What this part delivers, and why
AI didn't remove the need to govern content — it raised the stakes. Once a model can write in the brand's voice at scale, an off-brand, inaccurate or non-compliant piece spreads as fast as a good one. This part builds the layered control stack that turns that risk into a system: the obligations the team must meet, oversight modes matched to risk, rules an agent can actually read, and the approval, disclosure and audit machinery that proves what happened. The goal is a framework that governs real work — not a policy nobody opens.
- 1 · Map the obligations — the binding floor, the standards buyers ask for, disclosure & provenance, sector rules, into one register.
- 2 · Risk tiers & oversight modes — four oversight modes; map each content type to a tier so effort goes where the risk is.
- 3 · Machine-readable brand & editorial rules — guidelines structured so agents conform by default, not by luck.
- 4 · Approval workflows + disclosure/provenance — review wired into the CMS; C2PA / metadata to prove what was AI-assisted and who signed it.
- 5 · Prompt library + agent guardrails — version-controlled prompts, least-privilege access, audit logs against the agentic risks.
- 6 · Governance body & cadence — a content/AI council, how it meets, and who decides what.
- Binding floor — EU AI Act Article 50 (machine-readable marking; a human-editorial carve-out). Article 50 transparency duties apply from 2 August 2026.
- Voluntary standards — ISO/IEC 42001 & the NIST AI RMF GenAI Profile: the credentials procurement now asks for.
- Industry disclosure — the IAB AI Transparency & Disclosure Framework, with C2PA provenance to make the claim trustworthy.
- Agentic guardrails — OWASP's Top 10 for Agentic Applications: the newest, least-settled layer.
Map the obligations
Pin down what this organisation actually has to do — legally binding rules, the standards its buyers expect, industry disclosure norms, and any sector regulation — so governance is built against real obligations, not a generic template. The output is one obligations register everyone can see.
- The binding floor — EU AI Act Article 50: AI-generated content must be machine-readable-marked; content that could mislead (e.g. deepfakes) clearly labelled. Note the human-editorial-responsibility carve-out and the 2 Aug 2026 application date (10m)
- Standards buyers ask for — ISO/IEC 42001 & the NIST AI RMF GenAI Profile: voluntary, but increasingly the answer that clears a security review (20m)
- Disclosure & provenance — the IAB AI Transparency & Disclosure Framework and C2PA content credentials (15m)
- Sector & jurisdiction sweep — finance, health, public sector, advertising standards, regional privacy rules (40m)
- Score each obligation: applies / partial / out of scope — with owner and evidence (25m)
- Confirm what feeds the obligations register and who maintains it (10m)
- Markets, channels & jurisdictions served
- Existing legal / compliance policies
- Procurement & security questionnaires received
- Obligations register (applies / owner / evidence)
- Article 50 readiness note
- Standards-to-pursue shortlist
Half the room will assume the EU AI Act doesn't apply because "we're not in Europe." If the content reaches an EU audience, it usually does. Settle that question in the first hour with legal in the room, not over email three weeks later.
Set content risk tiers & oversight modes
Not every piece needs the same scrutiny. Agree the four oversight modes, then place each content type into a risk tier so human effort lands where the risk actually is — and so no one has to argue it case by case later.
- Agent-assisted — human drives, AI suggests. Lowest autonomy, highest control.
- Human-in-the-loop — AI drafts, a named human approves before anything ships.
- Human-on-the-loop — AI acts, a human monitors and can intervene.
- Human-out-of-the-loop — fully autonomous; reserved for genuinely low-risk content only.
- Agree the risk dimensions — brand exposure, regulatory weight, factual sensitivity, reach (20m)
- List the content types the team actually produces (25m)
- Tier each type (low / medium / high) and bind it to an oversight mode (55m)
- Agree escalation rules — when a piece jumps a tier (20m)
- Obligations register (Step 1)
- Content-type list from the pipeline work
- Content risk-tiering matrix (type × risk × mode)
- Escalation rules
Teams instinctively want to tier everything "high" to be safe. That's how you end up reviewing social captions with the same rigour as regulated claims — and the whole policy quietly stops being followed within a month. Push them to name what genuinely is low-risk; that's where the speed comes from.
