AI Governance: In Pursuit of a Rapidly Moving Target

1. Introduction: the governance paradox

There is a growing paradox in boardrooms and legal teams: everyone is tired of talking about AI—and yet no one can afford to stop. Artificial intelligence has moved beyond strategy decks and policy frameworks. It is now embedded in product design, data infrastructure, and everyday workflows. Across patent drafting, prosecution, litigation, and commercial practice, keeping pace with AI is no longer optional—it is a condition of operating in a modern technology business.

The challenge is no longer adoption, but oversight: how AI is implemented, how it evolves, and how organisations maintain visibility over systems and contractual relationships that can change without notice.

2. From framework design to live decision-making

For in-house counsel, AI governance has shifted decisively from theory to practice, requiring close collaboration with engineering, IT, and security functions.

What was once framed as a question of:

• policy design
• regulatory awareness
• high-level risk assessment

has become a series of continuous, operational decisions.

Issues or questions like whether to deploy a model, which vendor to rely on, how to structure data access, or what level of risk is acceptable are no longer abstract questions. They are being answered daily, often under time pressure and with incomplete information.

This is governance in its most practical form: not a document, but a record of decisions made in context.

Recent developments reinforce this shift. Where regulators engage directly with companies during development—probing model behaviour, data usage, and safeguards—the effect is to move compliance upstream. Governance is no longer something that follows a product decision. It increasingly shapes that decision in real time.

3. AI adoption is no longer optional

Across organisations, one reality is clear: AI adoption is not discretionary. Whether multinational technology companies or smaller enterprises, organisations are under pressure to improve productivity, enhance products and services, and remain competitive.

In practice, this creates different speeds of adoption within the same organisation:

• internal productivity tools are deployed widely and often informally,
• product-embedded AI is advancing rapidly, driven by commercial necessity,
• engineering functions such as software development are already operating on an AI-assisted baseline.

The result is not simply rapid change, but uneven and fragmented change.

The primary governance risk is not excessive speed, but fragmentation. AI adoption is decentralised, unstructured, and often invisible. Teams experiment with tools (including open source AI tools), models are replaced without change management or version control, and organisational visibility remains incomplete.

You cannot govern what is beyond your awareness. The result is a fundamental tension: innovation is accelerating, but oversight is not keeping pace.

4. Data is the focal point of risk

AI governance is, at its core, data governance. Across use cases, the critical questions remain:

1. Where does data come from?
2. Where does data go?
3. How is it processed?
4. What rights do third-party providers obtain?

Answering these questions requires more than legal analysis. It demands a granular understanding of technical systems and data flows, particularly where multiple models, APIs, and agents interact. Verifying claims such as zero data retention is often technically complex and difficult to validate in practice.

The role of training data adds a further layer of complexity. Copyright law increasingly intersects with the use of publicly available data for AI training, particularly as regulators and rights holders focus more closely on how foundation models are developed.

The EU AI Act already requires providers of general-purpose AI models to prepare summaries of the data used to train their systems in accordance with a template published by the European Commission. That template contemplates disclosure of training modalities and dataset scale, identification of large public datasets, and narrative descriptions of licensed and private data sources, scraped content, user data, and synthetic data.

At the same time, the EU AI Act’s data governance obligations for high-risk AI systems—originally scheduled to apply from August 2026, although potentially subject to delay—require training, validation, and testing datasets to be governed through practices appropriate to the intended purpose of the system.

This creates an expectation not merely of compliance, but of traceability: organisations are increasingly expected to understand what data was used, how it was curated, and whether its use can be justified. This becomes particularly significant because, once a model has been trained, isolating or removing the influence of a single data input may be technically difficult, if not impossible.

In effect, training data governance increasingly resembles supply chain governance: organisations are expected not only to know what entered the system, but also to explain the downstream consequences of using it.

For organisations developing AI systems, data can no longer be treated as a closed input. It must instead be managed as a shared and accountable asset, with implications for architecture, governance, intellectual property strategy, and competitive positioning.

5. From advisory AI to agentic systems

To understand where existing governance frameworks begin to strain, it is necessary to distinguish between different types of AI systems.

