What AI Governance Actually Looks Like

Most teams hear "AI governance" and picture a committee, a 40-page policy, and a quarterly sign-off. That picture is why programs fail. The IBM Cost of a Data Breach Report 2025 found that 63% of breached organizations either have no AI governance policy or are still drafting one — and of the firms that reported a breach of an AI model or application, 97% lacked basic AI access controls. The gap isn't a missing document. It's missing operational controls on systems that are already in production.

Gartner expects over 40% of agentic AI projects to be canceled by the end of 2027, citing escalating costs, unclear value, and inadequate risk controls. Governance done right is not bureaucracy bolted on after the fact — it's the thing that keeps a project from being one of the 40%. Reframe it as: which AI systems do we run, what could each one break, and what control stops that. The frameworks below are just three different lenses on that same question.

They are not alternatives. They stack.

ISO/IEC 42001 is a management system standard — the first one for AI, published in December 2023. If you've lived through ISO 27001, you already know the shape: documented scope, roles, risk process, controls, internal audit, management review, continual improvement. It's the only one of the three you can be certified against, which is why it's the credential procurement teams and regulators recognize. Think of it as the binder that proves the program exists and runs.

The NIST AI Risk Management Framework is the playbook for the work inside that binder. It's voluntary, U.S.-government-backed, and organized around four functions — Govern, Map, Measure, Manage. Its Generative AI Profile (NIST AI 600-1) goes further and names 12 specific GenAI risk categories, including "confabulation" (hallucination). NIST tells you how to identify and treat a risk; ISO 42001 tells you how to run the system that does it repeatedly.

The EU AI Act is neither a management system nor a playbook — it's law, with teeth. It classifies AI systems by risk tier (prohibited, high-risk, limited, minimal) and attaches obligations to each. Penalties reach up to EUR 35M or 7% of worldwide annual turnover for prohibited practices, and EUR 15M or 3% for high-risk non-compliance. The prohibited-use ban applied in February 2025; high-risk obligations land in August 2026. If you operate in or sell into the EU, this is the deadline that turns governance from "good hygiene" into a board-level financial exposure.

Strip away the framework names and a working program has five concrete artifacts:

1. An AI system inventory. A live list of every model, LLM endpoint, vendor tool, and agent in use — including the shadow ones. You cannot govern what you can't see, and shadow AI isn't free: IBM found it added roughly USD 670K to the average breach, with breaches involving unsanctioned AI running about 16% higher than the USD 4.44M global average.

2. A risk tier per system. Borrow the EU AI Act's classes even if you're not EU-bound — they're a clean way to triage. A model recommending products is not the model deciding credit. Tiering tells you where to spend control effort.

3. Controls on the systems that matter. Access management (the control 97% of breached firms were missing), logging and monitoring, human-in-the-loop on consequential decisions, and pre-deployment evaluation. Prompt injection ranks #1 in the OWASP Top 10 for LLM Applications for the second edition running and accounted for 17% of observed AI-specific attacks — so input/output guardrails on any LLM with tool access or untrusted input are non-negotiable.

4. An owner. McKinsey's State of AI found nearly 30% of organizations now say their CEO is directly responsible for AI governance — double the prior year. Accountability has a name and a calendar, or it doesn't exist.

5. A monitoring loop. Models drift. A study across 32 datasets found 91% of ML models degrade over time. A control you set once and never check is a control you no longer have.

Sequence matters more than completeness. Teams that try to do everything at once produce the unread policy PDF. Do it in this order:

1. Inventory before policy. Spend the first weeks finding out what's actually running, not writing rules for a hypothetical. Most organizations are surprised by how much they find — given that 78% of organizations now use AI in at least one function, the answer is rarely "nothing."

2. Tier the inventory. Sort systems into risk classes. This is where you discover that 80% of your AI footprint is low-risk and a handful of systems carry nearly all the exposure. Concentrate there.

3. Put controls on the high-risk systems first. Access, logging, human-in-the-loop, evaluation — on the few systems that can actually hurt you. This is the NIST Map → Measure → Manage loop applied to a short list, not a boil-the-ocean exercise.

4. Wrap it in a management system, then certify or attest. Once controls are running, ISO 42001's structure (roles, audit, review) makes the program durable and gives you the artifact procurement and regulators ask for. Certification is the last step, not the first — it certifies something that already works.

Note the dependency: data governance underpins all of it. Gartner projects organizations will abandon 60% of AI projects unsupported by AI-ready data through 2026, with 63% lacking the right data management practices. If your data layer is a mess, fix it in parallel — governance controls sit on top of it.

For banks, insurers, and health organizations, compliance is now the leading blocker, not the technology. Deloitte's State of Generative AI in the Enterprise found regulatory-compliance concern rose from 28% to 38% to become the #1 barrier to GenAI adoption. The instinct is to wait for perfect certainty. That's a mistake — incidents are climbing while controls aren't. Stanford's AI Index recorded 233 AI-related incidents in 2024, a record and a 56.4% jump over 2023.

Two failure modes recur. First, treating governance as a one-time project rather than a running function — the program ships, the owner moves on, and the inventory goes stale within a quarter. Second, buying a tool instead of building the loop — a governance dashboard with no one accountable for acting on it is theater. The fix is to staff the function: a clear owner, a recurring review cadence, and senior people who've actually stood up controls in a regulated environment.

This is the work Maverin's AI Security & Governance practice is built for — mapping a program to ISO 42001, the NIST AI RMF, and the EU AI Act without the six-month strategy deck. If you want the longer treatment for financial services specifically, our insights library goes deeper on what a governed AI program looks like inside a bank.