The Future of AI Governance

New Research Publication Alert on AI Act Governance! 🚀 Regulation is nothing without enforcement. The AI Office is gearing up, AI Safety Institutes are springing into work. How can these institutions become a success? We are excited to share our collaborative paper, crafted by an interdisciplinary team from Digital Ethics Center (DEC), Yale University, the European New School of Digital Studies and the University of Agder. This paper presents a forward-thinking analysis of the European Union's Artificial Intelligence Act and proposes a robust, adaptive framework for AI governance. 🔍 Title: "A Robust Governance for the AI Act: AI Office, AI Board, Scientific Panel, and National Authorities" Authors: Claudio Novelli, Jessica Rose Morley, PhD, Philipp Hacker, Jarle Trondal and Luciano Floridi. Highlights of Our Study: 1. Anticipatory Regulation & Adaptive Governance: We emphasize the need for forward-looking perspectives on AI governance. We stress anticipatory regulation and the adaptive capabilities of governance structures to keep pace with technological advancements. 2. Five Key Proposals for Robust Governance: - Establish the AI Office as a Decentralized Agency: Similar to EFSA or EMA, this move aims to enhance its autonomy and reduce influences from political agendas at the Commission level. - Consolidate Advisory Bodies: Merge the Advisory Forum and the Scientific Panel into a single entity to streamline decision-making and improve the quality of advice wrt both technical and societal implications of AI. - Improve Coherence Among EU Bodies: Address overlapping or conflicting jurisdictions by strengthening the EU Agency Network and creating an EU AI Coordination Hub (EU AICH) - Authority of the AI Board: Give the AI Board more authority to revise national decisions to prevent inconsistent application of AI regulations across Member States, similar to issues with GDPR enforcement. - Introduce Mechanisms for Continuous Learning: Establish a dedicated unit within the AI Office for continuous learning and adaptation, sharing best (and worst) practices, and simplifying regulatory frameworks to aid compliance, especially for SMEs. 3. Future Outlook for AI Governance: - The paper acknowledges that the governance of AI in the EU is both promising and challenging. As AI technologies evolve, the AIA's governance structures must remain flexible and robust to address new developments and unforeseen risks. Ultimately, the AI Office could, and should, evolve into a cross-sectoral "digital agency," handling various laws relating to AI and emerging technologies. 📃 Read the full paper here: https://lnkd.in/ei8EnzTD Comments most welcome! #aiact #AI #Governance #eulaw #ArtificialIntelligenceAct #InterdisciplinaryResearch #AIRegulation #FutureOfAI

"The rapid evolution and swift adoption of generative AI have prompted governments to keep pace and prepare for future developments and impacts. Policy-makers are considering how generative artificial intelligence (AI) can be used in the public interest, balancing economic and social opportunities while mitigating risks. To achieve this purpose, this paper provides a comprehensive 360° governance framework: 1 Harness past: Use existing regulations and address gaps introduced by generative AI. The effectiveness of national strategies for promoting AI innovation and responsible practices depends on the timely assessment of the regulatory levers at hand to tackle the unique challenges and opportunities presented by the technology. Prior to developing new AI regulations or authorities, governments should: – Assess existing regulations for tensions and gaps caused by generative AI, coordinating across the policy objectives of multiple regulatory instruments – Clarify responsibility allocation through legal and regulatory precedents and supplement efforts where gaps are found – Evaluate existing regulatory authorities for capacity to tackle generative AI challenges and consider the trade-offs for centralizing authority within a dedicated agency 2 Build present: Cultivate whole-of-society generative AI governance and cross-sector knowledge sharing. Government policy-makers and regulators cannot independently ensure the resilient governance of generative AI – additional stakeholder groups from across industry, civil society and academia are also needed. Governments must use a broader set of governance tools, beyond regulations, to: – Address challenges unique to each stakeholder group in contributing to whole-of-society generative AI governance – Cultivate multistakeholder knowledge-sharing and encourage interdisciplinary thinking – Lead by example by adopting responsible AI practices 3 Plan future: Incorporate preparedness and agility into generative AI governance and cultivate international cooperation. Generative AI’s capabilities are evolving alongside other technologies. Governments need to develop national strategies that consider limited resources and global uncertainties, and that feature foresight mechanisms to adapt policies and regulations to technological advancements and emerging risks. This necessitates the following key actions: – Targeted investments for AI upskilling and recruitment in government – Horizon scanning of generative AI innovation and foreseeable risks associated with emerging capabilities, convergence with other technologies and interactions with humans – Foresight exercises to prepare for multiple possible futures – Impact assessment and agile regulations to prepare for the downstream effects of existing regulation and for future AI developments – International cooperation to align standards and risk taxonomies and facilitate the sharing of knowledge and infrastructure"

