Building Regulated AI: From Principles to Production
A comprehensive, twenty-part field guide to designing, governing, validating, and operating AI systems that regulators, risk functions, and customers can trust.
Privacy, Lawful Basis, and Data Minimisation
AI runs on personal data, which pulls it into the heart of data-protection law. This part covers lawful basis, purpose limitation, minimisation, individual rights, and the special rules around automated decision-making.
Data Governance and Lineage
Trustworthy AI rests on trustworthy data. This part covers data quality, the discipline of end-to-end lineage, and why knowing exactly where every input came from is the foundation of both fairness and defensibility.
Designing for Explainability from Day One
Explainability is not a feature you add at the end; it is a property you design in or lose. This part covers the kinds of explanation different audiences need, the techniques available, and the architectural choices that keep decisions reconstructable.
Model Risk Management for AI
Model risk management is a mature discipline with decades of regulatory pedigree. This part shows how its core ideas — the model lifecycle, independent validation, and the model inventory — extend to AI, and where machine learning breaks its assumptions.
Governance Foundations: Roles and Accountability
Accountability for an AI decision must rest with a named human, not "the algorithm". This part lays out the roles, the three-lines-of-defence model, and how to make ownership real rather than a box on an org chart.
Risk Classification: Tiering AI by Impact
Governance effort should track the harm a system can do. This part covers how to classify AI systems by impact, the dimensions that drive a tier, and how to document and defend a classification under challenge.
The Regulatory Landscape
AI regulation is not one thing but several overlapping regimes. This part maps the layers — horizontal AI law, sectoral rules, data protection, and internal policy — and shows how to build a single obligation map for your systems.
The Case for Regulated AI
Why a distinct discipline of regulated AI exists, what makes high-stakes deployment different from ordinary software, and the mindset shift required to build systems institutions can defend.