AI Governance· 14 min read· Custos AI

The Ultimate AI Governance Framework for Business Teams 2026

AI governance is the working set of controls that proves what AI your business uses, how, and on whose authority. This guide synthesises NIST AI RMF, ISO/IEC 42001 and the EU AI Act into seven pillars a 20-person team can implement in one week — plus a copy-paste policy you can adapt in 30 minutes.

TL;DR

  • Eurostat 2025: 17% of small EU enterprises use AI vs 55% of large enterprises — a 3x adoption gap
  • MIT NANDA 2025: employees in over 90% of companies use personal AI tools for work, regardless of official policy
  • Italian Garante fined OpenAI €15 million in December 2024 — GDPR enforcement against AI is no longer theoretical
  • EU AI Act Article 4 (AI literacy) has been legally required since 2 February 2025; high-risk obligations apply 2 August 2026 unless the Digital Omnibus defers them
  • A working framework synthesises NIST AI RMF + ISO 42001 + EU AI Act into 7 pillars, implementable in five working days

The Tuesday morning every founder dreads

It's a Tuesday in November. A 28-person consultancy in Eindhoven gets an email from a former client. Subject line: "Subject access request under Article 15 GDPR."

The client wants to know exactly which of their personal data has been processed, by which systems, and shared with which third parties. Standard request. The kind every European business should be able to answer in 30 days.

Except the founder realises something cold: half her team uses ChatGPT. Two people use Claude. One uses Perplexity for client research. None of those tools have a Data Processing Agreement with the company. Nobody logs which prompts were sent. Nobody knows whether the client's name, project details, or financials were ever pasted into a free-tier chatbot.

She has 30 days to write a truthful answer. She has no way to reconstruct the truth.

This is what AI governance is actually for. Not a 40-page PDF in a SharePoint folder. A working set of controls that means a question like this has a real answer.

If you've read three other articles on AI governance, you've probably been told to "establish a cross-functional AI committee" and "develop comprehensive policies." That advice is not wrong. It is also not useful for a 20-person company without a compliance department.

This guide is different. It pulls together what NIST, ISO and the EU AI Act actually require, strips out what doesn't apply to small and mid-sized businesses, and gives you a 7-pillar framework you can implement in one week — plus a copy-paste policy you can adapt in 30 minutes.

What is AI governance, really?

AI governance is the set of policies, controls and accountability structures that make sure the AI used inside your business is safe, lawful, traceable, and aligned with what you said you'd do.

That is the working definition. The international standards say roughly the same thing in more formal language:

  • ISO/IEC 42001:2023, the first international AI management system standard, describes governance as the structured way an organisation manages "risks and opportunities associated with AI, balancing innovation with governance" through a Plan-Do-Check-Act cycle.
  • NIST AI Risk Management Framework 1.0 (released January 2023) describes it as four interconnected functions: Govern, Map, Measure, Manage — applied continuously across the AI system lifecycle.
  • The EU AI Act doesn't define "governance" as a single term, but Articles 9, 10, 13, 14 and 17 effectively prescribe one: risk management systems, data governance, transparency, human oversight, and quality management.

Governance is not a document. It is a working machine that produces evidence.

If a regulator, an auditor, or a client asks "what AI did you use to process my data, and how did you control it?" — your governance is whatever lets you answer truthfully and quickly. Everything else is decoration.

Why most AI policies fail before the first audit

Most companies that try AI governance fail in one of five ways. Recognising your own pattern here is more useful than reading another generic checklist.

Failure 1: The 40-page policy nobody reads. A consultancy hired a lawyer to draft a comprehensive AI policy. It covered ethics, bias, data minimisation, transparency, fairness. It was 41 pages. None of the 24 employees had read more than the first page. When the DPO ran an audit, the gap between the policy and what people actually did was the size of the Atlantic.

Failure 2: A ban that becomes shadow AI. A finance firm banned ChatGPT after a Samsung-style code-leak news story. Within three months, 70% of staff were using personal accounts on personal phones. The ban produced no compliance — only invisibility. According to a 2026 Lenovo enterprise survey, 31% of employees who use AI receive no training and operate entirely outside IT oversight. The MIT NANDA "State of AI in Business 2025" report found that employees in over 90% of companies regularly use personal AI tools for work, regardless of official policy.

