{"id":7730,"date":"2026-06-05T00:50:24","date_gmt":"2026-06-04T16:50:24","guid":{"rendered":"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/"},"modified":"2026-06-05T00:50:24","modified_gmt":"2026-06-04T16:50:24","slug":"scaling-ai-with-adaptive-governance","status":"publish","type":"post","link":"https:\/\/moresourcing.com\/en\/scaling-ai-with-adaptive-governance\/","title":{"rendered":"Scaling AI With Adaptive Governance"},"content":{"rendered":"\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1290\" height=\"860\" data-id=\"7728\" src=\"https:\/\/moresourcing.com\/wp-content\/uploads\/2026\/06\/Scaling-AI-With-Adaptive-Governance.jpg\" alt=\"\" class=\"wp-image-7728\"\/><\/figure>\n\t\t\t\t\t\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1196\" height=\"616\" data-id=\"7729\" src=\"https:\/\/moresourcing.com\/wp-content\/uploads\/2026\/06\/Scaling-AI-With-Adaptive-Governance.png\" alt=\"\" class=\"wp-image-7729\"\/><\/figure>\n\t\t\t\t\t<\/figure>\n<br><p><\/p>\n<figure class=\"article-inline\">\n<img decoding=\"async\" src=\"https:\/\/moresourcing.com\/wp-content\/uploads\/2026\/06\/Scaling-AI-With-Adaptive-Governance.jpg\" alt=\"\" class=\"wp-image-127406\" \/><figcaption>\n<p class=\"attribution\">Christian Gralingen<\/p>\n<\/figcaption><\/figure>\n<aside class=\"callout-info\">\n<h4>The Research<\/h4>\n<p>From 2022 to 2025, the authors conducted in-depth, semistructured interviews with senior leaders and practitioners responsible for AI governance, risk, compliance, data, and product decisions.<\/p>\n<ul>\n<li>Core interviews were conducted at Microsoft, Barclays, Kyriba, Nasdaq, Lloyds Bank, Danske Bank, and the Abu Dhabi Department of Finance. The interviews focused on how governance works in practice: where it breaks down, how controls are enacted, and what organizational trade-offs leaders face as AI systems scale.<\/li>\n<li>The authors collected additional evidence on AI governance at more than 40 other financial institutions by drawing on public disclosures, regulatory filings, and practitioner documentation. These additional cases were used to validate the generalizability of consistent themes that emerged from the core interviews.<\/li>\n<\/ul>\n<\/aside>\n<p><\/p>\n<p><\/p>\n<p><span class=\"smr-leadin\">Leaders with even a cursory<\/span> understanding of artificial intelligence know that while the technology can help them improve productivity and capture new opportunities, it can also expose their organization to many risks. Those with a bit more knowledge are aware that surfacing and mitigating those risks requires adopting responsible AI practices. And leaders who are scaling an AI implementation within their organization will quickly realize that ad hoc attention to those practices is inadequate and that they need to develop the capacity to systematically govern AI at scale.<\/p>\n<p>But building that capacity is proving far harder than most executives expect. They know what they need to accomplish; frameworks from governments and regulators define important guardrails and principles, such as transparency, fairness, and accountability.<a id=\"reflink1\" class=\"reflink\" href=\"#ref1\">1<\/a> But to implement controls and principles into day-to-day workflows and decision-making, organizations must rethink AI governance. They must frame that task not as a compliance obligation but as a strategic, adaptive capability that evolves as AI systems scale, use cases expand, and risks shift over time.<\/p>\n<p>In this article, we will share how leading organizations are doing exactly that. We will also introduce an approach to adaptive AI governance built on two principles: matching governance controls to the type of AI system and risk involved, and embedding those controls directly into workflows, decision rights, and accountability structures.<\/p>\n<p><\/p>\n<h3>The Fundamentals of AI Risk<\/h3>\n<p>To design effective AI governance, leaders must first understand the multiple ways in which AI can fail and the corresponding risks. The nature and severity of these risks depend on the type of system, its level of autonomy, and the scope of domains affected by its decisions. The central challenge, therefore, is to design controls that anticipate how risks will emerge and that evolve as AI systems operate. Even as conditions, inputs, and expectations change, AI must remain reliable, safe, and aligned with an organization\u2019s values and goals.<\/p>\n<p>In practice, most AI risks emerge at two moments that require very different governance responses: during development and after deployment. Development risks include using biased or incomplete training data, failing to adequately align the model to the task requirements, and following inadequate validation processes. For example, an early credit-limit\ufeff-increase model at a bank we studied demonstrated that small input changes could lead to unexpected decision shifts.<\/p>\n<p>Deployment risks arise when models interact with dynamic environments and human operators: Sustaining legitimacy, judgment, and accountability once AI systems are operating at scale in real time is a central challenge. Over time, model quality may degrade as the statistical properties of input data change over time, a phenomenon termed <em>data drift<\/em>. A model may generate plausible but false outputs or be overly trusted by users who lack the means to detect errors. At Nasdaq, AI-driven market-surveillance systems monitor trading activity for suspicious patterns, generating hundreds of alerts per second. Those systems may fail to accurately flag activity, however, because the boundary between abnormal and illicit behavior is often hard to spot; illegitimate behavior may be deliberately designed to pass as compliant by exploiting model learning patterns.