Insights
Practical AI governance guides, regulatory analysis, and research — for enterprise leaders, businesses, and individuals navigating the AI landscape.
AI for Procurement Teams in Australia: Buying AI Responsibly and Governing What You Buy
Procurement teams face a dual challenge: using AI to improve procurement processes, and governing AI tool purchases across the organisation. Both carry specific legal and regulatory obligations.
Read article
AI for Risk and GRC Teams in Australia: Building AI Governance Into Your Framework
2026
GRC teams are simultaneously AI's most important internal governors and increasingly its users. What AI6 requires of risk functions, how to integrate AI into enterprise risk management, and the December 2026 Privacy Act compliance deadline GRC teams must own.
AI and Psychosocial Hazards in Australian Workplaces: What Employers Must Do
2026
All Australian jurisdictions now have psychosocial hazard regulations. AI-driven monitoring, algorithmic performance management and AI-enabled work intensification create psychosocial risks employers are legally required to identify, assess and control.
AI Governance Strategy for Australian Mid-Market Organisations: Between SME and Enterprise
2026
With 50–500 staff and real regulatory exposure, mid-market Australian organisations face enterprise-grade AI risks with business-grade resources. How to build governance that is proportionate, defensible, and scalable.
Building an Enterprise AI Governance Programme in Australia: From Policy to Operating Model
2026
An AI policy document is not an AI governance programme. What mature enterprise AI governance looks like in Australia in 2026 — the operating model, the roles, the controls, and how to build it without starting from scratch.
India's DPDP Act and AI: What Organisations Need to Know About the Digital Personal Data Protection Act 2023
2026
India's Digital Personal Data Protection Act 2023 fundamentally changes the data governance landscape for organisations processing data of Indian residents — including through AI systems. Here is the compliance framework to build.
AI in India's Financial Services: RBI, SEBI, and IRDAI Frameworks for AI Governance
2026
India's financial regulators — RBI, SEBI, and IRDAI — have published guidance on AI governance that financial services firms must incorporate. Here is the regulatory landscape for AI in Indian financial services.
AI Enforcement in 2026: The Cases Every Organisation Should Know
2026
Global AI enforcement shifted from guidance to penalties in 2023-26. Regulators in Australia, the EU, UK, and US moved against biometric AI, AI hiring tools, and AI consumer practices. Here are the enforcement actions that set today's compliance expectations.
What Boards Need to Know About AI Governance in 2026: Director Duties, Liability, and Oversight
2026
AI governance is now a board-level responsibility. Directors who cannot demonstrate meaningful oversight face personal liability exposure, regulatory scrutiny, and institutional investor pressure.
AI Vendor Due Diligence: What to Ask Before Procuring Any AI System
2026
Most enterprise AI is now procured, not built. Third-party AI creates governance obligations you must own — you cannot outsource AI accountability to your vendor. Here is the due diligence framework.
AI Incident Response: What to Do When Your AI System Fails or Causes Harm
2026
AI systems fail differently from conventional software — systematic bias, model drift, hallucination. When they do, the response has legal, regulatory, and reputational dimensions that standard incident response playbooks do not address.
What Is the Australian Privacy Act? How It Applies to AI Systems
2026
Australia's Privacy Act 1988 and the 13 Australian Privacy Principles (APPs) govern how personal information is handled — including by AI systems. Here is what organisations need to know.
What Is APRA CPS 230? How Operational Resilience Requirements Apply to AI Systems
2026
APRA's CPS 230 Operational Risk Management standard (effective July 2025) applies to all APRA-regulated entities and has significant implications for AI governance — particularly for material business processes, third-party AI, and AI incident response.
What Is Data Governance? How It Differs from AI Governance and Why You Need Both
2026
Data governance and AI governance are distinct but interconnected. Good data governance is a prerequisite for good AI governance — you cannot govern AI well without governing the data it uses.
AI Ethics Policy: What It Should Contain, Why Generic Statements Fail, and How to Make It Operational
2026
An AI ethics policy articulates principles for AI use. A credible one has specific commitments, red lines, and enforcement mechanisms — not generic statements of values that amount to ethics-washing.
Enterprise AI Compliance in India: DPDP Act, RBI, SEBI, IRDAI, and the Governance Framework
2026
Large organisations in India using AI face overlapping obligations from the DPDP Act, sector regulators, and the IT Act. Here is the enterprise governance framework for AI compliance in India.
AI in UK Insurance: FCA Consumer Duty, PRA Expectations, and What Insurers Must Do Now
2026
UK insurers using AI in underwriting, pricing, and claims face obligations from FCA Consumer Duty, PRA model risk expectations, the ICO's UK GDPR guidance, and the FCA's pricing practices rules. Here is the complete governance framework.
AI in EU Insurance: EIOPA Guidelines, Solvency II Implications, and the EU AI Act for Insurers
2026
EIOPA's Consultative Expert Group on Digital Ethics published a report on AI Governance Principles in June 2021, and EIOPA itself published a formal Opinion on AI Governance and Risk Management in August 2025. Combined with Solvency II model risk obligations and the EU AI Act, EU insurers face a layered AI governance framework. Here is the complete picture.
AI in US Insurance: NAIC Model Bulletin, State Regulators, and the Governance Framework for Insurers
2026
US insurance is state-regulated, but the NAIC's 2023 Model Bulletin on AI establishes a national baseline. Here is the governance framework US insurers need — covering NAIC expectations, state insurance commissioner requirements, and CFPB oversight of credit insurance.
AI in Singapore Insurance: MAS Expectations, PDPA Obligations, and the FEAT Framework for Insurers
2026
Singapore insurers using AI in underwriting, claims, and distribution face MAS expectations through the FEAT principles and Veritas framework, PDPA obligations on personal data, and MAS Notice 133 consumer protection requirements.
AI Controls Framework: The Practical Guide for Enterprise Risk and Compliance Teams
2026
An AI controls framework defines the specific controls — preventive, detective, and corrective — that govern AI risk across an organisation. Here is how to design, implement, and evidence an AI controls framework that satisfies internal audit, external regulators, and boards.
AI Internal Audit: What Audit Committees Should Demand and How to Test AI Controls
2026
AI is now a material risk for most organisations, but few internal audit functions have developed the methodology to audit it effectively. Here is the framework for auditing AI — what to test, how to test it, and what good AI audit evidence looks like.
AI Model Risk Controls: Validation, Monitoring, and What Regulators Actually Expect
2026
Model risk management frameworks — originally designed for quantitative financial models — are being extended to cover AI. Here is the AI model risk control framework that financial services regulators and internal audit functions expect to see.
AI Controls for Financial Services: The Framework Your Regulator Expects to See
2026
Financial services regulators globally — APRA, FCA, Federal Reserve, MAS, ECB — have all published guidance that implies or explicitly requires AI controls. Here is the complete controls framework for financial services firms, mapped to regulatory expectations.