AI Governance
Template Library
AI Governance
Govern AI-assisted engineering and system AI functionality with explicit scope, controls, risks, exceptions, release status, and follow-up.
Governance
AI Governance
AI Control
Template purpose
Use this template to define how AI use is governed across the project.
AI governance covers two different but related concerns:
- AI-assisted engineering work.
- AI functionality inside the system being engineered.
Both must be controlled. Both must leave evidence.
Project
<Project name>
Document control
| Field |
Value |
| Artifact owner |
<owner> |
| Primary reviewers |
<reviewers> |
| Status |
<draft / in review / accepted / revised> |
| Last updated |
<YYYY-MM-DD> |
| Related Area |
AI governance |
| Project workspace target |
docs/project-workspace/governance/ai_governance.md |
AI governance position
<Describe the project position on AI use.>
AI-use scope
| AI Area |
Status |
Governance Position |
Evidence |
| AI-assisted engineering |
<allowed / limited / prohibited / not applicable> |
<position> |
<evidence> |
| AI functionality inside system |
<active / disabled / deferred / not applicable> |
<position> |
<evidence> |
| AI-generated code |
<allowed / limited / prohibited> |
<position> |
<evidence> |
| AI-generated tests |
<allowed / limited / prohibited> |
<position> |
<evidence> |
| AI-generated documentation |
<allowed / limited / prohibited> |
<position> |
<evidence> |
| AI-generated decisions |
<prohibited / limited / human-controlled> |
<position> |
<evidence> |
| AI-generated operational recommendations |
<allowed / limited / prohibited / not applicable> |
<position> |
<evidence> |
AI-assisted engineering controls
| Control |
Requirement |
Evidence |
| AI use disclosed when material |
<requirement> |
docs/project-workspace/implementation/ai_assistance_log.md |
| AI output reviewed by engineers |
<requirement> |
<evidence> |
| AI-generated code verified |
<requirement> |
<evidence> |
| AI-generated tests reviewed |
<requirement> |
<evidence> |
| AI-generated documentation reviewed |
<requirement> |
<evidence> |
| AI suggestions may be rejected |
<requirement> |
<evidence> |
| Engineers remain accountable |
<requirement> |
<evidence> |
| Sensitive data excluded from prompts |
<requirement> |
<evidence> |
| Rejected AI output recorded when material |
<requirement> |
<evidence> |
System AI controls
| Control |
Requirement |
Evidence |
| AI output marked |
<requirement> |
<evidence> |
| AI output remains draft until accepted |
<requirement> |
<evidence> |
| Human review required before official use |
<requirement> |
<evidence> |
| AI failure path defined |
<requirement> |
<evidence> |
| Manual fallback exists |
<requirement> |
<evidence> |
| Prohibited data excluded |
<requirement> |
<evidence> |
| AI restrictions are enforceable |
<requirement> |
<evidence> |
| AI monitoring is defined |
<requirement> |
<evidence> |
| AI stop/restrict trigger exists |
<requirement> |
<evidence> |
AI release status
<AI active / AI disabled / AI deferred / AI not applicable>
AI risk register
| Risk |
Category |
Impact |
Mitigation |
Owner |
Status |
<risk> |
<hallucination / security / privacy / bias / accountability / drift / evidence / operational> |
<impact> |
<mitigation> |
<owner> |
<status> |
AI exception register
| Exception |
Reason |
Risk |
Accepted By |
Review Trigger |
Evidence |
<exception> |
<reason> |
<risk> |
<authority> |
<trigger> |
<evidence> |
AI governance decision
Required follow-up
| Follow-up |
Owner |
Due / Trigger |
Status |
<follow-up> |
<owner> |
<due/trigger> |
<open / closed / deferred> |
Review checklist
- [ ] AI governance position is explicit.
- [ ] Engineering AI and system AI are distinguished.
- [ ] AI controls are linked to evidence.
- [ ] AI risks have owners and mitigations.
- [ ] Exceptions require authority and review trigger.
- [ ] AI release status is clear.
- [ ] Required follow-up is assigned.