While 72% of companies now deploy AI systems, only 9% feel prepared for the associated risks.

$67.4 billion in hallucination-driven losses & regulatory penalties reaching $40.8 million.

While 72% of companies now deploy AI systems, only 9% feel prepared for the associated risks.

$67.4 billion in hallucination-driven losses & regulatory penalties reaching $40.8 million.

While 72% of companies now deploy AI systems, only 9% feel prepared for the associated risks.

$67.4 billion in hallucination-driven losses & regulatory penalties reaching $40.8 million.

While 72% of companies now deploy AI systems, only 9% feel prepared for the associated risks.

$67.4 billion in hallucination-driven losses & regulatory penalties reaching $40.8 million.

AI Governance: Build it, monitor it, certify it

June 3, 2026

Last month, I wrote about a webinar that I had the pleasure of speaking on, alongside our friends at Drata and Prescient Security.

The webinar focused on ‘ISO42001 in practice’ and neatly coincided with us announcing our three-way partnership. We’re working with Drata andPrescient Security to provide organizations with end-to-end operational AIgovernance, and to educate and support them in navigating an increasinglycomplex compliance landscape.

• Drata provides automated governance, risk, compliance, and assurance.

• RAIDS AI acts as the middle layer, providing continuous monitoring of AI which generates the evidence that proves the framework is operational.

• Prescient Security then provides the final element with third-party validation and certification to confirm that the evidence meets the standard.

The webinar was designed to explain those three pillars, andto equip GRC and security professionals with practical steps to future-proof their AI governance programs and prepare for upcoming regulatory scrutiny.

Building on this useful session, we have collaborated once again to transform the webinar into a whitepaper: ISO 42001 in Practice: A Unified Approach to AI Governance, From Documentation to Ongoing Compliance.

To download this new whitepaper, click here .

ISO42001 is the first international AI management standard – our whitepaper gives a unified, three-layer approach to AI governance built around it.

While most enterprise technology standards mature gradually and are then adapted further over time, ISO42001 doesn’t have that luxury. AI continues to develop quickly, and organizations are placing more trust in it without full control or oversight of what it is doing. Just recently, it was reported that a Claude AI Agent deleted a company’s entire database – it’s the latest in a longlist of incidences of AI acting in unintended ways.

The EU AI Act is the regulatory catalyst for AI governance. Its penalties can reach up to €35 million or 7% of global turnover, and a phased rollout of the Act is underway with rules governing models with unacceptable risk and General Purpose AI (GPAI) already in force.

Further changes to the EU AI Act timelines were recently announced, with new rules governing standalone high-risk AI systems moving to 2December 2027 (delayed by 16 months) and those for high-risk AI systems embedded in products moving to 2 August 2028 (delayed by a year). The risk here is that the businesses affected take this as a sign that they can delay getting ready, or that preparation is unimportant.

This is a dangerous stance and one that must be avoided.

Regardless of the EU AI Act enforcement dates, companies that remain idle during this period, or push back their preparations in response to the timeline changes, expose themselves to legal, commercial and reputational exposure. Late last year, the Commission shifted from national authority classification to self-assessment for high-risk AI systems. This means that organizations themselves are legally accountable for the behavior of their AI and open to significant fines.

ISO/IEC 42001:2023 provides the operational blueprint for closing the gap between widespread AI deployment and monitoring what it is doing, and, just like our partnership with Drata and Prescient Security, our whitepaper gives a unified, three-layer approach to AI governance built around ISO 42001.

• Pillar 1 covers the documentation and governance framework that establishes the structural foundation.

• Pillar 2 addresses continuous monitoring and evidence generation, the operational discipline that keeps governance alive in production.

• Pillar 3 examines certification and audit readiness, the independent validation that converts internal rigor into external trust.

Together, the three pillars form an integrated lifecycle: build it, monitor it, certify it.

The aim is to give organizations the knowledge and tools to assemble this infrastructure and gain from the measurable advantage that comes with it: faster sales cycles driven by verifiable compliance credentials, reduced incident exposure through continuous detection, and a governance posture that satisfies auditors, regulators, investors, and enterprise procurement teams simultaneously.

Our thanks go to Drata and Prescient Security for their continued collaboration. Together, we can equip companies to deploy their AI safely.

‍Download your copy of ‘ISO 42001 in Practice: A Unified Approach to AI Governance, From Documentation to Ongoing Compliance’

Nikolas Kairinos