L

Learn AI

Track progress · learn offline

Open

Lesson 4 of 6

AI governance & risk

8 min read

Picture the headline you'd least like to read about your product. Now — whose job was it to prevent it, and what were they supposed to do? If you can't answer, that's the gap.

Name the risk, name the control

AI products fail in a few recognisable ways: biased outputs, leaked data, confident hallucinations, and outright misuse. Governance is simply the discipline of naming each risk before launch and pairing it with a concrete control — a review, an approval step, a red line — plus a person who owns it. It's not a binder you write once; it's a habit.

For bias, data leakage, and hallucination, the control is the same shape: a check before the risky output ships, and a human who signs off on the high-stakes ones.

Approvals, audit, and red lines

Three controls cover most cases. An approval puts a person in the loop before an irreversible or high-stakes action. An audit keeps a log so you can trace what the system did and why. A red line is a use you simply refuse to build — the cases where the answer is 'no', regardless of demand. Decide these before launch, because it's far harder to add a brake to a moving car.

Approvals stop the worst actions, audits let you trace them, red lines rule some out entirely. Pick controls to fit the stakes.

Regulation is catching up — rules like the EU AI Act grade AI uses by risk and demand more of the high-risk ones. Treating governance as a product concern now is cheaper than retrofitting it under a deadline later.

The shape of it

Your team wants to launch a feature that could produce biased outputs. What does good governance say?

Continue in the app

Take the whole Measuring & Governing AI Products course — tracked

Get your personalized path, progress and streaks in the app — this lesson and every next one, in order.