Insights
Practical AI governance guides, regulatory analysis, and research — for enterprise leaders, businesses, and individuals navigating the AI landscape.
AI Agents and GRC: The 2026 Guide to Governance, Risk, and Compliance for Autonomous AI
AI agents have moved from experiment to enterprise infrastructure faster than governance frameworks can adapt. This is a fact-checked, primary-source guide to AI agent governance for global and Australian organisations — what the technology actually is, where regulators have landed, and what compliance, risk, and board functions need to do now.
Read article
Agentic AI and the Accountability Vacuum: Who's Responsible When AI Agents Fail?
2026
Autonomous AI agents are taking real-world actions, booking travel, executing trades, sending emails, making purchases. Our governance frameworks are dangerously unprepared for this.
AI Investment Due Diligence: What Investment Firms Should Be Asking When Evaluating AI Companies
2026
A practical six-dimension framework for VC and PE firms evaluating AI companies, from technology verification to regulatory exposure to governance maturity and exit readiness.
Australia's AI Governance Gap: What the Regulatory Retreat Means for Enterprise Risk
2026
Australia abandoned mandatory AI guardrails months after announcing them. For enterprise organisations, the result is genuine uncertainty that creates its own class of risk.
What Questions Should Your Board Be Asking About AI?
2026
AI is now a material risk for most organisations. Directors who cannot articulate the right questions cannot discharge their oversight obligations. This is the board-level governance framework: 12 questions, the answers that signal genuine governance, and the answers that signal gaps.
EU AI Act Compliance 2026: What the Omnibus Extension Means for Organisations Outside the EU
2026
The EU AI Act Omnibus (May 2026) extended the Annex III high-risk AI deadline to December 2027. But transparency obligations, GPAI model rules, and prohibited AI bans are already in force. The compliance map for organisations outside the EU.
The EU AI Act Just Got Simpler. But You're Not Off the Hook
2026
The EU agreed to simplify AI Act compliance via the Digital Omnibus. SMEs get lighter requirements. But the August 2026 transparency deadline and core high-risk obligations are unchanged.
Five Signs Your Organisation's AI Governance Is Inadequate
2026
A self-diagnostic for boards, executives, and risk teams. If any of these five signs apply to your organisation, your AI governance needs attention before something goes wrong.
The US State AI Law Patchwork Is Now Your Problem
2026
Connecticut enacted one of the most comprehensive US state AI laws in May 2026. Colorado repealed and replaced its landmark Act before it ever took effect. Texas's lighter-touch law is now in force. The US state AI patchwork is no longer theoretical — it is a live compliance problem.
What Is High-Risk AI Under the EU AI Act? A Complete Guide
2026
A plain-English explanation of what high-risk AI means under the EU AI Act: which systems qualify, what obligations apply, and what organisations need to do before December 2027 (standalone Annex III systems) or August 2028 (Annex I embedded systems).
AI Governance in Healthcare: What Clinical Leaders Need to Know
2026
Hospitals and health systems are deploying AI faster than governance is keeping up. This guide covers what clinical AI governance requires, and what happens when it fails.
ISO 42001: A Practical Implementation Guide for 2026
2026
ISO 42001 is the international standard for AI management systems. This guide covers what it requires, how it relates to EU AI Act compliance, and how to implement it without building a bureaucracy.
AI Governance in Education: What Universities and Schools Must Get Right
2026
Educational institutions are navigating AI on two fronts simultaneously, managing student AI use and governing their own institutional AI deployments. Both require formal governance.
Model Risk Management in the Age of AI: Updating SR 11-7 Thinking for Modern ML
2026
The Federal Reserve's SR 11-7 model risk management guidance was written for statistical models. Modern machine learning breaks many of its core assumptions. Here is how to adapt it.
AI in Your Supply Chain: Managing Third-Party AI Risk
2026
Most organisations' AI risk does not come from the AI they build, it comes from the AI embedded in the software, services and platforms they buy. Third-party AI risk management is now a board-level concern.
When AI Goes Wrong: Building an AI Incident Response Capability
2026
Every organisation using AI will eventually experience an AI incident, a system failure, a biased output, a regulatory breach, or a reputational event. Most have no plan for when it happens.
GDPR and the EU AI Act: How They Interact and Where They Conflict
2026
The EU AI Act and GDPR apply simultaneously to AI systems processing personal data. Their requirements overlap significantly, but they also create tensions that governance must resolve.
AI Governance in Insurance: Underwriting, Claims, and the Fairness Problem
2026
Insurers are using AI to price risk, assess claims, and detect fraud at scale. The governance obligations, and the discrimination risks, are more significant than most have recognised.
How to Audit Your AI Systems: A Practical Framework
2026
AI auditing is becoming a regulatory requirement in more jurisdictions, and a due diligence expectation in most others. This guide covers what an AI audit involves, who should conduct one, and what to do with the results.
Singapore's AI Governance Framework: What Businesses in Asia-Pacific Need to Know
2026
Singapore has developed one of the most sophisticated AI governance frameworks in Asia. For businesses operating in the region, understanding the MAS guidelines, IMDA's Model AI Governance Framework, and how they interact with the EU AI Act is becoming a compliance necessity.
AI Vendor Due Diligence: What to Ask Before You Sign
2026
Buying an AI system from a vendor does not transfer your governance obligations to them. It makes those obligations harder to satisfy. Here is the due diligence process that protects your organisation.
AI Governance Maturity: The Five Levels and How to Progress
2026
Not all AI governance is equal. Understanding where your organisation sits on the maturity spectrum, and what the next level requires, is the most practical starting point for a governance improvement program.
Australia's AI Safety Standard: What It Actually Requires and Who It Applies To
2026
The Australian Government's voluntary AI Safety Standard sets out ten core guardrails for safe and responsible AI. For enterprises, voluntary doesn't mean optional — procurement, liability, and reputation make compliance effectively mandatory.
The Privacy Act, AI, and What the OAIC Expects from Australian Organisations
2026
Australia's Privacy Act 1988 already regulates AI in ways many organisations don't realise. The OAIC has made clear that the APPs apply fully to AI systems that collect, use, and disclose personal information — and the reform agenda will tighten these obligations further.