Governance as legal theater
Policies on paper, no operational link. The control library lives in a SharePoint folder; the AI program lives in production. The first regulator audit or customer DDQ exposes the gap — and it can’t be closed in the room.
Expertise / AI Governance, Safety & Evaluation
Trustworthy under scrutiny. Not just on paper.
Regulators, boards, auditors, red teams, and customers are now asking questions about your AI program that most enterprises can’t answer. We build the governance, evaluation, and safety operations that turn AI from a risk-register entry into a defensible production capability — engineered to operate, not to file.
Built by senior teams from the University of Edinburgh, Amazon, Stanford & the Alan Turing Institute
The gap
Why governance fails when scrutiny arrives.
Only 48% of businesses using or planning agentic AI have a framework to govern autonomy. Annual red-teaming isn’t enough when models, prompts, and tools update weekly. The 2026 reality: governance has to operate at the velocity of the AI program, or the AI program operates without governance — and the first regulator audit, customer DDQ, or board question exposes it.
No AI inventory
You can’t govern what you can’t see. Shadow AI usage is now the largest enterprise blind spot — SaaS embedded copilots, team-level pilots, agent prototypes nobody catalogued. Without the inventory, every other control is partial.
Red-teaming as an annual checkbox
Models and prompts change weekly; threats evolve weekly. An annual red-team exercise misses the live risk by eleven months. Prompt injection, data exfiltration, jailbreaks, and bias drift don’t wait for next year’s engagement.
Eval theater
A 200-row eval set, run once at launch. Without continuous evaluation tied to releases, you don’t catch regressions until production does — and by then they’re in the audit trail you’re handing to the regulator.
How we build governance
Governance that operates.
Six steps to a governance program built for May 2026 — engineered to run continuously, not to file annually.
- Build the AI inventory. Sanctioned and shadow AI usage across the organization — SaaS copilots, embedded features, internal models, agent prototypes. The foundation every other control sits on.
- Establish the dual framework. NIST AI RMF for taxonomy and risk function, ISO/IEC 42001 for management system and certification. Both, layered — mapped to your existing ISO 27001 and SOC 2 controls.
- Stand up sanctioned-model lists at the gateway. Policy enforced in infrastructure, not on PowerPoint. The model gateway becomes the place where governance is operational, not aspirational.
- Run continuous red-teaming. Automated and human, in CI/CD, against prompt injection, data exfiltration, jailbreaks, and bias. Vendors like Mindgard, HiddenLayer, Lakera, and Cisco AI Defense — selected on your threat model, not their slide deck.
- Engineer eval harnesses tied to releases. Production telemetry for drift, hallucination, PII leakage, prompt injection. Release gates that block bad updates before they ship.
- Produce board-grade attestation. What’s sanctioned, what was tested, what’s measured, what’s at risk. Quarterly. In language your board and your auditors can act on.
Dual framework — NIST taxonomy inside, ISO 42001 management system outside — connected by operational components, run continuously, attested to the board.
What we ship
Governance patterns.
Three patterns we ship, each engineered for a different governance starting point.
01
AI governance program stand-up
Inventory, dual-framework adoption (NIST + ISO 42001), control library, sanctioned-model policy, board reporting cadence. The cross-functional operating model that runs it. Built to scale with the AI program, not to constrain it.
02
EU AI Act conformity & ISO 42001 readiness
Regulatory mapping against the current Act (Annex III high-risk deferred to December 2027 under the May 2026 Digital Omnibus). Control implementation, technical file, conformity assessment path, ISO 42001 certification readiness — sequenced so neither programme blocks the other.
03
Continuous red-teaming program
Automated and human red-teaming, in CI/CD, against your live threat model. Prompt injection, data exfiltration, jailbreaks, bias drift, model abuse. Evidence trail built for auditors, not for the slide deck.
The production layer
What we engineer around governance.
The framework is the surface. These are the layers that make it operate.
01
Evaluation harnesses
Continuous, release-gated, domain-specific. Golden sets, scorecards, production telemetry. Drift, hallucination, PII leakage caught before users see them — and recorded in the audit trail when they don’t.
02
Telemetry & monitoring
Drift, hallucination, PII leakage, prompt-injection detection in production. Threshold-based alerting tied to the incident process — not a dashboard nobody reads.
03
Board-grade attestation
What’s sanctioned, tested, measured, and at risk — quarterly. The artifact your CISO, CRO, and General Counsel can hand to the board, the regulator, and the customer without rewriting.
Where it earns its keep
Governance that earns its keep.
The strongest 2026 engagements share a shape: a high-stakes AI program meeting a regulator, a board, or an enterprise customer — where an unanswered question has a cost and an evidence trail is the difference.