There is a fundamental difference between systems that recommend and systems that act. The distinction is analogous to the difference between a satellite navigation system and an autonomous vehicle.

As AI systems begin to execute actions, trigger transactions, and interact with external systems, governance must move from oversight of outputs to control of behaviour.

This requires permission frameworks, execution thresholds, human escalation points, and comprehensive auditability. In other words, governance must be embedded within the system itself.

This shift is not incremental. It represents a change in the nature of the systems being governed.

6. Regulation is evolving—but not waiting

The regulatory environment reflects the same dynamic.

In Europe, the EU AI Act signals a move toward structured governance. At the same time, implementation timelines—including potential delays—demonstrate that regulation is still catching up with the technology.

This creates a practical reality in which organisations must prepare for structured compliance regimes while continuing to make decisions in areas where formal rules remain incomplete.

In broad terms, the European Union has adopted a prescriptive, risk-based framework with explicit extraterritorial reach, the United States continues to rely on sector-specific and enforcement-led approaches, while China has implemented a more interventionist, platform-focused regime that applies primarily within its territory but can extend in practice to services reaching Chinese users or data.

7. EU AI Act: timelines and what they mean in practice

The EU AI Act is deliberately phased, with obligations applying in stages rather than as a single compliance event. It builds in the concept of tiers of risk with respective regulatory observations. For in-house counsel, the critical issue is not simply what the Act requires, but when those requirements take effect—and how certain those timelines remain.

The first obligations are already in force. Since 2 February 2025, prohibitions on “unacceptable risk” AI systems have applied, alongside AI literacy requirements for organisations deploying AI. These include systems involving practices such as social scoring or certain forms of manipulative or exploitative behaviour.

From 2 August 2025, obligations relating to general-purpose AI models (including foundation models) have also taken effect. These introduce requirements around technical documentation, transparency, and the provision of sufficient information to downstream users. For providers of more advanced models—often referred to as “systemic” general-purpose AI—additional obligations may apply, including risk assessment, model evaluation, and incident reporting.

At present the key operational milestone remains 2 August 2026, when the core obligations for high-risk AI systems are scheduled to apply. These systems are defined broadly and include both: AI systems used in specified high-impact use cases (such as employment, education, law enforcement, and access to essential services), and AI systems that form part of regulated products subject to existing EU product safety frameworks such as, for example,  AI-enabled medical devises, autonomous driving systems and industrial machinery with AI.

For these high-risk systems, the Act requires a comprehensive compliance framework, including:

• risk management systems
• data governance and data quality controls
• detailed technical documentation
• record-keeping and logging
• human oversight mechanisms
• robustness, accuracy, and cybersecurity safeguards
• post-market monitoring and incident reporting

This phase represents the most demanding aspect of the regime, requiring organisations to move from policy design to operational implementation, often across multiple functions.

However, the timeline is no longer entirely settled. Proposed amendments under the Digital Omnibus on AI would postpone the application of high-risk obligations—potentially to December 2027 for standalone high-risk systems and August 2028 for AI embedded in regulated products. These proposals reflect industry concerns regarding the readiness of harmonised standards, conformity assessment bodies, and practical guidance.

The practical consequence is a degree of regulatory uncertainty. Until any amendments are formally adopted, the 2 August 2026 deadline remains the legally binding position. In practice, many organisations are adopting a pragmatic approach: planning against the 2026 deadline while treating any delay as contingent relief rather than a reliable assumption.

More broadly, the EU AI Act signals a shift toward lifecycle governance. Compliance is not limited to pre-deployment assessment, but extends across design, development, deployment, and post-market monitoring. For in-house counsel, this requires integrating legal oversight into product development processes, rather than treating compliance as a discrete, downstream exercise.

8. Gaps in the EU AI Act for agentic AI

The complexity of the EU AI Act is further compounded by the nature of the systems it seeks to regulate. As AI evolves toward more autonomous, agentic behaviour, the assumptions underlying the framework begin

to come under strain.

The EU AI Act was developed at a time when AI systems were primarily understood as tools that generate outputs or support discrete decisions. Agentic AI—systems capable of pursuing goals and executing actions across multiple systems—does not fit neatly within that model.

