allocating the machines, data, and support without which participation is symbolic.
The Public-Private Commons
NAIRR is not a pure public utility. It is a public-private partnership. NSF's NAIRR materials emphasize federal agencies, private-sector contributors, in-kind private contributions, and continued partnerships with technology companies. The Operations Center solicitation explicitly distinguishes federally supported resources from private-sector resources contributed by non-government entities.
This design is pragmatic. The United States does not have a single public AI infrastructure stack large enough to substitute for the commercial cloud and chip ecosystem. Industry holds much of the relevant compute, tooling, platform knowledge, and model access. A serious public resource therefore has to coordinate with companies that already operate much of the infrastructure.
But this is also the political tension. A public compute commons built from private contributions can broaden access while reproducing dependency. The terms of access, supported workloads, available tools, telemetry, security rules, acceptable-use policies, pricing equivalents, and continuity of support may all be shaped by corporate platforms. A researcher may enter through a public portal but still work inside a private cloud's logic.
This does not make the model invalid. It makes governance explicit. The public side must know what it is receiving, what constraints attach, what data flows back, how publication rights work, what logs are retained, what happens when a partner leaves, and whether the partnership builds public capacity or only routes public research through private infrastructure. That is the same dependency problem tracked in Vendor and Platform Governance, now moved upstream into research infrastructure.
The minimum public artifact is a partner term summary. It should identify the resource type, usable unit, expiration or renewal condition, eligibility limits, acceptable-use boundaries, telemetry access, data retention, publication constraints, support obligation, incident-reporting path, and exit rights. Confidential commercial detail can be protected without hiding the governance shape of the bargain.
The lesson from The Data Center Becomes a Civic Machine applies here: infrastructure is not neutral just because it is technical. It has siting, energy, procurement, labor, security, and governance consequences. Public compute should be judged by the institutional capacity it leaves behind, not only the resources it temporarily unlocks.
Allocation Is Governance
Every compute commons needs an allocation system. That system is governance.
Who receives credits, queue time, model access, sensitive-data environments, engineering support, and classroom resources? Which projects count as public-interest AI? How are safety research, basic science, education, startups, small businesses, under-resourced institutions, and regional equity balanced? Who reviews proposals? What conflicts of interest are disclosed? What outputs must be shared? What happens when a project is high-risk, dual-use, commercially valuable, or politically sensitive?
These questions are not secondary. They define the public meaning of the resource. A compute commons can become a ladder for excluded researchers, a subsidy for already-advantaged institutions, a testbed for industry partners, a national-security instrument, a scientific accelerator, or some unstable mixture of all five.
Good allocation policy should resist two temptations. The first is pure prestige allocation, where the best-resourced applicants become the best at winning public resources too. The second is pure distributive symbolism, where access is spread thinly enough to look inclusive but not thickly enough to support serious work. The hard problem is building tiers: lightweight access for teaching and exploration, larger allocations for credible research, protected capacity for independent safety scrutiny, and secure enclaves for sensitive data.
A public allocation register should publish enough to make the distribution intelligible without exposing sensitive projects: award category, institution type, resource provider class, resource unit, duration, secure-data status, review criteria, conflict disclosures, public outputs, appeals, unmet demand, and partner constraints. This is the compute version of the problem in The Grant Review Becomes the Funding Filter: review criteria become power when they decide who gets the means to ask expensive questions.
Public compute also needs memory. It should know which projects received resources, what they produced, what failed, which communities were missed, which partner resources mattered, and where demand exceeded supply. NSF's Operations Center solicitation points in this direction by calling for operational metrics and a user forum that can collect user feedback and represent user needs. Without that record, the commons cannot learn. It becomes a grant portal with GPUs attached, and AI procurement has to relearn the same lock-in lessons later. For scientific work, that memory should connect to the reproducibility discipline described in The Lab Notebook Becomes the Discovery Engine.
Secure Compute and Sensitive Data
NAIRR Secure is especially important because many high-value public-interest AI problems involve data that cannot simply be thrown into an ordinary cloud workspace. Health records, controlled-access biomedical data, education data, government records, environmental sensor networks, critical infrastructure data, and sensitive social-science datasets all require security, privacy, and governance before they require model training.
The Operations Center solicitation describes secure environments for sensitive data as part of the pilot's demonstration work. NSF's NAIRR public page says NAIRR Secure is led by the National Institutes of Health and the Department of Energy and explores privacy- and security-preserving infrastructure for research areas using high-quality controlled-access data.
This is where public compute becomes more than access policy. It becomes an alternative to the lazy bargain in which sensitive public data is either locked away from useful analysis or handed to vendors under opaque terms. A well-governed secure compute environment can support research while preserving auditability, access controls, data minimization, logging, institutional accountability, and research reproducibility.
