Skip to main content

AI Governance & Evaluation

AI Governance and Evaluation for Production Systems

AI Governance & Evaluation

AI governance and evaluation became board-level concerns in 2026. The EU AI Act's general-purpose AI obligations took effect in August 2025 and the broader high-risk system rules apply from August 2, 2026, with fines up to €35M or 7% of global annual turnover. NIST released AI RMF 1.0 in January 2023 and the Generative AI profile in July 2024. ISO/IEC 42001, the first certifiable AI management system standard, went live in December 2023 and is now a procurement requirement at most large enterprises.

Most companies are not aligned to any of these frameworks. Their AI systems run without an eval pipeline, without a drift detector, without an audit log, without a risk register, and without a named executive owner. The first time these gaps surface is during a regulator inquiry, a customer security review, or a production incident that hits the news.

This page is for CTOs, Chief AI Officers, heads of risk, and compliance leaders who are now responsible for proving the AI portfolio is governed and evaluated to a defensible standard. It covers what governance and evaluation actually mean operationally, which frameworks to align to, what the eval pipeline contains, how drift detection works, and how to staff and budget the program.

Why AI Governance Became a Board Issue in 2026

Three forces converged. First, the EU AI Act went from passed text to live enforcement, with the broader high-risk obligations binding from August 2, 2026 and penalties that exceed GDPR's. Second, ISO 42001 became a procurement gate at Fortune 500 buyers, meaning vendors without certification get filtered out before the technical review. Third, public incidents (model hallucination, biased outputs, prompt injection, data leakage) made AI risk a named line item in board risk dashboards and D&O insurance underwriting.

Governance work that used to live in research labs and compliance teams now sits with the CTO, the Chief AI Officer, or the head of risk depending on org structure. The work is the same regardless of who owns it: name the systems, classify the risk, run the evals, log the decisions, monitor for drift, document the controls, and present it to the board on a quarterly cadence.

  • EU AI Act: high-risk system obligations binding from August 2, 2026, penalties up to €35M or 7% of global annual turnover
  • NIST AI RMF: voluntary in the US but cited in federal procurement, executive orders, and state-level legislation
  • ISO/IEC 42001: certifiable AI management system standard, now a procurement gate at most Fortune 500 buyers
  • D&O insurance: AI risk has moved from policy exclusion language to underwriting questions and named coverage
  • Customer security reviews: SOC 2 and vendor questionnaires now include AI governance questions explicitly
  • Board fiduciary duty: directors of public companies are increasingly expected to ask AI risk questions and document the answer

The Three Frameworks (and How They Fit Together)

NIST AI RMF, ISO 42001, and the EU AI Act are designed to complement each other, not compete. NIST and ISO address organizational governance: how the company manages AI risk across its portfolio. The EU AI Act addresses product compliance: whether a specific AI system meets binding legal obligations to be placed on the EU market. A single governance program, built once, can satisfy all three if the architecture is right.

  • NIST AI RMF: four functions (Govern, Map, Measure, Manage), voluntary in the US, referenced in 30+ regulatory guidance documents and federal procurement requirements
  • NIST Generative AI Profile (July 2024): 12 risk categories specific to generative AI, including confabulation, data privacy, harmful bias, and prompt injection
  • ISO/IEC 42001: certifiable AI management system standard, modeled on ISO 27001, audit pathway and certification body ecosystem now mature
  • EU AI Act: risk-based regulation classifying systems as prohibited, high-risk, limited-risk, or minimal-risk, with binding obligations for high-risk systems
  • EU AI Act timeline: prohibited practices applied Feb 2025, general-purpose AI obligations Aug 2025, high-risk system obligations Aug 2, 2026, full enforcement Aug 2027
  • Overlap: all three frameworks require risk identification, controls, monitoring, documentation, and incident response. The artifacts can be shared across them
  • Sequencing recommendation: build the NIST AI RMF baseline first (governance vocabulary, risk register, eval pipeline), then layer ISO 42001 for certifiable management system, then EU AI Act for product-level compliance on systems sold into the EU

What an AI Evaluation Pipeline Actually Contains

AI evaluation in production is not benchmark accuracy on a public dataset. It is whether the system makes the decisions your business wants on your real inputs over time. A real eval pipeline runs on every model change, every prompt change, every tool change, and every dataset refresh, and it produces a per-version scorecard the team and the board can read.

