Building an AI Governance Framework: GRC for Autonomous Systems

11 min read

Governance, risk, and compliance is an unglamorous acronym, GRC, and it makes most people’s eyes glaze. So let me give you the version that actually matters in 2026. A framework is not a binder. It is the wiring that makes good behaviour automatic and bad behaviour hard. The Venetian merchants did not invent double-entry bookkeeping because they loved paperwork. They invented it because trade had grown too big to hold in your head, and they needed a system that caught errors by design. AI just hit the same wall. We need a system that catches the errors by design, because the decisions now move too fast to catch by hand.

This is doubly true for agentic AI, the systems that act rather than just answer. An assistant that drafts a wrong email wastes a minute. An agent that sends it, books the meeting, and moves the budget creates a liability event in a downstream system before anyone notices. The framework is what keeps an agent in its lane.

What “agentic” adds to the GRC equation

A traditional GRC program watches three things: people (are they doing the right work), processes (are the workflows correct), and systems (are the tools working as designed). Agentic AI adds a fourth, and it is the one that changes the math: autonomous actors, software that decides and acts on the same timescale as the data flowing past it.

Autonomous actors break two assumptions that GRC has quietly leaned on for decades. The first is that there is always a human between intent and action; the second is that you can audit after the fact because the action is slow enough to interrupt. An agent that approves a refund, fires off an email, and updates the CRM in two seconds violates both. GRC for agents has to enforce intent and audit at the same speed the agent operates, or it is theatre.

The good news: the controls are not new. Authorisation, audit, hard stops, human checkpoints on consequential actions, termination conditions when an agent goes out of its lane: these are the same controls we have always used for anything that can act on its own (a database trigger, a market-order router, a robotic-process script). The discipline is to apply them on purpose, before the agent goes live, not after.

Borrow the spine, do not invent it

Do not design a framework from a blank page. Take the spine from NIST’s AI RMF, which gives you four verbs to organise everything around.

NIST AI RMF

The NIST loop: four functions, always running

Not a checklist you finish. Four functions that feed each other and start over, because the AI, the rules, and the risks all keep moving.
01
Govern
Who is accountable and by what rules.
The anchor
02
Map
What AI we have and where it could hurt.
03
Measure
Is it working and staying in lane.
04
Manage
What we do when something goes wrong.
Manage feeds back into Govern, and it starts again
There is no last step. The four functions run continuously: each pass tightens the next. A cycle, not a finish line.
NIST AI Risk Management Framework
7wData
Function The question it answers What it looks like in practice
Govern Who is accountable, and by what rules? Named owners, clear policy, a real decision forum
Map What AI do we have, and how risky is each? The inventory and risk-tiering from risk management
Measure Is it working and staying safe? Monitoring, testing, drift checks
Manage What do we do when something is wrong? Response plans, the off switch, escalation

If you want a certifiable management system on top of this, ISO/IEC 42001 is the standard that wraps these habits into something an auditor recognises. NIST gives you the spine, ISO 42001 gives you the certificate; pick the one your obligations or buyers actually demand.

Get the AI & data signal, daily.

335k+ subscribers read this every morning. One email, both newsletters. Unsubscribe anytime.

The four controls that carry most of the weight

Frameworks can sprawl. In practice, for any system that matters, four controls do most of the protecting. I would rather see these four done well than forty done on paper.

  1. A named owner. Every AI system has one human accountable for it. Not a committee, a person. Diffuse ownership is no ownership.
  2. An audit log. The system records what it did, by default, not on request. If you cannot reconstruct a decision, you cannot defend it or fix it.
  3. A human checkpoint. For high-stakes actions, a person can review, override, and approve. For an agent, this means a hard boundary on what it can do without sign-off, plus a termination condition that fires when the agent is out of its lane.
  4. A documented purpose. A plain statement of what the system is for and, just as important, what it must not be used for. Scope creep is how a low-risk tool quietly becomes a high-risk one.

Build it in the right order

The order matters more than people expect. I have watched the wrong order fail repeatedly, and it fails the same way every time: a beautiful policy describing a company that does not exist.

  1. See and tier first. You cannot govern what you have not mapped. Start with the inventory, including the Shadow AI nobody logged.
  2. Wire the controls for the high-risk few. Put the four controls into the systems that can actually hurt you. Leave the minimal-risk majority alone, with an owner and a yearly review.
  3. Write the policy to match reality. Document what you actually built. A policy that follows the controls is true. A policy that precedes them is a wish.
  4. Make it run without heroes. The test of a framework is whether it survives the person who built it going on holiday for two weeks. If it needs constant manual intervention, it is a prototype, not a system.

That last point is the one I care about most. A governance framework that depends on one diligent person is not governance, it is luck with a process diagram. Build the wiring so the right thing happens by default, even when nobody is watching. That is the whole point of a system, and it is the bar the EU AI Act is implicitly setting for everyone.

Start small, prove it, expand

You do not need the full apparatus on day one. Evolution, not revolution. Pick your two or three highest-risk systems, wire the four controls, document what you did, and show it works. A small framework that actually runs beats a comprehensive one that sits in a folder. Once it holds for the risky few, widen the net, then again, then again. Most successful AI governance programs I have watched build up by widening, not by writing.

Yves Mulkers

Yves Mulkers is the founder of 7wData and a widely followed voice in the data and AI community. He curates the 7wData and AI Beat newsletters, reaching hundreds of thousands of data and AI professionals, and writes on data strategy, analytics, AI, and the evolving data ecosystem.