I had the privilege of delivering a lecture yesterday at the School of Management at Harbin Institute of Technology (HIT) , one of China’s C9 universities, on a topic that will define the trajectory of our century: Governing Intelligence: The Future Architecture for Responsible AI in a Fragmented World. As AI capabilities accelerate from generative to agentic systems and move toward proto-AGI, humanity stands at a profound inflection point. Intelligence is rapidly becoming a new form of global infrastructure. Yet while AI advances in months, our governance systems evolve in years. This widening gap is one of the greatest strategic risks of our time. Across the world, the governance landscape is diverging: - The U.S. prioritizes innovation and competitive advantage, - China emphasizes sovereignty and control, - The EU focuses on rights and risk mitigation, - And the UAE, uniquely, is emerging as a strategic bridge connecting global blocs. These fragmented philosophies create a world where we innovate together but govern apart, with no shared definitions of safety, accountability, or acceptable risk. As I highlighted in the lecture, this fragmentation, if left unaddressed, will increase the probability of systemic failures, regulatory arbitrage, unchecked agentic AI, and even existential risk. To move beyond this trajectory, I introduced a Future Architecture for Responsible AI Governance, a layered global blueprint that brings coherence, clarity, and shared responsibility: - Global AI Principles & Frameworks grounded in human rights and universal values - Clear Red Lines where the world must say no, from fully autonomous lethal systems to unregulated AI-driven bioengineering - Green Lines that direct AI toward humanity’s highest priorities, healthcare, climate modeling, disaster prediction, education, and inclusion - A Full AI Safety & Assurance Stack to build systems that are safe, robust, verifiable, and governable in real-world conditions - A Global Responsibility Council, an “IAEA for AI”, to set safety baselines and coordinate responses to global AI incidents Five priority actions for the next five years: 1️⃣ Harmonize global interoperable standards 2️⃣ Invest in TEVV and AI assurance capacity 3️⃣ Build sovereign, culturally aligned, responsible models 4️⃣ Embed safety-by-design across ecosystems 5️⃣ Strengthen global tech diplomacy for a shared future What encouraged me most today was the energy of HIT’s faculty, researchers, and students, the future guardians of intelligent systems. Universities, as I noted, have a critical role to play: they are the anchors of ethical reflection, rigorous methodology, and cross-disciplinary thinking that the world urgently needs. If we aspire to an Intelligent Age that expands human potential rather than constrains it, the world must converge on shared frameworks, shared norms, and shared mechanisms for responsibility. We still have time to shape the future, but only if we act together.

What happens when AI systems stop waiting for instructions and start acting on their own? And more importantly, who is responsible when they do? The Annual AI Governance Report 2025: Steering the Future of AI from the International Telecommunication Union suggests that these questions are no longer theoretical. As AI agents move from experimental deployments to real operational systems, governance is being tested not by ambition, but by scale, speed, and uneven global capacity. The report frames 2025 as a turning point. Not because AI has suddenly become intelligent, but because it has become operational. Key highlights from the report • 2025 is described as the “year of AI agents,” marking a shift from prompt-driven tools to systems that can plan, decide, and act across multi-step workflows • Agentic AI raises new governance challenges around traceability, coordination between systems, security exposure, and liability when actions are taken autonomously • Global AI infrastructure is highly concentrated, with more than half of advanced data centers located in the United States, China, and the European Union, while over 150 countries have none • AI standards are expanding across technical, organizational, and socio-technical domains, yet adoption remains fragmented and uneven • Risk assessment, verification, transparency, and auditing are identified as essential mechanisms for accountability and trust • The report sets out Ten Pillars for AI Governance, emphasizing safety tools, standards, inclusion, compute governance, and international policy interoperability Who should take note • Policymakers grappling with cross-border AI governance and regulatory coordination • Technology leaders deploying autonomous or agentic AI systems • Standards bodies, auditors, and assurance professionals working on AI risk • Organizations operating across jurisdictions with very different levels of governance maturity Why this matters The report makes an uncomfortable point. Governance gaps do not emerge evenly. They follow infrastructure, capital, and capability. As autonomous systems scale, countries without compute, standards capacity, or verification tools risk becoming rule-takers rather than rule-shapers. At the same time, the report warns against rigid approaches. Governance that cannot adapt to how AI systems actually behave risks becoming irrelevant as quickly as the technology it seeks to regulate. The path forward Rather than proposing a single global rulebook, the report argues for practical coordination. Shared standards. Verification mechanisms. Capacity building. And sustained international dialogue that links policy to implementation. The question is no longer whether AI should be governed. It is whether governance can move fast enough, and broadly enough, to keep pace with systems that already act at machine speed.

