AI Governance Practices

McKinsey & Company 𝗮𝗻𝗮𝗹𝘆𝘇𝗲𝗱 𝟭𝟱𝟬+ 𝗲𝗻𝘁𝗲𝗿𝗽𝗿𝗶𝘀𝗲 𝗚𝗲𝗻𝗔𝗜 𝗱𝗲𝗽𝗹𝗼𝘆𝗺𝗲𝗻𝘁𝘀 — 𝗮𝗻𝗱 𝗳𝗼𝘂𝗻𝗱 𝗼𝗻𝗲 𝗰𝗼𝗺𝗺𝗼𝗻 𝘁𝗵𝗿𝗲𝗮𝗱: ⬇️ One-off solutions don’t scale. The most successful projects take a different path: They use open, modular architectures that enable speed, reuse, and control. → Designed for reuse → Able to plug in best-in-class capabilities → Free from vendor lock-in This is the reference architecture McKinsey now recommends — optimized to scale what works while staying compliant. It consists of five core components: ⬇️ 𝟭. 𝗦𝗲𝗹𝗳-𝘀𝗲𝗿𝘃𝗶𝗰𝗲 𝗽𝗼𝗿𝘁𝗮𝗹: → A secure, compliant “pane of glass” where teams can launch, monitor, and manage GenAI apps. → Preapproved patterns, validated capabilities, shared libraries. → Observability and cost controls built-in. 𝟮. 𝗢𝗽𝗲𝗻 𝗮𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲 → Services are modular, reusable, and provider-agnostic. → Core functions like RAG, chunking, or prompt routing are shared across apps. → Infra and policy as code, built to evolve fast. 𝟯. 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗲𝗱 𝗴𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲 𝗴𝘂𝗮𝗿𝗱𝗿𝗮𝗶𝗹𝘀 → Every prompt and response is logged, audited, and cost-attributed. → Hallucination detection, PII filters, bias audits — enforced by default. → LLMs accessed only through a centralized AI gateway. 4. 𝗙𝘂𝗹𝗹-𝘀𝘁𝗮𝗰𝗸 𝗼𝗯𝘀𝗲𝗿𝘃𝗮𝗯𝗶𝗹𝗶𝘁𝘆 → Centralized logging, analytics, and monitoring across all solutions → Built-in lifecycle governance, FinOps, and Responsible AI enforcement → Secure onboarding of use cases and private data controls → Enables policy adherence across infrastructure, models, and apps 5. 𝗣𝗿𝗼𝗱𝘂𝗰𝘁𝗶𝗼𝗻-𝗴𝗿𝗮𝗱𝗲 𝗨𝘀𝗲 𝗖𝗮𝘀𝗲𝘀 → Modular setup for user interface, business logic, and orchestration → Integrated agents, prompt engineering, and model APIs → Guardrails, feedback systems, and observability built into the solution → Delivered through the AI Gateway for consistent compliance and scale The message is clear: If your GenAI program is stuck, don’t look at the LLM. Look at your platform. 𝗜 𝗲𝘅𝗽𝗹𝗼𝗿𝗲 𝘁𝗵𝗲𝘀𝗲 𝗱𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁𝘀 — 𝗮𝗻𝗱 𝘄𝗵𝗮𝘁 𝘁𝗵𝗲𝘆 𝗺𝗲𝗮𝗻 𝗳𝗼𝗿 𝗿𝗲𝗮𝗹-𝘄𝗼𝗿𝗹𝗱 𝘂𝘀𝗲 𝗰𝗮𝘀𝗲𝘀 — 𝗶𝗻 𝗺𝘆 𝘄𝗲𝗲𝗸𝗹𝘆 𝗻𝗲𝘄𝘀𝗹𝗲𝘁𝘁𝗲𝗿. 𝗬𝗼𝘂 𝗰𝗮𝗻 𝘀𝘂𝗯𝘀𝗰𝗿𝗶𝗯𝗲 𝗵𝗲𝗿𝗲 𝗳𝗼𝗿 𝗳𝗿𝗲𝗲: https://lnkd.in/dbf74Y9E

