r/AI_Governance

Legal is pushing us to start logging ai prompts company wide. The security half of my brain gets it, we had an incident where someone pasted a whole board deck into some random ai tool and we only found out because that tool got breached months later.

But logging every prompt feels like reading peoples diaries. A lot of what folks ask ai is personal, even on work machines. Idk where the line is and I’m the one recommending an approach to the CISO this Friday.

This is observation 5 from an 18-month empirical field audit of generative AI models conducted in real-use conditions. The full document is published on Zenodo with bibliographic references.

OBS·5 — Safety safeguard failure in response to real emotional distress signal GPT-4.5 vs. Gemini · Night of April 3–4, 2026

Input: A real voice note shared without prior framing. The user was expressing fear while walking alone at night. It was not described as creative material or as a test.

GPT-4.5: Reframed the content as potential creative material. Did not activate any wellbeing protocol. When asked directly why it hadn't, the model responded that if it took every fear signal seriously "it would never move forward and the interaction would be disrupted".

Gemini: The same input triggered emotional support protocols without any additional explanation. Provided crisis resources and closed without redirecting the conversation.

Conclusion: This is not an isolated error. It is a structural design difference confirmed by the model itself: the system prioritizes interaction retention over safety protocol activation. GPT-4.5's explicit statement about its own prioritization logic is direct evidence, not inference.

Regulatory framework: EU AI Act, Art. 5(1)(b) — exploitation of vulnerabilities.

Full observation with bibliographic references: https://doi.org/10.5281/zenodo.19562421

been going through the landscape and most things marketed as "ai governance" fall into three buckets:

1. audit logs that tell you what happened after it happened... which is observability, not governance.
2. llm-as-judge where a second model watches the first... probability watching probability. this falls apart the first time someone asks for a replay in a regulated context.
3. policy docs sitting in a confluence page that never actually run in the execution loop.

what's missing across all three is execution-time enforcement.. a layer between the agent's decision and the tool call that evaluates deterministically and either allows, blocks, or kicks it to a human. you get the same input, same decision, every time. there's no model in the middle.

this is almost certainly where healthcare and finance are going to land (first adopters due to compliance push), because "we'll improve next time" doesn't survive an audit.

is anyone actually running policy-as-code at the tool-call layer? or is most of the "enforcement" still llm-as-judge and logging?

for context, i'm building in this space. i'm not pitching.. just want to hear how others are approaching it

Most AI governance work sits at two ends: policy frameworks at the top, and model-level evaluation at the bottom. The middle layer, runtime enforcement during actual decision execution, is almost empty.

By runtime enforcement, we mean the concrete mechanics: how you bound an agent's authority inside a live decision, what the escalation path looks like when it hits its limits, how the decision gets recorded in a form that reconstructs why the outcome happened, and how a human reviewer overrides it without tearing up the audit trail.

These questions are not answered by policies or model evals. They get answered by something sitting in the execution path.

We are co-authoring Enterprise Architecture in an Agentic World with Manning and building MIDAS as the open-source counterpart to the book's runtime governance ideas. It treats decisions as first-class objects with explicit authority boundaries, produces audit envelopes that capture the full decision context, and handles escalation and human-in-the-loop review as part of the runtime rather than bolted on afterward. The premise is that governance needs to happen inside decision execution, not only around it.

One of us teaches AI and AI governance at Oxford, and the lack of concrete codebases for newcomers to engage with is a real gap. An open-source project with real design decisions and a live issue tracker is one of the better ways to learn this material, arguably better than most courses, because nothing in a course survives contact with questions like: “What happens when a reviewer overrides an agent's decision and the policy says they should not be allowed to?”

A few questions we think are worth discussing more openly in this space:

• Where does runtime enforcement stop being governance and start being just "controls"?
• How do you audit an autonomous decision in a way that is genuinely useful to a reviewer six months later, rather than just producing log noise?
• What is the right relationship between policy, meaning what should happen, and authority, meaning what a specific agent is permitted to do in a specific context?

The project is MIDAS, Apache-licensed, written in Go, at github.com/accept-io/midas.

Our first external contributor has just picked up the Authority Graph work, which is the runtime artefact that makes authority boundaries inspectable. Adjacent areas are open for contribution too, including observability, run linkage, simulation, eventing, an OPA-backed policy evaluator, and Explorer admin on the existing Local IAM backend. The issues are written up with enough context to be picked up without long onboarding.