<\/p>\n<h3>Fit-for-Purpose Controls<\/h3>\n<p>The kinds of controls employed depend not only on when risks arise in the AI life cycle but also on what kind of AI system is involved and how widely its decisions propagate. Artificial intelligence systems can be broadly divided into two categories: those based on bounded-learning (or static) models and those that learn and adapt in deployment. (See \u201cControls in Adaptive AI Governance Systems.\u201d)<\/p>\n<p>Bounded-learning systems operate within a fixed set of rules and parameters. Optimizing <em>how<\/em> those rules are applied, rather than changing them, is what improves their performance. Credit-scoring models, for example, refine risk estimates based on income or payment history, but they do not alter how those variables relate to one another. Many generative AI models are \u201cpretrained\u201d (static) and do not get updated during use. Contrast that with adaptive learning systems, which evolve by incorporating production data into their training data and by updating internal representations and relationships between variables. Algorithmic trading platforms and dynamic fraud-detection systems illustrate this approach.<\/p>\n<div class=\"callout-highlight callout-highlight--transparent\">\n<aside class=\"l-content-wrap\">\n<article>\n<h4>Controls in Adaptive AI Governance Systems<br \/>\n<\/h4>\n<p class=\"caption\">The controls necessary to manage and mitigate AI risk vary based on the nature of the AI system and whether output informs narrow decisions or a broader domain. However, the controls required for narrow-scope systems are fundamental and also apply in broad domains.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/moresourcing.com\/wp-content\/uploads\/2026\/06\/Scaling-AI-With-Adaptive-Governance.png\" alt=\"A two-by-two matrix showing controls in adaptive AI governance systems. The columns represent the type of AI system: static with limited agency and adaptive with high agency. The rows represent the domains impacted by AI decisions: narrow and broad. Narrow-scope, static systems require rules-based controls; narrow-scope, adaptive systems require ex post alignment controls; broad-scope, static systems require propagation-risk controls; and broad-scope, adaptive systems require integrated AI controls.\" \/><\/p>\n<p class=\"attribution\">\n<\/article>\n<\/aside>\n<\/div>\n<p>Just as salient to the type of control required is the scope of domains affected by AI decisions, shown on the vertical axis of the figure \u201cControls in Adaptive AI Governance Systems.\u201d This dimension determines how far and how fast risks can travel once a system goes wrong. At one extreme are narrow-scope systems, where errors remain contained within a specific function or task (such as detecting anomalies within a single transaction stream). At the other extreme are wide-scope systems that shape outcomes across multiple functions, geographies, or even industries, such as cross-border supply-chain optimization platforms. The difference is not incremental but exponential: As system reach expands, small errors interact, propagate, and amplify into second-order effects.<\/p>\n<p>Based on our typology of AI systems, we believe that rules-based controls provide the baseline safeguards for all narrow, static AI systems. When such static systems operate at a wider scope, additional propagation-risk controls must be layered on to address broader downstream effects.<\/p>\n<p>For adaptive learning systems, baseline safeguards remain necessary but must be complemented by ex post alignment controls, particularly those focused on explainability and legitimacy. When adaptive systems also have a wide scope, they require the most comprehensive approach: integrated controls that combine baseline rules-based measures with propagation risk management and alignment mechanisms. Let\u2019s take a closer look at how each of them works in practice.<\/p>\n<h3>Rules-Based Controls<\/h3>\n<p>Rules-based controls are designed to prevent and correct errors in systems that operate within clearly defined parameters. They are particularly effective in narrow decision domains where logic is explicit and outcomes auditable, such as credit scoring, fraud detection, or the use of customer service chatbots. Rules-based controls embed relevant norms (such as ethical guidelines and industry standards) and compliance requirements into models, using them as design constraints. Rules-based controls also include processes such as validation testing or anomaly monitoring.<\/p>\n<p>Consider the \ufeffcredit-limit-increase decision model mentioned earlier. A senior AI leader at the bank explained that it uses a statistical model rather than deep learning so that decisions remain interpretable. Before deploying a new model, the analytics team produces documentation called a model card that covers three aspects of AI risk management. First, data checks indicate whether the training data is complete, recent, and balanced and how the team will detect data drift over time. Next, decision logic and edge cases are checked to see how scores translate into approve\/deny decisions; this includes explicit analysis of thresholds where a customer tips from no increase to an increase, so that customers in the \u201cgray zone\u201d are not unfairly treated. Finally, bias and discrimination tests are undertaken to check that the model does not overfit to particular customer profiles or systematically disadvantage certain groups.