Over the past 10+ years, I’ve had the opportunity to author or contribute to over 100 #datagovernance strategies and frameworks across all kinds of industries and organizations. Every one of them had its own challenges, but I started to notice something: there’s actually a consistent way to approach #data governance that seems to work as a starting point, no matter the region or the sector. I’ve put that into a single framework I now reuse and adapt again and again. Why does it matter? Getting this framework in place early is one of the most important things you can do. It helps people understand what data governance is (and what it isn’t), sets clear expectations, and makes it way easier to drive adoption across teams. A well-structured framework provides a simple, repeatable visual that you can use over and over again to explain data governance and how you plan to implement it across the organization. You’ll find the visual attached. I broke it down into five core components: 🔹 #Strategy – This is the foundation. It defines why data governance matters in your org and what you’re trying to achieve. Without it, governance will be or become reactive and fragmented. 🔹 #Capability areas – These are the core disciplines like policies & standards, data quality, metadata, architecture, and more. They serve as the building blocks of governance, making sure that all the essential topics are covered in a clear and structured way. 🔹 #Implementation – This one is a bit unique because most high-level frameworks leave it out. It’s where things actually come to life. It’s about defining who’s doing what (roles) and where they’re doing it (domains), so governance is actually embedded in the business, not just talked about. This is where your key levers of adoption sit. 🔹 #Technology enablement – The tools and platforms that bring governance to life. From catalogs to stewardship platforms, these help you scale governance across teams, systems, and geographies. 🔹 #Governance of governance – Sounds meta, but it’s essential. This is how you make sure the rest of the framework is actually covered and tracked — with the right coordination, forums, metrics, and accountability to keep things moving and keep each other honest. In next weeks, I’ll go a bit deeper into one or two of these. For the full article ➡️ https://lnkd.in/ek5Yue_H

This new white paper by Stanford Institute for Human-Centered Artificial Intelligence (HAI) titled "Rethinking Privacy in the AI Era" addresses the intersection of data privacy and AI development, highlighting the challenges and proposing solutions for mitigating privacy risks. It outlines the current data protection landscape, including the Fair Information Practice Principles, GDPR, and U.S. state privacy laws, and discusses the distinction and regulatory implications between predictive and generative AI. The paper argues that AI's reliance on extensive data collection presents unique privacy risks at both individual and societal levels, noting that existing laws are inadequate for the emerging challenges posed by AI systems, because they don't fully tackle the shortcomings of the Fair Information Practice Principles (FIPs) framework or concentrate adequately on the comprehensive data governance measures necessary for regulating data used in AI development. According to the paper, FIPs are outdated and not well-suited for modern data and AI complexities, because: - They do not address the power imbalance between data collectors and individuals. - FIPs fail to enforce data minimization and purpose limitation effectively. - The framework places too much responsibility on individuals for privacy management. - Allows for data collection by default, putting the onus on individuals to opt out. - Focuses on procedural rather than substantive protections. - Struggles with the concepts of consent and legitimate interest, complicating privacy management. It emphasizes the need for new regulatory approaches that go beyond current privacy legislation to effectively manage the risks associated with AI-driven data acquisition and processing. The paper suggests three key strategies to mitigate the privacy harms of AI: 1.) Denormalize Data Collection by Default: Shift from opt-out to opt-in data collection models to facilitate true data minimization. This approach emphasizes "privacy by default" and the need for technical standards and infrastructure that enable meaningful consent mechanisms. 2.) Focus on the AI Data Supply Chain: Enhance privacy and data protection by ensuring dataset transparency and accountability throughout the entire lifecycle of data. This includes a call for regulatory frameworks that address data privacy comprehensively across the data supply chain. 3.) Flip the Script on Personal Data Management: Encourage the development of new governance mechanisms and technical infrastructures, such as data intermediaries and data permissioning systems, to automate and support the exercise of individual data rights and preferences. This strategy aims to empower individuals by facilitating easier management and control of their personal data in the context of AI. by Dr. Jennifer King Caroline Meinhardt Link: https://lnkd.in/dniktn3V

