Key facts
- Format: one-page PDF canvas, designed to be filled in during a single workshop.
- Covers accountable owner, decision rights, RACI, workflows and escalation paths.
- Complements a written AI governance framework rather than replacing it.
- Written for SMEs and mid-sized businesses setting up governance for the first time.
- Free to download — pairs with the AI governance practical guide.
What is the AI governance operating model canvas?
It is a single-page framework that turns an abstract governance policy into something concrete: who has authority to approve a new AI use case, who reviews risk, what the escalation path looks like when something goes wrong, and how decisions get recorded. Most organisations have a policy document; far fewer have agreed how governance actually operates week to week. This canvas closes that gap.
Who is it for?
Executives and governance leads setting up AI governance for the first time, or trying to make an existing policy operational. It works well as a facilitated exercise with the accountable owner and the cross-functional group spanning legal, risk, security and product.
What the canvas covers
Accountable owner. The named executive who owns AI governance outcomes.
Decision rights. Who can approve a new AI use case, at what risk threshold, and who must be consulted.
RACI. Who is Responsible, Accountable, Consulted and Informed for the core governance activities.
Workflows. The steps a new AI system goes through from proposal to approved use, including the AI inventory entry point.
Escalation paths. Where an issue goes when it can't be resolved at the working level, up to board reporting.
How to use it
Run it as a 60 to 90 minute workshop with the people who will actually operate governance, not just the policy authors. Fill each box with names and thresholds, not generic statements. Revisit the canvas after your first quarter of operating it — most organisations tighten the decision-rights box once they see real cases come through.
Frequently asked questions
What is AI governance?
The system of policies, roles, processes and controls an organisation uses to manage AI responsibly, legally and effectively.
What is an AI governance operating model?
How governance is structured and runs day to day — decision rights, committees, workflows and escalation paths.
What is a RACI for AI governance?
A matrix mapping who is Responsible, Accountable, Consulted and Informed for each governance activity.
How do you measure AI governance?
Coverage (systems inventoried and classified), control adherence, incident metrics, training completion and time-to-approve use cases.
How long does it take to set up AI governance?
A workable baseline in 60 to 90 days; maturity builds over 12 months or more.
Where should AI governance sit in the organisation?
Accountability sits with the board or executive; operational ownership often sits with risk, legal or a dedicated AI lead.
What's the first thing to do in AI governance?
Create an inventory of where AI is used — governance starts with visibility.
Related pages
Sources
Last updated 19 June 2026.