AI Governance Frameworks: The Seven Types That Exist
Currently, very few complete and easily accessible AI governance frameworks exist. What is available falls into seven types that we have identified and describe here.
Many organisations are adopting AI at an increasing pace, but most do not fully understand the risks involved or how to mitigate them, which can expose them to harm. Many turn to governance frameworks to manage this, but deciding which to adopt is a difficult decision for any organisation, especially those with limited resources such as small to medium enterprises.
In this article we therefore describe what any organisation needs to know about AI governance: the seven types of framework that exist, and how to make sense of them.
What is governance?
Governance is the system that determines how an organisation is run. It plays a key role in many sectors, defining the rules, roles and processes that direct or control an organisation. This can apply to employees and the organisation itself. This is an important aspect to consider as governance builds trust internally and externally with different stakeholders. One sector where it is common is finance, where it is used to manage services and assets to mitigate the risk of fraud and set a basis for who is accountable for key activities. The same approach applies to AI across its development lifecycle.
What is AI governance?
AI governance is the set of rules and processes that an organisation must follow when it adopts AI for its operations. This can comprise frameworks and policies which define roles, risk controls and necessary oversight. AI governance is the rules and processes; AI assurance is what produces the evidence that AI governance is working, and compliance is the following of internal rules and external law.
What is an AI governance framework?
A comprehensive AI governance framework is a structured organisational system consisting of principles, governance mechanisms, risk methodologies, operational controls, ethical objectives, and implementation structures, intended to guide the responsible management of artificial intelligence across the full AI lifecycle. In reality very few genuine comprehensive frameworks exist. However, what we do have falls into one of the following categories:
- Principles–based guidance to support an AI governance framework (OECD, UNESCO)
- Legislation that defines what is legally required (EU AI Act, South Korea AI Basic Act)
- Standards that define what a framework should contain such as activities in each lifecycle, some certifiable (ISO 42001), some voluntary framework-building tools (NIST AI RMF)
- Partial guidance that incorporates useful instruction for a framework (Singapore Model AI Governance Framework)
- Assurance and audit guidance that support assurance and compliance (UK government’s Introduction to AI assurance)
- Non-binding declarations (Hiroshima, Bletchley)
- Self-declared commitments (Google, Microsoft, Anthropic
What good AI governance looks like?
Good AI governance rests on a reliable framework and a consistent set of rules and principles that an organisation can apply. These are generally based on internationally acceptable norms, or an organisation can research and develop internally, or work collaboratively with other like-minded organisations to prepare an agreed set of governance practices. In many parts of the world, governments have set no central AI governance rules. Where rules are needed, an organisation must collate, review and evaluate what exists, then incorporate what suits its sector. There are many different components that fit inside a governance framework, and we look into these in the following section.
The FEAI approach: key governance components
The FEAI Ethical and Responsible AI Framework is a consistent framework of principles and lifecycle stages, applied through sector-specific controls. First EthicalAI’s framework assembles governance from structured components, which means organisations do not have to improvise their governance from scratch. This is what makes governance operable and measurable.
Why AI governance fails in organisations
Despite countless ethical AI guidelines, frameworks, and public commitments, turning principles into real-world practice for effective governance continues to fail across the industry. Why does this happen? Ethical AI is not just a technical challenge, but also an organisational, commercial, and governance challenge. Many current AI principles are too vague to implement effectively. Terms such as “fairness,” “bias,” or “harm” are often discussed without clear, measurable definitions or agreed benchmarks. At the same time, organisations face intense pressure to innovate quickly, release products faster, and compete for market dominance. In many cases, ethics becomes reactive rather than foundational. There is also the issue of accountability: When an AI system causes harm, who is truly responsible? The developer? The organisation? Leadership?
Governance fails when principles are not made measurable and ownership is not assigned.
First EthicalAI helps organisations close these gaps in practice. Attend our events to understand the landscape. Join our training to build internal capability. Pilot the platform to apply the framework to your own systems.
