From AI policy to operational control – what good looks like in 2026.

Most UK and Irish enterprises now have an AI policy. Very few have operational control. The gap between the two is what regulators and audit committees are about to start probing in earnest. Here is what the operational answer looks like, and where ServiceNow AI Control Tower fits.

By the end of 2026, every senior IT leader in the UK and Ireland will have been asked some version of the same question: can you show, operationally, how your AI governance works? Not what the policy says. Not who signed off the ethics statement. How it works in practice, when an agent goes off-script at 3am, when an auditor wants to see the human-override trail for a high-risk system, when the CFO asks how much the model spend was last quarter and what it bought.

For most organisations, the honest answer today is: we don't know. Or, more carefully: there's a policy, there's a steering group, there are good people thinking about it. But the operational layer that converts policy into running, monitorable, auditable control doesn't exist yet.

That gap matters because the regulatory moment has arrived. The EU AI Act's risk-based obligations are in force. DORA is biting on financial services. NIS2 is being implemented across critical infrastructure. ISO/IEC 42001 is the standard auditors will reach for when they want a structured AI assurance answer. The AI Office of Ireland is operational; OBAIR will start benchmarking enterprise AI maturity in public. The UK's NCSC and the Irish NCSC are converging on a shared baseline for AI cyber risk. None of these frameworks accept a written policy as sufficient evidence of governance.

The policy-operation gap, in concrete terms

Take a regulated UK or Irish enterprise in mid-2026. The AI policy committee meets quarterly. There's a board-approved AI charter. There's a steering group with a CDO, a CISO, a Head of Risk and a Head of Data. There's an ethics statement on the website. Three years ago, that would have counted as a mature posture.

Now ask the operational questions:

• Can the organisation produce, today, a current inventory of every AI system, model, agent and third-party AI service in operation — including the copilots and AI features inside SaaS already procured?
• For each high-risk AI system under the EU AI Act, is there a documented conformity assessment, a human-oversight design, a transparency disclosure to end users, and a post-market monitoring plan?
• If a model started behaving badly in production tomorrow morning — drifting outputs, an agent making decisions it should not — how would the operations team know, and how fast?
• If an agent took an action beyond its permissions, is there a real-time path to detect it and shut it down before it escalates?
• Can the CFO see, by AI system and by business unit, what the inference and model-spend costs were last quarter, and what value those costs bought?

For most organisations, the answer to most of those questions is no, or only partially. Not because the people aren't capable. Because the operating model hasn't been built yet. AI moved from experiment to production faster than the governance layer caught up, and a policy alone can't run AI in production any more than a security policy alone could run a SOC.

Five gaps to close

Xcession's work with regulated UK and Irish enterprises through 2025 and 2026 surfaces five operational gaps consistently. We use them as the structuring frame for executive briefings, readiness reviews and operating model design.

Discovery - you cannot govern what you cannot see

The inventory question is the first thing a regulator, the AI Office of Ireland or your own board will ask. Most organisations cannot answer it today. Procurement was bypassed. Copilots arrived inside software you already own. Business units stood up AI capabilities without telling IT. Without a current, automatically-updated inventory of every AI system, model, agent and embedded AI feature across the estate, every subsequent control sits on sand.

Security - a new attack surface, not a familiar one

Prompt injection, model misuse, data leakage through inference, unauthorised autonomous actions, insecure API integrations between AI services. The traditional cyber playbooks (perimeter, identity, endpoint) don't yet cover this layer adequately. The forthcoming NCSC National AI Cyber Risk Assessment and the UK equivalent will set the baseline; organisations that haven't begun work in this area will be visibly behind through 2026.

Governance and compliance - policy is not operation

Almost every organisation has AI principles, ethics statements and a policy document. Very few have live monitoring, named operational ownership, audit trails and evidence flows. The EU AI Act's requirements around risk classification, transparency, human oversight and documentation need operational mechanisms behind them, not written commitments alone. ISO 42001 and the NIST AI RMF give you the structure. Only an operating model converts that structure into evidence.

Observability - AI without observability is unmanaged automation

Once an AI system moves from pilot to production, the operational question shifts from build to run. What is the model actually doing? Where is drift appearing? How often are humans intervening? This sits between the AI team and IT operations and is usually owned by neither. The CMDB analogy lands here: an enterprise that already maintains a configuration and control plane for its infrastructure now needs one for its AI operations.

