This page collects papers, briefs and reference materials on AI governance, risk architecture and compliance. It is the place where I publish longer documents, frameworks and evidence packs that go beyond a single post and can be used directly in organisational work. New publications will be added here as they are released, together with links back to related articles and talks.
AI Risk Architecture in Practice. May 2026, Version 1.0
2026-05-25
Most organizations are asking the wrong governance question: they ask “Do we have an AI governance framework?” when the real question is “Can we prove it is working today?” Those are not the same question. One produces documentation. The other requires operational architecture — ownership that is live, controls that run continuously, and evidence that can be retrieved when a regulator asks what your AI did last Tuesday. This site shares what that architecture looks like in practice, including a short paper that walks through a real scenario, identifies the three failure patterns I see consistently across financial‑services organizations, and lays out the minimum viable AI risk architecture for a single use case.