AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

Implementation Layer

AI Governance Controls

Operational controls for real-world enterprise AI systems — organized by domain, mapped to regulations, with maturity levels and implementation guidance.

Not sure where to start? Answer 3 questions and get a tailored compliance action plan.

What applies to me? →
HOC

Human Oversight

Review gates, approval workflows, and override mechanisms for AI decisions.

7 controls

AGT

Agentic AI

Goal constraints, action boundaries, and escalation paths for autonomous AI agents.

24 controls

SEC

Security

Adversarial input defense, prompt injection protection, and model access controls.

5 controls

ALC

Audit & Logging

Immutable records of AI decisions, inputs, outputs, and model versions.

5 controls

CHM

Change Management

Model release governance, version rollback, and change approval workflows.

5 controls

DGC

Data Governance

Training data provenance, privacy controls, and data retention policies.

6 controls

MON

Monitoring & Drift

Performance drift detection, anomaly alerting, and operational dashboards.

6 controls

SAF

Safety & Reliability

Graceful degradation, fail-safe defaults, and reliability under adversarial inputs.

6 controls

IRC

Incident Response

Containment, investigation, and remediation procedures for AI system failures.

6 controls

PRC

Procurement

Third-party AI vendor due diligence, contractual obligations, and offboarding.

15 controls

CMP

Regulatory Compliance

Multi-jurisdiction regulatory mapping, standards monitoring, and compliance architecture for AI systems.

10 controls

BRD

Board & Executive Governance

Board education, committee charters, executive reporting, risk appetite, and enterprise-wide AI governance program design.

9 controls

MGV

Model & Program Governance

Model lifecycle policy, intake and approval workflows, evaluation frameworks, and program-level AI governance maturity.

9 controls

SCT

Sector-Specific & Emerging

Healthcare, insurance, critical infrastructure, national security, and emerging-use-case controls not covered by domain-general frameworks.

9 controls

16 controls matching filters

AGT

Agentic AI

6 controls
SEC

Security

1 control
ALC

Audit & Logging

1 control
MON

Monitoring & Drift

1 control
SAF

Safety & Reliability

2 controls
MGV

Model & Program Governance

2 controls
SCT

Sector-Specific & Emerging

3 controls