Blog
Regulation-grounded essays on AI governance, grouped into pillar series. Each pillar opens the series; the supporting articles unpack specific obligations, tools, or operational moves. Every article links to the matching tool and cites the underlying regulation.
Practitioner reads on the EU AI Act — scope, prohibited practices, high-risk obligations, GPAI tiers, transparency, deadlines, and the Digital Omnibus.
A practitioner's guide to the EU AI Act in May 2026: what is already enforced, what the Omnibus defers, and the moves your AI programme should still make.
Article 50 of the EU AI Act requires disclosure when AI is in the loop. What to label, when to label it, and how the watermarking deadline is shifting.
Annex III of the EU AI Act lists the high-risk AI use cases. This checklist walks HR, security, and ops teams through what counts and what to do about it.
EU AI Act, NIST AI RMF, and ISO 42001 are one governance programme, not three compliance projects. Here's how the obligations line up in practice.
The EU's Digital Omnibus on AI defers some deadlines and adds a new prohibition — but most obligations stay live. A practitioner read of the May 2026 deal.
AI governance for banking, insurance, and capital markets — SR 26-2, DORA, NYDFS, GenAI carve-outs, vendor risk, and the EU AI Act × DORA × SR 26-2 stack.
SR 26-2 modernised bank model risk management — and left GenAI out of scope. A practitioner's playbook for the AI governance gap it opened.
Banks across EU and US face three AI-relevant regulatory layers — the AI Act, DORA, and SR 26-2. How they stack, overlap, and diverge.
SR 26-2 placed generative AI outside model risk management. This guide builds the parallel governance track FinServ needs to fill the gap.
NYDFS's October 2024 Industry Letter clarifies how 23 NYCRR Part 500 applies to AI risks. A practitioner walkthrough for FinServ teams.
The Fed's revised model risk management guidance (SR 26-2) supersedes 15 years of SR 11-7 — quietly leaving generative AI to other governance functions.
Workplace AI governance for HR, People Ops, and compliance — employee guidelines rollout, ChatGPT use policy, risk register entries, hiring bias audits, shadow AI, and AI-vendor DPAs.
Employee AI guidelines explained — how HR, compliance, and People Ops teams roll out acceptable use, with jurisdiction-aware steps and rollout checklist.
AI hiring bias audit basics for HR and recruitment teams — NYC Local Law 144, the EU AI Act, and how to scope your first audit.
AI risk register template guidance — how to write a register entry for an employee-facing AI tool, scored on a 5×5 matrix and mapped to NIST AI RMF.
AI tool DPA explained — when an employee AI guideline needs a separate data processing agreement under GDPR Article 28, and what it must include.
What a ChatGPT employee use policy must cover — approved tools, data rules, disclosure, and enforcement — before staff use generative AI at work.
AI vendor assessment template guidance — how to assess the shadow AI tools your employees already use, with a scored 30-question framework.
How AI regulation breaks down: 378 laws across 14 jurisdictions and 14 sectors, the enforcement wave, the strictest markets, and what keeps changing.