AI Governance is the discipline of overseeing an organization's development and use of AI systems — across risk, compliance, ethics, security, and data protection — throughout the AI lifecycle. Where information governance covers data and information security covers access, AI governance covers the models themselves: how they are trained, evaluated, deployed, monitored, retired, and held accountable.
Modern AI governance programs rest on a few common components: an AI inventory (a catalog of every model in production, including third-party APIs); risk classification (which models are high-risk under EU AI Act, NIST AI RMF, or internal policy); lifecycle controls (data, training, evaluation, deployment, monitoring); roles and accountability (a designated AI owner per system, escalation paths, board-level oversight where appropriate); and incident response (what happens when a model misbehaves).
The discipline is converging fast with privacy and data governance, because the same questions — what data, on whose behalf, for what purpose, with what controls — apply to both. Organizations that have invested in mature data governance have a meaningful head start. Those that have not will find AI governance is the forcing function that finally makes them invest.