✓
AI risk-committee stand-up
The cross-functional operating function that owns AI governance — charter, cadence, decision rights, escalation path. The place where governance actually happens.
✓
ISO 42001 readiness & certification
Now procurement table stakes. Gap analysis, control implementation, internal audit, certification body selection — mapped onto your existing ISO 27001 management system.
✓
EU AI Act conformity assessment
Regulatory mapping against the current Act and Digital Omnibus timeline. Gap analysis, control library, technical file, conformity assessment path for high-risk systems.
✓
Red-team-as-a-service
Continuous automated and human red-teaming against your live threat model. Mindgard, HiddenLayer, Lakera, Cisco AI Defense — selected and operated on your behalf.
✓
Model-card & audit-trail program
The artifacts auditors and regulators ask for — model cards, decision logs, lineage, evaluation evidence. Generated from the system, not hand-written before the audit.
✓
Board-grade AI attestation
Quarterly reporting that answers the board-level questions: what’s sanctioned, what’s tested, what’s measured, what’s at risk — in language your directors can act on.
FAQ
Questions we get from CISOs, CROs, and General Counsel.
NIST AI RMF, ISO 42001, EU AI Act — what do we need to do, and in what order?
Start with NIST AI RMF as the taxonomy — it’s the cheapest way to get a shared risk vocabulary across legal, security, and engineering. Layer ISO/IEC 42001 next as the management system, because it’s now procurement table stakes and re-uses most of your ISO 27001 control work. EU AI Act conformity sits on top of both for in-scope systems. Sequencing this way means each layer compounds — they don’t compete for budget.
What does “board-grade AI attestation” actually look like?
A four-question quarterly artifact: what’s sanctioned, what was tested, what’s measured, what’s at risk — each answered with evidence from the system, not the slide deck. It’s the document your CISO, CRO, and General Counsel can hand to directors, regulators, and enterprise customers without rewriting for each audience. Three to five pages. Generated from the inventory, eval harness, red-team evidence, and incident log — not authored from scratch.
How do we govern agentic AI specifically?
The same dual framework, with three additions: an action policy (what the agent is allowed to do), an audit trail for every tool call and decision, and rate controls at the model gateway. Only 48% of organizations using or planning agentic AI have any framework to govern autonomy — which is also why agentic incidents are starting to appear in regulator reporting. Treat the agent as a system with privileges, not a feature with a prompt.
Is ISO 42001 worth pursuing?
Yes, for two reasons. First, it’s appearing in enterprise DDQs and procurement RFPs — by mid-2026 the absence of a credible path to certification is starting to lose deals. Second, the management system itself forces operating discipline most AI programs need anyway. If you already hold ISO 27001, the marginal effort is real but not enormous — most of the controls layer on existing ones.
How does continuous red-teaming work in CI/CD?
Automated red-team suites run on every model, prompt, or tool change — prompt injection, data exfiltration, jailbreaks, bias drift — gating the release if results regress. Human red-team campaigns run on a defined cadence against the live threat model — quarterly minimum, more often for high-risk systems. The output isn’t a report, it’s evidence tied to the release log. Vendors we ship with: Mindgard, HiddenLayer, Lakera, Cisco AI Defense.
The EU AI Act timeline keeps moving — what’s actually in force right now?
As of May 2026, the Act is in force, but the high-risk obligations under Annex III were deferred to 2 December 2027 by the Digital Omnibus agreement of 7 May 2026. Annex I high-risk obligations move to 2 August 2028. Prohibited-use and GPAI obligations remain on their original timeline. Practically: most enterprises now have more runway than they thought — but the controls still need to be built, because procurement, customers, and sector regulators won’t wait for the deferred date.
Where to start
Where to start.
A senior consultant runs a focused governance audit against your AI program.
We deliver: an AI inventory (sanctioned and shadow), a dual-framework gap analysis (NIST AI RMF + ISO/IEC 42001), regulatory mapping (EU AI Act + sector regulators), a red-team readiness assessment, and a sequenced 12-month program plan with board-reporting cadence.
What you get: a scored gap analysis against NIST AI RMF and ISO 42001; an AI inventory with shadow-AI coverage; a regulatory mapping for in-scope systems; a 12-month program plan with sequenced milestones and board-reporting cadence; and one workshop with your CISO, CRO, and General Counsel. Led by a senior consultant — fixed scope, fixed fee.
Book an AI Governance Review →Start the conversation
Ready to make AI governance operate?
A 30-minute conversation with a senior consultant. Bring your current AI program, your draft policy, or the regulator or customer question you can’t answer. We’ll tell you where the gaps are, what’s load-bearing, and what an AI Governance Review would surface.
Book an AI Governance Review →