<\/p>\n<p>The model card undergoes quality-assurance review by an independent model-risk unit, with input from credit-domain and regulatory experts. Internal auditing later verifies that these steps were followed. Only then does the model go live.<\/p>\n<p>Human judgment is central even in rules-based settings. In one organization, each new lending model for midmarket clients underwent sample testing before deployment. Risk teams selected 100 existing client files and ran them through the model. Relationship managers then compared the model\u2019s recommended lending decisions with their own assessments. Where recommendations diverged, the model team investigated whether the model had uncovered a genuine insight or was overfitting to idiosyncrasies in the data. Only once the sample review showed an acceptable level of alignment between model outputs and the judgments of the domain experts involved \u2014 and the sources of disagreement were understood \u2014 did the bank approve the model for live use. After launch, periodic sample reviews continued as part of the standard risk-and-control cycle.<\/p>\n<p>Rules-based controls are effective because they make critical decision boundaries explicit, reviewable, and contestable across domains. They are adaptive because they can be recalibrated over time. Divergences between model outputs and expert judgment are treated as learning signals, feeding back into updated model thresholds, assumptions, and review routines as data, models, and decision contexts evolve.<\/p>\n<h3>Ex Post Alignment<\/h3>\n<p>The complexity of advanced AI systems, particularly those based on deep neural networks, render traditional traceability and explainability methods less effective. Rules-based controls depend on the ability to specify decision logic, yet that logic becomes increasingly opaque as models grow more complex. As a result, stakeholders must ensure that outcomes remain reliable, fair, and aligned with organizational and regulatory expectations. When such systems operate with significant autonomy, this need for explainability becomes especially critical, since decisions may be made and acted upon without immediate human review. Generative AI introduces an additional layer of difficulty because of its stochastic behavior, where the same prompt may yield different outputs.<\/p>\n<p>This is where ex post alignment controls come in. They reveal not how a decision was made but whether its outcomes remain legitimate. They assess AI decisions against ethical, regulatory, and domain-specific standards. While some techniques carry over from rules-based approaches, the emphasis shifts from preventing errors upfront to detecting misalignment as systems operate, learn, and scale.<\/p>\n<p>Organizations operationalize ex post alignment through layered evaluation processes that test outcomes against reference expectations. Microsoft, for instance, has developed a structured evaluation pipeline in which high-stakes models are assessed against libraries of expert-defined policies \u2014 such as what constitutes a \u201cfair\u201d or \u201cacceptable\u201d outcome. Evaluators annotate model outputs against these policies, while independent reviewers validate where the system falls short. In some cases, these evaluations can be partially automated \u2014 for example, when AI systems are continuously assessed against predefined policy benchmarks, fairness constraints, or risk thresholds, with automated monitors flagging deviations for human review.<\/p>\n<p><\/p>\n<p>This is why algorithmic auditing is a critical component of ex post alignment. After its deployment, a model\u2019s behavior is systematically examined to detect hidden risks, evaluate fairness and performance across affected groups, and verify that outcomes align with organizational policy and ethical standards. Auditing proceeds in two steps. First, auditors identify plausible failure scenarios and define the full use case, including \ufeffwhom the system serves, who is affected by its decisions, and for what purpose it operates. They then monitor these risks by assessing decision outputs, input data, and internal logic against predefined criteria. This process helps organizations surface unintended consequences, such as disparate impacts; document recurring risk patterns; and trigger corrective action before harm proliferates. Frameworks for auditing algorithmic risk, such as those articulated in Cathy O\u2019Neil\u2019s work on auditing AI systems, provide practical tools and metrics to operationalize this approach and strengthen accountability.<a id=\"reflink2\" class=\"reflink\" href=\"#ref2\">2<\/a> In this way, auditing functions \ufeffas\ufeff both a diagnostic mechanism and a foundation for continuous improvement.<\/p>\n<p>A key part of ex post alignment is ensuring that people do not treat AI outputs as unquestionable truths. Because many AI recommendations are inherently probabilistic, organizations need to train users to interpret them as informed signals rather than final decisions. Helping managers understand when to rely on the system, when to challenge it, and how to spot unexpected or biased outputs is essential for keeping AI use legitimate, accountable, and aligned with organizational values over time.