Wiki · Theme
ai-governance
10 notes tagged with this theme.
All themes
Heuristic Embed the AI policy in the AI itself Load the AI policy into the tool's system instructions and direct staff to ask the tool about its own rules; the policy delivers itself. Heuristic Policy approval is the start, not the end Treat AI policy approval as the start of governance work, not the end — operating procedures, impact assessments, tool-specific guidelines, training, and the approved-tools register all ramp up after the policy is signed. Heuristic Start AI governance imperfect; iterate rather than wait AI governance should follow the same experimental posture as AI adoption — start imperfect, gather evidence, iterate — because waiting for clarity guarantees the technology gets ahead of the policy. Case study An 'Ask the Org' knowledge-base rollout in a mid-sized organisation A mid-sized national organisation deploys an "Ask the Org" Claude project as a retrieval layer over its existing knowledge stack rather than migrating platforms; the architecture and pilot decisions, and the cluster of principles they instantiate. Heuristic Audit client agreements for AI silence Most firms' client agreements were drafted before AI became a live question and are silent on both the firm's AI use in delivering work and the client's permitted AI use on the firm's output; that silence inherits defaults by omission and leaves the firm exposed under privacy regulation and professional guidance. Heuristic Channel shadow AI use as signal, not risk to suppress In most organisations, staff are already using AI in ways leadership has not sanctioned; treating that shadow use as evidence of real work-in-context rather than as compliance risk reveals use cases, knowledge gaps and adoption blockers that top-down planning will not find. Heuristic Calibrate AI governance ceremony to organisational scale Adopt the substance of large-organisation AI governance expectations but strip back the ceremony — risk-appetite statements, dedicated AI committees, independent maturity reviews — that adds oversight overhead without adding oversight capacity. Heuristic Name what you're deliberately not doing When a governance or strategy artefact diverges from a published benchmark, name the divergences explicitly with reasoning rather than implying full alignment — the explicit version is more defensible than the implied one. Heuristic Passive AI adoption is an implicit policy choice Where an organisation has not made explicit decisions about how AI will be used, the defaults of the tools and vendors become policy by inheritance; "we haven't decided yet" functions as "we have accepted whatever happens". Pattern Public AI positioning creates an internal coherence test Any organisation whose external communications take positions on AI — published principles, vendor commitments, advocacy stances — has set itself an internal compliance test that procurement and deployment now have to pass.