What to watch in AI governance over the next 18 months.

-By Simon Shobrook 

Governance as a procurement gate

The UK has no single AI law.  The government has deliberately taken a sector-regulator approach, asking the ICO, FCA, CMA and others to apply existing frameworks to AI in their respective domains. But that doesn't mean procurement teams have no obligations. Cabinet Office guidance, the Algorithmic Transparency Recording Standard, and growing pressure from central government on audit-readiness are already shaping what gets asked at the shortlisting stage. The question isn't whether governance evidence will be required; it's how fast that expectation formalises into scored criteria.

Foundation model risk

The harder problem, and the one I don't think has landed yet in most risk functions, is that foundation model risk doesn't behave like traditional software risk. The model you approved six months ago may not be the model you're running today (I know … an obvious statement). Provider updates, silent releases, RAG pipelines and fine-tuning create divergence that almost nobody is currently measuring in any systematic way. Gartner and NIST are both pushing toward this becoming its own line item. I think they're right, and boards are going to start asking about it sooner than most teams expect.

Human oversight

Regulators have run out of patience with 'human in the loop' as a design principle. The direction of travel is toward logged, demonstrable, auditable control, not a policy statement, actual evidence. This is particularly acute across public services, financial services, and healthcare, where the consequences of model drift or unchecked automated decisions are most visible.

My prediction …

By the end of 2026, most UK public sector AI procurement exercises will include a scored section on live monitoring capability, not just governance documentation. Organisations that can show real-time drift detection and human control logging will have a genuine competitive advantage. Those who can't will face delays or drop off shortlists entirely.

We're being asked about this constantly right now. The market is moving; the question is how fast.

Will governance become a hard procurement gate within 18 months?

#ResponsibleAI #DigitalGovernment #PublicSector #ResponsibleAITracker #RAITracker #RAIT #RAITFramework