Failure 3: Vendor questionnaires as a substitute for control. A company sends a 200-question security questionnaire to OpenAI, gets it back, files it, and considers governance done. The questionnaire describes what OpenAI does. It says nothing about what your sales team pasted into a free ChatGPT account at 11pm last Thursday.

Failure 4: The committee that meets quarterly. A "cross-functional AI governance committee" of seven senior leaders is formed. It meets every three months, reviews slide decks, and produces minutes. Real AI use changes weekly. The committee is always reporting on a reality that no longer exists.

Failure 5: Confusing data security with AI governance. ISO 27001, SOC 2, encryption-at-rest, MFA — all good, none sufficient. AI introduces a different risk surface: what employees voluntarily transmit to a third-party model in a prompt, and what comes back as output that influences decisions. Traditional Data Loss Prevention tools, which look for credit card numbers and SSNs, do not detect a marketing manager pasting next quarter's product roadmap into a chatbot.

The honest reason policies fail is that they are written for an organisation that doesn't exist — one with a dedicated AI risk officer, an MLOps team, and budget for a third-party audit. Most European businesses don't have that. So the question is: what does governance look like for the company that actually exists?

The 7 pillars: a framework that fits on one page

This framework synthesises the controls that NIST AI RMF, ISO 42001 and the EU AI Act all converge on. Strip them down, group what overlaps, and you get seven pillars. None are invented. All map directly to citable standards.

Pillar 1: Ethics and responsible-AI principles

You write down, in plain language, what AI in your business is for and what it is not for.

This is not philosophy. It is the upstream constraint that decides everything downstream. Without it, every later decision (which model, which use case, which data) becomes ad hoc.

The minimum content of an AI principles statement is fairness, transparency, accountability, privacy and security. ISO 42001 calls these "AI policy" requirements (Clause 5.2). NIST AI RMF folds them into the Govern function. The EU AI Act assumes them throughout.

For a 20-person business, this is one page. Three to five principles, each two sentences. Signed by the founder. Posted somewhere employees actually look. Updated annually.

Pillar 2: Roles and accountability

Someone owns this. Not a committee. A name.

ISO 42001 requires that "top management shall demonstrate leadership and commitment" (Clause 5.1) and that "responsibilities and authorities for relevant roles shall be assigned and communicated" (Clause 5.3). NIST AI RMF makes accountability the central characteristic of the Govern function.

For a small business, the structure is simple: one AI owner (founder, CTO, or operations lead — accountable for the framework, with authority), function approvers (whoever owns sales, HR, legal, finance approves AI tools used inside that function), and every employee responsible for using only approved tools and reporting incidents.

The EU AI Act adds a specific requirement at Article 26(2): for high-risk AI systems, deployers must "assign human oversight to natural persons who have the necessary competence, training and authority." This applies if you deploy high-risk AI; for most SMEs using AI for drafting, summarising and analysis, you are not. But the principle — competent humans with authority — applies regardless.

Pillar 3: Risk management across the lifecycle

You identify what could go wrong, and you keep checking.

The NIST AI RMF Map-Measure-Manage loop is the cleanest version of this. ISO 42001 Clause 6.1 calls it "actions to address risks and opportunities." Article 9 of the EU AI Act prescribes a "risk management system" for high-risk AI: continuous, iterative, documented across the entire lifecycle.

For an SME using off-the-shelf models (GPT, Claude, Gemini, Mistral via API), the risks fall into five buckets:

  1. Data leakage — confidential information leaving the business in a prompt.
  2. Cost runaway — unmonitored API consumption producing surprise invoices.
  3. Output errors — the model fabricates a fact, name or citation that ends up in client work.
  4. Vendor lock-in or vendor failure — your only AI provider raises prices, changes terms, or has an outage.
  5. Compliance drift — regulation changes, your controls don't.

Each gets one named owner, one documented mitigation, and one quarterly review. That's the entire risk management system for most SMEs.

