Control

a control without an owner, evidence, and a test schedule is a suggestion someone wrote in a PDF and never opened again.

"we have 200 controls in the register. how many have been tested? we'll get back to you on that."
"the control owner left six months ago. nobody reassigned it. the control has been running unowned since January. technically it's a governance dead zone now."
"our preventive control was a pop-up that said 'are you sure?' and everyone clicked yes without reading it. that's not a control, that's a formality."
Share this one
Canonical Definition

A measure that modifies risk. Controls are classified as: Preventive (reduce likelihood), Detective (increase visibility), or Corrective (reduce impact after realisation). Each control must have a declared owner, an evidence output, and a testing frequency. A control without all three properties is not a control — it is a documented intention with no operational guarantee.

Why It Matters

Controls are the atomic unit of governance. Every regulation, every audit, every compliance assessment ultimately asks the same question: do you have controls, and can you prove they work? The EU AI Act requires providers of high-risk AI systems to implement a risk management system with documented controls. ISO 42001 requires an AI management system built on controls. NIST AI RMF maps govern-map-measure-manage functions to control activities. The language differs. The requirement does not.

The problem is not the absence of controls. Most organisations have hundreds. The problem is that controls are designed but not tested, assigned but not owned, and documented but never verified. A 2024 Gartner survey found that 78% of enterprise AI programmes had documented risk controls, but only 23% had evidence that those controls were operating effectively. That 55-point gap between stated and demonstrated governance is where regulatory enforcement lives.

In the AI Enterprise Control Index, every control must satisfy three conditions: it must have a declared owner (a named individual, not a team), it must produce evidence (a documented output that proves it ran), and it must be tested at a defined frequency (quarterly, annually, or continuously). If any of these three properties is missing, the control is reclassified as a gap.

The Stress Test

An auditor selects five controls from your AI risk register at random. For each, they ask three questions: who owns it? Show me the last evidence output. When was it last tested? You can answer fully for one of the five. For two, the owner has changed roles and no one reassigned ownership. For the fourth, the evidence is a screenshot from 2024. For the fifth, you discover the control was never implemented — it was copy-pasted from a template during the initial assessment.

Your register says you have five controls. You have one. That is the gap the stress test reveals.

In the Wild

Financial Services — Credit Suisse, 2023
The Risk Controls That Existed on Paper

The Swiss Financial Market Supervisory Authority (FINMA) found that Credit Suisse had documented risk management controls that “failed to function effectively in practice.” The controls existed in policies and procedures. They were not tested, not enforced, and not escalated when breached. The gap between documented controls and operational controls contributed to the bank’s collapse. FINMA’s post-mortem concluded that the bank’s risk management framework was “structurally inadequate.”

The controls were real. The governance was not. A control that is documented but not tested is a control in name only.

Healthcare AI — Epic Sepsis Model, 2021
A Prediction Model With No Performance Controls

Epic Systems deployed a sepsis prediction model across hundreds of hospitals. An external validation study published in JAMA Internal Medicine found the model missed 67% of sepsis cases while generating a high rate of false alerts. The model had been deployed without independent performance controls — no external validation, no threshold testing against hospital-specific populations, and no ongoing monitoring of prediction accuracy post-deployment.

The model was a control for patient safety. The model itself had no controls. The absence compounded into measurable patient harm.

Autonomous Vehicles — Uber ATG, 2018
A Safety System With Disabled Safety Controls

In March 2018, an Uber autonomous test vehicle struck and killed a pedestrian in Tempe, Arizona. The NTSB investigation found that the vehicle’s emergency braking system — a corrective control — had been deliberately disabled by Uber’s engineering team to reduce ride harshness. The detective control (object classification) detected the pedestrian 5.6 seconds before impact but classified the object inconsistently. The safety driver — a human corrective control — was watching a video on her phone.

Three layers of control: one disabled, one unreliable, one inattentive. The taxonomy was correct. The implementation was fatal.

How to Govern It

Every control needs three things. No exceptions.

Within the AI Enterprise Control Index, control governance is foundational to every layer and shield:

  • GRC (S1) — The control register, ownership assignment, and evidence collection. S1 is where controls are declared, owners are named, and the Evidence Factory captures proof of operation.
  • Observability (S4) — Runtime monitoring that detective controls are operating. If a control is supposed to flag anomalies and it has not flagged anything in six months, that is either a perfectly safe system or a broken detector. Observability tells you which.
  • AI Engineering (L5) — Technical controls for model evaluation, testing gates, and deployment approvals. These are the preventive controls that stop a bad model from reaching production.
  • Security (S2) — Access controls, authentication, and authorisation mechanisms that prevent unauthorised modification of AI systems.
  • Strategy (L1) — Risk appetite declarations that set the threshold for which controls are required. Without a declared risk appetite, the control framework has no calibration.

When It's Relevant

Every AI system. Every deployment stage. Every risk level. Controls are not optional for high-risk systems and recommended for others. They are the mechanism by which governance becomes operational. An AI system without controls is an AI system that cannot be audited, cannot demonstrate compliance, and cannot be trusted to behave as intended.

Control requirements intensify when:

  • The system is classified as high-risk under the EU AI Act
  • The system makes or influences decisions affecting individuals’ rights
  • The system operates autonomously without human-in-the-loop oversight
  • The organisation is subject to sector-specific regulation (financial services, healthcare, critical infrastructure)
  • The system processes personal data subject to GDPR

See this control in the framework. Control governance is the foundation of every layer and shield in the AI Enterprise Control Index v6.0.

Open Framework →

Related Terms

References

  1. [1] ISO/IEC 42001:2023. Information Technology — Artificial Intelligence — Management System. International Organization for Standardization.
  2. [2] NIST (2023) Artificial Intelligence Risk Management Framework (AI RMF 1.0). National Institute of Standards and Technology, U.S. Department of Commerce.
  3. [3] European Parliament and Council (2024) Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (AI Act). Official Journal of the European Union.
  4. [4] Wong, A., Otles, E., Donnelly, J.P., et al. (2021) ‘External Validation of a Widely Implemented Proprietary Sepsis Prediction Model in Hospitalized Patients’, JAMA Internal Medicine, 181(8), pp. 1065–1070. doi: 10.1001/jamainternmed.2021.2626.
  5. [5] NTSB (2019) Collision Between Vehicle Controlled by Developmental Automated Driving System and Pedestrian, Tempe, Arizona, March 18, 2018. Highway Accident Report NTSB/HAR-19/03.
  6. [6] FINMA (2023) FINMA Report on the Lessons Learned from the CS Crisis. Swiss Financial Market Supervisory Authority.
  7. [7] Raji, I.D., Smart, A., White, R.N., Mitchell, M., Gebru, T., Hutchinson, B., Smith-Loud, J., Theron, D. and Barnes, P. (2020) ‘Closing the AI Accountability Gap: Defining an End-to-End Framework for Internal Algorithmic Auditing’, Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency (FAT*), pp. 33–44.

AI Enterprise Control Index v6.0 · Glossary · June 2026 · i-DEPOT 158508 (BOIP) · CC BY-NC-ND 4.0

By Jeroen Janssen, Apparens