Over the last few years I have watched a particular conversation play out in maybe a dozen organisations.
A senior team has done the work. There is a maturity model. There is a responsible AI policy. There is a committee that meets, sometimes monthly, with proper minutes and the right names around the table. The board has had a briefing. The risk register has an AI line item. By any reasonable scorecard the organisation is doing the things.
Then a use case arrives. Usually a vendor-embedded assistant, or an agentic workflow that grew out of a successful pilot, or a Copilot expansion the business signed off on without wanting to make a fuss. And the room cannot agree what to do with it. Whether it sits inside or outside what the organisation has chosen to compete on. Who can pause it. What an affected customer is supposed to do when the answer is wrong. Whether anyone needs to tell anyone outside the building.
The conversation does not end with a decision. It ends with a follow-up.
That follow-up is the operating model the organisation did not actually have. The maturity score was not wrong. It just was not testing for the question that matters. AI governance becomes real when it can change a decision before the decision becomes something the organisation has to explain afterwards.
This is not a new shape. APRA’s CPS 230 — operational resilience, not information security; CPS 234 is the information-security one — went through the same turn for prudentially regulated firms. Before commencement, the conversation was about controls inventories. Critical operations mapped, tolerances drafted, material service providers reviewed. After commencement, the conversation became harder. Which operations are material enough to actually stop when tolerance is breached, and who has authority to stop them, and what evidence travels with the decision.
The artefacts did not become less important. They stopped being the test.
AI governance is asking for the same turn. Not a richer maturity model. A maturity model that is anchored in four decisions the organisation has to be ready to make.
Those decisions live inside an AI Operating Model I have been writing — twelve dimensions, three pillars, sixty-four sub-dimensions in the working draft — but the four below are where the conversation breaks first. They are the load-bearing gates. Everything else in the model is what holds them in place.
The first decision is strategic posture — sub-dimension 1.6 in the framework. The discipline of declaring where AI will and will not compete. Not the priority-domain list. Most organisations can produce one of those, and most do. The harder evidence is the excluded-use-case list, with reasons attached. A portfolio without negative space is not a portfolio; it is an accumulation. Accumulation is what the recurring conversation above keeps revealing. Every plausible AI use case gets treated as a candidate for governance, when many should have been stopped at the door.
The second decision is authority — sub-dimension 6.1, the decision-rights inventory. Who can pause an AI-enabled decision on a Tuesday afternoon without rebuilding authority from scratch. Not who has the title. The framework deliberately does not push a single right answer here. A CAIO works. An expanded CIO, CDO, or CTO mandate works. A CEO-direct ownership pattern works. A regulated three-lines arrangement works. What does not work is ambiguity that can only be resolved when the use case has already shipped.
The third decision is reversibility — sub-dimension 6.4. Whether an affected person — customer, employee, supplier, citizen, or internal stakeholder — has a designed path back through the AI decision. A path for challenge, explanation, correction, or reversal, calibrated to impact. Not a generic mailbox attached after launch. Not the hope that an engineer can unwind a workflow later. The gate the framework stays inside is the operating-model one: whether intake, attribution, and human review are in place before the contested outcome arrives. Privacy counsel determines eligibility under the Notifiable Data Breaches scheme (NDB). Employment counsel determines consultation timing. Anti-discrimination specialists determine the protected-attribute analysis. The framework is the workflow, not the legal answer.
The fourth decision is notification — sub-dimension 10.5. There is no AI-specific Australian notification scheme as at May 2026. Existing schemes apply where their preconditions are met. OAIC NDB, APRA prudential standards, ASIC notifiable matters, Security of Critical Infrastructure Act 2018 Notification of Cyber Security Incident (NSCI, Part 2B) where critical-infrastructure assets are in scope, DTA reportable-incident pathways where the Commonwealth agency is in scope, ASX continuous disclosure for listed entities. Different bodies, different thresholds, different clocks. A separate upcoming change: from 10 December 2026, new APPs 1.7–1.9 will require entities to disclose in privacy policies how personal information is used in substantially-automated decisions affecting individuals. That is transparency, not notification, but it lands on the same accountability surface. What the framework owns is whether the incident classification, accountable officer, vendor evidence handoff, and reconciliation are in place before the incident — not whether someone can build a notification pack at eleven on a Friday night. Specialist regulatory counsel determines the clock.
These four decisions do not need a new AI theatre next to the existing governance system. In most organisations, they should be absorbed into the committees and forums that already carry risk, investment, technology, operations, and board reporting.
But absorption only counts if accountability hardens with it. The risk committee agenda has to carry AI decision-quality evidence on a recurring basis, not as a one-off update. The investment forum has to be willing to stop work that breaches strategic posture. The accountable executive — whoever the role is — has to own pause and residual-risk decisions personally, and report exception trends to the board with enough specificity that funding and risk appetite can move. Without those edges, the governance is a slide.
These four decisions also sit upstream and downstream of each other in particular ways — strategic posture is the upstream gate the others cascade from. The framework maps the twelve dimensions and three pillars they belong to.
That is the difference between extending governance and adding one.
The recurring conversation I started with usually ends with a small, useful question. Not is our maturity score high enough. The question is which decision are we prepared to stop. In the dozen or so versions of that conversation I have watched, the organisations that come out of it changed are the ones that find a question they cannot comfortably answer in the room.
For AI, that question is still the beginning.
This is the first essay in a thesis blog launching this week. The twelve-dimension framework sits across three pillars; the next essay — Pillar 1 · Strategy — lands Tuesday 19 May at 06:00 AEST. New essays publish each Tuesday and Friday morning at 06:00 AEST after that. If you’re new here, About is where to start; Archive collects the rest.