Sponsored by AI-RMF® LLC
AI Governance as the Directive Function in SOAI
AI Governance is the controlling, directive function within the broader Security of AI philosophy. Governance is not merely paperwork, policy, or compliance administration. In our Security of AI™ model, governance establishes the mandate for how AI systems should be built, deployed, monitored, secured, and trusted.
AI Security can defend systems, and AI Assurance can produce evidence, but governance must first define the mission priorities, ethical expectations, legal requirements, and organizational risk boundaries. Without governance, security controls may be technically impressive but misaligned with the organization’s actual responsibilities. Without governance, assurance evidence may prove that something was tested, but not necessarily that the right risks were addressed.
The Six Governance Functions:
1. Policy & Compliance
The first governance function is Policy & Compliance. This establishes the formal rules, standards, procedures, and regulatory expectations that apply to the AI system.
For Security of AI, this means the organization must define which laws, regulations, standards, internal policies, acquisition rules, cybersecurity requirements, privacy rules, data policies, and mission constraints apply to the AI system. This is where governance turns broad obligations into practical direction.
· Policy and compliance answer questions such as:
· What rules must this AI system follow?
· What standards apply to its development and deployment?
· What regulations or organizational policies constrain its use?
· What must be documented before the system can be trusted?
2. Ethical Boundaries
The second function is Ethical Boundaries. This defines acceptable use, fairness expectations, responsible behavior, and prohibited outcomes.
In Security of AI, ethical boundaries are critical because an AI system can be technically secure but still produce harmful, biased, deceptive, unsafe, or unacceptable outcomes. Governance must define what the organization considers responsible and irresponsible AI behavior.
This includes boundaries around human dignity, fairness, discrimination, manipulation, privacy, transparency, operational safety, and mission appropriateness. It also includes defining when AI should not be used at all.
Ethical boundaries help ensure that AI security is not reduced to cyber defense alone. The system must also be aligned with human values, organizational responsibility, and mission legitimacy.
3. Accountability
The third function is Accountability. This assigns ownership, roles, decision rights, and responsibility.
AI systems often involve many stakeholders: data owners, model developers, system engineers, cybersecurity teams, acquisition officials, program managers, legal advisors, operational users, testers, and senior leaders. Governance defines who is accountable for each part of the AI lifecycle.
Accountability answers questions such as:
· Who owns the AI system?
· Who approves its use?
· Who accepts risk?
· Who monitors performance?
· Who responds when the system fails?
· Who has authority to pause, modify, or retire the system?
This matters because AI risk cannot be managed if responsibility is vague. In Security of AI™, accountability ensures that governance decisions become enforceable actions rather than abstract principles.
4. AI Inventory & Classification
The fourth function is AI Inventory & Classification. This identifies AI systems, data sources, models, interfaces, third-party dependencies, and supporting infrastructure.
An organization cannot govern what it does not know it has. AI inventory is therefore foundational. It provides visibility into where AI exists, what it does, what data it uses, what models it depends on, what tools or APIs support it, and how it connects to other systems.
Classification adds another layer. Not every AI system has the same risk level. Some AI tools may be low-risk administrative assistants. Others may support safety-critical, mission-critical, financial, medical, legal, cybersecurity, or national security decisions.
This function helps determine which AI systems require deeper security controls, stronger assurance evidence, formal testing, human oversight, or executive approval.
5. AI Impact Assessments
The fifth function is AI Impact Assessments. This evaluates mission impact, societal impact, ethical consequences, human impact, and operational risk.
Impact assessments help governance move from general principles to system-specific risk understanding. They ask what could happen if the AI system behaves incorrectly, is attacked, becomes biased, is misused, drifts over time, or produces unreliable outputs.
For Security of AI, this is where governance identifies the potential consequences of AI failure. Those consequences may include mission failure, safety hazards, privacy harm, reputational damage, legal exposure, operational disruption, cybersecurity compromise, or loss of public trust.
AI impact assessments help determine what level of protection, testing, monitoring, and evidence is required.
6. Human Oversight
The sixth function is Human Oversight. This defines approval points, escalation paths, supervision requirements, and human decision authority.
The image emphasizes that governance must determine where humans remain in control. This is especially important for AI systems that support consequential decisions, autonomous functions, cybersecurity actions, operational recommendations, or mission-critical workflows.
Human oversight answers questions such as:
· When must a human approve the AI’s output?
· When can the AI act automatically?
· When must the system escalate uncertainty?
· Who has authority to override the AI?
· What happens when the AI produces conflicting or low-confidence results?
This function prevents automation from silently replacing judgment, accountability, and command authority.
Governance Provides the Mandate
The image includes a central statement: “Governance is the mandate.”
This means governance sets the direction and the non-negotiable expectations for AI. It tells the organization what the AI system is allowed to do, what it must not do, what risks must be controlled, what evidence must be produced, and who is responsible for oversight.
In the Security of AI philosophy, governance is not optional. It is the starting point.
Governance provides the “why” behind security and assurance. It defines the mission, legal, ethical, and organizational priorities that determine which risks matter most.
How Governance Feeds Security and Assurance
Governance → Risk Context → Security Controls → Assurance Evidence → Trustworthy AI
This flow explains how governance becomes operational.
First, governance establishes the policy, ethics, compliance, and accountability mandates.
Second, those mandates shape the risk context. The organization identifies which threats, vulnerabilities, mission impacts, and failure modes matter most.
Third, the risk context drives security controls. These may include access controls, model protection, data provenance, red-team testing, adversarial ML defenses, monitoring, logging, supply-chain controls, and human approval gates.
Fourth, the organization generates assurance evidence. This evidence demonstrates whether the governance requirements and security controls are actually working. Evidence may include test results, audit logs, model evaluations, risk assessments, monitoring reports, validation results, and compliance artifacts.
Finally, the desired outcome is Trustworthy AI: AI systems that are safe, ethical, secure, reliable, accountable, and aligned to mission needs.
Why Governance Matters to Security of AI™
The image above makes an important distinction: AI Governance is not the same as AI Security, but AI Security depends on Governance.
AI Security focuses on defending the system. Governance defines what defense is required, why it matters, and who is responsible for ensuring it happens.
For example, AI Security may implement controls to prevent prompt injection, data poisoning, model theft, unauthorized access, or misuse. But governance determines whether those threats are relevant to the mission, what level of risk is acceptable, what controls are mandatory, and what evidence must be produced to prove readiness.
In that sense, governance is the function that turns AI security from a technical activity into an organizational responsibility.
Key Components of AI Governance
Key Components of AI Governance
- Leadership and Accountability
Clear assignment of AI risk owners, decision authorities, model owners, data owners, cybersecurity owners, legal reviewers, acquisition officials, and operational users. - Policy and Standards
Written rules for acceptable AI use, prohibited AI use, model validation, data quality, privacy, security, human oversight, third-party AI procurement, and incident response. - Risk Tolerance and Decision Rights
Defined thresholds for what risks the organization will accept, who can approve high-risk AI use, and when escalation is required. - Lifecycle Controls
Governance from concept through design, development, test, deployment, monitoring, update, and retirement. - Trustworthiness Requirements
Alignment to NIST’s characteristics of trustworthy AI, including validity, reliability, safety, security, resilience, accountability, transparency, explainability, privacy, and fairness. - Evidence and Documentation
Model cards, risk assessments, test reports, data lineage, impact assessments, red team results, monitoring logs, and approval records. - Monitoring and Continuous Improvement
Ongoing review of model drift, performance degradation, misuse, adversarial threats, bias, security vulnerabilities, and operational incidents.
This is