AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

← News
Research2026-05-26

AI Governance Problems, Policy Options, and Research Gaps Mapped in LawAI Literature Review

What happened

LawAI published the Advanced AI Governance: A Literature Review of Problems, Options and Research Challenges in January 2025, providing a structured survey of academic and policy literature on frontier AI governance mechanisms. The review covers regulatory instruments including compute security measures, software and hardware export controls, licensing regimes for advanced AI systems, structured system evaluations, and procurement rules designed to advance AI safety objectives. It also examines voluntary corporate governance proposals such as Responsible Scaling Policies adopted by several leading AI developers, and formal AI certification schemes being explored by standards bodies and regulators. The document does not make binding recommendations but synthesizes existing research to identify where evidence is strong, where significant gaps remain, and which governance questions require further empirical or legal investigation. The review is intended to serve policymakers and governance practitioners across international frameworks, with particular relevance to active policy discussions in the United States, the United Kingdom, and the European Union.

Why it matters

  • ·The review signals that licensing and pre-market certification regimes for frontier AI models are under active consideration across multiple jurisdictions, creating potential new regulatory exposure for developers who have not yet mapped their compliance posture against emerging approval obligations.
  • ·The document's detailed treatment of system evaluations connects directly to existing mandates such as the EU AI Act's conformity assessment requirements and NIST's AI Risk Management Framework, meaning organizations already subject to these frameworks may face heightened scrutiny of their evaluation and audit practices.
  • ·The inclusion of compute governance and export controls as core governance topics underscores that trade compliance functions are now organizationally implicated in AI risk management, expanding the internal stakeholder set that must coordinate on AI governance strategy.

Governance controls affected

What to do now

  • Review internal AI risk classification processes against the licensing and certification frameworks surveyed in the literature review to identify gaps ahead of potential pre-market approval obligations.
  • Assign trade compliance teams to assess the organization's exposure to current and anticipated compute-related export controls, particularly those tightened by the United States and mirrored by allied governments.
  • Evaluate existing system evaluation and conformity assessment procedures against the structured evaluation standards discussed in the review and referenced in the EU AI Act and NIST AI RMF.
  • Brief procurement and legal counsel on the review's findings regarding AI procurement rules so that vendor contracts can be updated to reflect emerging government expectations around safety and transparency.
  • Identify open research and regulatory questions highlighted in the review that are relevant to the organization's AI portfolio and determine where engagement with regulators or standards bodies would be productive.

What to watch next

Compliance teams should monitor legislative and regulatory developments in the United States, the United Kingdom, and the European Union related to compute export controls, as restrictions have been tightening rapidly and further allied government coordination is expected. Progress on formal AI certification schemes at standards bodies such as ISO and national equivalents warrants close attention, given that the review identifies certification as an area of active policy development that could result in binding pre-market obligations. Teams should also track any follow-on publications from LawAI and similar academic-policy institutions, as subsequent work addressing the open research gaps identified in this review may inform upcoming regulatory guidance cycles.

Related Coverage

Research2026-05-30

Governance Before Deployment: Databricks Makes the Case for Architecture-First AI Control Programs

Databricks has published implementation guidance arguing that AI governance must be embedded into system architecture, identity controls, and continuous evaluation pipelines from the outset, rather than appended after deployment. The guidance covers agentic AI identity management, bias and accuracy monitoring, and cross-functional collaboration between risk, security, and technical teams. It is positioned as a practitioner framework for enterprise organizations building or scaling AI programs.

Research2026-06-15

S&P Global Report Frames AI Governance as a Principle-Based Risk Discipline, Raising the Bar for Enterprise Compliance Programs

S&P Global has published a research report titled 'The AI Governance Challenge,' arguing that enterprise AI governance should be anchored in five core principles: transparency, fairness, privacy, adaptability, and accountability. The report documents common organizational practices including ethical review boards, impact assessments, algorithmic transparency mechanisms, and risk-focused controls. Its findings map directly to compliance, model governance, and privacy programs across industries.

Insight2026-06-13

Fable 5 and Mythos 5 Suspended by U.S. Export Control Directive: Three Governance Gaps Enterprise AI Programs Have Not Planned For

On June 12, 2026, a U.S. government export control directive required Anthropic to suspend all access to Fable 5 and Mythos 5 for foreign nationals, effectively disabling the models for all customers overnight. The immediate trigger was a narrow code-analysis jailbreak technique, but the directive exposes deeper gaps: most enterprise AI governance programs have no continuity plan for government-mandated model suspension, no process for nationality-based access controls, and no export control review in their AI vendor assessment workflow.