What We Covered in last week’s AI Governance Session — and What Comes Next

by | Apr 20, 2026 | Uncategorized | 0 comments

If you missed last week’s AI governance session (or want to revisit it), this edition gives you a concise but complete written walkthrough of the core framework we used.

Watch the Replay

The full session replay is available on demand. Share it with colleagues who are starting to own AI initiatives, data strategy, security, or risk.

Replay link: Click Here

The Core AI Governance Framework We Used

We opened the webinar by grounding “AI governance” in a simple definition of governance itself: the process by which an organization decides which decisions matter, who makes them, how they are made, and how outcomes are accounted for. That definition gave us four anchor questions:

  • Which AI-related decisions are important enough to be governed?
  • Who should make or oversee those decisions?
  • What due process and controls apply?
  • How will we measure results and improve over time?

From there, we introduced a practical maturity view, moving from ad hoc and individual decisions through repeatable and defined programs, toward managed and optimized governance across the enterprise. Rather than aiming for an abstract “nirvana,” the webinar emphasized progress: pick a level you can realistically operate at today and be explicit about the next step up.

A central theme was treating AI as artificial identity as well as artificial intelligence. Bots, agents, and avatars act as non‑human identities that access systems, make recommendations, and sometimes take actions on behalf of people or organizations, which means they belong inside your existing identity, data, and risk frameworks—not outside them.

The Three Governance Questions We Answered

Throughout the session, we kept returning to three practical governance questions that any organization can apply immediately.[1]

  1. What, exactly, are we governing?
    We argued that you are not just governing “AI tools,” but a mesh of identities, data, models, and processes. That includes human users, non‑human AI agents, underlying datasets, infrastructure, and the workflows in which AI is embedded. Treating AI outputs as a new kind of identity-linked asset helps tie risk decisions back to familiar domains like identity management, data governance, and process governance.
  2. Who owns the risk—and how is it managed?
    We walked through AI-specific risks such as ownership and licensing questions, confidentiality leaks, bias and discrimination, misinformation and deepfakes, over‑reliance on automated decisions, and emerging regulatory exposure. To manage these coherently, you need explicit risk ownership and a risk register where AI risks have IDs, impact descriptions, mitigation strategies, and clear accountable owners. We highlighted RACI models so everyone knows who is responsible, who is accountable, who must be consulted, and who needs to be informed.
  3. How do we align exploration with control?
    Many AI initiatives start as bottom‑up experiments—what we called “augmentation, not shadow IT.” Instead of trying to shut this down, we recommended appointing a business‑led AI coordinator, mapping experiments, tracking where models and data are being used, and building guardrails through data controls, education, and lightweight approval processes. The goal is to encourage curiosity and rapid learning while avoiding unmanaged proliferation of risk.

Across all three questions, we connected back to familiar disciplines: identity management (who and what can act), policy management (which rules apply), resource and data management (what is being used and how), and process management (how decisions actually get made).

From AI Governance to Post‑Quantum Identity

This week we’ll be looking one step further out, toward what we call the governance horizon beyond AI: post‑quantum identity.

As AI agents become first‑class identities in your environment, they start to participate in the same cryptographic ecosystems that protect human users and critical systems. At the same time, advances in quantum computing threaten many of the cryptographic primitives today’s identity and access systems rely on. That creates a dual challenge:

  • Governing AI as a non‑human identity with appropriate lifecycle, authorization, and accountability.
  • Preparing for a future where the underlying identity fabric itself must transition to post‑quantum‑safe algorithms.

In the next content pillar, we will explore how post‑quantum identity intersects with AI governance—how credentialing, zero trust, and privilege models need to adapt when both your users and your algorithms must be re‑anchored on new cryptographic foundations. We will also discuss practical steps to inventory cryptographic dependencies, prioritize transitions, and ensure AI initiatives you launch today do not become stranded in a pre‑quantum trust model tomorrow.

468

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

We can help

If you want to find out more detail, we're happy to help. Just give us your business email so that we can start a conversation.

Thanks, we'll be in touch!

Subscribe

Join our mailing list to receive the latest announcements and offers.

You have Successfully Subscribed!

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

Stay in the know!

Keep informed of new speakers, topics, and activities as they are added. By registering now you are not making a firm commitment to attend.

Congrats! We'll be sending you updates on the progress of the conference.