DARR
MR-043 Governance & process Organization scope

Inadequate AI governance and oversight processes

The deployer lacks adequate governance, policies, or oversight structures to manage AI risk as the technology and use evolve.

Risk family
Governance & process
MIT domain
6. Socioeconomic and Environmental
MIT subdomain
6.5 > Governance failure
AI type
GPAI, Classical_ML, Agentic
Scope
Organization
Source standard
MIT AI Risk Repository v4

Provenance

Source standard
MIT AI Risk Repository v4
Source frameworks
7 source framework citation keys
Clarke2023, Habbal2024, IBM2025, Leech2024, McLean2023, Uuk2025, Wirtz2022
ISO/IEC references
23894 obj A.2; src 1, 2, 3 | 42001 ctrl A.2.2, A.2.3, A.2.4, A.6.1.2, A.9.2, A.9.3
EU AI Act articles
Art. 9

Framework crosswalk

Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.

Sourcesframeworks that contributed to the register
ISO 238941
  • A.2 ISO/IEC 23894 Annex A A.2
ISO 420016
  • A.2.2 ISO/IEC 42001 Annex A A.2.2
  • A.2.3 ISO/IEC 42001 Annex A A.2.3
  • A.2.4 ISO/IEC 42001 Annex A A.2.4
  • A.6.1.2 ISO/IEC 42001 Annex A A.6.1.2
  • A.9.2 ISO/IEC 42001 Annex A A.9.2
  • A.9.3 ISO/IEC 42001 Annex A A.9.3
EU AI Act1
  • Art. 9
Cross-checksframeworks mapped in to test coverage
IBM1
  • ibm-ai-agent-compliance AI agent compliance partial

Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.