<\/p>\n<p>Managing misalignment at scale can be a particular challenge, especially for systems that are designed to filter, prioritize, and escalate alerts in real time. Nasdaq\u2019s AI-driven market surveillance, for example, monitors trading activity for irregularities \u2014 such as unusual volumes, price anomalies, or potential manipulation \u2014 and can generate hundreds of high-risk alerts per second. Cross-functional teams of compliance officers, data scientists, and domain experts review flagged activity through structured case workflows. Each alert is assessed to determine whether it reflects genuine market manipulation or a false positive triggered by unusual but legitimate trading behavior. Investigators document the rationale for their conclusions, and these outcomes are fed back to model developers to recalibrate thresholds, refine detection features, and reduce recurring noise in future alerts.<\/p>\n<p>Escalation committees intervene when investigations suggest the involvement of coordinated bad actors or when anomalies indicate broader systemic risk. Audit trails capture key elements of this process, including the original alert, supporting data signals, the human decision taken, and any subsequent model adjustments made. Periodic governance reviews are conducted to evaluate patterns of false positives and missed detections to ensure accountability, regulatory compliance, and continuous improvement of surveillance rules. Even so, surges in alert volumes can place severe strain on teams, overwhelming response capacity and increasing the risk of error.<\/p>\n<p><\/p>\n<p>One effective approach to managing the impact of high volumes of alerts is to redesign workflows around AI outputs. This approach is well illustrated by a global bank\u2019s experience with AI-driven fraud detection. Executives found that the main challenges did not stem from errors in the model predictions but from breakdowns in how fraud alerts were interpreted, routed, and acted upon across teams. Inconsistent handoffs between compliance, risk, and front-line staff members often led to delayed responses, duplicated effort, or missed follow-up, undermining the system\u2019s effectiveness despite technically sound outputs. For example, alerts were sometimes routed to the wrong team, duplicated across units, or left unresolved because no group clearly owned the next step. Customer service employees occasionally contacted clients based on alerts that fraud teams had not yet validated, while high-risk cases were delayed because escalation criteria were unclear.<\/p>\n<p>To address those problems, the bank mapped the alert workflow step\ufeff-by\ufeff-step and reassigned responsibilities at each decision point. Fraud analysts were given clearer authority to close low-confidence alerts, fraud operations focused on rapid escalation of confirmed cases, and customer service teams were engaged after a fraud review determined that outreach was necessary. Decision rules were standardized \u2014 for instance, when an alert should be suppressed, investigated further, or escalated \u2014 reducing delays, unnecessary escalations, and alert overload.<\/p>\n<p>Ex post alignment focuses on evaluating AI decisions after they have been made, by testing outcomes against ethical, regulatory, and domain-specific expectations rather than reconstructing internal decision logic. Ultimately, successful ex post alignment does not eliminate risk; it sustains legitimacy by ensuring that high-agency AI outcomes remain contestable, correctable, and aligned with the standards that matter over time. Unlike traditional risk management, ex post alignment accepts that some misalignment is inevitable \u2014 and focuses governance on detection, contestability, and correction rather than prevention alone.<\/p>\n<p><\/p>\n<h3>Propagation-Risk Controls<\/h3>\n<p>Rules-based controls and ex post alignment mechanisms share an important limitation: They tend to treat risk as largely confined, focusing on discrete errors or individual outputs. This approach can be effective when AI systems operate in relative isolation, but it produces incomplete outcomes when systems are interconnected through real-time data flows, APIs, and automated decision-making. The rise of agentic AI is a case in point. As AI systems increasingly initiate actions autonomously, coordinate with other systems, and pursue objectives across multiple domains, errors or misalignments originating in one system can propagate across others. The relevant concern, therefore, is interdependence and propagation risks that can have downstream effects that traditional, output-focused controls may overlook.<\/p>\n<p>Regulators are increasingly recognizing the importance of propagation risks and the need for robust testing and oversight. The Bank of England, for example, has highlighted the risks posed by \u201cdeep trading agents\u201d \u2014 AI-driven strategies that could amplify external shocks or coordinate in ways that evade human detection. In health care, biased diagnostic models can spread flawed heuristics across hospitals and insurers. In supply chains, algorithmic procurement platforms can amplify pricing errors across entire supplier networks. Similar dynamics can arise in any digitally interconnected system.<\/p>\n<p>Propagation-risk controls represent a third layer of governance and are designed to surface second- and higher-order effects before they overwhelm downstream functions. In our framework, rules-based controls safeguard narrow and relatively static processes, alignment mechanisms address complex systems whose decisions are opaque, and propagation controls focus on interconnected systems. These controls are concerned \ufeffwith\ufeff not only what happens within a system but what occurs when systems interact. Their central challenge is invisibility: Failures travel laterally, exploiting hidden interdependencies that often become apparent only when a disruption occurs. A minor logistics API error, for example, may be harmless in isolation, but when it is combined with a cyber incident affecting a payment gateway, it can contribute to systemic breakdown.