Pillar 4: Data governance

Bad data in, bad AI out. And worse: bad data in, GDPR violation out.

ISO 42001 Annex A treats data governance as a foundational control. EU AI Act Article 10 makes it explicit for high-risk systems: training, validation and test data must meet quality criteria, be relevant, sufficiently representative, and free of errors to the best extent possible.

For an SME using third-party models, you are not training data — but you are still controlling what flows into AI tools. The minimum:

  • Categorise what employees can and cannot put into AI tools. Three tiers: green (anything), amber (with approval, on approved tools only), red (never). Customer PII is amber or red. Trade secrets are red. Public information is green.
  • Pick AI providers that contractually commit to not training on your prompts. The "zero data retention" or "no training on customer data" setting. Free tiers do not give you this.
  • Sign a Data Processing Agreement with every AI provider that touches personal data. GDPR Article 28. Not optional.
  • Log what data crosses the boundary. At minimum: which user, which system, which timestamp, what category of data.

Pillar 5: Transparency

Your team, your customers, and (when relevant) the regulator can see what AI is doing inside your business.

The EU AI Act Article 13 requires that high-risk AI systems be "designed and developed in such a way to ensure that their operation is sufficiently transparent." Article 50 adds disclosure obligations: chatbots must inform users they are AI; AI-generated content must be labelled.

Inside your business, transparency is three things: a current list of AI tools in use (one spreadsheet, one source of truth, updated monthly); per-tool disclosure to customers when AI is material to delivery; and internal explainability — when AI is used in a decision affecting a person, the human making the final call understands what the AI suggested and why, and can override it.

Pillar 6: Human oversight

EU AI Act Article 14 is the cleanest articulation of human oversight in any regulation. It requires three things from any high-risk AI system:

  1. Observability — a human can monitor the system in operation, detect anomalies, understand outputs.
  2. Awareness of automation bias — the human is trained to recognise over-reliance on AI suggestions.
  3. Controllability — the human can disregard, override, or stop the AI at any point, without manager approval, technical workarounds, or downtime.

The third one is the practical test. If your team can't switch off, override, or refuse the AI's suggestion in real time, you don't have human oversight. You have a rubber stamp.

For SMEs not using "high-risk" systems under the AI Act, this isn't legally mandated. Apply it anyway. It is the single control that prevents the worst category of AI failure: a confident wrong answer being treated as truth.

Pillar 7: Compliance, audit and incident response

You have evidence, and you have a plan for when things go wrong.

ISO 42001 Clause 9 (Performance Evaluation) and Clause 10 (Improvement) cover this. NIST AI RMF folds it into Manage. EU AI Act Articles 17, 19 and 26 make pieces legally binding for high-risk AI.

For an SME, the working version is: an AI register (one row per system in use, columns: name, vendor, purpose, data category processed, approver, last reviewed date, DPA reference); an incident response procedure (who to notify if confidential data is sent to a public AI tool, what to do in the first hour, when to notify the data protection authority — GDPR gives you 72 hours from awareness, Article 33); and a quarterly review (30 minutes with the AI owner and one or two function leads).

These seven pillars are what NIST AI RMF, ISO 42001 and the EU AI Act share, expressed at the scale a 20-person business can actually run.

How NIST, ISO 42001 and the EU AI Act fit together

These three are often presented as alternatives. They aren't. They serve different purposes.

FrameworkTypeMandatory?What it gives you
NIST AI RMF 1.0Voluntary risk-management guidanceNoFlexible vocabulary for risk: Govern, Map, Measure, Manage
ISO/IEC 42001:2023Certifiable management system standardNo (but certifiable)Repeatable management system; auditable certification (4–9 months for SMEs)
EU AI ActBinding EU regulationYesSpecific obligations by risk class; fines up to €35M or 7% global turnover

The pragmatic relationship: NIST AI RMF gives you the language and the mental model. ISO 42001 gives you the management system structure. EU AI Act is the law — compliance is non-negotiable for systems in scope.