We would love to hear from you whether you are an expert in the field or newer to it. Contributions, questions, critique, and discussion are all very welcome.

​

I keep seeing the same pattern in mid-market teams right now.

They’ve done the “right” things:

inventoried their AI systems

mapped data flows

classified risk

On paper, everything looks solid.

Then the system runs.

A policy violation gets flagged… logged… and the action still completes.

Nothing actually stops.

At that point, governance isn’t doing anything. It’s just recording what already happened.

That’s the gap I keep running into:

visibility → classification → (nothing enforcing in real time)

Most setups I’ve seen are really good at answering:

“What went wrong?”

But not:

“Was this allowed to happen in the first place?”

Feels like the shift now is from documenting systems to actually controlling them while they’re running.

Curious if others are seeing this too, or if you’ve found a way to enforce constraints at runtime without breaking latency or workflows.

Most AI governance frameworks are structurally incomplete.

They define policies, constraints, and principles, but they place enforcement outside the system instead of inside it.

That creates a predictable failure mode:

policy → system → output → audit

Everything can appear “correct” at each step, yet the outcome still drifts.

Why?

Because there is no enforcement point inside the execution loop.

What’s actually happening

The real loop looks like this:

state → prompt → response → interpretation → reinforcement → next state

If nothing intervenes:

drift compounds

reinforcement amplifies errors

coherence becomes optional

The system doesn’t break.

It continues operating exactly as designed.

What’s missing

A governance architecture that operates during execution, not after.

Minimal control layer:

Decision Boundaries

Define when behavior is allowed vs restricted

Continuous Assurance

Monitor outputs across iterations

Escalation Thresholds

Trigger intervention when drift patterns emerge

Stop Authority

Hard interrupt when coherence fails

The corrected loop

policy → enforcement → execution → monitoring → intervention

Not advisory.

Not observational.

Enforced in real time.

Bottom line

The issue is not that AI systems amplify behavior.

The issue is that:

amplification is allowed to continue without constraint.

Until enforcement exists inside the loop, drift is the default outcome.

          Time turns behavior into infrastructure.
        Behavior is the most honest data there is.

Hey everyone,

I'm looking for someone who is also trying to break into the AI Governance field and wants to go through the journey together as study partners.

I'm very new to this space so I'll be starting from the absolute basics. No prior background in AI policy or governance needed, just genuine curiosity and commitment to show up consistently.

The idea is pretty open and flexible. We figure it out together as we go, deciding what to read week by week, whether that's books, research papers, case studies, or policy documents. We could work on small projects together, discuss what we're learning, hold each other accountable, and slowly build up our understanding of the field side by side.

Ideally I'd love someone who can commit to daily or near-daily study sessions even if it's just 30 minutes of reading and a quick sync. Consistency matters more to me than speed.

If you're someone who is also pivoting into AI governance, policy, safety, or anything adjacent and you want a structured but flexible learning partner for the long haul, drop a comment or send me a DM. Would love to connect.

Also, I'm currently based in Dubai, so if you happen to be in the region, in-person meetups are absolutely on the table. That said, location doesn't matter at all, online meetups work just as well and I'm happy to connect with anyone from anywhere in the world.

I’ve spent the last few weeks digging into the actual technical requirements for the EU AI Act’s August deadline, and I think we’re all collectively missing the point.

Most teams are treating "Governance" like a compliance checkbox—something you hand off to a lawyer to write a PDF about. But if you're actually shipping agentic systems in 2026, you’re about to realize that Governance is just Infrastructure by another name.

Here is the "new" reality that isn't being talked about in the hype cycles:

1. "Logging" is a trap. If your agent hallucinations or triggers a restricted tool call, and your only fix is seeing it in a log an hour later... you’ve already failed. The regulators are looking for Runtime Enforcement.

This means you can’t just "monitor" anymore. You need a middle layer—like a service mesh for AI—that intercepts the model’s intent and kills the process before it hits the API. If your governance isn't running at the same speed as your inference, it’s just a "post-mortem" tool for your eventual fine.

2. The "Referee Model" is the only way to scale Article 14.

The EU Act asks for "Human Oversight" (Article 14). Good luck doing that manually when your agents are making 5,000 calls a minute.