Value measurement - boards now expect ROI evidence

The board is asking the value question, and the answers are mostly anecdotal. Most AI programmes struggle to evidence productivity gains, automation savings or adoption quality with the rigour the rest of the IT portfolio is held to. As OBAIR and equivalents start benchmarking publicly, and as runaway model spend becomes a board-visible risk in its own right, the organisations that can't show value will lose programme momentum first.

What good actually looks like

A working AI control plane has four characteristics, regardless of which products sit underneath it.

Operationally integrated. AI governance evidence lives in the same systems that already run service management, change, incident, asset and risk processes, not in a parallel platform that nobody owns. An AI incident triages through the same workflow as an infrastructure incident. An AI asset sits in the same CMDB as a database server. A control failure on an AI system raises a risk event in the same register as a control failure on a network device.

Named and owned. Every AI system has a business owner, a technical owner and a risk classification. The AI governance forum meets on a defined cadence, with documented decisions, and reports up to the audit committee. Accountability lands with a named board member, and there's a KPI sitting against it.

Evidence-generating, not evidence-consuming. The artefacts a regulator, an internal auditor or an audit committee asks for come out of the system as a by-product of running it, not assembled by hand from email trails and slide decks when the request lands. Inventory exports, conformity-assessment records, human-override logs, drift reports, cost dashboards: live, current, defensible.

Governance-first, but not adoption-blocking. The point of operational control is to let AI scale safely, not to stop it. The closing line of our governance briefing puts it directly: governance lets AI adoption scale safely; without it, programmes stall the moment risk catches up. A good control plane is what lets the AI roadmap move faster, not slower.

Where ServiceNow AI Control Tower fits

Xcession delivers across five major ESM and ITSM platforms, and the recommendation on any given engagement follows the problem rather than a single product alignment. On the question of an enterprise AI control plane, in 2026, ServiceNow AI Control Tower is the operationally most complete product on the market by some distance.

Three things underpin that.

It's built into the platform that already runs much of the operational evidence regulators ask for. A CMDB is already there. A change record, an incident workflow, a risk register, a control catalogue are already there. AI Control Tower extends those existing operational primitives to AI, rather than building a parallel stack alongside them. The integration between AI governance and IT operations is the product's design point, not a roadmap aspiration.

The coverage is genuinely cross-estate. Through enterprise integrations across AWS, Google Cloud, Microsoft Azure, SAP, Oracle and Workday, AI Control Tower inventories AI deployed well beyond ServiceNow itself. Through the Traceloop integration it provides observability into agent reasoning at runtime. Through the Veza integration it brings least-privilege identity governance to AI agents, including a real-time kill switch when an agent operates beyond its permissions. Through integrations with Anthropic, OpenAI, AWS, Microsoft and NVIDIA, it governs across the LLM and infrastructure layer most enterprises actually use.

The regulatory mapping is operational rather than cosmetic. Risk classification under the EU AI Act, conformity assessment workflow, transparency obligations, human-oversight design, post-market monitoring: these are configured as live workflows, not documented as policy text. The same applies to ISO 42001 and the NIST AI RMF. When a regulator asks for evidence of operational governance, the answer comes from the system.

What it takes to get there

An AI control plane isn't a product purchase. It's an operating model, a control framework, a set of named owners and a sequence of integrations. The product is the platform that runs all of that.

The Xcession delivery path runs in four phases. A two-week AI Control Readiness Review produces the diagnostic, the prioritised roadmap and the operating model outline. A six-to-ten week Foundations phase stands AI Control Tower up on the client's existing ServiceNow platform, with discovery integrations live and the first inventory complete. A three-to-six month First Production phase brings observability, security and live regulatory evidence flows into operation across the priority AI systems. From there, the EmpowerAI Centre of Excellence model takes over: monitor, optimise and evolve the agent estate, with adoption and assurance moving together.

None of this is exotic. Each component is a known engineering and operational discipline. What's new is the integration of those disciplines into a single control plane for AI specifically, and the regulatory pressure that has converted that integration from a nice-to-have into a budgeted line item.

The question to ask yourself

If a regulator wrote to you tomorrow asking for evidence of how your AI governance works in practice, not what your policy says but how the operation runs, what would you send? Where would the inventory come from? Where would the human-override logs come from? Where would the risk classifications, the conformity assessments, the cost-by-AI-system reports come from?

If the honest answer is that you'd assemble most of it by hand, from a series of emails to system owners pasted into a slide deck, then the gap between policy and operation is the gap to close. That's what an AI control plane is for. That's what we help organisations build.