Europe just defined how AI must be secured On 15 Jan, the European Telecommunications Standards Institute (ETSI) published a standard, EN 304 223, defining baseline cybersecurity requirements for AI models and systems. ➡️ A common set of AI cybersecurity controls, usable across jurisdictions, vendors, supply chains. Why this matters now Traditional cybersecurity was built for software & networks. AI changes the attack surface: ▫️ training data can be poisoned ▫️ models can be manipulated or obfuscated ▫️ prompts can be indirectly injected ▫️ behaviour can drift in invisible ways ➡️ EN 304 223 explicitly names these risks, treating them as security failures. How this takes effect EN 304 223 is already being pulled into procurement processes, security questionnaires, internal audits, vendor due diligence, insurance reviews. With the EU AI Act, high-risk AI systems will need to demonstrate compliance through conformity assessment either via internal control with robust technical documentation, or through assessment by a notified body. ➡️ EN 304 223 is the operational “how” that law and auditors will rely on. The real breakthrough: lifecycle security The standard defines 13 principles and 72 trackable requirements, organised across 5 phases of the AI system lifecycle: 1️⃣ secure design 2️⃣ secure development 3️⃣ secure deployment 4️⃣ secure maintenance 5️⃣ secure end of life ➡️ Retraining a model = redeploying a system from a security standpoint. AI security becomes a continuous operational discipline. Accountability made operational EN 304 223 assigns accountability across 3 technical roles: ✔️ developers ✔️ system operators ✔️ data custodians ➡️ AI risk lives between teams. This standard makes ownership explicit. The target: production AI EN 304 223 applies to deep neural networks and GenAI models already embedded in products, services, and operational decisions. Academic or research environments are excluded. ➡️ This standard is about AI that is live, scaled, and consequential, particularly in finance, healthcare, and critical infrastructure. What “compliance” means Complying with legal, audit, procurement, and insurance expectations using EN 304 223 as evidence: mapping controls across the lifecycle and ownership across roles. What Boards and executives should do now 1️⃣ Mandate an AI inventory: What AI is live, where, doing what, using which data pipelines, supplied by whom. 2️⃣ Assign named accountability across the lifecycle: Align to the standard’s role logic per system. 3️⃣ Require an AI security evidence pack per high-impact system, mapped across its lifecycle. 4️⃣ Decide your assurance route early. For high-risk systems plan for internal control vs notified body assessment. The bigger signal EU is turning AI security into auditable infrastructure. Trustworthy AI is becoming a standard of execution. For companies operating globally, proof of AI security is becoming the baseline. #AI #GenAI #AIGovernance #AISecurity #Boardroom

Shipping AI agents into production without governance is like deploying software without security, logs, or controls. It might work at first. But sooner or later, something breaks - silently. As AI agents move from experiments to real decision-makers, governance becomes infrastructure. This framework breaks AI Governance into the core functions every production-grade agent system needs: - Policy Rules Turn business and regulatory expectations into enforceable agent behavior - defining what agents can do, must avoid, and how they respond in restricted scenarios. - Access Control Limits agents to approved tools, datasets, and systems using identity verification, RBAC, and permission boundaries — preventing accidental or malicious misuse. - Audit Logs Create a full activity trail of agent decisions: what data was accessed, which tools were called, and why actions were taken — making every outcome traceable. - Risk Scoring Evaluates agent actions before execution, assigns risk levels, detects sensitive operations, and blocks unsafe decisions through thresholds and safety scoring. - Data Privacy Protects confidential information using PII detection, encryption, consent management, and retention policies — ensuring agents don’t leak regulated data. - Model Monitoring Tracks real-world agent performance: accuracy, drift, hallucinations, latency, and cost - keeping systems reliable after deployment. - Human Approvals Adds human-in-the-loop controls for high-impact actions, enabling escalation, overrides, and sign-offs when automation alone isn’t enough. - Incident Response Detects failures early and enables rapid containment through alerts, rollbacks, kill switches, and post-incident reporting to prevent repeat issues. The takeaway: AI agents don’t just need intelligence. They need guardrails. Without governance, agents become unpredictable. With governance, they become enterprise-ready. This is how organizations move from experimental AI to trustworthy, compliant, production systems. Save this if you’re building agentic systems. Share it with your platform or ML teams.

CFO to General Counsel last week: "I read that AI can review contracts now. Why do we still need three legal FTEs?" GC's internal monologue: "Because AI can't negotiate with an angry customer at 9 AM, navigate a GDPR audit at 11 AM, and explain to the board why that 'simple contract' could expose us to €2M liability at 3 PM?" Welcome to 2025, where every General Counsel is expected to: ✅ Implement AI to "cut costs" ✅ Reduce legal headcount ✅ Still deliver faster contract turnarounds ✅ Maintain zero risk tolerance ✅ Be a strategic business partner All by yesterday. Preferably with no budget. Here's what leadership sees: --> AI reviews 100 contracts in minutes! Here's what they miss: --> Who reviews the AI's output? --> Who handles the 15 edge cases it can't process? --> Who negotiates when the customer pushes back? --> Who coordinates with Sales, Finance, and IT? --> Who makes the final call on acceptable risk? The pressure is real. CFOs read one article about "AI replacing lawyers" and suddenly expect the legal department to automate itself out of existence. But here's the truth: AI is powerful for legal teams - when used right. The goal isn't to replace lawyers. It's to free them from the repetitive work that buries them: → Initial contract reviews and risk flagging → Answering the same compliance questions repeatedly → Tracking obligations and renewals → Generating routine agreements That gives your team capacity for what actually matters: strategic negotiation, risk assessment, business partnership, and preventing the fires nobody sees. Smart legal leaders aren't asking "How do I replace my team with AI?" They're asking "How do I use AI to make my team 10x more effective?" How is your leadership team thinking about AI in legal right now?