<\/p>\n<p>A governance framework built around a company-\u200bcentric view of risk is poorly suited to track such cross-boundary dynamics. Because propagation risks unfold across interconnected systems, often beyond the visibility or control of any single organization, managing them requires a shift from a company-centric perspective to an ecosystem-aware perspective.<\/p>\n<p>This shift involves three complementary activities: mapping interdependencies, monitoring shared infrastructures, and institutionalizing anticipatory oversight. Together, these practices help surface risks that remain invisible when controls focus only on isolated systems or individual outputs. The European Central Bank\u2019s sectorwide cyber-resilience stress tests show how ecosystem-level propagation-risk controls can be enacted. These exercises map interdependencies across clearinghouses, payment systems, and financial institutions; monitor shared infrastructures for cross-organization vulnerabilities; and simulate how localized disruptions could cascade through the financial system. These practices generalize beyond regulation to any highly interconnected environment.<\/p>\n<p><\/p>\n<p>Organizations can enact propagation-risk controls by redistributing visibility, accountability, and decision rights across ecosystems rather than relying solely on organization-level rules or ex post interventions. Because propagation risks are inherently cross-boundary, effective governance depends as much on coordination across organizations as it does on internal control. Some organizations must shift their cultural norms to encourage data sharing, coordination on standards, and co-investment in oversight infrastructures with partners, competitors, regulators, and, in some cases, open-source communities.<a id=\"reflink3\" class=\"reflink\" href=\"#ref3\">3<\/a> Reducing propagation risks requires the understanding that resilience is no longer something a company can achieve on its own but instead is a property of the broader system it depends on.<\/p>\n<p>As ecosystems become more densely interconnected, these risks are likely to intensify. The rise of agentic AI \u2014 capable of autonomously initiating transactions, negotiating contracts, or reallocating resources across networks \u2014 extends this logic, increasing both the speed and reach of failure propagation. In finance, logistics, and health care alike, errors may not simply spread; they may increasingly do so with limited human oversight.<\/p>\n<h3>Implementing Adaptive AI Governance<\/h3>\n<p>Once leaders have identified the AI risks that are salient to their organizations, and the corresponding controls that they need to have in place, the challenge is to integrate those controls into processes and systems, working within them and continuously adapting them. Doing so involves three key practices: embedding controls into workflows and incentives, building cross-domain fluency, and institutionalizing governance as a living learning system. Here is how to do that.<\/p>\n<p><strong>1. Embed risk-control protocols into operations.<\/strong> Risk protocols must be designed and hardwired into workflows, accountability structures, and incentives. Oversight should flow directly into planning, audits, and leadership reviews rather than sitting on a separate compliance layer. Only when governance becomes part of the operating fabric can AI be scaled with confidence. This is a necessary condition.<\/p>\n<p>A global bank whose leaders we interviewed embedded AI controls into its standard lending workflow rather than treating them as a separate compliance step. For each approved AI use case, the bank\u2019s AI use\u2011case committee documented (1) the risk tier (high, medium, or low) based on customer impact, regulatory impact, data sensitivity, and model type; (2) the mandatory controls associated with that tier (such as independent model validation, sample testing by relationship managers, or frequency of post\u2011deployment reviews); and (3) the decision rights (who could approve model changes and under what conditions). These requirements were then encoded directly into the credit\u2011approval process and systems. Relationship managers could not bypass model\u2011validation steps or deployment reviews; exceptions required explicit sign\u2011off from both the business and risk management teams. Oversight surfaced in regular decision-making cycles, not through ad hoc committees or audits.<\/p>\n<p><strong>2. Enable conclusive judgment across heterogeneous expertise and risk profiles.<\/strong> Adaptive AI governance does not require consensus or shared judgment. Quite the opposite: It requires mechanisms that enable conclusive judgment across heterogeneous expertise, methods, and risk profiles. This is often the hardest \u2014 and most decisive \u2014 task to accomplish. As AI risks shift across categories and cut through organizational silos, accountability cannot reside within any single function. Differences across domains are not a flaw but a feature: They reflect distinct expertise, evaluative methods, and risk tolerances. The governance challenge is therefore not to homogenize these perspectives but to create the conditions under which organizations can translate them into conclusive decisions at scale \u2014 while avoiding both judgment homogenization and uncritical rubber-stamping of AI outputs.