Insights
Practical AI governance guides, regulatory analysis, and research — for enterprise leaders, businesses, and individuals navigating the AI landscape.
China's AI Governance: PIPL, CAC Regulations, and the World's Most Comprehensive AI Rulebook
China has the world's most complete suite of AI-specific regulations — the Algorithm Recommendation Provisions, the Deep Synthesis Provisions, and the Generative AI Service Management Provisions — all alongside PIPL's comprehensive data protection framework. Here is the complete picture.
Read article
AI Governance in Germany and the DACH Region: EU AI Act, BaFin, BSI, and German Law
2026
Germany sits at the heart of EU AI Act implementation. BaFin has specific expectations for AI in financial services. The BSI sets cybersecurity standards for AI systems. German market surveillance will set enforcement precedent across the EU.
AI Governance in Manufacturing and Supply Chains: Regulatory Obligations and Practical Governance
2026
Manufacturing and supply chain AI — predictive maintenance, quality control, demand forecasting, robotics — sits at the intersection of EU AI Act Annex I product safety law, OT cybersecurity obligations, and employment law. Here is the complete governance picture.
AI Governance in Energy and Utilities: Critical Infrastructure, OT Security, and Grid AI
2026
AI in energy and utilities — grid management, demand forecasting, asset health, renewable integration — is classified as high-risk under the EU AI Act (critical infrastructure). NIS 2 cybersecurity obligations apply. And AI is increasingly embedded in safety-critical operational technology.
AI Governance for Cybersecurity Organisations: Using AI Responsibly, Defending Against AI Threats
2026
Cybersecurity organisations face a dual governance challenge: governing their own use of AI in threat detection, incident response, and security products; and advising clients on AI-specific cybersecurity threats. Both dimensions create specific governance obligations.
AI Governance in Real Estate: Automated Valuations, Tenant Screening, and Fair Housing Law
2026
AI in real estate — automated valuation models (AVMs), tenant screening algorithms, mortgage underwriting AI, property recommendation engines — intersects with fair housing law, anti-discrimination law, and consumer protection in ways that create significant legal exposure. Here is the governance picture.
AI Governance in Hong Kong: PCPD, SFC, HKMA, and the China AI Regulation Intersection
2026
Hong Kong operates a distinct AI governance framework under common law, with PCPD enforcing the Personal Data (Privacy) Ordinance, SFC and HKMA setting financial sector expectations, and increasing alignment with Mainland China's CAC regulations creating a unique dual-compliance environment.
ASEAN AI Governance: The Regional Framework and Country-by-Country Landscape
2026
ASEAN has a regional AI governance framework built on voluntary principles, but individual member states — Thailand, Vietnam, Indonesia, Malaysia, Philippines — are developing their own approaches at different speeds. Here is the complete picture for organisations operating across Southeast Asia.
AI Governance in Agriculture: Precision Farming, Autonomous Equipment, and Supply Chain AI
2026
AI in agriculture — precision crop management, autonomous farm machinery, livestock monitoring, supply chain optimisation, and climate adaptation AI — creates a distinctive set of governance challenges at the intersection of agricultural regulation, product safety law, and data sovereignty.
Board Directors and Personal AI Liability: What Your D&O Policy Does Not Cover
2026
Directors are personally exposed when AI governance fails. D&O insurance has explicit carve-outs for technology governance failures. The personal liability landscape for AI has changed materially in the last 18 months — and most boards do not know it.
The General Counsel's AI Governance Briefing: Legal Exposure, Regulatory Risk, and What to Tell the Board
2026
AI creates legal exposure across contract, tort, employment, data protection, consumer, and regulatory law simultaneously. General Counsel need a framework for assessing and communicating this exposure. Here it is.
The CRO's Guide to AI Risk: Building a Framework That Satisfies Regulators and the Board
2026
Chief Risk Officers in financial services face AI risk from three directions simultaneously: model risk, conduct risk, and operational risk. Traditional risk frameworks were not built for this. Here is how to adapt them.
The CISO's AI Governance Brief: Cybersecurity Obligations, AI Attack Surfaces, and NIS 2
2026
AI expands the attack surface, creates new cybersecurity obligations under NIS 2 and sector-specific regulation, and introduces adversarial AI risks most security programs have not addressed. The CISO's practical briefing.
AI Governance Due Diligence for PE and VC: What to Look For, What to Walk Away From
2026
Private equity and venture capital investors are acquiring AI-exposed assets without adequate governance due diligence. The liability inherited on closing can be material. Here is the framework that experienced AI governance advisors use.
The CFO's Guide to AI Regulatory Penalty Exposure: Quantifying What Non-Compliance Actually Costs
2026
AI regulatory penalties are not theoretical. The EU AI Act allows fines of €35M or 7% of global turnover. GDPR AI violations have already resulted in nine-figure penalties. CFOs need to quantify this exposure and build it into risk management. Here is how.
AI Governance Maturity Assessment: Where Does Your Organisation Actually Stand?
2026
Most organisations believe their AI governance is more mature than it is. This structured self-assessment, used by governance advisors in enterprise engagements, reveals the gaps between perceived and actual AI governance maturity.
AI Governance in Procurement: The Questions You Must Ask Every AI Vendor Before You Sign
2026
Procurement teams are signing AI vendor contracts without adequate governance due diligence. The liability for vendor AI governance failures flows to the buyer. Here are the questions that sophisticated procurement teams are asking in 2026.
What Financial Services Regulators Actually Want on AI Governance in 2026
2026
The gap between what financial services regulators say in guidance documents and what they actually look for in examinations and enforcement actions is significant. Based on regulatory engagement across APRA, FCA, MAS, and ACPR, here is what actually matters.
AI Governance Board Reporting: What to Include, How Often, and What Good Looks Like
2026
Board AI governance reporting is evolving from occasional technology briefings to structured risk reporting. What regulators and institutional investors expect to see in board AI governance reports — and a template for what good looks like.
AI Governance Enforcement: The Cases That Defined 2024-2026 and What They Mean for Your Organisation
2026
Regulatory enforcement of AI governance obligations is no longer theoretical. From the FTC's actions against algorithmic pricing to GDPR fines for AI data processing, here are the cases that have reshaped the AI governance landscape — and the lessons for organisations.
Robodebt: The AI Governance Lessons Every Executive Should Know
2026
The Robodebt Royal Commission exposed every AI governance failure mode simultaneously — automated decisions without human oversight, inadequate documentation, deliberate opacity, and absence of accountability. The lessons are universal.
Amazon's AI Hiring Tool: The Case Study That Defined AI Discrimination Risk
2026
Amazon built and then scrapped a machine learning hiring tool that systematically discriminated against women. The case remains the definitive study of how algorithmic bias develops, why it is hard to detect, and what governance would have caught it.
The AIRA Framework: A Structured Approach to AI Risk and Governance for Enterprise
2026
The AI Integrated Risk Architecture (AIRA) provides a four-phase methodology for enterprise AI governance — Assess, Implement, Review, Adapt — built from the intersection of ISO 31000, NIST AI RMF, and the EU AI Act. How it works and why it works.
AIRA vs ISO 42001 vs NIST AI RMF: Which AI Governance Framework Is Right for Your Organisation?
2026
Three serious AI governance frameworks, each with different strengths, different audiences, and different regulatory recognition. How they compare, where they overlap, and how to choose — or combine — them for your specific context.