At a foundational level, the EU AI Act assumes that performance can be assessed through metrics such as accuracy and robustness. For agentic systems, performance is often open-ended and context-dependent, making point-in-time evaluation less meaningful. This tension is reflected in the Act’s reliance on ex ante conformity assessment: a system assessed at deployment may behave differently once operating in dynamic environments.

The allocation of responsibility also becomes more complex. The EU AI Act distinguishes between providers and deployers, but agentic systems are often built across layered ecosystems of models, APIs, and integrations. Risk arises from interaction rather than any single component, complicating both contractual allocation and ongoing compliance.

Similar challenges arise in relation to data. The EU Ai Act assumes identifiable datasets and defined purposes, whereas agentic systems may continuously ingest and repurpose data in real time, including from external sources. This makes it more difficult to apply concepts such as data quality, traceability, and purpose limitation in a static way.

The most significant gap, however, lies in oversight. The EU AI Act assumes that human intervention is both possible and effective. In practice, agentic systems may operate at machine speed and trigger cascading actions across systems, limiting the effectiveness of manual review.

As a result, control increasingly depends on embedded technical safeguards—including access and action controls, execution thresholds, logging, and anomaly detection—designed to constrain system behaviour rather than relying on intervention after the fact.

Taken together, these issues highlight a broader tension. The EU AI Act provides a structured framework for governing AI systems, but it is built around systems that are relatively stable and bounded. Agentic AI introduces systems that are dynamic and continuously evolving, requiring governance approaches that operate in real time.

9. The inventory problem

A recurring and unresolved challenge is visibility. Many organisations cannot answer where AI is being used or how it is changing.

This operates at two levels:

• enterprise AI (internal tools)
• product AI (customer-facing systems)

AI usage evolves continuously. Models are updated, replaced, or reconfigured. Traditional inventories become outdated quickly. The focus is shifting toward dynamic visibility—systems that detect change rather than record static states.

The SBOM (Software Bill of Materials) analogy is useful but incomplete. AI systems are external, evolving, and opaque, making an AIBOM a significantly more challenging task than an SBOM. Open-source software can be detected via the source code whereas the opacity of AI models presents a challenge, which means a reliance on what the engineers and product teams have disclosed.

In practice, models may change without notice or be swapped during development. Engineers often implement open-source AI models for cost efficiency at some point during development. Risk shifts without formal decision points. Effective governance therefore requires continuous awareness, not static records.

10. Dynamic vendor ecosystems

AI vendors introduce an additional layer of complexity. In practice, organisations are rarely contracting with a single provider. A customer-facing AI feature may rely on a foundation model provider alongside multiple downstream tools and services, each governed by separate contractual frameworks.

Contractual risk is therefore no longer fixed at the point of negotiation. Legal teams must monitor terms continuously, track which versions applied at deployment, and assess how contractual changes affect ongoing use of the system.

Only a few years ago, in-house counsel would typically have insisted on stable negotiated terms. In the current AI ecosystem, however, even relatively small AI tool providers increasingly rely on online terms that evolve dynamically over time. The result is that contractual governance increasingly resembles monitoring a live system rather than negotiating a static agreement.

12. From policy to capability

AI governance is no longer a policy exercise. It is an organisational capability requiring:

• alignment across legal, technical, and business teams
• continuous iteration
• operation under uncertainty

Success depends on the ability to make and evidence decisions in real time.

13. Conclusion: the real governance challenge

AI is not waiting for governance to catch up. It is already embedded across tools, products, and decision-making processes. The challenge is no longer how to contain AI, but how to stay sufficiently close to it to understand, shape, and control its impact.

In practice, governance will not be judged by the completeness of policies or the elegance of frameworks, but by something more fundamental: whether, at any given point in time, an organisation can demonstrate what decision was made, why it was made, and the information on which it was based. This is particularly critical as decisions made upstream—about model selection, data access, or deployment thresholds—inevitably shape downstream outcomes, often in ways that are difficult to reverse. The defining risk is not moving too quickly. It is losing sight of systems already in motion.

This article was prepared by Partner and Patent Attorney Susan Keston