AI Governance in Practice: A New Year’s Resolution for Boards on Agentic AI (2026) A new year is a useful forcing function for boards: reset expectations, tighten oversight, and turn vague “we’re looking into it” updates into clear accountability. That matters now because AI risk won’t wait for governance to catch up—especially as agentic AI moves from experimentation into business workflows that can take actions, delegate tasks, and trigger downstream systems. Boards don’t need to become technical operators. But they do set the standard for risk tolerance, control ownership, and what “good governance” looks like in practice. If oversight is treated as optional, material decisions about access, autonomy, and failure handling will be made by default—inside product teams, business units, or vendors—without consistent guardrails. Agentic AI changes the oversight problem in two important ways: Risk becomes system-level. It’s no longer just “what model did we use?” but “what can this agent reach, what can it do, and what happens when it behaves unexpectedly?” Controls must be continuous. Point-in-time reviews don’t hold up when models drift, tools change, permissions expand, and new integrations get spun up quickly. So, here’s a practical board-level resolution for 2026: require AI governance that is operational, measurable, and evidenced in production—not just policy statements or slideware. That resolution becomes real when it’s anchored in the same three questions, asked consistently until the organization can answer them with confidence and proof. Here are three questions every board member should be asking in 2026: Where is AI running today, and which business processes depend on it? Boards should expect a complete inventory that includes both customer-facing and internal use, along with a view of critical dependencies. What governance exists at the AI interaction layer? If the organization is deploying agents or using Model Context Protocol tools, boards should ask how connections are discovered, monitored, and governed. The question is not only what AI can access, but what it can trigger through workflows. How do we validate that controls work in production? Boards should expect evidence of continuous monitoring, policy enforcement, and testing that is designed for real-world failure modes such as drift, manipulation, and unintended actions. The board does not manage AI risk directly, but it owns the consequences of weak AI governance. In 2026, oversight will be measured by what the board required, what it reviewed, and what it could prove. #AgenticAI #MCP #A2A #Boardgovernance #Helmetsecurity