<\/p>\n<p><\/p>\n<p>Among the central challenges to institutionalizing a durable capacity for conclusive judgment are that rules-based controls are often undermined by siloed knowledge when various domain experts do not share a common frame. To overcome those barriers, share knowledge across domains via joint model reviews and documentation (such as the model cards described earlier), and hold routine cross-functional validation sessions that make decision logic, assumptions, and thresholds explicit and contestable. In ex post alignment controls, the challenge \ufeffinvolves\ufeff not only knowledge silos but also misaligned risk tolerance and methodological approaches. Alignment can break down when different teams operate with different implicit risk thresholds \u2014 stopping judgment too early on the one hand or falling into analysis paralysis on the other. Relying on divergent methods to reconcile expected outcomes with observed results (such as analytical validation, controlled experiments, or case-based judgment) can also cause misalignment. In such scenarios, disagreement is not simply about what the model recommends but about how much risk is acceptable and what constitutes sufficient evidence that the model is performing as intended.<\/p>\n<p>A critical response, therefore, is not merely to \u201cbuild trust\u201d in AI recommendations but to establish shared evaluative routines that surface and reconcile differences in both risk tolerances and methodological approaches. Systematic post-deployment evaluations anchor discussions in observed system behavior rather than abstract beliefs about model quality.<\/p>\n<p>Organizations can do this through structured review routines that combine incident and near-miss analysis, performance-drift monitoring, and explicit comparisons between intended use cases and actual decision outcomes. Crucially, these routines create common reference points \u2014 agreed-upon risk thresholds, shared evidentiary standards, and comparable metrics \u2014 through which analytically driven teams, experimentation-oriented groups, and use-case owners can jointly assess whether the model is functioning as intended. Over time, this enables assumptions, thresholds, and controls to be recalibrated, reducing both premature shutdowns driven by excessive caution and analysis paralysis driven by methodological disagreement.<\/p>\n<p>Propagation-risk control depends on a fundamental shift in mindset: from treating risk as a company-centric problem to governing it as an ecosystem-level phenomenon. As with digital business ecosystems, risks in AI systems propagate unevenly across actors that have different roles, incentives, and degrees of interdependence.<a id=\"reflink4\" class=\"reflink\" href=\"#ref4\">4<\/a> Mapping these interdependencies beyond company boundaries is a necessary first step \u2014 and often a wake-up call \u2014 but it is insufficient on its own.<\/p>\n<p>As research on ecosystem strategy has shown, coordination breaks down when accountability is diffuse, incentives remain locally optimized, and no actor is explicitly responsible for orchestrating cross-boundary trade-offs.<a id=\"reflink5\" class=\"reflink\" href=\"#ref5\">5<\/a> Similar dynamics undermine AI propagation-risk controls. Teams remain incentivized to focus narrowly on their own systems; risk ownership is fragmented across organizational units and external partners; and downstream or reputational risks are treated as someone else\u2019s responsibility.<\/p>\n<p>Without leadership support for ecosystem-level accountability \u2014 and governance mechanisms that differentiate risk ownership by type of interdependence \u2014 interdependency mapping risks becoming a one-off analytical exercise rather than a sustained governance capability. An ecosystem mindset requires not only visibility into connections but also shared rules of engagement, escalation rights, and decision authority to manage how risks propagate across organizational and technological boundaries over time.<\/p>\n<p>Overcoming these barriers is essential to creating the conditions for conclusive judgment that respects differences in expertise, methods, and risk tolerance rather than collapsing them into a single acritical evaluative frame.<\/p>\n<p><strong>3. Institutionalize governance as a learning system.<\/strong> AI governance cannot be static: Risks mutate, so controls must evolve.<a id=\"reflink6\" class=\"reflink\" href=\"#ref6\">6<\/a> Effective governance therefore requires organizations to establish learning loops with clear roles, for capturing lessons from incidents and near-misses and for translating those lessons into updated standards, thresholds, and controls.<\/p>\n<p><\/p>\n<p>Rather than relying solely on controls, systems, or large-scale governance platforms, effective adaptive AI governance depends on building the right mindset and embedding practical learning loops into everyday oversight. This involves assigning explicit responsibility for reviewing incidents and near misses; systematically documenting what went wrong; and ensuring that insights are translated into revised policies, recalibrated thresholds, or strengthened controls. Over time, governance shifts from protocols and systems toward institutionalized continuous improvement, ensuring that AI systems remain aligned with organizational intent as models evolve, contexts shift, and new risks emerge.