An obligation that drifts out of compliance, an evidence document that has not been reviewed since approval, a risk acceptance that expired six months ago — these are not sudden failures. They are governance conditions that went undetected. EAB detects them continuously.
Governance Exception Detection monitors AI system governance records for obligation drift, evidence staleness, overdue reviews, process deviations, and structural governance gaps. When a condition is detected, it surfaces as a signal — attributed, timestamped, and actionable. Detection creates a signal, not a final legal conclusion.
“A compliance programme that was sound at approval can degrade quietly over months. Obligations drift, evidence becomes stale, accepted risks expire unreviewed. Governance Exception Detection is the continuous monitoring layer that ensures these conditions surface as signals — before they become findings.”
Governance Exception Detection monitors governance records across six categories of structural conditions. Each signal is specific to a system, an obligation, and an owner. Signals are not alerts in the general sense — they are governance conditions that require a response in the platform.
An obligation that was previously complete, in progress, or approved has changed state without a corresponding governance action — no evidence update, no supervisor review, no re-screening. The drift is surfaced with the affected system, obligation reference, and the last attributed action.
An evidence document attached to an approved obligation has not been reviewed or updated within the defined review horizon. The system marks the attached evidence as potentially stale and surfaces the obligation for review. The signal does not invalidate the evidence — it requests review.
A risk acceptance record in the Exception Register has passed its review date without a state transition. The named risk owner is signalled. The accepted risk is flagged in the register and in reporting as requiring reassessment under the Risk Acceptance Workflow.
A legal change re-screening was triggered for an AI system and has not been initiated within the review window. The system is flagged as operating under a screening result that may not reflect current legal obligations. The signal links to the specific legal change that triggered it.
A governance step that is required given the system’s risk classification and obligation set has not been completed. This includes missing evidence for a specific article obligation, an incomplete technical documentation section, or a required assessment that was never initiated.
An entry in the Exception Register has passed its review date without a status transition. The exception owner is signalled and the entry surfaces as an overdue item in the register, in compliance reporting, and in the Executive Governance Cockpit governance health view.
Detection is not the end of the process — it is the beginning of a governed response. Every signal requires an acknowledged action in the platform. Signals that are ignored surface as escalation indicators in reporting and the executive cockpit.
EAB monitors governance records across all AI systems in the organization — obligation statuses, evidence review dates, risk acceptance expiry dates, re-screening queue states, and exception register entries. Monitoring is continuous and covers all systems for which the organization has an active governance record.
When a governance condition is detected, EAB creates a signal. The signal is specific: it identifies the affected AI system, the obligation or record, the detection category, the responsible owner, and the date the condition was first observed. The signal is not a general notification — it is a structured record in the governance layer.
The signal is surfaced in the responsible owner’s action inbox, in the Supervisor governance view, and in the Executive Governance Cockpit health indicators. Signals are not sent exclusively by email — they are live platform records that remain visible until a governed response is recorded.
The responsible owner responds to the signal with a governed action: initiating re-screening, updating evidence, triggering the risk acceptance workflow, transitioning an exception state, or documenting a formal non-applicability decision. The response is attributed and timestamped. Acknowledging a signal without a governed action is not sufficient.
Signals that remain unresolved beyond a defined window escalate in governance reporting. They surface as elevated indicators in the Executive Governance Cockpit, as open items in Compliance Reporting, and as audit-visible conditions in the Auditor Workspace. Unresolved signals are not hidden.
Governance Exception Detection identifies conditions that EAB can observe in the governance record: dates passed, statuses changed without governed action, documents not reviewed. It does not determine whether these conditions constitute a legal compliance failure. That determination requires human judgement, legal context, and organizational assessment.
A signal from Governance Exception Detection means: this governance record has a condition that requires your attention. It does not mean: your organization is non-compliant with Article X. The platform surfaces the condition — the responsible owner, supervisor, or compliance lead determines the appropriate governed response.
This constraint is intentional. AI governance is a human responsibility. EAB provides the structure, the monitoring, and the record of how the organization responded to every governance condition it was aware of. The response decisions belong to the organization.
Governance Exception Detection is available in the Enterprise plan. Continuous monitoring, attributed signals, and governed response paths — across all AI systems in the organization.
EU-hosted · Anchored to CELEX 32024R1689
Tell us about your organization and what you’re looking to address. We’ll follow up with the relevant information.