A business that implements ISO 42001 well will satisfy most NIST AI RMF outcomes and most EU AI Act organisational requirements. They are reinforcing, not competing.

What the EU AI Act actually requires from your business in 2026

The EU AI Act entered into force on 1 August 2024 and applies in phases:

  • 2 February 2025 — Prohibited AI practices and AI literacy obligations under Article 4 became applicable. Every business deploying AI must ensure staff have "a sufficient level of AI literacy."
  • 2 August 2025 — Obligations for providers of general-purpose AI models (OpenAI, Anthropic, Google, Mistral, Meta) became applicable. National competent authorities had to be designated.
  • 2 August 2026 — Most remaining provisions become applicable, including obligations for high-risk AI in Annex III, transparency obligations under Article 50, and AI regulatory sandboxes.
  • 2 August 2027 — Rules for high-risk AI embedded in regulated products (medical devices, vehicles) apply.

One critical caveat for 2026: on 19 November 2025, the European Commission published the "Digital Omnibus on AI" — a proposal to defer the high-risk compliance deadline from 2 August 2026 to 2 December 2027. As of May 2026, trilogue negotiations have produced a political agreement, but the Omnibus has not been formally adopted. Until it is, the original 2 August 2026 deadline applies.

Practical translation for your business:

  1. AI literacy is already legally required. Article 4 has been in force since February 2025. Every employee using AI needs documented training proportionate to their role.
  2. Most SMEs do not deploy high-risk AI. The Annex III list is specific: AI in critical infrastructure, education access, employment screening, essential services, law enforcement, migration, justice. Drafting emails, summarising documents, generating marketing copy is not high-risk under the Act.
  3. Penalties are tiered. Up to €35 million or 7% of global annual turnover for prohibited practices. Up to €15 million or 3% for high-risk breaches. SMEs benefit from proportionality (Article 99(6)) — fines must take SME size into account.

If you build the 7-pillar framework above, EU AI Act compliance for non-high-risk AI follows automatically.

The one-week implementation plan for a 20-person team

This is for a business that has done nothing on AI governance and wants to be in a defensible position by Friday. Five working days. One person assigned. Two hours per day average.

Day 1 — Inventory. Send a one-question survey to every employee: "List every AI tool you have used for work in the last 90 days, including free ones." Don't punish disclosure. Compile the list. According to MIT NANDA's 2025 study, employees in 90% of companies use AI tools their employer doesn't know about. Your number won't be lower.

Day 2 — Categorise. Sort every tool into three buckets: approve and standardise (paid plan, signed DPA), replace (free tool doing necessary work — upgrade or migrate), forbid (no enterprise tier, no DPA option, unacceptable terms).

Day 3 — Write the principles and the data tier. One page. Five principles in your own voice. Three data tiers (green/amber/red) with examples. Founder signs it. Posted in the company wiki.

Day 4 — Build the register and the override rule. Open a spreadsheet. One row per approved tool: name, vendor, purpose, data tier allowed, approver, DPA on file (yes/no/link), date last reviewed. For each tool, write the override rule.

Day 5 — Train and announce. 45-minute all-hands meeting. Walk through the principles, the tier system, the approved tool list, the incident response procedure. Document attendance — that's your Article 4 AI literacy evidence.

By Friday afternoon you have a signed AI principles statement, categorised inventory, written approval criteria, an AI register, a documented override and incident response procedure, and trained staff with attendance records.

That is more AI governance than 80% of European SMEs currently operate with.

Copy-paste: the one-page AI Governance Framework

Below is a complete framework you can copy into a Google Doc, Notion page, or company wiki and adapt in 30 minutes. Replace the bracketed placeholders. Edit the AI tool list to match your inventory from Day 1. Sign it, share it, review it quarterly.

This is not a legal document. It is a working policy. If you operate in a regulated industry (finance, healthcare, legal services) or deploy high-risk AI under EU AI Act Annex III, have a lawyer review it before publication.

[YOUR COMPANY NAME] — AI Governance Framework

Version 1.0 · Effective [DATE] · Owner: [NAME, ROLE] · Next review: [DATE + 3 months]

1. Purpose

This document sets out how [COMPANY] uses artificial intelligence in its work, who is accountable for it, and how we keep that use safe, lawful and aligned with our commitments to clients, employees and partners.