<\/p>\n<p><\/p>\n<p>Taken together, these steps mark a fundamental shift in governance of AI. Adaptive AI governance is not about multiplying controls, committees, or checklists. It is about identifying fit-for-purpose controls and hardwiring them into how the organization works, decides, and learns \u2014 into workflows and incentives, shared frames of judgment, and living systems that continuously absorb and act on experience. Organizations that treat governance as static will inevitably fall behind systems that learn, adapt, and propagate risk in real time. In contrast, organizations that institutionalize governance as a learning capability \u2014 one that connects strategy, execution, and oversight \u2014 can turn AI governance from a constraint into an enabler of scale. In the age of intelligent systems, advantage will come not from adopting AI faster but from governing it better \u2014 by embedding oversight where decisions are made, risks propagate, and value is created.<\/p>\n<p><\/p>\r\n\r\n<br>#Scaling #Adaptive #Governance","protected":false},"excerpt":{"rendered":"<p>Christian Gralingen The Research From 2022 to 2025, the authors conducted in-depth, semistructured interviews with senior leaders and practitioners responsible for AI governance, risk, compliance, data, and product decisions. Core interviews were conducted at Microsoft, Barclays, Kyriba, Nasdaq, Lloyds Bank, Danske Bank, and the Abu Dhabi Department of Finance. The interviews focused on how governance [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":7731,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[9],"tags":[],"class_list":["post-7730","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-management"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.7.1 (Yoast SEO v25.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Scaling AI With Adaptive Governance - MORE SOURCING LTD<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/moresourcing.com\/en\/scaling-ai-with-adaptive-governance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Scaling AI With Adaptive Governance\" \/>\n<meta property=\"og:description\" content=\"Christian Gralingen The Research From 2022 to 2025, the authors conducted in-depth, semistructured interviews with senior leaders and practitioners responsible for AI governance, risk, compliance, data, and product decisions. Core interviews were conducted at Microsoft, Barclays, Kyriba, Nasdaq, Lloyds Bank, Danske Bank, and the Abu Dhabi Department of Finance. The interviews focused on how governance [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/moresourcing.com\/en\/scaling-ai-with-adaptive-governance\/\" \/>\n<meta property=\"og:site_name\" content=\"MORE SOURCING LTD\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-04T16:50:24+00:00\" \/>\n<meta name=\"author\" content=\"MS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"MS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"22 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/\"},\"author\":{\"name\":\"MS\",\"@id\":\"https:\/\/moresourcing.com\/#\/schema\/person\/2c9a233f0ad18413717419291cacdf69\"},\"headline\":\"Scaling AI With Adaptive Governance\",\"datePublished\":\"2026-06-04T16:50:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/\"},\"wordCount\":4356,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/moresourcing.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/moresourcing.com\/wp-content\/uploads\/2026\/06\/2026SUMMER_Lanzolla-2400x1260-1-1200x630.jpg\",\"articleSection\":[\"Management\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/\",\"url\":\"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/\",\"name\":\"Scaling AI With Adaptive Governance - MORE SOURCING LTD\",\"isPartOf\":{\"@id\":\"https:\/\/moresourcing.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/moresourcing.com\/wp-content\/uploads\/2026\/06\/2026SUMMER_Lanzolla-2400x1260-1-1200x630.jpg\",\"datePublished\":\"2026-06-04T16:50:24+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#primaryimage\",\"url\":\"https:\/\/moresourcing.com\/wp-content\/uploads\/2026\/06\/2026SUMMER_Lanzolla-2400x1260-1-1200x630.jpg\",\"contentUrl\":\"https:\/\/moresourcing.com\/wp-content\/uploads\/2026\/06\/2026SUMMER_Lanzolla-2400x1260-1-1200x630.jpg\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/moresourcing.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Scaling AI With Adaptive Governance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/moresourcing.com\/#website\",\"url\":\"https:\/\/moresourcing.com\/\",\"name\":\"MORE SOURCING LTD\",\"description\":\"Your Global Trade Experts\",\"publisher\":{\"@id\":\"https:\/\/moresourcing.com\/#organization\"},\"alternateName\":\"MORE SOURCING LTD\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/moresourcing.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/moresourcing.com\/#organization\",\"name\":\"MORE SOURCING LTD\",\"url\":\"https:\/\/moresourcing.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/moresourcing.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/moresourcing.com\/wp-content\/uploads\/2025\/07\/cropped-cropped-MS-logo-02-scaled-2.png\",\"contentUrl\":\"https:\/\/moresourcing.com\/wp-content\/uploads\/2025\/07\/cropped-cropped-MS-logo-02-scaled-2.png\",\"width\":2558,\"height\":1273,\"caption\":\"MORE SOURCING LTD\"},\"image\":{\"@id\":\"https:\/\/moresourcing.com\/#\/schema\/logo\/image\/\"},\"ownershipFundingInfo\":\"https:\/\/moresourcing.com\/about-us\/\",\"ethicsPolicy\":\"https:\/\/moresourcing.com\/service\/\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/moresourcing.com\/#\/schema\/person\/2c9a233f0ad18413717419291cacdf69\",\"name\":\"MS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/moresourcing.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fcff4c53e422761d0d6db624cdaf171933d38385c2c22c13ce39ea3918a9cd66?