Outcome focus: Reader can audit their AI/data governance program against the actual 2026 regulatory and standards stack — including the federal rescissions, the EU AI Act timeline shift agreed May 7, 2026, the ISO/IEC 5259 Part 5 publication, and the OWASP Agentic Top 10 — and retire stale references with confidence.
data governanceai governancecomplianceiso 42001nist ai rmfeu ai actowaspc2papolicy as code
The compliance team asks for the AI governance summary. The deck circulates. Two of the references it cites have been rescinded for fourteen months. One of the deadlines it depends on was deferred by sixteen months a week before the deck went out. The map looks current. It is sourced from material that was current eighteen months ago.
I have seen this go wrong when teams lift their governance language from a single 2025 briefing and treat it as evergreen. Governance is the rare engineering discipline where a 2024 reference can be incorrect rather than dated, because the underlying instrument has been replaced rather than supplemented. The cost of stale references is not aesthetic. It is regulatory exposure plus internal authority loss when an auditor points out that the standard you cite no longer exists in the form you cited it.
This post is the current map as of May 2026. What was rescinded, what was delayed, what was renamed, and what survived intact.
What 2026 governance has to cover#
The classic data-governance scope (catalogs, lineage, quality, access, retention) is the floor in 2026, not the program. The artifacts that need governance have multiplied:
- Data: sources, features, vector stores, fine-tuning sets.
- Models: base models, fine-tunes, embeddings, prompts, system instructions.
- Agents: capability manifests, tool grants, memory state, harness configs.
- Generated content: outputs, derived artifacts, downstream propagation, provenance signals.
Each of these has its own governance surface. The 2025-era framing — "data governance plus AI governance" — understates the integration. You cannot govern the model without governing the training data. You cannot govern the agent without governing the tools it can call and the memory it persists. You cannot govern the output without governing the provenance signal stamped on it. Treating these as separate programs is the failure mode this post is designed to prevent.
For the role and decision-rights layer that sits underneath all of this, see Data Governance Roles Need Decision Rights. For the operating vocabulary, the operator's data governance glossary. For the systemic root cause when governance fails as a tool problem rather than a system problem, Why Data Platforms Fail as Systems.
The US federal stack got rebuilt in 2025 — retire your old references#
The single biggest "stale recipe" failure mode in current governance documents: citing OMB M-24-10 as the federal AI governance template. M-24-10 was issued under the Biden administration in March 2024. It was rescinded April 3, 2025, and replaced by OMB M-25-21: Accelerating Federal Use of AI through Innovation, Governance, and Public Trust. The companion procurement memo M-24-18 was replaced by M-25-22.
The substantive shifts that matter for private-sector teams treating federal memos as templates:
- Posture inverted. Risk-management-first became innovation-first. Where M-24-10 led with enumerated safeguards, M-25-21 leads with adoption acceleration and frames safeguards as enabling conditions for that acceleration.
- Risk tiering collapsed. M-24-10's multi-tier risk classification (rights-impacting, safety-impacting, etc.) collapsed into a single high-impact AI category in M-25-21. Programs that built three-tier policies on the old taxonomy have to consolidate.
- Procurement separated. M-25-22 makes federal AI procurement a first-class governance surface in its own document — a useful template for any organization buying AI from external vendors.
The broader executive context: Biden EO 14110 was rescinded by Trump EO 14179, Removing Barriers to American Leadership in Artificial Intelligence. On July 23, 2025 the administration published Winning the AI Race: America's AI Action Plan with three companion EOs covering AI Tech Stack Export, Federal Permitting of Data Center Infrastructure, and Preventing Woke AI. A December 2025 EO moved to preempt state-level AI laws — relevant for any program written assuming a multi-state patchwork would persist.
If your governance documentation cites M-24-10, EO 14110, or "the Biden Executive Order on AI," it has been incorrect since spring 2025. The fix is a one-line correction. The discipline is having a process that catches this kind of staleness before the auditor does.
The EU is on track — but the timeline shifted in May 2026#
Three EU AI Act milestones have already gone live as scheduled:
- Feb 2, 2025: prohibitions and AI literacy duties applicable.
- Aug 2, 2025: GPAI (general-purpose AI) model obligations applicable.
The third milestone is the one where 2025-vintage recipes are now wrong:
The Article 10 substance — that high-risk training, validation, and test sets must be relevant, sufficiently representative, as error-free and complete as possible, with documented provenance, preparation, and bias mitigation — is unchanged. What changed is when the audit clock starts.
The GPAI Code of Practice was finalized July 10, 2025 with 26 signatories including OpenAI, Anthropic, Google, Microsoft, Amazon, IBM, Mistral, Cohere, and Aleph Alpha. Meta declined to sign. xAI signed only the Safety and Security chapter, not Transparency or Copyright. For private-sector buyers, the signature pattern is now a useful procurement signal — vendor conformance to a public commitment is verifiable without asking, and the absence of a signature is itself information.
