Insights
Practical AI governance guides, regulatory analysis, and research — for enterprise leaders, businesses, and individuals navigating the AI landscape.
AI Agents and GRC: The 2026 Guide to Governance, Risk, and Compliance for Autonomous AI
AI agents have moved from experiment to enterprise infrastructure faster than governance frameworks can adapt. This is a fact-checked, primary-source guide to AI agent governance for global and Australian organisations — what the technology actually is, where regulators have landed, and what compliance, risk, and board functions need to do now.
Read article
Agentic AI and the Accountability Vacuum: Who's Responsible When AI Agents Fail?
2026
Autonomous AI agents are taking real-world actions, booking travel, executing trades, sending emails, making purchases. Our governance frameworks are dangerously unprepared for this.
AI Investment Due Diligence: What Investment Firms Should Be Asking When Evaluating AI Companies
2026
A practical six-dimension framework for VC and PE firms evaluating AI companies, from technology verification to regulatory exposure to governance maturity and exit readiness.
Australia's AI Governance Gap: What the Regulatory Retreat Means for Enterprise Risk
2026
Australia abandoned mandatory AI guardrails months after announcing them. For enterprise organisations, the result is genuine uncertainty that creates its own class of risk.
What Questions Should Your Board Be Asking About AI?
2026
AI is now a material risk for most organisations. Directors who cannot articulate the right questions cannot discharge their oversight obligations. This is the board-level governance framework: 12 questions, the answers that signal genuine governance, and the answers that signal gaps.
EU AI Act Compliance 2026: What the Omnibus Extension Means for Organisations Outside the EU
2026
The EU AI Act Omnibus (May 2026) extended the Annex III high-risk AI deadline to December 2027. But transparency obligations, GPAI model rules, and prohibited AI bans are already in force. The compliance map for organisations outside the EU.
The EU AI Act Just Got Simpler. But You're Not Off the Hook
2026
The EU agreed to simplify AI Act compliance via the Digital Omnibus. SMEs get lighter requirements. But the August 2026 transparency deadline and core high-risk obligations are unchanged.
Five Signs Your Organisation's AI Governance Is Inadequate
2026
A self-diagnostic for boards, executives, and risk teams. If any of these five signs apply to your organisation, your AI governance needs attention before something goes wrong.
The US State AI Law Patchwork Is Now Your Problem
2026
Connecticut just passed the most comprehensive US state AI law ever. Colorado's Act is being gutted. Texas and California are enforcing. 2026 is the year US AI regulation stopped being theoretical.
What Is High-Risk AI Under the EU AI Act? A Complete Guide
2026
A plain-English explanation of what high-risk AI means under the EU AI Act: which systems qualify, what obligations apply, and what organisations need to do before December 2027 (standalone Annex III systems) or August 2028 (Annex I embedded systems).
AI Governance in Healthcare: What Clinical Leaders Need to Know
2026
Hospitals and health systems are deploying AI faster than governance is keeping up. This guide covers what clinical AI governance requires, and what happens when it fails.
AI Governance for Financial Services: Regulators Are Watching
2026
Banks, insurers, and investment firms face growing regulatory scrutiny for AI use in credit, fraud, and customer decisions. Here is what a compliant framework looks like.
ISO 42001: A Practical Implementation Guide for 2026
2026
ISO 42001 is the international standard for AI management systems. This guide covers what it requires, how it relates to EU AI Act compliance, and how to implement it without building a bureaucracy.
AI Governance for Law Firms and Legal Teams: Privilege, Confidentiality and Compliance
2026
Law firms and in-house legal teams are adopting AI rapidly, but the professional obligations that govern legal practice create governance requirements that go beyond standard enterprise AI policy.
AI Governance in Education: What Universities and Schools Must Get Right
2026
Educational institutions are navigating AI on two fronts simultaneously, managing student AI use and governing their own institutional AI deployments. Both require formal governance.
Model Risk Management in the Age of AI: Updating SR 11-7 Thinking for Modern ML
2026
The Federal Reserve's SR 11-7 model risk management guidance was written for statistical models. Modern machine learning breaks many of its core assumptions. Here is how to adapt it.
AI Governance in the Public Sector: Accountability, Transparency and Democratic Oversight
2026
Government use of AI raises accountability questions that private sector governance frameworks do not fully address. Public sector AI governance must answer to citizens, not just shareholders.
AI in Your Supply Chain: Managing Third-Party AI Risk
2026
Most organisations' AI risk does not come from the AI they build, it comes from the AI embedded in the software, services and platforms they buy. Third-party AI risk management is now a board-level concern.
When AI Goes Wrong: Building an AI Incident Response Capability
2026
Every organisation using AI will eventually experience an AI incident, a system failure, a biased output, a regulatory breach, or a reputational event. Most have no plan for when it happens.
GDPR and the EU AI Act: How They Interact and Where They Conflict
2026
The EU AI Act and GDPR apply simultaneously to AI systems processing personal data. Their requirements overlap significantly, but they also create tensions that governance must resolve.
AI Governance in Insurance: Underwriting, Claims, and the Fairness Problem
2026
Insurers are using AI to price risk, assess claims, and detect fraud at scale. The governance obligations, and the discrimination risks, are more significant than most have recognised.
How to Audit Your AI Systems: A Practical Framework
2026
AI auditing is becoming a regulatory requirement in more jurisdictions, and a due diligence expectation in most others. This guide covers what an AI audit involves, who should conduct one, and what to do with the results.
Singapore's AI Governance Framework: What Businesses in Asia-Pacific Need to Know
2026
Singapore has developed one of the most sophisticated AI governance frameworks in Asia. For businesses operating in the region, understanding the MAS guidelines, IMDA's Model AI Governance Framework, and how they interact with the EU AI Act is becoming a compliance necessity.
AI Vendor Due Diligence: What to Ask Before You Sign
2026
Buying an AI system from a vendor does not transfer your governance obligations to them. It makes those obligations harder to satisfy. Here is the due diligence process that protects your organisation.