"This report provides a comprehensive overview of the current state of AI regulation as of May 2024, focusing on the approaches taken by the United States, China, and the European Union. We examine a sequence of key topics on AI governance, including the classification of AI systems, regulatory structures, model evaluations, model registries, incident reporting, open-source models, cybersecurity, discrimination requirements, disclosure requirements and the risks associated with chemical, biological, radiological, and nuclear (CBRN) hazards. For each topic, we provide background, answer contextually relevant questions, and summarize key legislative text from each leading government. Additionally, we conduct a short analysis for each section, providing key points for readers to take away regarding topics such as governmental motivations or expectations for upcoming regulation. We intend this report to serve as a useful resource for understanding the AI regulatory landscape in early 2024, and plan to continually update this report as new regulation is developed." Deric Cheng Elliot Mckernon Convergence Analysis

AI is not failing because of bad ideas; it’s "failing" at enterprise scale because of two big gaps: 👉 Workforce Preparation 👉 Data Security for AI While I speak globally on both topics in depth, today I want to educate us on what it takes to secure data for AI—because 70–82% of AI projects pause or get cancelled at POC/MVP stage (source: #Gartner, #MIT). Why? One of the biggest reasons is a lack of readiness at the data layer. So let’s make it simple - there are 7 phases to securing data for AI—and each phase has direct business risk if ignored. 🔹 Phase 1: Data Sourcing Security - Validating the origin, ownership, and licensing rights of all ingested data. Why It Matters: You can’t build scalable AI with data you don’t own or can’t trace. 🔹 Phase 2: Data Infrastructure Security - Ensuring data warehouses, lakes, and pipelines that support your AI models are hardened and access-controlled. Why It Matters: Unsecured data environments are easy targets for bad actors making you exposed to data breaches, IP theft, and model poisoning. 🔹 Phase 3: Data In-Transit Security - Protecting data as it moves across internal or external systems, especially between cloud, APIs, and vendors. Why It Matters: Intercepted training data = compromised models. Think of it as shipping cash across town in an armored truck—or on a bicycle—your choice. 🔹 Phase 4: API Security for Foundational Models - Safeguarding the APIs you use to connect with LLMs and third-party GenAI platforms (OpenAI, Anthropic, etc.). Why It Matters: Unmonitored API calls can leak sensitive data into public models or expose internal IP. This isn’t just tech debt. It’s reputational and regulatory risk. 🔹 Phase 5: Foundational Model Protection - Defending your proprietary models and fine-tunes from external inference, theft, or malicious querying. Why It Matters: Prompt injection attacks are real. And your enterprise-trained model? It’s a business asset. You lock your office at night—do the same with your models. 🔹 Phase 6: Incident Response for AI Data Breaches - Having predefined protocols for breaches, hallucinations, or AI-generated harm—who’s notified, who investigates, how damage is mitigated. Why It Matters: AI-related incidents are happening. Legal needs response plans. Cyber needs escalation tiers. 🔹 Phase 7: CI/CD for Models (with Security Hooks) - Continuous integration and delivery pipelines for models, embedded with testing, governance, and version-control protocols. Why It Matter: Shipping models like software means risk comes faster—and so must detection. Governance must be baked into every deployment sprint. Want your AI strategy to succeed past MVP? Focus and lock down the data. #AI #DataSecurity #AILeadership #Cybersecurity #FutureOfWork #ResponsibleAI #SolRashidi #Data #Leadership