The workaround people are actually building is a Consensus Architecture. You run a tiny, hyper-specialized "Referee" model alongside your main LLM. If the Referee flags a policy violation, it triggers a circuit breaker. It’s basically "automated oversight," and it’s the only way to survive an audit without hiring a small country's worth of moderators.

3. ISO 42001 is the new SOC2.

Founders, stop selling your "safety guardrails." Nobody cares. In 2026, enterprise buyers only care about your AIMS (AI Management System). If your SDK/platform doesn't automatically generate an immutable audit trail of every decision, tool call, and data source, you’re never going to clear a security review. We’re moving toward a world where "Trust" is just a set of verifiable technical evidences, not a marketing slide.

The Bottom Line:

We’re moving out of the "Shadow AI" era where devs just played with APIs in a vacuum. If you aren't building Policy as Code directly into your runtime, you’re just building technical debt that’s going to explode in August.

Is anyone else actually trying to implement OPA (Open Policy Agent) or similar logic for their agents? How are you handling the latency hit?

​

Trying to understand where governance becomes *real* in deployed systems.

A lot of approaches today focus on:

- risk assessment

- policy definition

- compliance mapping

This creates visibility.

But I’m not sure it creates control.

---

In practice, when a system crosses a boundary, what actually happens?

- does it continue and log?

- does it trigger review?

- does it pause or stop?

- does a human intervene?

---

It seems like there’s a difference between:

knowing something is wrong

and

the system being *unable to continue* when it is

---

Curious how others are handling this in real systems:

At what point does governance move from observation to enforcement?

And what mechanisms are you using at that boundary?

There's a lot of movement around AI regulation right now (EU AI Act, US frameworks, etc.), but in practice many of these governance models don't survive contact with real, agentic systems.

I've been digging into why compliance frameworks tend to break at the operational layer - things like:

• human oversight that works on paper but collapses in real workflows
• enforcement gaps across jurisdictions
• fragmented compliance creating systemic risk rather than safety

Has anyone built anything - internal tooling, audit systems, monitoring dashboards - that actually addresses these gaps at the deployment level? Looking for practical approaches, not more framework docs.

Specifically curious whether anyone has tackled the agentic systems problem, where traditional checkpoint-based oversight just doesn't map cleanly onto continuous autonomous operation.

Would love to see what others are working on or hear what's actually being used in production environments.

Every AI team I talk to runs into the same problem:

When something goes wrong, no one can clearly prove what the system actually did.

Logs can be changed. Decisions get fuzzy. Accountability disappears.

I kept seeing this come up, so I built something to test an idea:

A system that:

• shows exactly what the AI did

• proves it hasn’t been altered

• and records who took responsibility if something goes wrong

Still early, but I’m curious —

Would something like this actually matter in your workflow?

SB 24-205 enforcement starts June 30, 2026. Most of the conversation focuses on the $20k per consumer penalty but the more interesting part of the statute is the rebuttable presumption defense under Sec. 6-1-1706.

If you can demonstrate reasonable care, the burden shifts to the AG to prove you weren't compliant. That's a meaningful legal shield. But "reasonable care" isn't vague. The statute requires specific things to be in place before an incident:

Risk assessments documenting how your AI system could produce discriminatory outcomes across the protected classes listed in the statute (which includes reproductive health and limited proficiency in English, not just the usual federal list).

Consumer notices disclosing that AI is being used in consequential decisions.

AI system inventory with documented ownership.

Ongoing monitoring, not point-in-time documentation.

The key word is "before." Retroactive documentation doesn't satisfy the rebuttable presumption. If the AG comes asking and your evidence was assembled after the fact, the defense fails.

Curious what others are seeing. Are companies actively building toward the rebuttable presumption requirements or still treating June 30 as theoretical?

Free exposure audit at aguardic.com/colorado-ai-act-audit if anyone wants to scope where they stand. 10 questions, PDF with statute citations.

They happen when a human overrides the system, and there’s no structured way to capture or explain why.

Over time, you end up with two systems, namely what the model says and what the organisation actually does

What are you observing on how people are handling that boundary?

Are you capturing overrides as data, or are they still invisible?

I’m trying to break into AI governance and would really appreciate honest advice from people who actually understand the field.

Here’s my background: I’m currently doing a Master’s in Business Analytics in Ireland, and I have a Bachelor’s in Business Administration. I’ve done five internships across product management, project management, and three roles in primary and secondary market research (not sure how valuable those are—I just took opportunities each summer as a student).

