Model 11 · Governance as Code

Most organisations write their AI governance down and call it done.

Policies, rubrics, standards and control catalogues are created with real effort. They are reviewed, approved and stored. Then the environments, agents, data flows and solutions they are meant to govern continue being created faster than any manual review cycle can reliably manage.

The problem is not a shortage of governance. It is that governance is inert.

Governance as Code moves the control from the page into the act of creation. It treats governance as a maturity ladder: tacit, documented, executable, embedded and adaptive. The further up the ladder you climb, the less governance depends on someone remembering to apply it manually.

The model has two postures. Advisory governance coaches a human in the moment and fails open. Enforcing governance gates an agent or system at runtime and fails closed. The same machine-readable source can serve both, but the enforcement contract must be declared clearly.

That distinction matters. A coaching rubric makes a brittle gate. A hard gate makes a joyless coach. Encode once, render differently.

The model’s six-part anatomy — criteria, thresholds, weights, evidence binding, posture renderers and provenance — turns a governance artefact into something that can run.

The central idea is simple: a standard that no build step ever reads is not a control; it is a hope with a version number.

Previous
Previous

10 Measurement Architecture

Next
Next

12 The Trust Test