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fcff4c53e422761d0d6db624cdaf171933d38385c2c22c13ce39ea3918a9cd66?s=96&d=mm&r=g\",\"caption\":\"MS\"},\"sameAs\":[\"https:\/\/moresourcing.com\"],\"url\":\"https:\/\/moresourcing.com\/en\/author\/moresourcing\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Scaling AI With Adaptive Governance - MORE SOURCING LTD","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/moresourcing.com\/en\/scaling-ai-with-adaptive-governance\/","og_locale":"en_US","og_type":"article","og_title":"Scaling AI With Adaptive Governance","og_description":"Christian Gralingen The Research From 2022 to 2025, the authors conducted in-depth, semistructured interviews with senior leaders and practitioners responsible for AI governance, risk, compliance, data, and product decisions. Core interviews were conducted at Microsoft, Barclays, Kyriba, Nasdaq, Lloyds Bank, Danske Bank, and the Abu Dhabi Department of Finance. The interviews focused on how governance [&hellip;]","og_url":"https:\/\/moresourcing.com\/en\/scaling-ai-with-adaptive-governance\/","og_site_name":"MORE SOURCING LTD","article_published_time":"2026-06-04T16:50:24+00:00","author":"MS","twitter_card":"summary_large_image","twitter_misc":{"Written by":"MS","Est. reading time":"22 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#article","isPartOf":{"@id":"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/"},"author":{"name":"MS","@id":"https:\/\/moresourcing.com\/#\/schema\/person\/2c9a233f0ad18413717419291cacdf69"},"headline":"Scaling AI With Adaptive Governance","datePublished":"2026-06-04T16:50:24+00:00","mainEntityOfPage":{"@id":"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/"},"wordCount":4356,"commentCount":0,"publisher":{"@id":"https:\/\/moresourcing.com\/#organization"},"image":{"@id":"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#primaryimage"},"thumbnailUrl":"https:\/\/moresourcing.com\/wp-content\/uploads\/2026\/06\/2026SUMMER_Lanzolla-2400x1260-1-1200x630.jpg","articleSection":["Management"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/","url":"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/","name":"Scaling AI With Adaptive Governance - MORE SOURCING LTD","isPartOf":{"@id":"https:\/\/moresourcing.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#primaryimage"},"image":{"@id":"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#primaryimage"},"thumbnailUrl":"https:\/\/moresourcing.com\/wp-content\/uploads\/2026\/06\/2026SUMMER_Lanzolla-2400x1260-1-1200x630.jpg","datePublished":"2026-06-04T16:50:24+00:00","breadcrumb":{"@id":"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#primaryimage","url":"https:\/\/moresourcing.com\/wp-content\/uploads\/2026\/06\/2026SUMMER_Lanzolla-2400x1260-1-1200x630.jpg","contentUrl":"https:\/\/moresourcing.com\/wp-content\/uploads\/2026\/06\/2026SUMMER_Lanzolla-2400x1260-1-1200x630.jpg","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/moresourcing.com\/scaling-ai-with-adaptive-governance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/moresourcing.com\/"},{"@type":"ListItem","position":2,"name":"Scaling AI With Adaptive Governance"}]},{"@type":"WebSite","@id":"https:\/\/moresourcing.com\/#website","url":"https:\/\/moresourcing.com\/","name":"MORE SOURCING LTD","description":"Your Global Trade Experts","publisher":{"@id":"https:\/\/moresourcing.com\/#organization"},"alternateName":"MORE SOURCING LTD","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/moresourcing.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/moresourcing.com\/#organization","name":"MORE SOURCING LTD","url":"https:\/\/moresourcing.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/moresourcing.com\/#\/schema\/logo\/image\/","url":"https:\/\/moresourcing.com\/wp-content\/uploads\/2025\/07\/cropped-cropped-MS-logo-02-scaled-2.png","contentUrl":"https:\/\/moresourcing.com\/wp-content\/uploads\/2025\/07\/cropped-cropped-MS-logo-02-scaled-2.png","width":2558,"height":1273,"caption":"MORE SOURCING LTD"},"image":{"@id":"https:\/\/moresourcing.com\/#\/schema\/logo\/image\/"},"ownershipFundingInfo":"https:\/\/moresourcing.com\/about-us\/","ethicsPolicy":"https:\/\/moresourcing.com\/service\/"},{"@type":"Person","@id":"https:\/\/moresourcing.com\/#\/schema\/person\/2c9a233f0ad18413717419291cacdf69","name":"MS","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/moresourcing.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/fcff4c53e422761d0d6db624cdaf171933d38385c2c22c13ce39ea3918a9cd66?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fcff4c53e422761d0d6db624cdaf171933d38385c2c22c13ce39ea3918a9cd66?s=96&d=mm&r=g","caption":"MS"},"sameAs":["https:\/\/moresourcing.com"],"url":"https:\/\/moresourcing.com\/en\/author\/moresourcing\/"}]}},"_links":{"self":[{"href":"https:\/\/moresourcing.com\/en\/wp-json\/wp\/v2\/posts\/7730","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/moresourcing.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/moresourcing.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/moresourcing.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/moresourcing.com\/en\/wp-json\/wp\/v2\/comments?post=7730"}],"version-history":[{"count":0,"href":"https:\/\/moresourcing.com\/en\/wp-json\/wp\/v2\/posts\/7730\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/moresourcing.com\/en\/wp-json\/wp\/v2\/media\/7731"}],"wp:attachment":[{"href":"https:\/\/moresourcing.com\/en\/wp-json\/wp\/v2\/media?parent=7730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/moresourcing.com\/en\/wp-json\/wp\/v2\/categories?post=7730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/moresourcing.com\/en\/wp-json\/wp\/v2\/tags?post=7730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}