Issue #3 ·
Physical AI Safety Dispatch — June 2026
Third issue. I spent June mapping an empty category — Israel, Europe, Japan. Then, on 22 June, the biggest company in AI filled it. What NVIDIA Halos changes, and the gap it leaves.
Month three. The theme was the map. I spent June charting Physical AI ecosystems — Israel, Europe, Japan — hunting for who is actually building the safety layer these systems need. For most of the month the answer was the same everywhere: almost nobody. Then, on 22 June, it changed.
The event that defined the month: NVIDIA Halos for Robotics
On 22 June, NVIDIA announced Halos for Robotics — billed as the industry's first full-stack safety system for physical AI: safety-capable compute with an independent on-chip safety processor, a safety software stack, and an accredited inspection lab, with more than forty partners and Agility's humanoid Digit as the first adopter.
I have spent two years arguing — most directly in May's Software Safety Ceiling paper — that physical AI cannot be made safe in software alone, and that the missing piece is a hardware safety layer the AI itself cannot override. The largest company in AI just shipped exactly that, and moved the idea from the fringe to the centre of the industry. The category I spent June describing as empty is no longer empty.
But the launch did not close the gap so much as move it. NVIDIA's safety processor lives on the same chip, from the same vendor, designed by the same team as the AI it supervises. That is real isolation — and a genuine improvement over software-only safety — but it is not the independent, diverse, vendor-neutral layer that the highest safety-integrity levels have always demanded. The question for the next eighteen months is no longer does a physical-AI safety layer exist? It is who builds the independent one? Read everything below through that lens.
Three maps I drew this month
1. Israel — 123 companies, fewer than 30 certifying
I extended the Innovation Authority's 123-company list using Crunchbase, LinkedIn and patent cross-references — the expanded set reaches roughly 155 — but for the certification gap I keep the canonical 123 to stay comparable to the source. Then I asked the question the report didn't: how many show evidence of functional-safety certification? Fewer than 30 of 123 (≈ 1 in 4). The ones that do are mostly the legacy industrial and defense players. The AI-native startups building autonomous robots? Almost none have engaged a notified body or documented a risk assessment per ISO 12100.
2. Europe — five clusters, deep engineering, no independent layer
Europe is five clusters, not one market. Germany is the industrial core (KUKA, NEURA, Agile Robots). Denmark and the Nordics are the cobot capital (Universal Robots, MiR, Kongsberg). Switzerland leads precision robotics (ABB, Stäubli, ANYbotics). France brings defense and aerospace crossover (Thales, Exotec, Aldebaran). Italy carries deep automation heritage (Comau, IIT Genoa). Every cluster has decades of depth and certification-ready incumbents. What none has is a safety layer of its own for AI-era robots — and now that NVIDIA owns the global, vendor-specific version, the open European question is sharper: who builds the independent, vendor-neutral one, certifiable under EU 2023/1230?
3. Japan — the quiet powerhouse
Japan supplies roughly 45% of the world's industrial robots (IFR) — FANUC, Yaskawa, Kawasaki, DENSO, Nachi-Fujikoshi — and METI committed ¥387 billion to Physical AI in FY2026. But Japan's edge isn't scale; it's a safety philosophy. At iREX 2025, every AI-enabled robot shipped with hard-coded safety overrides the AI cannot bypass — not as an option, as a baseline. That is the same principle NVIDIA just productised: independent, hardware-enforced limits. Japan has simply treated it as non-negotiable for years.
The pattern, updated
For three weeks the data said what every prior month had: robot intelligence is tracked, funded and celebrated; robot safety infrastructure is untracked, unfunded and invisible. Then NVIDIA built the category in a single announcement. The lesson isn't that the gap closed — it's how fast an "empty category" becomes a contested one once the incumbent moves. The open lane now is the independent, vendor-neutral safety layer. Harder to build. More valuable.
What I'm reading
EU Machinery Regulation 2023/1230 — the harmonized-standards gap. It applies in January 2027, but the harmonized standards that would let manufacturers self-certify are still being written; the Commission aims to publish an application guide by end of 2026. Companies are preparing to comply with requirements whose official interpretation isn't final.
IEC 61508 Edition 3 — Committee Draft for Vote passed May 2025; target publication 2027. The mother standard for functional safety is being redrafted now. Worth noting: NVIDIA's Halos explicitly targets IEC 61508, ISO 13849 and ISO/IEC TR 5469 — the incumbent is building to the same standards the rest of us cite.
A note I won't post on LinkedIn
I checked every Israeli company that mentions "safety" on its site for what they actually mean. Three categories: (1) cybersecurity — "safe" = encrypted; (2) reliability — "safe" = doesn't crash; (3) actual functional safety — SIL, PL, risk assessment, hardware fault tolerance. Category three has fewer than ten companies in the whole ecosystem. The word is being used for three different things and nobody notices because nobody asks the follow-up question. The four-question test I'll publish in Month 5 comes straight from this.
— Mati
Physical AI Safety Dispatch is a monthly newsletter by Mati Melchior. Published on the 1st of every month. Follow the weekly analysis on LinkedIn and X.