AI Governance
Enterprise buyers are requiring AI governance documentation from vendors. Boards are asking what oversight is in place. The EU AI Act, dozens of US state AI bills, and FTC enforcement are setting deadlines. We design frameworks, conduct audits, and build the documentation to answer all of it.
We earned Certified AI Auditor credentials in 2022, months before ChatGPT launched, and built the world's first Fairly Trained LLM. Our governance work spans ISO 42001, NIST AI RMF, and EU AI Act compliance for enterprises, AI-native companies, and PE/VC portfolios.
Starting at $25K | 1-8 weeks
EU AI Act enforcement timeline
The EU AI Act is not a single deadline. It is a rolling series of obligations that began in February 2025 and continues through 2027. Organizations that wait for the high-risk deadline will find themselves scrambling.
Services
AI Governance Framework Development
Policies, procedures, and oversight structures for responsible AI use. Aligned to ISO 42001, NIST AI RMF, and EU AI Act requirements.
4-8 weeks
Independent AI Audit
Third-party evaluation of AI systems for bias, risk, compliance, and performance. First-cohort Certified AI Auditor credentials. No platform to sell, no conflicts of interest.
2-4 weeks
EU AI Act Readiness Assessment
Risk classification, gap analysis, and conformity assessment preparation for high-risk AI systems. Covers documentation, quality management, and post-market monitoring requirements.
2-4 weeks
AI Risk Assessment
Systematic evaluation of AI risks across your organization: model risk, data risk, vendor AI risk, and regulatory exposure.
1-2 weeks
Board & Executive AI Education
Workshops for boards and leadership teams on AI oversight obligations, risk management, and strategic opportunity. Practical, not theoretical.
Half-day to 2-day sessions
Why us
Deep technical AI expertise
LLM architecture, training data provenance, embedding models, prompt injection risks, model drift detection, agentic system design. We published the research on how to build and govern AI agents. Most governance firms can tell you what ISO 42001 says. We can tell you whether your model's evaluation methodology actually measures what it claims to.
Research-backed, not checkbox-driven
Published in Science, Phil. Trans. Royal Society A, and ACL with over 4,000 academic citations. Peer-reviewed papers on LLM evaluation, agent design, and AI governance, not recycled framework summaries. Our recommendations come from building and studying these systems firsthand.
One team, no handoffs
CPA + CIPP/US + CIPP/E + Certified AI Auditor, and the same people who understand LLM architecture and training pipelines. There is no "governance team" passing findings to a "technical team" for interpretation. The people who assess your AI systems understand both the regulation and the engineering, so nothing gets lost in translation.
Why licens.io?
| Big 4 | licens.io | |
|---|---|---|
| AI depth | Pivoting to AI | Built LLMs from scratch (KL3M) |
| Credentials | Generalist consultants | CPA + CIPP/US + CIPP/E + Certified AI Auditor |
| Independence | Often sell AI platforms | No vendor conflicts, audit only |
| Speed | 6-12 weeks | 2-4 weeks |
| Pricing | Hourly, $150K-500K | Fixed-fee, $25K-75K |
| Research | Marketing whitepapers | Published in Science, 4,000+ citations |
AI depth
Big 4
Pivoting to AI
licens.io
Built LLMs from scratch (KL3M)
Credentials
Big 4
Generalist consultants
licens.io
CPA + CIPP/US + CIPP/E + Certified AI Auditor
Independence
Big 4
Often sell AI platforms
licens.io
No vendor conflicts, audit only
Speed
Big 4
6-12 weeks
licens.io
2-4 weeks
Pricing
Big 4
Hourly, $150K-500K
licens.io
Fixed-fee, $25K-75K
Research
Big 4
Marketing whitepapers
licens.io
Published in Science, 4,000+ citations
Who this is for
- ✓ Enterprises deploying AI that need governance frameworks before the EU AI Act high-risk deadline
- ✓ AI-native companies seeking ISO 42001 readiness or Fairly Trained certification
- ✓ PE/VC portfolio companies requiring AI governance assessments across their holdings
- ✓ Boards and leadership teams that need practical AI literacy and oversight guidance
- ✓ Organizations using third-party AI that need vendor AI risk assessments
Frequently asked questions
What is the EU AI Act and does it apply to US companies?
The EU AI Act regulates AI systems placed on the EU market or whose outputs are used in the EU. If your AI system affects EU users or customers, it likely applies regardless of where your company is headquartered. High-risk system requirements enforce August 2, 2026.
What is ISO 42001 and how is it different from ISO 27001?
ISO 42001 is the international standard for AI management systems. It governs how organizations develop, deploy, and manage AI. ISO 27001 covers information security. Many organizations will need both, and we help with both.
Who qualifies as an independent AI auditor?
An independent AI auditor has no financial interest in the AI system being audited and no platform or product to sell alongside the audit. Our team holds first-cohort ForHumanity Certified AI Auditor credentials and maintains full independence from AI vendors.
How much does an AI governance assessment cost?
Typical engagements range from $25K-$75K depending on scope and complexity, delivered in 2-4 weeks. All fixed-fee, quoted upfront.
What is the Fairly Trained certification?
Fairly Trained is an independent third-party certification confirming that an AI model's training data was obtained under proper contractual or licensing agreements, or is public domain/open license. We oversaw the process for the first LLM to receive this certification.
Related articles
Federal Preemption of State AI Laws: Trump's December EO and Its Legal Limits
Trump’s December 11 AI order launches a federal challenge to state AI laws, but its legal reach is narrower than the rhetoric suggests.
Read moreEU AI Act Phase 2: GPAI Provider Obligations Are Now Enforceable
As of August 2, 2025, general-purpose AI model providers are no longer waiting on guidance: the EU AI Act’s GPAI obligations are live.
Read moreEU AI Act Phase 1 Is Live: Prohibited AI Practices You Need to Stop Today
The EU AI Act’s Article 5 bans are now live, and teams need to stop any prohibited AI practice before regulators do.
Read moreGet a governance assessment
We'll evaluate your current AI governance posture, identify gaps across regulatory, customer, and board requirements, and give you a prioritized remediation plan. Fixed price, defined timeline.