The structural gap in enterprise AI

Every regulated institution is about to have AI agents acting on knowledge nobody is governing

Applications are dissolving into data and intelligence. The data layer is solved. The AI capability layer is where the industry invests. The layer between them - where the institution's claims are governed - doesn't exist yet.

See the journey → See the architecture →

The forcing function

Every core platform - GuideWire, SAP, Temenos - exists primarily as the definitive source of a business transaction. Everything else is process logic wrapped around data.

AI and agents replace the process logic. When they do, applications dissolve. What remains are two fundamentally different things:

Deterministic records

Immutable transactions, audit logs, regulatory filings, master data. Zero probability. Fully controlled. Your core platforms already manage this.

Institutional claims

Interpretations, risk assessments, domain expertise, pattern recognition. Probabilistic, variable, and currently ungoverned. No lifecycle, no provenance, no quality gate.

The bottom layer is handled. The top layer - agents and capabilities - is where the investment goes. The middle layer, where institutional claims are governed with the same rigour as financial data, doesn't exist yet.

Why this is structural, not theoretical

The regulation case

Consider MiFID II Article 25. As published text, it is a deterministic record - dated, immutable, archived. Your compliance system stores it. Solved.

But "what Article 25 means for our client onboarding process" is an institutional claim. It has provenance (who interpreted it, when, using which legal guidance). It has dependencies (which other policies rely on this interpretation). It has confidence (how certain we are this reading is correct). And it decays - when the regulation is reinterpreted, when case law shifts, when the process it governs changes.

Same regulation. Two fundamentally different epistemic categories. One is governed. The other is not.

This is not a special case. Every regulatory requirement, every risk model, every domain rule in every regulated institution follows the same pattern. The text is a record. The interpretation is a claim. The claim is what agents act on. The claim is what nobody governs.

The architecture

A three-layer stack with a new middle

Governed Intelligence introduces an epistemic governance layer - a governed knowledge substrate between the deterministic data layer and the capability layer.

Capability layer

Agents, AI models, humans - the Players. Acting on governed Context. Replaceable.

Circuit breaker — no action beyond the epistemic quality of supporting claims

Epistemic governance layer

Three governed primitives: Knowledge (the substrate of claims), Context (the projection), Memory (the faculty). With lifecycle, epistemic tiers, decay management, and the circuit breaker. Intelligence emerges from the three operating together.

Deterministic data layer

Immutable transactions, master data, audit logs. What core platforms already manage. Solved.

The bottom layer is the domain of the Chief Data Officer. The top layer is where engineering and delivery invest. The middle layer - the governance of the claims the institution acts upon - needs a new owner and a new architecture.

Explore the architecture in depth →

The governing principle

No agent may take an action whose consequence class exceeds the epistemic quality of its supporting claims.

This single rule produces the entire governance machinery: epistemic tiers, decay monitoring, consequence gates, escalation paths, halt mechanisms. The system does not silently degrade. When the supporting knowledge drops below the threshold for a given action, the circuit breaker fires.

Where this starts

The MRI — Machine-Readable Intelligence

Organisations do not need to commit to full governed intelligence to start. They need to see what they have. Most large enterprises - particularly those running regulated operations on legacy systems - lack structural visibility into their own operational reality. Business rules embedded in code nobody reads. Dependencies no architecture diagram captures. Regulatory constraints encoded by people who left a decade ago.

The MRI is Stage 0 of the journey: AI-assisted extraction of structured claims from existing systems - code, documents, procedures, operational records - into a governed knowledge graph consumed by humans through dashboards, reports, and queries. No agents. No autonomous decisions. The graph serves human understanding.

Like a medical MRI, it makes the invisible visible without invasive surgery. A bounded engagement that delivers standalone value - and preserves every architectural option for the journey that follows.

For IT

Actual architecture, actual dependencies, actual complexity. Raw material for honest modernisation planning.

For the business

Actual business rules, where they live, how they interact, what exceptions exist that nobody documented.

For risk

Unknown dependencies, single points of failure, undocumented regulatory constraints, expertise concentration risk.

See all four stages of the journey →

Positioning

What Governed Intelligence is - and what it is not

It is an architecture for governing institutional claims under the same rigour that financial data receives today. Three governed primitives (Knowledge, Context, Memory), a claim-level epistemic model, and a circuit breaker that connects knowledge quality to action permission.

It is not a product, a platform, or an AI model. It is not RAG with metadata. It is not a knowledge management system. It is not data governance rebranded.

It is distinct from data governance. Data governance answers "who can access what." Epistemic governance answers "is what they're accessing still true, and what happens when it isn't." Different question, different machinery, different organisational owner.

It is distinct from AI governance frameworks. ISO 42001, the EU AI Act, and NIST AI RMF define obligations. Agent frameworks provide execution. Neither provides the governed knowledge layer that makes the doing and the running trustworthy. Governed Intelligence occupies the layer between regulatory obligation and agent execution.

Regulated environments

Where epistemic governance matters first

Financial services

Model risk management, decision auditability, regulatory interpretation governance across trading, payments, and post-trade infrastructure. Where the gap between compliance obligation and AI capability is widest.

Biotech & life sciences

IEC 62304 software lifecycle, AI-assisted clinical decision systems, regulatory evidence generation. Where knowledge decay directly affects patient safety.

Aviation & defence

DO-178C certification alignment, safety-critical AI qualification, airborne software assurance. Where the consequence class of ungoverned knowledge is highest.

Intellectual foundation

Built on a published research programme

Governed Intelligence emerges from a five-paper research programme on SSRN, spanning architectural diagnosis, theoretical foundations, practitioner methodology, and the governance lifecycle.

The causal arc: enterprise AI fails because of dynamics blindness → the resolution is architectural → ten independent theoretical traditions converge on the same requirements → the practitioner methodology includes epistemic immunity → at sufficient depth, governed initiative emerges.

Read the research →