Practical Governance for Enterprise AI
Tag
9 items
LawAI released a comprehensive literature review titled 'Advanced AI Governance: A Literature Review of Problems, Options and Research Challenges,' surveying recent academic and policy research across compute security, software export controls, AI licensing, system evaluations, and procurement rules for AI safety. The review also examines corporate governance proposals including Responsible Scaling Policies and AI certification schemes. Published in January 2025, the document is intended to map the current state of knowledge and identify open research questions for policymakers and governance practitioners.
A May 2026 analysis by K&L Gates describes an emerging US AI governance structure being assembled in real time through executive action, FTC enforcement, civil rights mechanisms, technical standards, and federal procurement requirements. The analysis highlights that the Administration has been weighing executive actions that would impose pre-deployment vetting obligations on frontier AI models. For enterprises, the most immediately affected controls span pre-release model evaluation, substantiation of AI marketing claims, third-party vendor due diligence, and federal contracting compliance.
The U.S. General Services Administration has published its AI Strategies and Compliance Plan, establishing a formal AI Governance Board known as the EDGE Board, co-chaired by the agency's Chief Data Officer and Deputy Administrator, alongside a cross-functional AI Oversight Committee responsible for reviewing all internal AI requests and enforcing privacy and security controls. The updated CIO Directive 2185.1A expands the agency's AI governance scope beyond generative AI to cover the full spectrum of AI systems in use or under consideration at GSA. The structure sets a precedent for layered federal agency AI oversight with defined executive accountability.
A March 2026 Harvard Law Review article examines how frontier AI companies such as OpenAI and Anthropic have adopted governance structures designed to counterbalance commercial profit pressures with safety-oriented accountability. The analysis focuses in particular on Anthropic's charter mechanism, which grants Class T shareholders the right to elect three of five board directors either after May 24, 2027 or eight months following the receipt of $6 billion in investment capital, whichever occurs first. These trustees are empowered to prioritize safety considerations, structurally limiting the influence of purely profit-driven incentives at the board level. The research classifies these arrangements as prosocial corporate governance tools and situates them within broader stakeholder-focused approaches to managing AI development risks. For enterprise compliance teams, the analysis provides a framework for evaluating whether AI vendors' internal governance structures credibly constrain high-risk development practices, which is increasingly relevant to third-party risk assessments and AI procurement due diligence. While the article is not a binding instrument, its articulation of concrete governance benchmarks offers practical reference points for assessing AI suppliers against emerging standards.
The International Association of Privacy Professionals (IAPP) published an op-ed on April 28, 2026, identifying three recent non-legislative events that are materially shaping global AI governance without transparent deliberation or meaningful input from affected governments and populations. The piece argues that geopolitical pressures and procurement decisions are driving de facto AI rules in ways that bypass formal regulatory channels, creating accountability gaps that compliance teams may not be tracking. The IAPP urges privacy and governance professionals to engage civil society organizations, secure sustainable funding for oversight initiatives, and build direct partnerships with regulators to fill these gaps. For enterprise compliance teams, the analysis flags a systemic risk: material AI governance obligations may emerge from informal or opaque processes rather than published legislation or regulation, making standard regulatory monitoring insufficient. Organizations operating across multiple jurisdictions should audit their governance tracking practices to account for non-legislative standard-setting activity. The finding is particularly relevant for teams assessing AI deployment risk in markets where procurement frameworks or bilateral agreements may function as de facto regulatory instruments.
Anthropic released version 3.0 of its Responsible Scaling Policy (RSP) in February 2026, eliminating the company's original commitment to pause AI development if safety could not be guaranteed in advance. The safety pause provision had been a defining feature of Anthropic's voluntary governance framework since the company introduced the RSP in 2023. The removal marks a material shift in how Anthropic's self-imposed development constraints are structured, moving away from a precautionary halt mechanism toward an updated framework whose specific replacement controls have not been fully detailed in public reporting. For enterprise compliance teams, this change is relevant to vendor risk assessments and third-party AI governance reviews, as Anthropic's RSP has been cited by organizations as evidence of supplier-level safety commitments when procuring or integrating Claude-based products. Compliance teams that reference Anthropic's published governance commitments in internal risk documentation, procurement due diligence, or regulatory disclosures should review whether those references remain accurate under the new policy version.
A January 2026 Harvard Law Review article examines the novel corporate governance structures adopted by AI companies OpenAI and Anthropic, concluding that these arrangements may be insufficient to sustain meaningful AI safety commitments over time. The analysis focuses in particular on Anthropic's charter, which grants safety-focused Class T trustees the power to elect three of five board directors either after May 24, 2027, or once the company reaches $6 billion in cumulative investment. The article argues that structural mechanisms designed to counterbalance profit motives are vulnerable to gradual erosion, a phenomenon the authors term amoral drift. For enterprise compliance teams, the research signals that reliance on voluntary governance commitments by AI vendors cannot substitute for independent due diligence on safety and accountability practices. Organizations procuring AI systems from these companies should monitor whether governance structures remain intact and enforceable as commercial pressures intensify.
The Future of Life Institute published its Summer 2025 AI Safety Index on July 15, 2025, evaluating seven leading AI companies against 33 indicators of responsible development spanning six domains, including risk ownership, accountability, and oversight. The index does not name all evaluated companies in the raw findings but singles out DeepMind with specific recommendations, including better coordination between safety and policy teams, greater transparency in third-party evaluations, and publication of risk assessments in model cards. The report identifies persistent gaps between corporate commitments and actual practices, signaling continued scrutiny of whether AI developers are operationalizing their stated safety principles. For enterprise compliance teams, the index functions as an external benchmark that regulators, investors, and procurement officers may reference when assessing vendor AI governance maturity. Organizations that supply or procure AI systems from evaluated companies should monitor how these ratings evolve and whether recommendations translate into updated documentation requirements, such as revised model cards or third-party audit disclosures.
The Oxford Martin AI Governance Initiative published a research paper on April 14, 2026, examining verifiable semiconductor manufacturing as a mechanism for ensuring transparency and trustworthiness in AI compute infrastructure supply chains. The research addresses how verification methods can be applied to semiconductor production processes to provide assurance about the origin and integrity of chips used in AI systems. For enterprise compliance teams, the work is relevant to emerging expectations around AI hardware provenance, particularly as regulators and standards bodies increasingly scrutinize the full stack of AI system components. Organizations procuring AI compute infrastructure may face future requirements to demonstrate supply chain integrity, and this research contributes to the methodological basis for such frameworks.