A secure environment is not a license to ignore consent, provenance, retention, or purpose limits. Sensitive-data compute should carry a data sheet, access review, minimization plan, output-review rule, deletion or return path, and incident process. Otherwise the word "secure" becomes a substitute for the governance work it was supposed to enable.
Security also has a dual-use side. Public compute should not become an unreviewed subsidy for dangerous capability work. Projects involving cyber offense, biological design, critical infrastructure targeting, model-weight extraction, or advanced autonomous agents need risk review, staged access, monitoring, and disclosure rules that are stronger than an ordinary academic allocation. That belongs beside AI Safety Institutes, AI Evaluations, Frontier AI Safety Frameworks, and Model Weight Security.
Secure public compute also has to account for jurisdiction and cross-border access. A model, dataset, container, checkpoint, or usage log can cross institutional boundaries more easily than a server rack can. The questions raised in The Compute Border Becomes AI Governance therefore apply inside the commons too: who is allowed to use which resources, under which identity controls, under which export, privacy, and research-security rules?
The earlier essay The State Rents Its Mind warned about public agencies becoming dependent on vendors for core cognitive infrastructure. Secure public compute is one countermeasure. It gives public institutions a place to test, evaluate, and build with sensitive data under rules that belong to the institution, not only to the vendor.
Failure Modes
The first failure mode is access theater. A public portal exists, awards are announced, dashboards look active, but the actual capacity is too small, fragmented, temporary, or administratively difficult to support meaningful research.
The second is platform capture. Private partners contribute valuable resources, but the commons becomes a funnel into their cloud ecosystems, development tools, telemetry habits, and model marketplaces. Researchers get access, but the public sector does not gain durable autonomy.
The third is frontier mimicry. Public compute tries to imitate corporate frontier training without matching the scale, team structure, or deployment context. The more useful role may be different: independent evaluation, open scientific models, reproducibility, domain-specific public-interest work, safety research, education, and methods that reduce dependence on brute scale.
The fourth is security drift. As sensitive data and advanced models enter shared infrastructure, the commons can become an attractive target. Public access must not mean casual access. Identity, audit trails, least privilege, incident response, and clear data-use rules are part of the resource, not bureaucratic decoration.
The fifth is allocation opacity. If researchers cannot understand how resources are distributed, the commons will reproduce the legitimacy problems of the systems it is meant to correct. Public infrastructure needs public reasons.
The sixth is geographic and institutional narrowing. NSF says NAIRR has reached all states, Washington, D.C., and Puerto Rico. That breadth should be treated as a baseline to preserve. Without active outreach, training, and support, the institutions best able to use the resource will again be the ones already closest to advanced AI capacity.
The seventh is safety-blind openness. A public commons should widen access, but not pretend that every AI workload carries the same risk. Without risk-tiered review, a democratization program can accidentally subsidize work that increases misuse capability or creates privacy, security, or biosecurity exposure.
The eighth is metrics without power. Dashboards can show projects, credits, and states reached while hiding whether researchers received enough usable capacity to answer serious questions. Counts of awards are not the same as public technical capability.
The ninth is source inflation. Official pages, solicitations, and announcements can prove that a program exists, that partners were named, or that a solicitation was posted. They do not by themselves prove that enough compute was delivered, that allocation was fair, that safety review worked, or that public autonomy increased.
The tenth is credit without capacity. A cloud credit, model-access credit, or advertised GPU-hour is not automatically usable research capacity. Serious work may require contiguous time, specific accelerators, storage locality, secure data access, engineering support, egress rights, reproducible environments, and predictable renewal.
The eleventh is terms-of-service governance. If partner acceptable-use rules, publication review, rate limits, telemetry access, or model licenses silently decide what research can be done, then the commons has delegated part of its public judgment to private contract language.
The twelfth is evaluation starvation. Compute is allocated for model building, demos, and classroom use while independent evaluation, red-team work, incident reproduction, and public-sector audit remain under-resourced.
The thirteenth is exit failure. A public program proves useful only while a partner, credit line, cloud region, or model API remains available. If users cannot port workflows, data, logs, and skills elsewhere, the commons has trained dependence rather than capacity.
The Governance Standard
A serious public AI compute regime should meet sixteen tests.
First, access should be allocated for public purposes, not only technical excellence. Scientific merit matters, but so do independent safety scrutiny, education, reproducibility, neglected languages, public-sector capacity, accessibility, environmental modeling, and research from institutions outside the usual centers of AI power.
