Insights
Practical AI governance guides, regulatory analysis, and research — for enterprise leaders, businesses, and individuals navigating the AI landscape.
Boards, APRA, ASIC, controls & programmes
Start herePrivacy Act, ACCC consumer law, AI6 basics
Start hereFounder guide, investor due diligence, EU AI Act
Start hereYour rights, Right to Disconnect, AI at work
Start here
What Is the Australian Privacy Act? How It Applies to AI Systems
Australia's Privacy Act 1988 and the 13 Australian Privacy Principles (APPs) govern how personal information is handled — including by AI systems. Here is what organisations need to know.
Read article
What Is APRA CPS 230? How Operational Resilience Requirements Apply to AI Systems
2026
APRA's CPS 230 Operational Risk Management standard (effective July 2025) applies to all APRA-regulated entities and has significant implications for AI governance — particularly for material business processes, third-party AI, and AI incident response.
What Is Data Governance? How It Differs from AI Governance and Why You Need Both
2026
Data governance and AI governance are distinct but interconnected. Good data governance is a prerequisite for good AI governance — you cannot govern AI well without governing the data it uses.
AI Ethics Policy: What It Should Contain, Why Generic Statements Fail, and How to Make It Operational
2026
An AI ethics policy articulates principles for AI use. A credible one has specific commitments, red lines, and enforcement mechanisms — not generic statements of values that amount to ethics-washing.
AI Governance for Indian Businesses: DPDP Act, IT Act, and What SMEs Need to Do Now
2026
Indian businesses using AI face obligations under the DPDP Act 2023 and IT Act — without the complexity of a comprehensive AI-specific law. Here is the practical starting point for Indian SMEs.
Enterprise AI Compliance in India: DPDP Act, RBI, SEBI, IRDAI, and the Governance Framework
2026
Large organisations in India using AI face overlapping obligations from the DPDP Act, sector regulators, and the IT Act. Here is the enterprise governance framework for AI compliance in India.
AI in UK Insurance: FCA Consumer Duty, PRA Expectations, and What Insurers Must Do Now
2026
UK insurers using AI in underwriting, pricing, and claims face obligations from FCA Consumer Duty, PRA model risk expectations, the ICO's UK GDPR guidance, and the FCA's pricing practices rules. Here is the complete governance framework.
AI in EU Insurance: EIOPA Guidelines, Solvency II Implications, and the EU AI Act for Insurers
2026
EIOPA's Consultative Expert Group on Digital Ethics published a report on AI Governance Principles in June 2021, and EIOPA itself published a formal Opinion on AI Governance and Risk Management in August 2025. Combined with Solvency II model risk obligations and the EU AI Act, EU insurers face a layered AI governance framework. Here is the complete picture.
AI in US Insurance: NAIC Model Bulletin, State Regulators, and the Governance Framework for Insurers
2026
US insurance is state-regulated, but the NAIC's 2023 Model Bulletin on AI establishes a national baseline. Here is the governance framework US insurers need — covering NAIC expectations, state insurance commissioner requirements, and CFPB oversight of credit insurance.
AI in Singapore Insurance: MAS Expectations, PDPA Obligations, and the FEAT Framework for Insurers
2026
Singapore insurers using AI in underwriting, claims, and distribution face MAS expectations through the FEAT principles and Veritas framework, PDPA obligations on personal data, and MAS Notice 133 consumer protection requirements.
AI in Insurance: Your Rights When Algorithms Set Your Premium or Deny Your Claim
2026
Insurers worldwide use AI to set premiums, assess claims, and detect fraud. These AI systems can make mistakes, perpetuate bias, and produce decisions you have not been given adequate reasons for. Here is what rights individuals have globally.
AI Controls Framework: The Practical Guide for Enterprise Risk and Compliance Teams
2026
An AI controls framework defines the specific controls — preventive, detective, and corrective — that govern AI risk across an organisation. Here is how to design, implement, and evidence an AI controls framework that satisfies internal audit, external regulators, and boards.
AI Internal Audit: What Audit Committees Should Demand and How to Test AI Controls
2026
AI is now a material risk for most organisations, but few internal audit functions have developed the methodology to audit it effectively. Here is the framework for auditing AI — what to test, how to test it, and what good AI audit evidence looks like.
AI Model Risk Controls: Validation, Monitoring, and What Regulators Actually Expect
2026
Model risk management frameworks — originally designed for quantitative financial models — are being extended to cover AI. Here is the AI model risk control framework that financial services regulators and internal audit functions expect to see.
AI Controls for Financial Services: The Framework Your Regulator Expects to See
2026
Financial services regulators globally — APRA, FCA, Federal Reserve, MAS, ECB — have all published guidance that implies or explicitly requires AI controls. Here is the complete controls framework for financial services firms, mapped to regulatory expectations.
AI Controls for SMEs: A Practical Checklist That Does Not Require a Risk Team
2026
Enterprise AI controls frameworks are designed for large organisations with dedicated risk and compliance teams. SMEs using AI need a proportionate, practical approach. Here is a working AI controls checklist for organisations without specialist risk infrastructure.
Third-Party AI Controls: The Vendor Management Framework for AI Risk
2026
Most enterprise AI risk is third-party AI risk — AI embedded in software you buy, not AI you build. Vendor AI governance requires specific controls beyond standard vendor management. Here is the framework.