AI Governance
Frameworks, policies, and practical guides for governing AI usage without blocking productivity.
AI governance is the set of policies, processes, and controls that determine how an organisation manages its use of AI tools. Done well, it enables teams to use AI confidently. Done badly, it either blocks adoption entirely or gets ignored.
Five Eyes Cyber Agencies Just Published the First Multinational Playbook for Securing Agentic AI
Six cyber agencies from the US, UK, Australia, Canada and NZ released joint agentic AI security guidance on 1 May 2026, covering five risk categories.
GovernanceAPRA Just Told Every Bank, Insurer and Super Fund in Australia That Their AI Controls Are Not Good Enough
APRA's 30 April 2026 industry letter warns AI governance is not keeping pace. The regulator named Mythos and called for a step-change from all regulated entities.
GovernanceSenior Leaders at Santander, Lloyds and Revolut Say the UK Has No Shared AI Governance Standard for Financial Services
A Zango AI report draws on 27 C-suite interviews and four roundtables with 60 practitioners from major UK and European banks. The US and Singapore have published sector-specific AI governance frameworks. The UK and EU have not.
GovernanceCanada Is Spending $890 Million to Build a Sovereign AI Supercomputer. The Governance Signal Is Bigger Than the Hardware.
Canada's AI Sovereign Compute Infrastructure Program opened applications on 15 April 2026. The $890 million investment turns data residency and provider jurisdiction from abstract risks into funded infrastructure decisions.
GovernanceGrant Thornton Finds 78% of Leaders Doubt They'd Pass an AI Governance Audit
Grant Thornton surveyed 950 senior US leaders. 78% lack confidence they could pass an AI governance audit in 90 days. Only 12% say their workforce is AI-ready. The gap between AI spend and AI proof is widening.
GovernanceASIC and APRA Are Now Monitoring Anthropic's Mythos. Every Regulated Firm Should Be Asking What That Means for Them.
Australian and Asian financial regulators have confirmed they are monitoring Anthropic's Claude Mythos Preview, an AI model that can autonomously find and exploit zero-day vulnerabilities at scale. ASIC expects licensees to be on the front foot.
GovernanceUK and EU Regulators Just Drew a Target Around Agentic AI. Consumer-Facing Bots Are Now a Compliance Problem, Not an Innovation Story.
The UK CMA, the cross-regulator DRCF, and the ICO published cluster guidance on agentic AI in March 2026. The CMA can fine up to 10% of global turnover under the DMCC Act. The EU AI Act caps manipulation penalties at 35M EUR or 7% of turnover.
GovernanceTwelve US States Just Launched the First Coordinated AI Insurance Examination. The Template Will Spread.
Twelve US states have launched the first coordinated examination of AI claims decisions using a structured evaluation tool. Regulators want technical evidence, not policy statements.
GovernanceAgentic AI Is Now a Regulatory Category, Not Just a Security Buzzword
Four regulators across three continents have published formal guidance naming agentic AI as a distinct risk category. FINRA, Spain's AEPD, Turkey's KVKK, and the UK's ICO all say existing rules already apply.
GovernanceCOSO Has Spoken: Generative AI Now Sits Inside Your Internal Control Framework
COSO published its first GenAI-specific internal control guidance in February 2026. Eight capability types, five COSO components mapped to AI, and a six-step implementation roadmap.
GovernanceThe First Australian Judicial Guidance on Directors and AI: ASIC v Bekier, Explained
Justice Lee's judgment in ASIC v Bekier contains the first substantive Australian judicial commentary on directors using generative AI. What boards need to know about formal AI governance policies.
GovernanceUK AI Governance Is Arriving for SMEs Through Procurement, Data Law, and Regulators. Not a Single AI Act.
The UK has no AI Act but businesses are already regulated through data protection reform, sector regulators, and procurement. How obligations reach SMEs through supply chain pressure.
GovernanceCanada's AI Governance Patchwork: What CIOs Must Do Without a Federal AI Law
Canada has no comprehensive federal AI law and will not have one in the near term. What it does have is a set of real expectations: regulators now expect AI inventories, impact assessments, and clear accountability structures, even without legislation that mandates them explicitly.
GovernanceGenAI Value Drift: How AI Is Quietly Changing Workplace Standards Nobody Voted to Change
Most AI governance frameworks are designed to catch failures. University of Auckland researchers identify a different problem: when GenAI generates the language of management, workplace standards can shift without any single failure to point to.
GovernanceWhat Is an AI Governance Framework (And What Does One Actually Contain)?
Most organisations deploying AI lack a governance framework. This guide explains what one contains and how to build it using ASIC's maturity model.
GovernanceWhen AI Adoption Outruns Governance: What ASIC Found Inside 23 Australian Lenders
ASIC reviewed 624 AI use cases across 23 Australian licensees and found governance consistently trailing deployment. The compliance gap is already causing consumer harm.