2. Principles

We use AI in our business under five principles:

  1. Augmentation, not replacement. AI assists human judgment in client and internal work. A human reviews and is accountable for every output that leaves the company.
  2. Lawful data handling. We do not input personal data, confidential client information or trade secrets into AI tools that lack a Data Processing Agreement with us.
  3. Transparency. We maintain a current register of every AI tool used in the business and disclose to clients when AI materially contributes to a deliverable.
  4. Cost discipline. Every AI tool with usage-based pricing has a hard budget limit. No employee can incur AI costs above their monthly cap without written approval.
  5. Continuous review. This framework is reviewed quarterly. The AI register is updated monthly. Incidents are logged and learned from.

3. Roles

  • AI Owner: [NAME, ROLE]. Accountable for this framework. Approves new AI tools. Owns the AI register. Reports to leadership quarterly.
  • Function Approvers: Each department lead approves AI tools used within their function.
  • Every employee: Uses only approved tools listed in Section 6. Reports incidents under Section 9 within one working day.

4. Data classification

Information at [COMPANY] falls into three tiers. Each tier defines what AI tools may process it.

TierExamplesAllowed AI tools
GreenPublic information, marketing copy, generic researchAny approved tool in Section 6
AmberInternal documents, draft client work, financial figures not yet publishedOnly tools with a signed DPA and contractual no-training commitment
RedPersonally identifiable client data, health information, trade secrets, source code, unredacted financial records, legal adviceNo AI tools without explicit case-by-case approval from the AI Owner

When in doubt, treat the data as one tier higher than you think.

5. AI tools — approval criteria

A tool may be added to the approved list only if it meets all of the following:

  • Signed Data Processing Agreement under GDPR Article 28
  • Documented commitment that customer prompts are not used to train models
  • EU or equivalent-adequacy hosting confirmed in writing, or SCC transfer mechanism in place
  • Authentication via SSO or, at minimum, unique per-employee credentials
  • Incident notification clause in vendor contract — vendor must notify breaches within 72 hours
  • Cost cap configurable, or fixed-fee subscription

6. Approved AI tools register

ToolVendorPurposeData tier allowedApproverDPA on fileLast reviewed
[Tool 1][Vendor][Purpose]Green / Amber[Name][Yes — link][Date]
[Tool 2][Vendor][Purpose]Green[Name][Yes — link][Date]

This register is the single source of truth. A tool not on this list is not approved.

7. Forbidden uses

The following are prohibited regardless of tool: inputting Red-tier data into any AI system; using free-tier consumer AI accounts for any work-related task involving Amber or Red data; acting on AI output in a regulated decision (hiring, dismissal, credit) without documented human review and override authority; disabling or working around any control in this framework.

8. Human oversight

For every AI tool in Section 6, the approver defines in writing: who reviews output before it leaves the company; what they check for (factual accuracy, hallucinated citations, tone, client confidentiality); how overrides are recorded.

9. Incident response

If confidential, Amber- or Red-tier data has been entered into an unapproved AI tool, or into an approved tool in violation of its data tier:

  1. Within 1 hour: notify the AI Owner ([NAME, EMAIL]).
  2. Within 4 hours: AI Owner assesses scope. Personal data → DPO notified.
  3. Within 24 hours: decision on whether the incident triggers a notifiable personal data breach under GDPR Article 33.
  4. Within 5 working days: written incident summary added to the incident log.

Employees who report their own mistakes promptly will not be disciplined for the mistake itself.

10. Training and AI literacy

In line with EU AI Act Article 4, every employee using AI tools at [COMPANY] receives initial onboarding (45 minutes, documented), annual refresh (30 minutes, documented), and role-specific training when their function changes how AI is used.

11. Review and version control

This framework is reviewed quarterly by the AI Owner. The AI register is updated monthly. The current version is always available at [INTERNAL LINK].