Likelihood × impact. Cells run green → amber → red by severity. Click a plotted risk (●) — or a chip — to see why it lands there and how to mitigate it.
Make brand & editorial rules machine-readable
A PDF brand book is invisible to an agent. Restructure the brand and editorial rules so an AI conforms by default — producing on-brand, compliant content the first time, instead of generating "AI slop" you then have to police.
- Extract the rules from the brand book into explicit, testable statements — voice, tone, terminology, banned phrasings, claims that need a disclaimer
- Encode them where agents read them — structured prompt context, a style config, or a checking agent's rule set
- Separate hard rules (must never break — regulated claims, prohibited terms) from soft preferences (tone nudges)
- Test against real prompts and tune until the agent conforms without hand-holding
- Brand & editorial guidelines
- Approved terminology / glossary
- Risk-tiering matrix (Step 2)
- Machine-readable rule set (hard vs soft)
- Test results & conformance notes
The exercise that makes this real: take the brand book and force every rule into a sentence an agent could pass or fail. "Be confident but not arrogant" becomes a banned-words list and two worked before/after examples. The vague half of any brand book simply doesn't survive contact with a machine — and writing the rules down that plainly tends to improve them for the humans too.
Build approval workflows + disclosure / provenance
Wire the oversight modes into the CMS so review happens by default, not by goodwill — and attach the disclosure and provenance data that lets you prove, on demand, what was AI-assisted and who approved it.
- Map each risk tier to a concrete review step in the CMS workflow (who approves, what gate blocks publish)
- Capture an approval record — named approver, timestamp — so the Article 50 editorial carve-out is evidenced, not asserted
- Set the disclosure policy — disclose where AI materially changed what someone sees, not a blanket "AI" stamp on everything
- Stand up C2PA content credentials / metadata so a disclosure claim is tamper-evident and verifiable
- Risk-tiering matrix & oversight modes
- CMS workflow capabilities
- Obligations register (disclosure rules)
- Tier-matched approval workflows (live in CMS)
- Disclosure policy
- Provenance / C2PA setup
Don't over-stamp. Labelling every asset "AI-generated" trains your audience to ignore the label and can flag content that a human genuinely authored. Disclose when AI materially changed what the reader sees — and keep the provenance trail so the claim holds up if challenged.
Stand up the prompt library + agent guardrails
Turn prompts into governed assets and put the safety net under any agent before it runs: version control, least-privilege access, and audit logs — sized against the OWASP agentic risks rather than learned the hard way.
- Build a version-controlled prompt library — prompts as reusable, reviewed assets, not scattered through people's chat histories
- Apply least-privilege access — scoped agent identities that can only touch what they need
- Turn on audit logs for every agent action, so you can reconstruct what happened
- Set guardrails against the OWASP agentic risks — goal hijack via prompt injection, memory / context poisoning, and cascading failures where one bad output ripples through an automated pipeline; require sign-off on anything high-impact
- Machine-readable rule set (Step 3)
- Oversight modes (Step 2)
- OWASP Top 10 for Agentic Applications
- Governed prompt library
- Access & audit-log configuration
- Agentic-risk guardrail checklist
Nobody has decades of practice with agentic risk yet — so don't pretend to. The honest move is sensible limits: least privilege, a human sign-off on anything that touches the public or the regulated, and a log you can actually read. Conservative now, loosened deliberately later, beats clever-and-exposed.
Governance body & cadence
A framework with no owner decays. Stand up a content/AI governance council with real decision rights, and a cadence light enough that people actually attend — so the stack stays alive as tools, rules and risks move.
