Hugging Face transfers Safetensors to the PyTorch Foundation for neutral governance of the format

On April 8, 2026, Hugging Face announced the transfer of the Safetensors weight storage format under the management of PyTorch Foundation. For the open-source ML ecosystem, this is not about a change in technology, but about a change in governance model: the format itself, API, and compatibility remain the same, but the project's development is now secured by a neutral structure under the Linux Foundation.

Why Safetensors is needed

Safetensors emerged as an answer to a problem long considered tolerable in the ML community: many model weights were distributed in pickle-based formats, meaning arbitrary code could be executed during loading. While model exchange was a niche practice, the risk was often ignored. But with the growth of open repositories and mass model reuse, such a scheme became too dangerous.

Hugging Face bet on a simple format that stores metadata in a JSON header with a strict limit and separates it from raw tensor data. Technically, the format solves several practical tasks at once. It supports zero-copy loading, which allows weights to be mapped directly from disk without unnecessary copying, and also lazy loading, where you can read only the necessary parts of a checkpoint rather than deserializing the entire file at once.

According to Hugging Face, this balance of security and performance helped Safetensors become the default format for distributing models on Hugging Face Hub and beyond. Today it is used in tens of thousands of models of different types — from language to multimodal.

What is changing now

Now Safetensors has become a foundation-hosted project within PyTorch Foundation, which operates under the Linux Foundation. For the project, this means a transition to vendor-neutral governance: the trademark, repository, and formal governance rules are no longer tied to a single company. At the same time, daily work is not reset: two key maintainers from Hugging Face, Luke and Daniel, remain in technical leadership and continue to lead the project.

"For most users, nothing changes."

And this is perhaps the main signal for the market. Developers don't need to migrate to a different format, rewrite code, or wait for breaking changes. Hugging Face specifically emphasizes that existing Safetensors files, current APIs, and Hub integration work as before. However, for the community, the path to maintainers is formalized: governance rules and a list of maintainers are published in open documents, and companies building products on top of the format gain a more sustainable institutional foundation.

What's next for the project

The most important next step is deeper integration with PyTorch. Hugging Face writes that it is working with the framework team to enable Safetensors to be used within PyTorch core as a serialization system for torch models. If this reaches production status, the format will strengthen its position not only as a secure alternative for hubs and repositories, but also as a core mechanism for weight exchange within the PyTorch ecosystem itself. In the coming months, the team plans to develop several directions at once:

• device-aware loading and saving, so tensors are loaded directly to CUDA, ROCm, and other accelerators
• API for Tensor Parallel and Pipeline Parallel, where each rank or stage receives only the needed weights
• formal FP8 support
• support for block-quantized formats, including GPTQ and AWQ
• support for sub-byte integer types

It's important to note not only the feature list, but also the context in which they will be developed. Within PyTorch Foundation, Safetensors can solve these tasks not in parallel with other infrastructure projects, but together with them — alongside PyTorch, DeepSpeed, vLLM, Ray, and Helion. For developers, this increases the chance that the format will evolve as a common ecosystem standard, rather than as a useful but external tool of a single company.

What this means

The transition of Safetensors to PyTorch Foundation consolidates what has already happened in fact: the format has transformed from an internal Hugging Face initiative into common open-source ML infrastructure. If the neutral governance model truly accelerates support for new data types, parallel loading, and integration with PyTorch core, the market will gain not just a more secure weight format, but one of the foundational building blocks for the next generation of ML tools.