Signed: [FOUNDER NAME, ROLE] Date: [DATE]

That's the entire framework. One page, eleven sections, copy-pasteable. It will not win awards for prose. It will pass a procurement questionnaire from an enterprise client, satisfy a DPO audit, and give your team a clear answer to "what are we allowed to use, and for what?"

Use it as the starting point, not the ending point. The ending point is the four-quarter habit that keeps it true.

How Custos AI fits into this framework

A multi-LLM platform that implements pillars 3, 4, 5 and 7 by default.

Custos AI is a GDPR-proof platform that gives your team access to GPT, Claude, Gemini and Mistral through a single interface — with hard per-user budget limits, EU hosting in Frankfurt and Amsterdam, signed DPAs with every provider, and an audit log of every prompt. You bring your own API keys (BYOK), so there is no AI margin and no surprise invoices. The 7-pillar framework above doesn't require Custos. But if you're building it, Custos handles four of the seven pillars by default — risk management, data governance, transparency and audit. The other three (principles, roles, oversight) are still yours to define.

Start 14-day free trial

Next: What the EU AI Act actually requires from a 20-person company

The Annex III high-risk list, the Article 4 AI literacy obligation, and the practical compliance checklist for SMEs that don't deploy high-risk systems but still need to prove they're compliant.

Read: The EU AI Act for 20-person companies →

Frequently asked questions

What is AI governance in plain terms?
AI governance is the set of policies, controls and accountability structures that make sure the AI used inside your business is safe, lawful, traceable, and aligned with what you committed to clients and regulators. It is not a document — it is a working machine that produces evidence when asked.
Does an SME really need a formal AI governance framework?
If your business uses ChatGPT, Claude, Gemini or any other AI tool to process client information, financial data or employee records — yes. The EU AI Act Article 4 (AI literacy) has been legally binding since February 2025, and the GDPR has always required documented data processing controls. The framework does not need to be 40 pages. A one-page policy plus an AI register, signed and reviewed quarterly, is sufficient for most SMEs.
How does the EU AI Act apply to my business in 2026?
The EU AI Act applies in phases. Prohibited practices and Article 4 AI literacy obligations have applied since 2 February 2025. Obligations for general-purpose AI providers applied from 2 August 2025. The bulk of remaining obligations — including high-risk system rules under Annex III and Article 50 transparency rules — apply from 2 August 2026, unless the Digital Omnibus on AI defers high-risk deadlines to 2 December 2027 (negotiations ongoing as of May 2026). Most SMEs do not deploy high-risk AI under Annex III, but Article 4 and Article 50 still apply universally.
What is the difference between NIST AI RMF, ISO 42001 and the EU AI Act?
NIST AI RMF is a voluntary US-led risk-management framework with four functions (Govern, Map, Measure, Manage). ISO/IEC 42001:2023 is an international, certifiable AI management system standard using a Plan-Do-Check-Act cycle. The EU AI Act is binding EU regulation with risk-tiered obligations and fines up to €35 million or 7% of global turnover. They are reinforcing — implementing one well covers most of the others.
How long does ISO 42001 certification take for an SME?
For most small and mid-sized businesses, ISO 42001 certification takes between 4 and 9 months end-to-end: 2–4 weeks for gap assessment, 1–3 months for AI Management System design and documentation, 1–2 months for operational rollout and internal audit, and 1–2 months for the certification audit itself. Cost varies by scope and certifier. Certification is optional — the principles can be implemented without it.
How does Custos AI handle AI governance?
Custos AI is a multi-LLM platform that implements four of the seven governance pillars by default: risk management (hard per-user budget limits, real-time monitoring), data governance (BYOK encryption, EU hosting in Frankfurt and Amsterdam, signed DPAs with every provider), transparency (audit log of every prompt, model and user), and compliance (GDPR-proof architecture, exportable audit trail). The other three pillars — your AI principles, your role assignments, your human oversight rules — are organisational and stay your responsibility.
C

Custos AI

The Custos AI team

Custos AI is a GDPR-proof multi-LLM platform for European businesses. We write about AI governance, GDPR compliance and safe AI use for small and medium companies.

Related reading