AI Governance

Artificial intelligence is no longer confined to pilots, innovation labs, or tightly controlled proofs of concept. It is spreading across the enterprise, and in many organizations, governance, risk, and control structures are struggling to keep pace. That tension sits at the center of the 2026 edition of The State of AI in the Enterprise: The Untapped Edge, released this week by the Deloitte AI Institute. Based on a global survey of more than 3,200 senior business and IT leaders, the report captures a moment where AI ambition is accelerating, enterprise exposure is widening, and governance maturity is emerging as a critical constraint on scale.

The European Commission has opened two formal proceedings aimed at clarifying how Google must meet its obligations under the Digital Markets Act, sharpening the focus on how the company runs Android and Google Search at a moment when AI is rapidly reshaping both.

The European Data Protection Board and the European Data Protection Supervisor responded to the European Commission’s proposed “Digital Omnibus on AI,” a package designed to simplify aspects of the implementation of the AI Act. The goal, according to the Commission, is to make the rules easier to apply in practice. The message from Europe’s privacy watchdogs is that simplification is welcome but only up to a point.

Managing risks across the AI/ML lifecycle is critical for building reliable, secure, and ethical models. From data collection and labeling to training, fine-tuning, and evaluation, each stage presents unique challenges that can affect performance, reproducibility, fairness, and safety. Implementing well-defined controls ensures models are trustworthy, auditable, and resilient to both technical and operational issues. 

Italy’s competition watchdog has ordered Meta to immediately suspend new WhatsApp business terms after concluding that they risk unlawfully excluding competing AI chatbot services from one of the world’s most widely used messaging platforms.

The Federal Trade Commission has moved to reopen and set aside a 2024 final consent order against AI writing company Rytr, concluding that the original enforcement action failed to meet the legal standards of the FTC Act and imposed unnecessary constraints on artificial intelligence innovation.

‍On December 22, Kathy Hochul signed the Responsible AI Safety and Evaluation Act, or RAISE Act, setting what state leaders describe as a nation-leading standard for transparency and accountability among developers of so-called frontier AI models. The legislation requires large AI developers to publicly document their safety practices and to notify the state within 72 hours when serious harm linked to their systems is identified.