Insights
Practical AI governance guides, regulatory analysis, and research, for enterprise leaders, businesses, and individuals navigating the AI landscape.
Boards, APRA, ASIC, controls & programmes
Start herePrivacy Act, ACCC consumer law, AI6 basics
Start hereFounder guide, investor due diligence, EU AI Act
Start hereYour rights, Right to Disconnect, AI at work
Start here
AI Agents and GRC: The 2026 Guide to Governance, Risk, and Compliance for Autonomous AI
AI agents have moved from experiment to enterprise infrastructure faster than governance frameworks can adapt. This is a fact-checked, primary-source guide to AI agent governance for global and Australian organisations — what the technology actually is, where regulators have landed, and what compliance, risk, and board functions need to do now.
Read article
Agentic AI and the Accountability Vacuum: Who's Responsible When AI Agents Fail?
2026
Autonomous AI agents are taking real-world actions, booking travel, executing trades, sending emails, making purchases. Our governance frameworks are dangerously unprepared for this.
AI Governance for Small Business: Where to Start
2026
You don't need an enterprise compliance team to govern AI responsibly. Five practical steps, a named owner, and a one-page policy, exactly what small businesses need to start governing AI responsibly.
AI Investment Due Diligence: What Investment Firms Should Be Asking When Evaluating AI Companies
2026
A practical six-dimension framework for VC and PE firms evaluating AI companies, from technology verification to regulatory exposure to governance maturity and exit readiness.
Australia's AI Governance Gap: What the Regulatory Retreat Means for Enterprise Risk
2026
Australia abandoned mandatory AI guardrails months after announcing them. For enterprise organisations, the result is genuine uncertainty that creates its own class of risk.
What Questions Should Your Board Be Asking About AI?
2026
AI is now a material risk for most organisations. Directors who cannot articulate the right questions cannot discharge their oversight obligations. This is the board-level governance framework: 12 questions, the answers that signal genuine governance, and the answers that signal gaps.
EU AI Act Compliance 2026: What the Omnibus Extension Means for Organisations Outside the EU
2026
The EU AI Act Omnibus (May 2026) extended the Annex III high-risk AI deadline to December 2027. But transparency obligations, GPAI model rules, and prohibited AI bans are already in force. The compliance map for organisations outside the EU.
The EU AI Act Just Got Simpler. But You're Not Off the Hook
2026
The EU agreed to simplify AI Act compliance via the Digital Omnibus. SMEs get lighter requirements. But the August 2026 transparency deadline and core high-risk obligations are unchanged.
Five Signs Your Organisation's AI Governance Is Inadequate
2026
A self-diagnostic for boards, executives, and risk teams. If any of these five signs apply to your organisation, your AI governance needs attention before something goes wrong.
How to Use AI Safely at Work: A Practical Guide
2026
What employees and business owners actually need to know about using ChatGPT, Claude, Copilot and other AI tools at work, what to share, what never to share, and how to verify AI outputs.
How to Write an AI Policy for Your Organisation
2026
A practical guide to writing an AI usage policy that employees will actually follow, what to cover, what makes policies fail, and a complete section-by-section structure you can adapt immediately.
The US State AI Law Patchwork Is Now Your Problem
2026
Connecticut enacted one of the most comprehensive US state AI laws in May 2026. Colorado repealed and replaced its landmark Act before it ever took effect. Texas's lighter-touch law is now in force. The US state AI patchwork is no longer theoretical — it is a live compliance problem.
What Is AI Governance? A Plain-English Guide
2026
AI governance explained clearly, what it is, why every organisation needs it, and what good governance actually looks like in practice. For businesses of all sizes.
What Is High-Risk AI Under the EU AI Act? A Complete Guide
2026
A plain-English explanation of what high-risk AI means under the EU AI Act: which systems qualify, what obligations apply, and what organisations need to do before December 2027 (standalone Annex III systems) or August 2028 (Annex I embedded systems).
AI Governance in Healthcare: What Clinical Leaders Need to Know
2026
Hospitals and health systems are deploying AI faster than governance is keeping up. This guide covers what clinical AI governance requires, and what happens when it fails.
ISO 42001: A Practical Implementation Guide for 2026
2026
ISO 42001 is the international standard for AI management systems. This guide covers what it requires, how it relates to EU AI Act compliance, and how to implement it without building a bureaucracy.
AI in Hiring: The Governance Risks HR Leaders Cannot Ignore
2026
Resume screening, video interview analysis, and psychometric AI tools are transforming recruitment, and creating significant legal exposure. What HR leaders need to know.
Writing an AI Policy for Your Small Business: A Step-by-Step Template
2026
Most AI policy guides are written for enterprises with legal teams. This one is for small business owners who need something practical, defensible, and done in an afternoon.
AI Governance in Education: What Universities and Schools Must Get Right
2026
Educational institutions are navigating AI on two fronts simultaneously, managing student AI use and governing their own institutional AI deployments. Both require formal governance.
Model Risk Management in the Age of AI: Updating SR 11-7 Thinking for Modern ML
2026
The Federal Reserve's SR 11-7 model risk management guidance was written for statistical models. Modern machine learning breaks many of its core assumptions. Here is how to adapt it.
AI in Your Supply Chain: Managing Third-Party AI Risk
2026
Most organisations' AI risk does not come from the AI they build, it comes from the AI embedded in the software, services and platforms they buy. Third-party AI risk management is now a board-level concern.
When AI Goes Wrong: Building an AI Incident Response Capability
2026
Every organisation using AI will eventually experience an AI incident, a system failure, a biased output, a regulatory breach, or a reputational event. Most have no plan for when it happens.
GDPR and the EU AI Act: How They Interact and Where They Conflict
2026
The EU AI Act and GDPR apply simultaneously to AI systems processing personal data. Their requirements overlap significantly, but they also create tensions that governance must resolve.
AI Governance in Insurance: Underwriting, Claims, and the Fairness Problem
2026
Insurers are using AI to price risk, assess claims, and detect fraud at scale. The governance obligations, and the discrimination risks, are more significant than most have recognised.