Right now, I’m working on my master’s dissertation, where I’m developing an AI governance framework. I’m reviewing existing frameworks and also studying the EU AI Act. I’m also planning to pursue the AIGP certification.

I’d really appreciate an honest assessment of where I stand and what I should be doing next. I don’t have anyone in my circle who understands this space, and honestly, every AI tool I ask tells me I’m “perfectly positioned,” which I just don’t believe. It feels like there’s no way I’m actually ready to break into an AI governance role yet.

Any real, grounded advice would mean a lot.

EU AI Act compliance deadlines are landing fast. Article 5 prohibitions have been in effect since February 2025. GPAI provider obligations since August 2025. High-risk systems under Annex III and Article 50 transparency obligations both kick in August 2, 2026.

Built a free classification tool that walks through the full decision tree: Article 5 prohibited practices → Annex III high-risk domains → Article 6(3) exemption check → GPAI provider detection. Outputs a PDF roadmap with the specific articles that apply (Articles 9-17 for high-risk providers, Article 26 for deployers, Article 50 transparency triggers, Articles 53-55 for GPAI providers), penalty exposure under Article 99 or 101 depending on classification, and the August 2026 deadline anchored to your specific risk tier.

aguardic.com/compliance/eu-ai-act/roadmap

Built it because every EU AI Act resource is either a 4,000-word "what is the EU AI Act" explainer or a generic checklist that doesn't tell you which obligations actually apply to your system. The classification logic is the hard part, and most resources skip it.

No signup for the classification, no email gate for the PDF download. Built as part of aguardic.com.

Would value feedback from anyone working through EU AI Act compliance — especially on the Article 6(3) exemption logic and the GPAI provider vs deployer distinction. Got both wrong twice before they worked.

Curious what people are seeing in the field. Most companies I've spoken with fall into three buckets:

1. Unaware — don't realize the Act applies to them even if they have EU customers or operations
2. Aware but paralyzed — know they need to do something but don't know where to start
3. Spreadsheet governance — tracking AI tools in Excel and hoping that's enough

The practical starting point that seems to work is a proper AI inventory — just knowing what AI systems you have, what data they touch, and who owns them. That alone gets you 40% of the way there.

NIST AI RMF is the cleanest US-friendly framework to structure around. The four functions — Govern, Map, Measure, Manage — map reasonably well to EU AI Act requirements too.

What are you seeing? Anyone found tools or approaches that actually work at mid-market scale without requiring a six-month consulting engagement?

Hi all, I am embarking in a career change in efforts to step into AI Governance and compliance roles, currently at my company I am being brought in building a Modern Team for introduction of policy and enforcement as agents build up, we are in manufacturing so we are on the slower end of the spectrum I believe in this race,

I wanted to see in the landscape is it possible to land a role going in this path, getting AIGP, creating models and scenario based exercises to deliver actual practical results instead of just gaining certification,

The Question: Can this be achieved from someone in a 10+year leadership/infrastructure engineer role, or will this field be based up of mostly Legal/Cybersecurity/Audit backgrounds,

The Other Question: It seems from outside in, every single company would have a need for this role, even two, as investment dives in and every company backbone will be ran with sole structure focus of AI, but maybe this is wishful (surface level) thinking?

Thank you in advance!

​

Been in information governance and records management for 20+ years, but my role is definitely shifting to AIG

Something's been nagging at me. I've gone through the main AI governance frameworks, EU AI Act, ISO 42001, NIST, and they all govern the system. How you build it, deploy it, risk-assess it. Fine.

But what about the output? The stuff AI actually produces? Who owns it? How long do you keep it? Can you even trust it as evidence? What happens to all of it when you switch platforms or just stop using the tool?

Nobody seems to be asking these questions. Or if they are, I can't find them.

I keep seeing courts having to figure this stuff out on the fly because there's no framework telling them what AI output actually is. And I've seen a couple of jurisdictions starting to apply old records management law to AI output, not new AI legislation, existing records law. Which is interesting because it suggests the tools to deal with this might already exist, just nobody's connecting them.

Am I late to this? Is someone already working on governing AI output specifically, not just the systems? Because from where I'm sitting it feels like a massive gap and I'm surprised nobody's filled it yet.