- Charter the council — membership (legal/compliance, brand, content, martech), remit, and explicit decision rights
- Set the cadence — a short monthly review plus an exception path for urgent calls
- Agree what the council owns — the obligations register, risk tiers, the prompt library, and incident review
- Define the metrics it watches — including the honest one: AI still gets things wrong, so track factual-accuracy / hallucination rate on owned assistants
- All Step 1–5 artifacts
- Sponsor mandate
- Governance council charter
- Meeting cadence & decision-rights map
- Live framework, owned
Governance-as-shelfware is the default failure here: a polished policy PDF that nobody reads and no one owns. The test of success isn't whether the document exists — it's whether a real piece of content was held, changed, or escalated because of it last month. If nothing ever gets stopped, the framework isn't governing, it's decorating.
RACI & effort summary
Who does what across the part. R Responsible · A Accountable · C Consulted · I Informed.
| Activity | Sponsor | Legal / Compliance | Brand | Content / Ops | Martech | Lead consultant |
|---|---|---|---|---|---|---|
| Map obligations | I | A | C | C | I | R |
| Risk tiers & modes | C | C | C | C | I | R |
| Machine-readable rules | I | C | A | C | C | R |
| Approval & provenance | I | C | I | C | R | A |
| Prompts & guardrails | I | C | I | C | R | A |
| Governance body | A | C | C | C | I | R |
| Week | Focus | Consultant days |
|---|---|---|
| Week 1 | Map obligations, start risk tiering | ~3 |
| Week 2–3 | Finish tiering, machine-readable rules | ~4 |
| Week 4–5 | Approval & provenance, prompts & guardrails | ~4.5 |
| Week 6 | Governance body, cadence, handoff | ~2 |
The artifacts you use and leave behind
Three core templates are spelled out below; the full set produced in this part is indexed at the end.
What must we comply with — and who owns it?
| Obligation | What it requires | Applies? | Owner | Evidence |
|---|---|---|---|---|
| EU AI Act · Article 50 | Machine-readable marking of AI content; clear labelling where it could mislead. Human-editorial carve-out (applies 2 Aug 2026) | __ | Legal | __ |
| ISO/IEC 42001 | AI management system — the credential buyers increasingly ask for | __ | Compliance | __ |
| NIST AI RMF | GenAI Profile — risk-management practices for security reviews | __ | Compliance | __ |
| IAB disclosure | Transparency & disclosure of materially AI-changed content | __ | Brand | __ |
| C2PA provenance | Tamper-evident content credentials backing disclosure claims | __ | Martech | __ |
| Sector / jurisdiction | Finance, health, public-sector, advertising or privacy rules as applicable | __ | Legal | __ |
Score each "applies / partial / out of scope" with evidence. The council reviews this register on its cadence — obligations move.
Content type × risk × oversight mode
| Content type | Risk tier | Why | Oversight mode |
|---|---|---|---|
| Regulated / claims content | High | Legal & brand exposure; factual sensitivity | Human-in-the-loop (named approver) |
| Thought-leadership / long-form | High | Brand voice carries reputational weight | Human-in-the-loop |
| Product / web copy | Medium | On-brand matters; lower legal risk | Agent-assisted → human review |
| Social captions / variants | Low | Limited reach, low claim risk | Human-on-the-loop (monitored) |
| Internal drafts / ideation | Low | Not published; no external exposure | Human-out-of-the-loop (low-risk only) |
Rows are illustrative — tier against this client's real content types and obligations. Add escalation rules for when a piece jumps a tier.
Before this AI-assisted piece ships
Tick each control to tally pre-ship coverage. Every box must clear before the gate opens.
Entry & exit gates
The quality bar that says this part is genuinely ready to start, and genuinely finished.
- Content model & pipeline work underway (governance has something to govern)
- Legal/compliance and brand stakeholders engaged and available
- CMS workflow and agent tooling access granted
- Obligations register complete, owned, and signed off by legal
- Risk tiers set and oversight modes wired into the CMS
- Brand rules machine-readable; prompt library & guardrails live
- Disclosure / provenance in place; governance council chartered and meeting