The EU Data Act went applicable Sept 12, 2025 as scheduled. Next milestone is Sept 12, 2026 — access-by-design obligations on connected-product manufacturers. Cloud-switching charge ban arrives Jan 12, 2027; full portability Sept 12, 2027. Germany and France have designated authorities with penalty caps at four to five percent of global turnover.
The standards stack — what's still authoritative#
Three standards survived the regulatory churn intact and now carry more weight than they did twelve months ago because procurement and insurance markets have started pricing them.
ISO/IEC 42001 (AI Management System), 2023. Adoption accelerated through 2025 and into 2026. CrowdStrike certified January 2026. KPMG, IBM Granite, and Microsoft were already certified. Gartner's 2026 procurement survey reports that 83% of Fortune 500 enterprises plan to require ISO 42001 alignment from AI vendors by 2027. The newer commercial driver: insurance markets now offer 15-25% premium differentials for certified entities. If you are evaluating which standard to build the AI management program around, 42001 is the one whose absence will start showing up in lost deals before it shows up in audits.
ISO/IEC 5259 (Data Quality for AI/ML). The 2025 recipes cited Parts 1-4. As of 2026, Parts 1-5 are published — Part 5 covers governance specifically. Part 6, a technical report on visualization, is forthcoming with publication tracking April 2026. Update your reference list. The substance of the earlier parts is unchanged.
NIST AI Risk Management Framework with the GenAI Profile (NIST AI 600-1). Still the July 2024 publication. Not superseded. The widely-cited concrete controls for GenAI — secure design, evaluation and red-team, provenance, monitoring, incident handling — are unchanged.
What is new at NIST: the CAISI AI Agent Standards Initiative, announced Feb 17, 2026, with an Agent Interoperability Profile targeted for Q4 2026. NIST AI 600-1 explicitly does not cover agent-specific threats — tool-output prompt injection, cross-session memory persistence, tool-chain poisoning. If your program governs agents specifically, the gap between AI 600-1 and the forthcoming agent profile is the gap your internal controls have to fill in the interim.
OWASP LLM Top-10 v2.0 (2025). Still the canonical risk register for LLM applications. No 2026 edition has shipped (the community survey for the next cycle is in progress).
What is new at OWASP: OWASP Top 10 for Agentic Applications (2026) is a separate, distinct publication covering agent-specific failure modes — goal misalignment, tool misuse, delegated trust, inter-agent communication, persistent memory. If your program covers agents, both documents apply. If you cite only the LLM Top-10 for agent risk, you are using the right register for the wrong scope.
The 2026 governance stack, in layers#
The same four-layer model the 2025 recipes used still applies. The standards behind each layer are what changed.
The connections to the existing operator content on this site map cleanly onto the layers:
- Data layer — Dataform/BigQuery governance release patterns for the release-lane discipline; BigQuery keys are optimizer hints, not enforcement for what data-contract metadata actually proves versus what it suggests.
- Model and evaluation layer — LLM observability with OpenTelemetry GenAI conventions for the runtime measurement layer that backs eval and monitoring.
- Application and runtime layer — Agent repo trust gates for policy-as-code on capability manifests; agent capabilities vs. permissions for the blast radius framing; sandboxed agents and the production automation boundary for the execution-environment surface.
- People and process — data governance roles need decision rights for the authority layer beneath the program.
What "good" looks like — controls you can actually prove#
Provable controls beat narrative controls in any audit. The 2026 catalog:
Data Cards and Model Cards for anything in production. These were not new in 2026, but the EU GPAI Code of Practice has made model documentation a public commitment for 26 signatories, raising the floor for what counts as adequate documentation in practice.
C2PA and Content Credentials for outbound media. Membership exceeded 6,000 in early 2026. Hardware signing on Samsung Galaxy S25 and Google Pixel 10. Display surfaces include LinkedIn (a clickable CR icon revealing the provenance chain), TikTok, Cloudflare (which preserves credentials through proxy), and Microsoft Bing and Designer (auto-labeling AI-generated content). The honest caveat: user engagement with the badges remains low. The operative driver for adoption is regulatory pull from EU AI Act Article 50, not consumer recognition.
ISO/IEC 5259 quality SLAs as automated tests in pipelines, not narrative documents. The standard provides the structure; the proof is in the test runs.
OWASP mitigation matrix — a maintained document mapping each Top-10 risk (LLM and Agentic) to the specific controls deployed in your stack, with red-team evidence for the high-risk ones. Two columns of a real document, not a slide.
AI inventory with FRIA and DPIA records. EU AI Act Article 27 requires a Fundamental Rights Impact Assessment for certain high-risk deployers; GDPR's DPIA covers personal-data risk. Both are surfaces where the 2025 recipes were correct and the substance has not changed — only the deadline for the FRIA case has shifted with the high-risk deferral.
Runtime evidence: drift monitors, harmful-output detection, leakage monitors, traced calls. This is where OTel GenAI semantic conventions earn their place — the observability post covers the specific instrumentation pattern that turns runtime AI behavior into queryable, alertable signal.
