AIRiskAware
For Enterprise

AI governance for large organisations.

Board obligations, regulatory compliance, model risk, controls registers, and operating models — practical guidance for enterprise organisations deploying AI across global operations.

The AI governance challenges every enterprise faces

These obligations exist in varying forms across every major jurisdiction where large organisations operate.

Board accountability
Directors have personal liability exposure from AI failures. Most jurisdictions now expect documented board-level AI oversight, not just management-level policies.
Regulatory compliance
EU AI Act, sector-specific rules (APRA, FDA, FCA), and data protection laws create overlapping obligations that vary by where you operate and what your AI does.
Controls and audit
AI controls registers, model validation, testing frameworks, and internal audit scope for AI are now expected by regulators and institutional investors globally.
Workforce and change
Employment law consultation obligations when AI changes roles exist in most major markets. Ignoring them creates legal and reputational exposure.
Model risk
Model risk governance — originally a banking concept — now applies to any organisation deploying AI for consequential decisions. APRA, Fed, and PRA all have expectations.
Procurement and supply chain
AI vendor due diligence, contract provisions, and third-party risk management are increasingly regulatory requirements, not optional governance.

Global governance frameworks

The standards and regulations shaping enterprise AI governance worldwide.

EU AI ActMandatory (EU)
Mandatory for organisations with EU market exposure. Risk-based classification, conformity assessments, and transparency obligations from 2026.
ISO 42001International
International AI Management System standard. Certifiable, globally recognised, aligns with ISO 31000 risk management.
NIST AI RMFGlobal reference
US National Institute of Standards framework for AI risk management — widely adopted by global organisations as a governance baseline.
AI6 (Australia)Australian standard
Australia's National AI Centre guidance — six essential practices for enterprise AI governance. Required for federal government and widely adopted commercially.

Enterprise AI governance guides

Practical guidance applicable to large organisations regardless of where you operate.

Global
Agentic AI and the Accountability Vacuum: Who's Responsible When AI Agents Fail?
Read guide
Global
AI Investment Due Diligence: What Investment Firms Should Be Asking When Evaluating AI Companies
Read guide
Global
What Questions Should Your Board Be Asking About AI?
Read guide
Global
Five Signs Your Organisation's AI Governance Is Inadequate
Read guide
Global
AI Governance in Healthcare: What Clinical Leaders Need to Know
Read guide
Global
AI Governance for Financial Services: Regulators Are Watching
Read guide

Jurisdiction-specific obligations

Enterprise AI governance requirements vary significantly by where your organisation operates. Find guidance for your jurisdiction.

🇦🇺

Australian enterprise obligations

APRA CPS 230, ASIC conduct obligations, Privacy Act reforms, ASX disclosure requirements, and AI6 alignment — Australia has sector-specific rules that go beyond the global baseline.

🇦🇺 Australia
Australia's AI Governance Gap: What the Regulatory Retreat Means for Enterprise Risk
Read guide
🇦🇺 Australia
Australia's AI Safety Standard: What It Actually Requires and Who It Applies To
Read guide
🇦🇺 Australia
The Privacy Act, AI, and What the OAIC Expects from Australian Organisations
Read guide
🇦🇺 Australia
APRA and ASIC: What Australian Financial Services Firms Need to Know About AI Regulation
Read guide
All Australian enterprise guidance