Algorithmic transparency refers to the principle that the operations and decision-making processes of algorithms should be open and understandable to people who interact with or are impacted by them. It’s an aspect of accountability and fairness that seeks to mitigate the ‘black box’ nature of complex AI systems. For high-risk AI systems, strict transparency requirements will apply under the AI Act, such as adequately informing users when they interact with an AI system and making sure that its capabilities and limitations are clearly outlined. The AI Act will also require that users are aware of the AI's decision-making parameters. Companies must not only disclose how the algorithm works but also need to explain the rationale behind these decisions. This is particularly important for high-risk AI systems, where the consequences of error could be catastrophic. Transparency, in this context, evolves from being a mere buzzword to a structural necessity. The AI Act also focuses on transparency in emotion recognition and biometric categorisation, and deepfakes. For the former, the Act requires that people exposed to these AI systems must be informed, except in cases where the technology is used for criminal investigations. This exception raises ethical questions about balancing privacy with security. For the latter, deepfake technology must come with disclosure that the content isn't authentic, though exceptions exist for legal or artistic purposes. These carve-outs have provoked questions about the potential stifling of creative or journalistic endeavours. While the AI Act has taken the spotlight of AI regulation, the Digital Services Act’s provisions on recommender systems echo the AI Act's call for transparency. Recommender systems, a subset of AI technologies, also must outline their main parameters in "plain and intelligible language," echoing the AI Act's push for clear, comprehensible explanations. The DSA even mandates an explanation of why certain parameters are considered more important than others, extending the notion of transparency into the realm of accountability. Both acts show a commitment to user agency. The AI Act ensures that the user retains a degree of control when interacting with high-risk AI systems, including an ‘off switch’. Meanwhile, the DSA promotes user agency by compelling platforms to allow users to modify their preferences. The AI Act introduces obligatory risk assessments for high-risk applications, mirroring the DSA's requirements for platforms to conduct comprehensive risk assessments. Here, we witness two regulatory streams converging into a river of algorithmic accountability, encouraging a more nuanced, ethical approach to AI development and implementation. Laws on algorithmic transparency reflect the a paradigm shift in our approach to the ethical and social implications of AI. The importance of such legislation will only intensify as AI becomes increasingly interwoven into the fabric of our lives.

“Trust but verify”.   ^ That’s the 3-word summary of the policy approach proposed by the Joint California Policy Working Group on AI Frontier Models (attached below).   Even if you’re not based in California, this is a fantastic rulebook on AI policy and regulation.   It's one of the more nuanced and deeply-thought papers that cuts past the generic “regulation v innovation” debate, and dives straight into a specific policy solution for governing frontier models (with wisdom draw from historical analogies in tobacco, energy, pesticides and car safety).   Here’s my quick summary of the “trust but verify” model.   1️⃣ TRANSPARENCY In a nutshell, the “trust but verify” approach is rooted in transparency, which is essential for building “trust”. But transparency is such a broad concept, so the paper neatly breaks it down in terms of: ▪️ Data acquisition ▪️ Safety practices ▪️ Security practices ▪️ Pre-deployment testing ▪️ Downstream impact ▪️ Accountability for openness There’s nuance and different transparency mechanisms to each area. However, transparency alone doesn’t guarantee accountability or redress. In fact, the paper warns us about “transparency washing” – i.e. where policymakers (futilely) pursue transparency for the sake of it without achieving anything. Transparency needs to be tested and verified (hence the “verify”).   2️⃣ THIRD PARTY RISK ASSESSMENT This supports the “verify” aspect, and the idea of “evidence-based transparency” (i.e. transparency that you can actually trust). This is not just about audits and evaluations, but also specific things like: ▪️ researcher protections (i.e. safe harbour / indemnity protections for public interest safety research) ▪️ responsible disclosure (i.e. infrastructure is needed to communicate identified vulnerabilities to affect parties)   3️⃣ WHISTLEBLOWER PROTECTION This means legal safeguards to protect retaliation against whistleblowers who report misconduct, fraud, illegal activities, etc. It might be the secret to driving *real* corporate accountability in AI.   4️⃣ ADVERSE EVENT REPORTING A reporting regime for AI-related incidents (similar to data breach reporting regimes) help with identification and enforcement + regulatory coordination and information sharing + analytics. 5️⃣ SCOPE What type of frontier models should be regulated? The paper suggests these guiding principles: ▪️ "Generic developer-level thresholds seem to be generally undesirable given the current AI landscape"   ▪️ "Compute thresholds are currently the most attractive cost-level thresholds, but they are best combined with other metrics for most regulatory intents"   ▪️ "Thresholds based on risk evaluation results and observed downstream impact are promising for safety and corporate governance policy, but they have practical issues" 👓 Want more? See my map which tracks AI laws and policies around the world (see link in 'Visit my website'). #ai #tech #airegulation #policy #california