AIRiskAware
By Sector

AI governance, by industry.

Generic AI governance gets you to Level 1. Each sector has its own regulators, its own risk profile, its own established practice, and its own documented failure modes. Twelve sectors covered — with the regulatory landscape, governance failures, and practical obligations specific to each.

High regulatory intensity

Healthcare

Patient safety as the governance framework. EU AI Act high-risk classification, MDR/IVDR intersection, FDA pathway, clinical decision support governance, and the obligations that distinguish healthcare AI from every other sector.

Sector guide
High regulatory intensity

Financial Services

SR 26-2 (superseded SR 11-7 April 2026), APRA CPG 234, PRA SS1/23, MAS guidelines. How prudential regulators are extending model risk management to AI — and what banks, insurers, and asset managers need to do now.

Sector guide
Professional conduct obligations

Legal

Privilege, hallucination and false citations, supervision obligations, disclosure requirements. AI governance in legal practice is a professional conduct question, not just a technology question.

Sector guide
Dual governance challenge

Education

Institutional AI deployments in admissions and assessment, AI academic integrity tools and their documented false positive rates, student data privacy, duty of care for AI in student support.

Sector guide
Democratic accountability

Public Sector

Democratic accountability, the Robodebt lessons, EU AI Act public sector obligations, procedural fairness for automated government decisions, and algorithmic transparency requirements.

Sector guide
Fairness and discrimination risk

Insurance

Underwriting AI, claims assessment, fraud detection, and the fairness problem. The proxy variable challenge, anti-discrimination exposure, and prudential model risk management for insurers.

Sector guide
Beneficiary duty of care

Non-Profit

Beneficiary data in AI tools, donor data governance, trustee duties, AI in service delivery. Governance obligations that do not scale down with organisation size or budget.

Sector guide
Provider obligations

Technology

Provider obligations under EU AI Act, GPAI model rules, training data and copyright, product liability for AI. Technology companies are providers and deployers simultaneously.

Sector guide
Safety-critical applications

Manufacturing

AI in safety-critical equipment, Annex I classification, CE marking intersections, functional safety standards, supply chain AI governance, and product liability implications.

Sector guide
Professional standards

Professional Services

Client confidentiality in AI tools, professional standards for AI-assisted work product, auditor independence, AI disclosure in professional deliverables.

Sector guide
Consumer protection focus

Retail and E-Commerce

Dynamic pricing discrimination, recommendation engine obligations, consumer protection law for personalisation AI, customer service chatbot disclosure, demand forecasting governance.

Sector guide
Critical infrastructure

Energy and Utilities

Critical infrastructure classification under EU AI Act, NIS2 Directive intersections, grid AI and distributional shift, operational technology governance, cybersecurity AI.

Sector guide