Most organizations think AI governance is about control. It’s not.  It’s about 𝐦𝐚𝐧𝐚𝐠𝐢𝐧𝐠 𝐜𝐨𝐦𝐩𝐥𝐞𝐱𝐢𝐭𝐲 𝐚𝐭 𝐬𝐜𝐚𝐥𝐞 — 𝐰𝐢𝐭𝐡𝐨𝐮𝐭 𝐬𝐥𝐨𝐰𝐢𝐧𝐠 𝐝𝐨𝐰𝐧 𝐯𝐚𝐥𝐮𝐞 𝐜𝐫𝐞𝐚𝐭𝐢𝐨𝐧. As AI scales, complexity explodes: ▪️More models ▪️More decisions ▪️More risk surfaces ▪️More teams building independently Without governance → chaos. With the wrong governance → bureaucracy. 𝐁𝐨𝐭𝐡 𝐤𝐢𝐥𝐥 𝐯𝐚𝐥𝐮𝐞. 𝐓𝐡𝐞 𝐫𝐨𝐥𝐞 𝐨𝐟 𝐠𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞 𝐢𝐧 𝐭𝐡𝐞 𝐀𝐈 𝐞𝐫𝐚 𝐢𝐬 𝐧𝐨𝐭 𝐭𝐨 𝐚𝐩𝐩𝐫𝐨𝐯𝐞. 𝐈𝐭 𝐢𝐬 𝐭𝐨 𝐞𝐧𝐚𝐛𝐥𝐞 𝐬𝐜𝐚𝐥𝐚𝐛𝐥𝐞, 𝐫𝐞𝐬𝐩𝐨𝐧𝐬𝐢𝐛𝐥𝐞 𝐚𝐮𝐭𝐨𝐧𝐨𝐦𝐲. 𝐓𝐡𝐚𝐭 𝐫𝐞𝐪𝐮𝐢𝐫𝐞𝐬 𝐚 𝐬𝐡𝐢𝐟𝐭 𝐢𝐧 𝐡𝐨𝐰 𝐰𝐞 𝐭𝐡𝐢𝐧𝐤 𝐚𝐛𝐨𝐮𝐭 𝐠𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞 𝐢𝐭𝐬𝐞𝐥𝐟. The shift is clear: 1. 𝐏𝐨𝐥𝐢𝐜𝐢𝐞𝐬 → 𝐃𝐞𝐜𝐢𝐬𝐢𝐨𝐧 𝐟𝐫𝐚𝐦𝐞𝐰𝐨𝐫𝐤𝐬  Not documents, but clarity on what AI can decide vs humans 2. 𝐂𝐨𝐧𝐭𝐫𝐨𝐥 → 𝐆𝐮𝐚𝐫𝐝𝐫𝐚𝐢𝐥𝐬  Enable teams to move fast within boundaries. 3. 𝐂𝐞𝐧𝐭𝐫𝐚𝐥𝐢𝐳𝐞𝐝 → 𝐃𝐢𝐬𝐭𝐫𝐢𝐛𝐮𝐭𝐞𝐝 𝐚𝐜𝐜𝐨𝐮𝐧𝐭𝐚𝐛𝐢𝐥𝐢𝐭𝐲  Governance embedded in teams, not bottlenecked in committees. 4. 𝐑𝐢𝐬𝐤 𝐚𝐯𝐨𝐢𝐝𝐚𝐧𝐜𝐞 → 𝐑𝐢𝐬𝐤 𝐯𝐢𝐬𝐢𝐛𝐢𝐥𝐢𝐭𝐲  Make trade-offs explicit. Zero risk is unrealistic. 5. 𝐎𝐧𝐞-𝐭𝐢𝐦𝐞 𝐫𝐞𝐯𝐢𝐞𝐰 → 𝐂𝐨𝐧𝐭𝐢𝐧𝐮𝐨𝐮𝐬 𝐨𝐯𝐞𝐫𝐬𝐢𝐠𝐡𝐭  AI evolves. Governance must too. The reality? AI complexity scales 𝐞𝐱𝐩𝐨𝐧𝐞𝐧𝐭𝐢𝐚𝐥𝐥𝐲, not linearly. Most governance models were built for a slower, centralized world.  That world no longer exists. The real question isn’t:  “Do we have AI governance?” It’s: 𝐂𝐚𝐧 𝐨𝐮𝐫 𝐠𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞 𝐬𝐜𝐚𝐥𝐞 𝐰𝐢𝐭𝐡 𝐀𝐈 — 𝐰𝐢𝐭𝐡𝐨𝐮𝐭 𝐤𝐢𝐥𝐥𝐢𝐧𝐠 𝐬𝐩𝐞𝐞𝐝?

AI governance is rapidly becoming one of those buzz terms that sounds catchey in board papers, strategy decks and vendor presentations … right up until the moment your browser silently downloads a 4GB local LLM onto your computer without bothering to tell you. This is at the claim of a fascinating recent report from The Register around Google allegedly deploying Gemini Nano locally to endpoints. A browser update suddenly becomes an AI governance event. And this is exactly the point many organisations still do not fully grasp. AI governance is not just about whether your staff are using ChatGPT. It is not just about policies saying ‘approved AI tools only.’ It is not just about procurement checklists or ethics committees. AI governance is now inseparable from software governance, endpoint governance, cloud governance and supply chain governance. Because your ‘next software update’ may quietly include a built-in LLM; background model downloads; on-device inference; telemetry you do not fully understand; automated data processing; undisclosed integrations; unclear retention practices; or capabilities your own IT and security teams did not even know existed yesterday. And perhaps most importantly, many organisations may have absolutely no idea what the model is analysing; whether prompts or metadata are being transmitted externally; what information is staying local; what is being sent to vendors; what future functionality gets enabled later; or which regulatory obligations may suddenly become relevant overnight This should concern boards, CISOs, privacy officers and regulators alike. We are entering an era where ‘AI adoption’ is no longer an active and conscious business decision. Increasingly, it is becoming embedded by default into operating systems, browsers, office suites, security tooling and enterprise platforms whether organisations intentionally adopt it or not. Which means AI governance may ultimately only be as strong as the next silent software update. And that is a far more complicated governance problem than most organisations are currently prepared for. https://lnkd.in/g2Yienpu