Curated for practitioners in regulated industries. No hype, no noise — just what's moving the field forward and what it means for production AI governance.
This week in AI governance
Week of May 19, 2026The EU AI Office released the final draft General Purpose AI Code of Practice, clarifying transparency documentation, copyright compliance, and systemic risk assessment obligations for providers of GPAI models used in regulated applications. Compliance timelines for high-impact deployments run through Q3 2026.
EU AI Office ↗OCC and Federal Reserve examiners are increasing scrutiny of AI systems in consumer lending, with particular focus on explainability requirements for adverse action notices. Banks using complex ML models without clear explainability infrastructure face heightened examination risk under FCRA and ECOA. Third-party AI vendor oversight is a growing focal point.
OCC Model Risk ↗Enterprise adoption of NIST AI 600-1 — the Generative AI Risk Management Profile — is reaching an inflection point in financial services as institutions formalize GenAI governance programs. The GOVERN function is emerging as the practical anchor for audit-ready governance, particularly for LLM deployments in customer-facing and decisioning contexts.
NIST AI RMF ↗FDA's Software as a Medical Device framework update increases requirements for AI-powered clinical decision support that influences care decisions. Organizations deploying AI in diagnostics or treatment recommendations must demonstrate algorithmic transparency and maintain performance monitoring infrastructure aligned with post-market surveillance expectations.
FDA SaMD ↗aiApas insights
Updated every 15 daysMost AI governance failures aren't policy failures — they're implementation failures. The policy exists. The committee exists. The risk register exists. What doesn't exist is any technical mechanism to enforce it at the point where models make decisions.
Organizations getting this right treat governance as an engineering problem. That means policy enforcement at the model serving layer, automated bias monitoring in the inference pipeline, and audit trails that capture not just what the model decided — but what inputs drove that decision.
Full piece on The Deployment Layer ↗Agentic AI systems — those that plan, act, and interact with external systems autonomously — create governance challenges that point-in-time model evaluations were never designed to address. When an agent takes a sequence of actions across multiple systems, the standard audit approaches break down.
Before going to production with agentic workflows in regulated environments, three questions need concrete answers: Where are the human oversight checkpoints? How are autonomous action boundaries enforced at the infrastructure layer? And what does an audit trail look like across a multi-step agent run?
Full piece on The Deployment Layer ↗Client impact
Updated monthly — May 2026Reduction in regulatory examination prep time after implementing systematic AI model documentation and governance tracking across 12 production models.
Findings requiring remediation after enterprise AI governance framework passed CMS compliance review — first clean review in three examination cycles.
Legacy pricing models flagged for disparate impact by automated bias monitoring — all remediated before scheduled regulatory examination. Zero examiner-identified findings.
The Deployment Layer — weekly enterprise AI architecture for practitioners in regulated industries. Free, always.