Second, partnership terms should be legible. The public should know which resources are federally supported, which are privately contributed, what constraints attach, and whether user data, outputs, or usage patterns flow back to providers.
Third, the commons should build durable public capacity. Training, documentation, shared tooling, open datasets, reusable workflows, common evaluation harnesses, and community support matter because they remain after a particular cloud credit expires.
Fourth, secure environments should be treated as first-class infrastructure. Sensitive public-interest data needs governed workspaces, not informal exceptions.
Fifth, independent evaluation should have protected access. AI safety, bias, robustness, security, and accountability researchers need enough access to test systems without relying entirely on company-hosted demos or carefully bounded APIs.
Sixth, dual-use review should be risk-tiered and explicit. Public access rules should distinguish classroom use, ordinary research, controlled-access data, frontier-model evaluation, cyber or bio-relevant workloads, and agentic systems that can act through tools.
Seventh, allocation should be auditable. The commons should publish enough information about awards, review criteria, conflicts of interest, appeal paths, partner resources, and unmet demand for outsiders to see whether the public purpose is being met. That belongs beside Transparency and Public Registers.
Eighth, environmental and local infrastructure costs should be visible. Public compute should connect to the questions raised in The Data Center Becomes a Civic Machine: energy, water, grid pressure, procurement, and community consent.
Ninth, portability and exit should be designed in. Researchers should be able to move code, data, containers, logs, and documentation where lawful. A public commons should not quietly teach its users that one private stack is the natural form of AI research.
Tenth, the program should publish institutional memory. Annual reports, allocation statistics, project outcomes, unmet demand, partner contributions, security incidents, safety-review outcomes, user-forum feedback, and governance changes should be part of the commons itself.
Eleventh, evidence standards should be explicit. Program claims should separate allocated credits from usable capacity, pilots from long-term operations, in-kind contributions from appropriated public infrastructure, and announced access from independently documented outcomes.
Twelfth, public-interest reserves should be real capacity, not leftover access. Independent AI audits and assurance, reproducibility work, public-sector evaluation, small-institution teaching, and safety research need protected capacity floors. They should not wait behind every better-funded commercial or prestige project.
Thirteenth, partner terms should be governance artifacts. The public record should identify the classes of acceptable-use limits, telemetry practices, retention rules, publication constraints, security obligations, export-control conditions, and model-license limits that attach to contributed resources. Confidential terms can be summarized, but they should not disappear.
Fourteenth, evaluation compute should be separately budgeted. Safety evaluation, bias and robustness testing, incident reproduction, model-card evidence, environmental accounting, and independent audit should have named allocations rather than relying on unused training capacity. This connects directly to the inference-compute evaluation budget.
Fifteenth, the commons should keep a public AI infrastructure inventory. The inventory should separate owned public systems, federally supported systems, university systems, private-sector credits, model API access, datasets, secure enclaves, classroom resources, and support services. It should be legible enough to support AI system inventory practice and future procurement.
Sixteenth, exit should be tested. A governed commons should periodically prove that users can export lawful code, containers, documentation, metadata, logs, models, and derived datasets where policy permits. If exit works only in theory, partner dependency remains the hidden operating system.
What This Changes
A model-mediated society has a simple hidden rule: whoever can run the model can shape what the model age knows about itself.
Compute is not just capacity. It is permission to experiment at a certain scale. It is the difference between reading papers about frontier behavior and testing systems directly. It is the difference between teaching students toy examples and giving them contact with real infrastructure. It is the difference between policy built from vendor claims and policy informed by independent practice.
Public compute is therefore an anti-enclosure project. It does not abolish private AI power. It creates a counter-institution inside the same technical terrain. It says that the public should have laboratories, classrooms, secure rooms, evaluation benches, datasets, and machines of its own.
The commons is not a universal entitlement to run any workload at public expense. It is governed access for public purposes. That distinction matters because the same infrastructure that supports open science can also support privacy violations, dual-use capability work, or commercial capture. The public version has to widen participation while keeping enough rules to remain legitimate.
The danger is that the commons becomes a sign instead of a structure. The government announces access. Companies announce partnership. Universities announce projects. Everyone says democratization. But if the real frontier remains inaccessible, if allocation favors prestige, if security is weak, if private platforms quietly define the workflow, and if the public cannot see what was learned, then the commons becomes a ritual of inclusion around a privately governed center.
The better standard is concrete. Can a researcher outside a major lab test a meaningful safety hypothesis? Can a small institution teach with serious tools? Can a public agency analyze sensitive data without surrendering control? Can a scientist reproduce a result? Can a policymaker learn from evidence not filtered through a vendor? Can the infrastructure survive a partner's exit? Can the public see who got access and why?
