ai-governance — Shepherd Thomas Wiki

Heuristic Audit client agreements for AI silence Most firms' client agreements were drafted before AI became a live question and are silent on both the firm's AI use in delivering work and the client's permitted AI use on the firm's output; that silence inherits defaults by omission and leaves the firm exposed under privacy regulation and professional guidance. Updated 24 Apr 2026 Heuristic Channel shadow AI use as signal, not risk to suppress In most organisations, staff are already using AI in ways leadership has not sanctioned; treating that shadow use as evidence of real work-in-context rather than as compliance risk reveals use cases, knowledge gaps and adoption blockers that top-down planning will not find. Updated 24 Apr 2026 Heuristic Passive AI adoption is an implicit policy choice Where an organisation has not made explicit decisions about how AI will be used, the defaults of the tools and vendors become policy by inheritance; "we haven't decided yet" functions as "we have accepted whatever happens". Updated 24 Apr 2026 Heuristic Start AI governance imperfect; iterate rather than wait AI governance should follow the same experimental posture as AI adoption — start imperfect, gather evidence, iterate — because waiting for clarity guarantees the technology gets ahead of the policy. Updated 24 Apr 2026