AI governance is shifting — from principles on paper toward controls running inside live systems. The unresolved problem is no longer a knowledge deficit. The field knows what responsible AI requires. It’s a proof deficit: whether a running system can actively prove who controlled it, when, with what evidence, and whether a human could have stopped it.
And the shift isn’t confined to governance theory. The runtime layer is beginning to move ahead of the frameworks: vendor platforms now document governance primitives that evaluate an agent’s action before it executes — Google’s Gemini Enterprise Agent Platform documents a semantic “intent gate” that can allow, deny, or prompt for confirmation on a tool call — though these remain early-stage (pre-GA), with maturity and assurance status varying across vendors. The law mandates the outcome; the runtime layer is starting to document the mechanism.
In this comparative whitepaper, I benchmark nine governance instruments — the EU AI Act, NIST AI RMF, ISO/IEC 42001 and 23894, Singapore’s agentic framework, Google SAIF, MITRE ATLAS, the OECD Principles, and the MCP gateway pattern — against five conditions derived from the EU AI Act and from the documented ways governance fails in practice. The verdict: no single instrument proves all five across a full high-risk EU deployment. The gap between what’s mandated and what’s actually running is the one to read first.
No vendor pitch. The framework is held to the same ruler as everything else — including where it loses ground. Written to survive a CISO, a standards reviewer, and an EU AI Act committee.
→ Read the full whitepaper (29 pages)
This paper is the diagnosis. The build comes next: the companion technical paper — Crossing the Operational Gap: A Technical Playbook for Enforceable AI Oversight — is the implementation guide for DevOps and MLOps teams, with the full evidence-pack schema, retention and access model, and the runtime engineering patterns for enforceable oversight.
Subscribe to the Mercury Brief to get the technical playbook the day it publishes — plus the weekly read on where AI governance is breaking and how to fix it.
The Proof Deficit: Why AI Governance Is Moving From Principles on Paper to Controls in Systems
•
Leave a Reply
You must be logged in to post a comment.