Writing

AI Governance: the engine calls itself

The terminal domain, where a rule in one field invokes the rules of another, and "one engine" stops being a slogan.

Enso Intelligence · Dhaka/June 19, 2026 · 8 min

Why it goes last

There is an order to building regulated domains, and the order is not market size. If it were, you would build the biggest markets first and let the small ones wait. Instead, each domain is chosen for the primitive it hands forward to the ones after it. Securities contributed nothing new but proved the deadline primitive travels. Data protection contributed the cross-jurisdiction matrix. Each domain earns its place by what it gives the next.

Governance of AI systems goes last, and it goes last for the opposite reason of everything before it. It does not contribute a primitive that other domains consume. It consumes the primitives that every prior domain built. It is the one domain that takes and does not give, and that is precisely what makes it the capstone rather than just another entry on the list.

The reason is structural, not incidental. An AI-governance obligation is rarely self-contained. It almost always reaches into other regulated fields and depends on them. A high-risk AI system that processes personal data inherits data-protection obligations, the whole transfer-and-lawful-basis apparatus. The contract with the system's vendor inherits clause requirements from legal. A model that scores creditworthiness inherits model-risk obligations from banking. To answer the simple-sounding question "is this AI system compliant," the engine cannot just read the system's own fields and check them against AI-specific rules. It has to invoke the rules of other domains and fold their verdicts into its own.

That is a different kind of operation from anything the earlier domains required. Earlier, a rule read fields and rendered a verdict. Here, a rule has to call other rules.

What is data, and what is a rule

The reference layer for AI governance is an inventory and an obligation map. The inventory is the catalog of AI systems in scope, each tagged with its risk tier and its use case. The map records which obligations attach to which risk tier: which practices are prohibited outright, which categories count as high-risk, which controls a high-risk system must evidence. And crucially, the map records something the earlier domains' reference data never had to: which of those obligations delegate to another domain entirely. The deployer's own system inventory is customer-supplied, the way a legal playbook is customer-supplied, because only the deployer knows what they have actually built and put into production.

The rules are the obligations on top. A prohibited practice must not be deployed. A high-risk system must evidence its required controls. And then the defining rule, the one that makes this domain different from every domain before it: an obligation that incorporates another domain must actually satisfy that domain's rules. Not a copy of them. Not a summary of them. The actual rules, run live, their verdict folded in.

{
  "rule_id": "AIG-OBL-EU-014",
  "title": "High-risk AI processing personal data must satisfy transfer rules",
  "jurisdiction": "eu",
  "source": "EU AI Act, data-governance obligations",
  "severity": "block",
  "expected_outcome": {
    "action": "review",
    "message": "This high-risk system processes personal data over a cross-border flow. Its data-governance obligation incorporates the transfer rules; a failing transfer fails this obligation."
  },
  "conditions": [
    { "type": "context_flag", "path": "system.risk_tier", "equals": "high" },
    { "type": "context_flag", "path": "system.processes_personal_data", "equals": true },
    { "type": "cross_domain_check", "domain": "data_protection", "rule_family": "cross_border_transfer", "subject": "system.data_transfer" }
  ],
  "deterministic": true,
  "validation_status": "expert_reviewed"
}

The first two conditions are ordinary field checks. Is this system high-risk? Does it process personal data? If both are true, the third condition fires, and the third condition is unlike anything in the earlier domains. cross_domain_check does not read a field. It dispatches the data-protection transfer rules, the ones from the previous domain, against this system's data flow, and incorporates whatever verdict they return. If the transfer fails data protection's rules, it fails this AI-governance obligation, automatically, by reference rather than by duplication.

What comes back is a single report, with both domains' findings inside it and the provenance of each kept intact. A reviewer reading it sees the AI-governance obligation, and underneath it, the specific data-protection rule that caused it to fail, traced to its source article. The rule in one field called the rules of another, and the result is one coherent answer instead of two disconnected ones.

Fail closed, toward more scrutiny

Every domain fails closed, but the conservative direction is not the same everywhere, and AI governance is where the direction is most worth examining. In most domains, failing closed means "if you cannot verify, do not approve." Here it means something sharper.

When the engine cannot classify a system's risk tier, it does not default to "low risk, move on." It treats the system as high-risk, pending human review. The reasoning is about which error is the expensive one. In AI governance, the costly mistake is under-classification, letting a genuinely high-risk system pass through the gate as if it were trivial, with none of the controls a high-risk system is supposed to carry. Over-classification just means a harmless system gets more scrutiny than it strictly needed, which costs some time. Under-classification means a dangerous system ships with no oversight, which is the entire failure the regulation exists to prevent.

So uncertainty resolves toward more scrutiny, not less. When the engine does not know, it assumes the case that demands more checking, not the case that demands none. That is fail-closed pointed in the direction this particular domain requires.

The point

Every domain before this one made the same modest case in its own way: that the same engine could stretch to cover it, that the primitives already built were enough, that no new machine was needed. Securities made it with a deadline. Tax will make it with a matrix. Each was a demonstration of reuse.

AI governance makes a stronger case, and a different one. It shows that the domains are not parallel silos that happen to share some plumbing. They are a single graph. A rule in one field can reach across into another, run its rules, and fold the result back in, and the engine reasons over all of it at once and returns one answer with the provenance intact. This is the moment "one engine, every regulated domain" stops being a description of reuse and becomes a description of a call graph. Not many engines that resemble each other. One engine, calling itself, across the whole map of regulated knowledge.