AI Governance
What is AI Governance?
AI GovernanceThe policies, processes, roles, and controls organisations and regulators use to ensure AI systems are developed, deployed, and operated responsibly and lawfully.
AI governance translates ethical principles and legal requirements into concrete controls: model inventories, risk classification, impact assessments, approval gates, transparency, monitoring, and accountability. Reference frameworks include the NIST AI Risk Management Framework (AI RMF) and its 600-1 Generative AI profile, ISO/IEC 42001 management-system standard, OECD AI Principles, the EU AI Act, and the UK and US AI Safety Institute evaluations. Governance functions span legal, compliance, security, privacy, ML engineering, and product. Mature programs maintain an AI Bill of Materials, conduct red-team and bias evaluations, log all production model versions, and provide structured incident-response and audit capabilities to satisfy regulators and customers.
● Examples
- 01
An enterprise maintaining a model inventory mapped to EU AI Act risk tiers and ISO/IEC 42001 controls.
- 02
An internal AI review board approving every high-risk model deployment, including red-team and bias-evaluation evidence.
● Frequently asked questions
What is AI Governance?
The policies, processes, roles, and controls organisations and regulators use to ensure AI systems are developed, deployed, and operated responsibly and lawfully. It belongs to the AI & ML Security category of cybersecurity.
What does AI Governance mean?
The policies, processes, roles, and controls organisations and regulators use to ensure AI systems are developed, deployed, and operated responsibly and lawfully.
How does AI Governance work?
AI governance translates ethical principles and legal requirements into concrete controls: model inventories, risk classification, impact assessments, approval gates, transparency, monitoring, and accountability. Reference frameworks include the NIST AI Risk Management Framework (AI RMF) and its 600-1 Generative AI profile, ISO/IEC 42001 management-system standard, OECD AI Principles, the EU AI Act, and the UK and US AI Safety Institute evaluations. Governance functions span legal, compliance, security, privacy, ML engineering, and product. Mature programs maintain an AI Bill of Materials, conduct red-team and bias evaluations, log all production model versions, and provide structured incident-response and audit capabilities to satisfy regulators and customers.
How do you defend against AI Governance?
Defences for AI Governance typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for AI Governance?
Common alternative names include: AI risk management, Responsible AI governance.
● Related terms
- ai-security№ 033
AI Safety
The discipline that aims to prevent AI systems from causing unintended harm to users, operators, and society — covering technical, operational, and societal dimensions.
- ai-security№ 024
AI Alignment
The research and engineering effort to ensure AI systems pursue goals, follow instructions, and behave in ways that match the intentions of their developers and users.
- ai-security№ 691
MLSecOps
The discipline of integrating security and risk controls across the entire machine-learning lifecycle, from data sourcing through training, deployment, monitoring, and retirement.
- ai-security№ 025
AI Bill of Materials (AIBOM)
A machine-readable inventory of every component that goes into an AI system — datasets, base models, fine-tuning data, libraries, prompts, and evaluation artifacts — used for security, compliance, and accountability.
- ai-security№ 032
AI Red Team
A specialised team that simulates adversaries against AI systems to uncover safety, security, and misuse risks before real attackers do.
- ai-security№ 029
AI Incident Response
The set of processes, roles, and playbooks an organisation uses to detect, contain, investigate, communicate, and recover from incidents involving AI systems.
● See also
- № 704Model Inversion
- № 666Membership Inference Attack
- № 297Deepfake
- № 1123Synthetic Media
- № 035AI Watermarking
- № 1026Shadow AI
- № 729Nightshade Attack
- № 026AI Content Detection