Governance

https://taxonomy.eticas.ai/risk/governance

Maturity: established

The risk that an AI system lacks adequate structures, policies, or accountability mechanisms to oversee its design, deployment, and use. Weak governance can lead to unclear responsibilities, poor documentation, limited auditability, and failure to align with legal, ethical, or organizational standards.

Also known as: Accountability · Governance & Accountability

Applies to: ALL
Lifecycle stages: Pre Processing, In Processing, Post Processing

Risk groups

Accountability — Risks from unclear allocation of responsibility, weak human oversight, and inadequate attribution mechanisms for AI system decisions and their adverse impacts.
Documentation & auditability — Risks from incomplete, inaccessible, or absent documentation and audit trails.
Compliance & process — Risks from gaps in organisational processes for ongoing oversight, compliance, and lifecycle management of AI systems — including regulatory compliance, change management, data governance, monitoring and evaluation, remediation of failures, and incident response.

Mappings to external frameworks

Compliance

Framework	Concept
ISO/IEC 42001:2023 — AI Management System	A.2 Policies + A.3 Internal organization
EU AI Act (Regulation 2024/1689)	Article 17 — Quality management system + Article 9 — Risk management
AIUC-1 — AI Underwriting Company Standard	Accountability domain

Reference frameworks

Framework	Concept
NIST AI 600-1 — Generative AI Risk Profile	Value Chain & Component Integration
NIST AI Risk Management Framework (AI 100-1)	Accountable & Transparent
OECD AI Principles	Accountability
NIST AI Risk Management Framework (AI 100-1)	GOVERN function (entire)

Taxonomies & vocabularies

Framework	Concept
MIT AI Risk Repository	Governance failure
W3C Data Privacy Vocabulary — AI Extension	Governance / Organisational Measure
IBM AI Risk Atlas	Non-technical → Governance dimension

Part of the Eticas AI Risk Taxonomy. URI: https://taxonomy.eticas.ai/risk/governance