The 2026 consensus on eval architecture is layered: deterministic checks at the cheap end, LLM-as-judge in the middle, human review at the top, all feeding a shared dashboard. Open-source frameworks like DeepEval, RAGAS, and OpenAI Evals cover most needs, with hosted platforms (LangSmith, Langfuse, Braintrust, Arize Phoenix, Future AGI) wrapping them with traces, dashboards, and CI integration.

  • Frozen eval set: 100-1,000 real production samples per use case, hand-labeled, refreshed quarterly, version-controlled
  • Rubrics: written scoring criteria for correctness, helpfulness, safety, format, and any business-specific dimensions
  • Deterministic checks: schema validation, format compliance, banned-phrase detection, length bounds, latency budgets
  • Heuristic scoring: keyword and pattern matching for known correct or incorrect answers, cheap and fast
  • LLM-as-judge: a stronger reference model scores outputs against the rubric, calibrated against human labels on a holdout set
  • Human review: the spine of the eval program, weekly review of sampled production traces, recalibrates the LLM judge
  • CI integration: evals run on every PR that touches prompts, tools, models, or data, with regression gates
  • Dashboards: per-version eval scores, trend lines, drill-down to specific failures, accessible to engineering and the board
  • Tooling: DeepEval and OpenAI Evals for CI, RAGAS for RAG-specific dimensions, LangSmith / Langfuse / Braintrust / Arize Phoenix for traces and dashboards

Drift Detection and Production Monitoring

Drift is silent. The output looks fine but slowly skews wrong as user inputs evolve, the underlying model gets updated by the vendor, the upstream data changes, or the prompt accumulates patches. Without instrumentation, drift becomes a customer-facing incident before anyone notices. Anthropic's 2026 evaluation guidance describes a production monitoring requirement that static tests alone cannot fulfill.

The standard architecture in 2026: log every production trace (input, prompt, tool calls, output, latency, cost, user feedback), run a sample of those traces through the eval rubric daily, track output distributions and refusal rates, and trigger investigation when any signal moves outside the rolling baseline.

  • Full trace logging: input, system prompt, retrieved context, tool calls, outputs, latencies, token counts, costs, user feedback
  • Output distribution tracking: classify outputs by category and track the distribution over time, flag sudden shifts
  • Refusal rate monitoring: a sudden change in refusal or fallback rate often precedes a customer-visible quality regression
  • Token usage and latency: cost and speed drift often signals upstream model changes the vendor did not announce
  • Daily LLM-as-judge sampling: 1-5% of production traces re-scored against the eval rubric, results logged to dashboard
  • Weekly human review: 20-100 sampled traces reviewed by domain experts, recalibrates the judge and surfaces new failure modes
  • Alert thresholds: defined trigger levels that open an investigation ticket, not just a Slack notification
  • Tooling: Arize, WhyLabs, Phoenix, Langfuse, and Braintrust all ship production drift monitoring; pick on data residency, OpenTelemetry support, and pricing model

AI Governance Controls in Practice

Governance is not a policy document. It is a set of operational controls that live in code, in process, and in the org chart. A real AI governance program produces artifacts (risk register, control matrix, decision log, eval dashboard, incident reports) that an auditor can review on demand. The controls should be specific enough that a new hire can execute them and a regulator can verify them.

  • Approval flow for model changes, prompt updates, tool additions, and data source changes, with sign-off recorded
  • Audit log: every AI decision tagged with model version, prompt version, input hash, retrieved context, output, user, and timestamp
  • Risk register: top 10-30 AI risks with owners, mitigations, residual risk rating, and review cadence
  • PII and sensitive data handling: data classification, redaction at ingress, encryption at rest, vendor data agreements
  • Vendor and API dependency management: contract terms reviewed annually, model deprecation tracked, fallback plans documented
  • Cost governance: per-use-case and per-user budgets, real-time alerting, hard caps to prevent runaway spend
  • Incident response runbook: severity levels, escalation paths, communication plan, post-incident review template
  • Rollback procedures: every prompt, model, and tool change shippable with a one-command rollback to the previous version
  • Role-based access: who can change a prompt, deploy a model, access training data, view audit logs
  • Quarterly governance review: the AI portfolio reviewed by the AI council or board committee with written minutes