The pragmatic stack — the operating-system view#
The implementation pattern that survived 2025-2026 churn intact:
Federated, product-centric governance. Domains own data and AI products; a central team provides standards, controls, and automation. The data-mesh community calls this federated computational governance. The pattern works in 2026 because the regulatory landscape is shifting faster than central teams can rewrite policy. Domains that own their products can absorb local changes faster than a central team rewriting the global doc.
Policy-as-code and control-as-code. OPA and Rego for access, masking, and usage rules. The trust-gates post covers this for capability manifests; the same pattern applies to data-access policies, model-deployment gates, and runtime guardrails. Encoded controls are auditable; written ones are aspirational.
Platform enforcement. Databricks Unity Catalog, Snowflake Horizon, BigQuery and Dataplex — each platform's native governance plane is more mature in 2026 than it was in 2025. Use the platform plane before building parallel infrastructure. The compliant GCP platform playbook covers the "compliance is a platform feature, not a gate" pattern that makes the governed path faster than the workaround.
Automated data quality and observability. Great Expectations, Soda, Monte Carlo for data contracts; OTel GenAI conventions for runtime AI observability. The combination is what makes "we have an SLA" a fact rather than a wish.
A 2026 program checklist#
| Step | What it commits you to | Standard / regulation |
|---|---|---|
| Adopt management system standard | Certifiable program with continual improvement | ISO/IEC 42001 (procurement and insurance now price this) |
| Inventory data, models, prompts, agents | Owners, sensitivity, and approval state for every AI artifact | Internal; informs everything below |
| Map lineage end-to-end | Source to features to model to app, queryable | Platform-native (Unity Catalog / Horizon / Dataplex) |
| Quality SLAs as code | Tests in pipelines proving SLAs to ISO/IEC 5259 Parts 1-5 | ISO/IEC 5259 (Part 5 added in 2025; update your refs) |
| LLM + Agentic mitigation matrix | Per-risk controls and red-team evidence for both registers | OWASP LLM Top-10 v2.0 (2025) + OWASP Agentic Top-10 (2026) |
| Documentation in production | Data Cards / Model Cards published with each release | Internal; required of GPAI Code of Practice signatories |
| Content provenance | C2PA on outbound media; pipeline-level signing | EU AI Act Article 50 (enforcement Aug 2026) |
| Impact assessments | DPIA where personal-data risk is high; FRIA where AI Act requires | EU AI Act Article 27 (FRIA), GDPR (DPIA) |
| Runtime monitoring | OTel GenAI conventions; drift, leakage, harmful-output | NIST AI 600-1 controls |
| Track legal applicability | Quarterly map review; retire stale references on a calendar | EU AI Act Digital Omnibus, US M-25-21/M-25-22, EU Data Act |
The last row is the discipline this post is built around. The map gets stale every quarter whether you maintain it or not. The choice is whether you maintain it on a schedule or in panic during an audit.
The tradeoff#
The honest tradeoff for AI governance in 2026 is federated speed against central auditability. A central program can guarantee uniform policy and a single source of truth. It cannot guarantee that the source of truth keeps up with a regulatory layer that changes every two months. A federated program absorbs regulatory churn locally — domains rewrite their own controls — but it cannot guarantee uniform policy across products without active investment in the standards layer that the central team owns.
The two postures are not interchangeable. A federated program with no central standards layer becomes inconsistent fast. A central program without federated execution becomes outdated fast. The 2026 model that works is federated execution against central standards, with the standards layer maintained on a quarterly review cycle pegged to the regulatory calendar.
The other tradeoff worth naming explicitly: the US (innovation-first under M-25-21 and the AI Action Plan) and the EU (rights-and-risk-first under the AI Act and Data Act) are now operating from different regulatory postures. For multinationals, "build for EU and the US gets it for free" is no longer true the way it was for GDPR. The substance has diverged enough that one program cannot satisfy both with a single set of controls. The fix is layered — a base program meeting EU substance, a US program tracking M-25-21 and the AI Action Plan, with shared standards (ISO 42001, NIST AI 600-1) underneath both.
The map does not stop changing. The 2025 recipe was right when it was published. Half of it is now stale, and the half that is still right has different deadlines and different reference documents than it did in mid-2025. The discipline is not memorizing the current state. It is having a process for keeping the map current and a rhythm for retiring stale references when the regulator publishes the replacement.
Three concrete moves before the next audit. First, search your governance documentation for "M-24-10" and "EO 14110" and replace with M-25-21 and the EO 14179 / AI Action Plan chain. Second, reset the budget assumption that anchored to August 2, 2026 — the EU high-risk deadline reached political agreement for deferral on May 7, 2026, and the substance is unchanged but the clock is. Third, add the OWASP Agentic Top-10 (2026) to the risk register if you govern agents — the LLM Top-10 alone covers the wrong scope.
The post that does not get rewritten is the post that ages into incorrect advice. Plan to rewrite this one in October 2026.