AI governance is often imagined as rules imposed after systems are built. Public compute shows a deeper layer. Governance also means deciding who gets to build, inspect, train, contest, and understand the systems before they harden into reality. A public compute commons is not the whole answer. But without one, the age of artificial intelligence will be studied through windows owned by the institutions that profit from keeping the doors narrow.
Source Discipline
This page's program-status claims were rechecked for the June 25, 2026 review against official NSF, White House, Government of Canada, GOV.UK, European Commission, EuroHPC, Stanford HAI, and OECD materials. The article treats those sources as evidence of stated program design and reported status, not as proof that the promised public capacity has been delivered at sufficient scale.
This article treats NSF, White House, GOV.UK, European Commission, EuroHPC, Stanford HAI, and OECD materials as evidence of program design, partner counts, reported status, stated policy goals, and published access concepts. They are not proof that public compute access is sufficient, equitably allocated, operationally durable, environmentally sound, or independent from private platforms. Those judgments require allocation data, user outcomes, contract terms, resource utilization, security incidents, partner exit records, and environmental accounting.
Source discipline also means separating an authorization, task-force report, pilot, solicitation, in-kind contribution, portal listing, resource allocation, secure enclave, and long-term operating appropriation. A public webpage can show that a program exists. It cannot by itself show that a researcher outside a major lab received enough usable capacity to reproduce a result or perform independent safety evaluation.
In-kind contributions deserve special care. They should be reported by provider, valuation method, resource type, expiration date, usable unit, eligibility limit, and whether they substitute for or supplement public infrastructure. A list-price cloud credit, a model API allowance, a training workshop, and publicly owned accelerator capacity are all useful, but they are not the same thing.
Compute claims should name their unit and boundary: GPU hours, accelerator type, storage, cloud credits, model or API access, dataset access, support time, secure-environment eligibility, training versus inference versus evaluation, and whether resources are federal, university, philanthropic, or privately contributed. Without those details, "public compute" can become a slogan around unequal access.
Related Pages
- AI Compute
- Compute Governance
- Sovereign AI
- Public Interest Technology
- AI Data Centers
- AI Energy and Grid Load
- AI Evaluations
- AI Audits and Assurance
- AI Safety Cases
- AI Procurement
- AI System Inventory
- Vendor and Platform Governance
- Transparency and Public Registers
- The AI Factory Becomes Industrial Policy
- The Compute Border Becomes AI Governance
- The Data Center Becomes a Civic Machine
- The Grant Review Becomes the Funding Filter
- The Lab Notebook Becomes the Discovery Engine
- The Inference Compute Becomes the Evaluation Budget
Sources
- U.S. National Science Foundation, National Artificial Intelligence Research Resource, reviewed June 25, 2026.
- U.S. National Science Foundation, NAIRR at 2 years: Advancing American artificial intelligence innovation and leadership, March 19, 2026.
- U.S. National Science Foundation, Democratizing the future of AI R&D: NSF to launch National AI Research Resource pilot, January 24, 2024.
- U.S. National Science Foundation, NSF 25-546: Foundations for Operating the National Artificial Intelligence Research Resource: the NAIRR Operations Center, posted September 2, 2025, reviewed June 25, 2026.
- U.S. National Science Foundation, NSF-led National Artificial Intelligence Research Resource Task Force Releases Final Report, January 24, 2023.
- White House, Winning the Race: America's AI Action Plan, July 2025.
- Stanford HAI, 2026 AI Index Report: Research and Development, reviewed June 25, 2026.
- Innovation, Science and Economic Development Canada, Canadian Sovereign AI Compute Strategy, date modified June 4, 2026.
- Innovation, Science and Economic Development Canada, Canada to drive billions in investments to build domestic AI compute capacity at home, December 5, 2024.
- Innovation, Science and Economic Development Canada, Canada launches national initiative to build large-scale AI supercomputing capacity, April 15, 2026.
- GOV.UK, AIRR advanced supercomputers for the UK, reviewed June 25, 2026.
- European Commission, AI Factories, reviewed June 25, 2026.
- EuroHPC Joint Undertaking, AI Factories, reviewed June 25, 2026.
- EuroHPC Joint Undertaking, Large Scale Access to AI factories, reviewed June 25, 2026.
- European Commission, AI continent, reviewed June 25, 2026.
- OECD, AI compute, reviewed June 25, 2026.
- OECD, OECD Digital Economy Outlook 2024, Volume 1: The future of artificial intelligence, 2024.
- OECD, A blueprint for building national compute capacity for artificial intelligence, February 28, 2023.