AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

Topics

AI in Legal and Professional Services

Law firms, accounting firms, and professional services organizations are adopting AI for document review, contract analysis, legal research, due diligence, and client-facing work. These deployments raise distinct governance obligations around client confidentiality, accuracy, professional liability, and the unauthorized practice of law. Regulatory bodies and bar associations are beginning to issue specific guidance, while the EU AI Act classifies certain legal AI applications as high-risk.

Key board-level questions

  • 1.How do we ensure AI-assisted legal work meets professional accuracy and confidentiality obligations?
  • 2.Are we disclosing to clients when AI systems are used in their matters, and is that disclosure adequate?
  • 3.What liability framework applies when AI-generated advice or documents contain errors?
  • 4.Do our AI tools expose client data to third-party model providers in ways that violate privilege or confidentiality?

Regulatory frameworks

EU

EU AI Act: AI Literacy and Prohibited AI Systems Provisions (Applicable 2 February 2026)

The EU AI Act's first major compliance deadline takes effect on 2 February 2026, requiring all organizations that develop or deploy AI within the EU to establish AI literacy measures for their workforce. As of this date, the Act's prohibitions on AI systems deemed to pose unacceptable risks also become enforceable. Organizations must have ceased operation of any prohibited AI practices and demonstrated adequate staff competency with AI systems by this date.

US

NIST Artificial Intelligence Risk Management Framework Playbook

Voluntary, use-case-agnostic operational companion to the NIST AI Risk Management Framework (AI RMF 1.0) that provides structured, actionable guidance, suggested actions, and example outputs for implementing the four core AI RMF functions-GOVERN, MAP, MEASURE, and MANAGE-across the AI system lifecycle.

UK

UK ICO Guidance on Artificial Intelligence and Data Protection

The UK ICO's guidance on AI and data protection establishes how the UK GDPR and Data Protection Act 2018 apply to the design, development, and deployment of AI systems that process personal data.

ISO/OECD/UN

ISO/IEC 42001:2023 – Information Technology – Artificial Intelligence – Management System

The first internationally certified AI management system standard, providing a structured framework for establishing, implementing, maintaining, and continually improving an organization's AI management system (AIMS), with certifiable requirements applicable to any organization that develops, provides, or uses AI-based products and services.

Playbook guidance

What does meaningful human oversight look like for high-risk AI decisions?

What is our explainability standard for AI decisions?

How do we maintain data privacy compliance when using AI?

How do we ensure third-party AI vendors meet our standards?

What does audit-ready AI documentation look like in practice?