AI Governance

A new study published by the Autorité des Marchés Financiers (AMF) finds that 90 percent of French financial market participants are already using AI or plan to do so within the next 12 months. More than half of those use cases are already live in production environments. Yet as adoption accelerates, the regulator is increasingly focused on the governance, data protection, and human oversight risks that come with embedding AI into core financial operations.

The Dutch Data Protection Authority is sharpening its regulatory focus as it looks ahead to a more complex digital landscape. In its 2026 annual plan, the Authority sets out three priorities that will guide its work through 2028: mass surveillance, artificial intelligence, and digital resilience.

Germany’s financial regulator, Federal Financial Supervisory Authority (BaFin), has published new supervisory guidance aimed at helping financial entities manage information and communication technology (ICT) risks arising from the use of artificial intelligence. Released on January 30, 2026, the document focuses squarely on how AI-related risks should be addressed within the framework of the EU’s Digital Operational Resilience Act (DORA).

Artificial intelligence is no longer confined to pilots, innovation labs, or tightly controlled proofs of concept. It is spreading across the enterprise, and in many organizations, governance, risk, and control structures are struggling to keep pace. That tension sits at the center of the 2026 edition of The State of AI in the Enterprise: The Untapped Edge, released this week by the Deloitte AI Institute. Based on a global survey of more than 3,200 senior business and IT leaders, the report captures a moment where AI ambition is accelerating, enterprise exposure is widening, and governance maturity is emerging as a critical constraint on scale.

The European Commission has opened two formal proceedings aimed at clarifying how Google must meet its obligations under the Digital Markets Act, sharpening the focus on how the company runs Android and Google Search at a moment when AI is rapidly reshaping both.

The European Data Protection Board and the European Data Protection Supervisor responded to the European Commission’s proposed “Digital Omnibus on AI,” a package designed to simplify aspects of the implementation of the AI Act. The goal, according to the Commission, is to make the rules easier to apply in practice. The message from Europe’s privacy watchdogs is that simplification is welcome but only up to a point.

Managing risks across the AI/ML lifecycle is critical for building reliable, secure, and ethical models. From data collection and labeling to training, fine-tuning, and evaluation, each stage presents unique challenges that can affect performance, reproducibility, fairness, and safety. Implementing well-defined controls ensures models are trustworthy, auditable, and resilient to both technical and operational issues.