Essential
Build your foundation in AI governance. These modules cover how to classify AI systems, manage risk, structure accountability, and operationalize governance programs — the building blocks every legal and compliance team needs.
Classify & Understand AI Systems
▶
Is This Even AI?
A practical classification framework for distinguishing AI systems from traditional software — essential groundwork before any governance work begins.
5 minGenerative vs. Agentic AI
Understand the critical difference between generative AI (content creation) and agentic AI (autonomous action) — and why the distinction matters for risk and compliance.
6 minHow LLMs Actually Work (No Math Required)
The AI tools your teams use every day don't look up facts — they predict them. Understanding how Large Language Models actually work reveals exactly where hallucinations, data leaks, and bias originate, and where governance needs to step in.
8 minWhat AI Can and Cannot Do: Setting Realistic Expectations
AI sounds just as confident when it's wrong as when it's right. Learn the practical framework for defining what AI can do, cannot do, and what must happen before its outputs matter.
7 minAI Myths That Break Governance
AI myths shape how teams behave long before any policy is written. Learn the four most common myths that break AI governance, and what to say instead.
6 minThe GenAI Lifecycle: Where Governance Happens
Most AI governance failures happen between stages, not at deployment. Learn the four GenAI lifecycle stages, the governance minimum required at each one, and how to keep a human in the loop.
6 min
Tools & Templates
AI Risk Management
▶
Data Risk: What Goes In, What Comes Out, What Stays
AI data risk begins the moment your team opens a prompt. The Input-Output-Retention framework maps where sensitive data goes, what vendors are permitted to do with it, and why deletion doesn't always mean gone.
5 minVendor Risk & Black-Box AI: The Due Diligence Framework
AI vendor risk goes beyond data security — it's about what vendors are contractually permitted to do with your inputs. Most procurement processes never ask that question.
10 minHallucinations: Why AI Lies and What Governance Must Do
AI hallucinations aren't a bug — the model predicts what sounds right, not what's true. Governance designed around detection will always be a step behind.
8 minDecision Risk: Automation Bias and Escalation Failure
When AI tools make recommendations, humans are supposed to review them. Automation bias and escalation failure turn that review into a rubber stamp — here's how to recognize the pattern and close the gap.
9 minShadow AI: Detection, Risk, and Response
Employees are using unauthorized AI tools at work — and punishing them doesn't fix it. Learn what shadow AI signals, what's actually at risk, and how to respond effectively.
7 minLegal vs. Operational Risk: The Prioritization Matrix
Legal approved it. Operations deployed it. Something still went wrong. Learn how to evaluate AI risk across both dimensions — and who should own each quadrant.
5 minThe Risk Red Flags: 12 Signals Anyone Can Spot
You don't need to be a lawyer to flag AI governance problems. Here are 12 signals that any employee can recognize — and exactly who to notify when they do.
6 min
Governance Fundamentals
▶
Choosing an AI Platform
Choosing an AI Platform isn't a tech decision. It's a governance decision. Every major AI platform has a consumer version and an enterprise version. They're not the same governance environment. Here's what actually differs — and how to make platform decisions your legal team can stand behind.
8 minRoles & Responsibilities
Define ownership across your AI governance structure: who approves deployments, who monitors risks, and who escalates incidents.
6 minPolicy Development for AI
How to write AI usage policies that are enforceable, practical, and aligned with your compliance obligations — with annotated template.
10 minStakeholder Communication
Frameworks for communicating AI risk and governance requirements to executives, board members, and operational teams.
7 minBoard Reporting on AI
Structure board-level AI governance reporting — what metrics matter, how to communicate risk in non-technical terms, and board accountability obligations.
6 min
Accountability & Transparency
▶
Explainability Requirements
When and how AI systems must be able to explain their decisions — covering regulatory mandates, technical approaches, and user communication.
8 minAlgorithmic Accountability
Operationalizing accountability: maintaining audit trails, documenting decision logic, and preserving evidence for regulatory examination.
7 minHuman Oversight Design
Design human-in-the-loop controls that satisfy regulatory requirements without creating operational bottlenecks.
8 minIncident Reporting & Response
An AI incident response playbook — covering detection, classification, notification obligations, and post-incident review.
10 min
Implementation Readiness
▶
Gap Assessment Framework
Benchmark your current governance practices against regulatory requirements and identify priority gaps.
9 minThe 90-Day Governance Kickstart
A phased action plan for organizations starting from zero — what to do in the first 30, 60, and 90 days.
8 minChange Management for AI Governance
Embedding governance into existing workflows without creating friction — stakeholder buy-in, training, and adoption strategies.
7 minMeasuring Governance Effectiveness
KPIs and metrics for AI governance programs — how to demonstrate compliance maturity to leadership, auditors, and regulators.
6 min