Failure Modes and Incident Response

AI systems fail differently from classical software. The failure modes are not crashes; they are quiet degradations. Hallucination, prompt injection, data leakage, bias drift, refusal cascades, tool selection errors, and runaway agents all produce outputs that look plausible but are wrong. The incident response runbook has to account for the fact that the first signal is often a customer complaint or a regulator inquiry, not a monitoring alert.

  • Hallucination: model invents facts; controls are RAG grounding, citation requirements, eval rubric for factual accuracy
  • Prompt injection: user input manipulates system prompt; controls are input sanitization, instruction hierarchy, tool-use restrictions
  • Data leakage: model reveals training data, internal data, or other users' data; controls are access scoping, output filtering, red-team testing
  • Bias drift: outputs skew across demographic or category lines; controls are fairness evals, stratified eval sets, periodic disparate-impact testing
  • Tool selection error: agent calls the wrong tool or wrong arguments; controls are trajectory-level evals, idempotency, dry-run modes
  • Runaway agent: loops, retries, or recursion burn budget; controls are step caps, token caps, dollar caps enforced outside the model
  • Vendor model change: provider silently updates the model and quality regresses; controls are version pinning, eval on every model update, fallback to previous version
  • Incident response: severity classification, named incident commander, customer communication template, regulatory notification timeline, post-incident review with corrective actions

EU AI Act: Practical Compliance Path for 2026

The EU AI Act is binding regulation for any organization that places or deploys AI systems in EU markets, regardless of where the company is headquartered. The August 2, 2026 deadline applies to high-risk AI systems as listed in Annex III (employment screening, credit decisions, education access, law enforcement, critical infrastructure, and others). Companies that have not started the compliance work as of mid-2026 are not on track.

  • Scope assessment: is the system AI (per the Act's definition), is it placed in EU markets, who is the provider, who is the deployer
  • Risk classification: prohibited, high-risk (Annex III), limited-risk (transparency obligations), minimal-risk
  • High-risk obligations: risk management system, data governance, technical documentation, record-keeping, transparency, human oversight, accuracy and robustness, post-market monitoring
  • Conformity assessment: internal review for most Annex III systems, third-party assessment for some categories
  • CE marking and EU declaration of conformity for high-risk systems before placing on market
  • Post-market monitoring: ongoing performance tracking and serious incident reporting to national competent authorities
  • GPAI obligations: providers of general-purpose AI models have additional transparency, copyright, and safety obligations
  • Documentation: technical file, instructions for use, EU declaration of conformity, post-market monitoring plan, all auditable on demand

Staffing and Budget for the Governance Program

A credible AI governance and evaluation program at a mid-sized company is not a one-person job, but it is also not a 20-person team. The realistic shape is one named executive owner, one or two AI engineers focused on eval and observability, a part-time legal and compliance contribution, and an external advisor or consultant during build-out. The annual run cost is typically 10-25% of the broader AI engineering budget.

  • Executive owner: Chief AI Officer, CTO, or Head of AI Risk, depending on org structure. One named person with sign-off authority
  • AI engineering staffing: 1-3 engineers dedicated to eval, observability, drift detection, and governance tooling
  • Legal and compliance: 0.25-0.5 FTE allocation from existing legal or compliance team for AI-specific work
  • External advisor or consultant: 6-18 month engagement during initial framework build-out, then quarterly review cadence
  • Tooling budget: $50K-$500K/year depending on scale, includes eval platforms, observability, drift detection, and audit log infrastructure
  • External audit: ISO 42001 certification costs $30K-$150K including readiness, audit, and surveillance
  • Board-level reporting: quarterly written governance review presented to the AI council or board risk committee
  • Total program cost: typically 0.5-2% of revenue for mid-sized companies, scaling down with size and risk exposure

How Mahmoud Runs Governance and Evaluation Engagements

My governance and evaluation work runs in two shapes. The first is a fixed-scope 8-16 week engagement to design and stand up the program: framework selection, risk register, eval pipeline, drift detection, incident runbook, governance documentation, and a board-presentable summary. The second is an ongoing fractional AI officer retainer covering the program once it is live, typically 1-2 days a week for 6-24 months.

