The industry is changing
AI is no longer only an internal system category. It appears in public interfaces, vendor claims, workflows, and customer-facing channels.
Observable AI Governance Observatory
State of Observable AI Governance 2026.
AI governance is entering a new phase: it must be demonstrable outside internal policy rooms. The Observatory studies this market shift across 151 entities, 3 corpora, and one public evidence question: can governance be observed where AI systems are encountered?
Observatory
Web-surface intelligence
Entities151
Corpora3
Evidence sourcePublic web
Two-minute brief
The market is moving from AI governance claims to observable AI governance evidence.
Governance faces a new challenge
The control story now has to be observable where users, buyers, and supervisors first encounter the AI system.
Observable governance emerges
AIGovXRay turns public web-surface evidence into repeatable demonstrability signals and time-bound findings.
Evidence base
The Observatory studies the market. AIGovXRay generates the evidence.
The Observatory is the market lens: sectors, vendors, advisors, and regulated institutions compared over time. AIGovXRay is the evidence engine: HTML, JavaScript, metadata, and client-side artifacts delivered to a normal public website visitor.
AI Governance Platforms
Purpose-built AI governance, GRC, monitoring, and AI security vendors.
Advisors & Ecosystem
Consultancies, legal/compliance advisors, policy bodies, and AI service providers.
European Banking
Systemically Important Banks plus supplementary financial entities.
Observable signals
The gap is not theoretical. It shows up in the public layer.
151
entities scanned across the full Observatory corpus
22%
AI Governance Platforms with Elevated observable governance signal
46%
Advisors & Ecosystem with Elevated observable governance signal
97%
AI-visible SI Banks rated Partially demonstrable
Findings are demonstrability gaps, not allegations of internal governance failure or non-compliance. The report measures what can be observed externally during the scan window.
Capability-demonstrability gap
The strongest signal is commercial.
The most interesting pattern is not that regulated banks show governance gaps. It is that AI governance vendors and advisors can make strong governance, automation, and readiness claims while their own public interface does not always demonstrate the same observable signals.
For buyers, this is not a disqualifier. It is a procurement question: if a vendor helps customers demonstrate AI governance, can the vendor demonstrate enough of its own public AI governance posture before privileged due diligence begins?
Buyer lens
What should a buyer ask before signing?
Web-surface scanning is a low-cost, independently verifiable first-pass due diligence layer. It does not replace contracts, audits, or internal evidence review, but it can make the next conversation sharper.
Does a vendor disclose AI interaction where a user encounters it?
Is ownership of agentic or action-taking capability externally attributable?
Can the public evidence layer support procurement due diligence before privileged review?
Are remediation signals visible when the same surface is scanned again?
Positive benchmark
The standard is achievable.
Zero-finding, demonstrable audit-readiness results appear in every corpus. That matters because it keeps the report from becoming a list of failures. It shows that the public evidence posture can be improved without changing the entire architecture.
The 2027 edition can turn this into a longitudinal benchmark: who moved toward observable governance, who regressed, and which sectors made public accountability visible fastest.
Series roadmap
The Observatory becomes a repeatable market signal.
State of Observable AI Governance — annual benchmark, next edition June 2027.
Sector Observatories — banking, insurance, public sector, cloud, and AI infrastructure.
Vendor Readiness Benchmarks — repeatable public-surface due diligence for buyers.
Full report
Download the State of Observable AI Governance 2026.
The full report includes the methodology note, corpus summaries, cross-sector comparison, positive benchmarks, recommendations, and appendix listings.
This report is web-surface evidence only. It is not a compliance certification, legal attestation, security advisory, or allegation of non-compliance by any named organisation.