AI governance needs a control plane, not another committee

Policies become useful only when they are translated into enforceable decisions across identity, data, models and runtime behaviour.

3 minute readBy Lucas North

The first governance response to generative AI is often a new committee and a longer form. Both can be necessary. Neither is a control system.

A policy can say that sensitive data must not be sent to an unapproved model. A control plane decides which model is approved, identifies the data, blocks the request, records the decision and gives the engineering team enough evidence to fix it.

Governance should compile into controls

Good policy defines intent and accountability. Engineering has to turn that intent into decisions close to the point of use. I find it useful to model every policy as a set of testable questions:

  • Which identity is making the request?
  • Which data classifications are present?
  • Which model and region will process them?
  • What tools can the model invoke?
  • What evidence must be retained?

If a rule cannot be expressed as a decision, it will be enforced through memory and meeting attendance. That does not scale.

Put boundaries around agents

Agentic systems make this more urgent because they can create side effects. A chat response can be reviewed before use. An agent with permission to update customer records needs a narrower trust boundary.

const decision = await policy.evaluate({
  actor: context.identity,
  action: "crm.case.update",
  resource: caseRecord,
  proposedChange,
})

if (!decision.allowed) {
  return { status: "requires_review", reason: decision.reason }
}

The important part is not the policy library. It is the placement of the check before the irreversible action, with an audit record that connects the user, model, tool call and outcome.

Evidence beats reassurance

Governance teams need system evidence: model inventory, evaluation results, access decisions, incident history and current owners. Engineers need rules that can be tested in CI and observed in production. Executives need a view of residual risk rather than a dashboard of completed forms.

The control plane is where those needs meet. It does not remove judgement. It records where judgement was required, who exercised it and which systems must honour the result.

Build control before convenience

A shared gateway to several models centralises credentials and purchasing, but it is not yet an AI platform. Establish identity, permitted data classes, regions, evaluation requirements, tool permissions and evidence retention before adding SDKs, caching and reusable retrieval. Otherwise the platform simply accelerates inconsistent implementations.

Keep enforcement at the trust boundary: before data leaves, before a model is selected and before a tool creates a side effect. Product teams move faster when routine decisions have already been encoded and a rejected request explains which condition failed. "Ask the governance committee" is not a useful runtime error.

Written by

Lucas North

I build enterprise software and write about the decisions, constraints and failure modes that rarely fit into a product announcement.

More about me →