I am vendor-neutral on eval and observability tooling and have shipped programs across LangSmith, Langfuse, Braintrust, Arize Phoenix, and self-hosted OpenTelemetry stacks. The choice is driven by data residency, OpenTelemetry support, pricing model, and what the engineering team will actually maintain.

  • Phase 1 (weeks 1-4): scope, framework selection (NIST, ISO, EU AI Act), risk register, eval rubric design
  • Phase 2 (weeks 4-10): eval pipeline build, drift detection setup, audit log infrastructure, incident runbook
  • Phase 3 (weeks 10-16): documentation, board-facing artifacts, executive training, handoff to internal owners
  • Optional ongoing: fractional AI officer retainer for the operate phase
  • Tooling-agnostic: vendor neutrality on eval and observability platforms, choice driven by team and data
  • Documentation lives in the company's own systems, not in consultant decks, so the program survives my exit
  • Quarterly board-facing review available as a standing deliverable

FAQ

Do I need NIST AI RMF, ISO 42001, and EU AI Act compliance, or can I pick one?

You probably need all three if you operate at any meaningful scale. NIST gives you the governance vocabulary and risk framework. ISO 42001 gives you a certifiable management system that procurement teams accept. The EU AI Act gives you legal compliance for systems sold into the EU. The frameworks are complementary, and a single governance program can satisfy all three.

When does the EU AI Act take effect for high-risk systems?

High-risk AI system obligations under the EU AI Act apply from August 2, 2026. Prohibited practices have been in force since February 2, 2025. General-purpose AI model obligations have applied since August 2, 2025. Full enforcement applies from August 2, 2027.

What is the difference between AI evaluation and AI monitoring?

Evaluation is offline: you run a frozen test set on every change to detect regressions before shipping. Monitoring is online: you watch production traces, sample them through the eval rubric, and detect drift after shipping. You need both. Eval catches what you can predict; monitoring catches what you cannot.

What tooling should I use for LLM evaluation in 2026?

For CI-style regression testing, DeepEval and OpenAI Evals are the open-source defaults. For RAG-specific dimensions, RAGAS. For traces, dashboards, and production monitoring, LangSmith (LangChain-native), Langfuse (open-source self-hostable), Braintrust (eval-first), and Arize Phoenix (OpenTelemetry-native) are the credible choices. Pick on data residency, OTel support, and pricing.

How much does an ISO 42001 certification cost?

For a mid-sized company, $30K-$150K including readiness assessment, gap analysis, internal preparation, the certification audit, and the first year of surveillance audits. Larger organizations pay more depending on the number of AI systems in scope. The program itself (staffing, tooling, documentation) is a multiple of that.

Who should own AI governance in the org chart?

A single named executive with sign-off authority. At mid-sized companies, often the CTO or Head of AI. At larger or regulated companies, a dedicated Chief AI Officer or Head of AI Risk reporting to the CEO or CRO. Distributed ownership across legal, compliance, and engineering without a single named accountable executive is the most common failure mode.

What is LLM-as-judge and how do I keep it honest?

LLM-as-judge uses a stronger reference model to score outputs from your production model against a rubric. It is fast and cheap relative to human review. The honesty mechanism is calibration: you hand-label a holdout set, run the judge on the same set, and verify the judge agrees with humans above a threshold (typically 80-90%) before trusting it. Recalibrate quarterly or whenever you change the rubric.

How often should the AI governance program be reviewed?

Operationally weekly (eval results, drift signals, incident review), tactically monthly (risk register, control effectiveness, vendor updates), and strategically quarterly (board-facing review, framework alignment, regulatory updates). External audit annually if certified to ISO 42001.

Next step

Your situation isn't generic. Neither should the conversation be.

A short call to map what ai governance & evaluation looks like for your team. No obligation, no pitch, just clarity.

Senior architect · 16+ years shipping · Direct, no agency layers