Notes from the AI Governance Center: The key AI governance issues tackled at AIGG Europe 2026

The IAPP AI Governance Global Europe 2026 took place last week in Dublin, Ireland. Bringing together digital governance experts across the spectrum from technicians, product owners, standards developers, lawyers, policymakers and regulators, the discussions were robust and vibrant.

For those of you who were not able to attend this year's event, many of the sessions provided great presentations you can still see on the conference page. Throughout the year, I've had the pleasure of meeting our community at various IAPP and artificial intelligence events. Similar to what we saw at the IAPP Global Summit in Washington, D.C., IAPP Canada Symposium and the AI Impact Summit in India earlier this year, the appetite for practical knowledge continues to grow. As you will see in the presentations, the depth of discussions and sharing of best practices during these conferences is on the rise.  

What set AIGG Europe apart is the fact that there are real rules for the management of AI looming. Even with the EU AI Act Omnibus pushing out some implementation timelines, the realities of establishing comprehensive AI governance practices in Europe are real. This combined with Ireland set to take over the EU presidency, the discussions did not seem like they were occurring in the abstract. The people who are navigating the difficult task of policy writing and developing regulatory enforcement were there in the room to share their perspective, but also to listen to implementation challenges from the participants.

Below are the key themes that came out of AIGG Europe for me.

Sovereignty is the new priority 

Now with the AI Act and the revisions that came from the Omnibus behind policymakers and AI leaders in Europe, it seems their attention has now fully pivoted to AI sovereignty. Irish MEP and AI Omnibus rapporteur Michael McNamara used his keynote address to highlight the importance of AI sovereignty for Europe. He believes that Europe's barriers to accelerate the adoption of AI are related to access and investment in compute, capital and energy. For more details, my colleague Jedidiah Bracy reported on McNamara’s keynote address.

McNamara was not the only one. Lucilla Sioli, head of the EU AI Office and tech entrepreneur and journalist Mark Little highlighted why investments in Europe's digital infrastructure are important now, identified the current geopolitical climate and discussed ways to leverage Europe's knowledge and talent in an AI era.

While sovereignty is often discussed in the context of technical needs, I found it interesting that both Little and author and filmmaker Agnieszka Piotrowska, who also keynoted, addressed the sovereignty issue from the perspective of shaping AI based on European values. They both spoke about the role humans must play in channeling these technologies. Both also touched on technology not being neutral. Agnieszka urged us to think about how we can be active users in the development of these technologies instead of passive bystanders.

For Europe, technological sovereignty isn't a protectionist impulse, but rather an assertion of democratic agency. As China and the U.S. race to consolidate AI infrastructure and define global norms, Europe's bet is that a rights- and rules-based framework can serve as both a competitive differentiator and a model for the rest of the world.

AI governance implementation is upon us

With presentations ranging from the cost of distributed innovation to contracting and procurement to copyright and the intersectionality of digital rules, speakers moved quickly past the question of what the AI Act and other international AI laws say and moved toward how to tackle real governance challenges in practice.

Assurance was a key theme with participants sharing their experience on how organizations are working to build systems to integrate evaluation against technical standards and how to perform an AI audit in agentic AI systems. Additionally, how does a general counsel work fluently with an AI engineer to verify that the right compliance boxes are actually checkable?

While there are not perfect answers or best practices established for all of these topics, bringing practitioners together who are thinking through these issues and testing ways to navigate how to implement AI governance at scale was really incredible to experience.

I brought together a panel on the AI Act Omnibus, which included perspectives from Barry Scanell, partner at William Fry and Irish AI Advisory Council Member, and Anita Prinzie, AI standards expert. Scannel said, "If harmonised standards will define what technical compliance looks like, then legal professionals need to get comfortable operating in deeply technical territory and vice versa." This, once again, validates and provides us with a practical example that AI governance is not a function that can be siloed.

The cost of distributed AI innovation

While regulators and policymakers have set the legal framework, AI governance professionals are facing a parallel challenge. AI adoption is no longer centralized. Business units are deploying tools independently, often ahead of formal governance structures while AI platform providers are offering tools with a wide set of capabilities. This results in what many experts are referring to as "distributed innovation."

Piling on, where AI adoption is slow in organizations, employees are bringing their own AI to work or as we've seen with previous SaaS technologies, they are making low-dollar value purchases like a monthly subscription fee outside of the technology governance process, which is leading to a risky proliferation of "shadow AI."

While shadow tech, and to an extent, distributed innovation has been a longstanding problem, the capabilities and lack of guardrails in AI platforms as well as scale of issues can be enormous. Randstand Director Global Legal and Responsible AI Martin Woodward led a discussion with BCG Partner and Managing Director Anne Kleppe, Coinbase Ireland Chief Risk Officer Melissa Longmore and Bird & Bird Partner Vincent Rezzouk-Hammachi on this vital topic.

They shared that the risks are real, including, inconsistent standards, undocumented models, liability gaps and the erosion of the human oversight that both the AI Act and basic risk management demand.

The panelists argued that the response isn't to slow innovation, it's to distribute governance as fluidly as innovation has been distributed. They also suggested that traditional technology governance doesn't fit for AI.

Kleppe, who has a background in engineering, discussed a shift-left approach used in harness engineering and said that while you are building the solution, you need to set the guardrails in real time. It is also necessary to apply AI governance expertise across functions rather than concentrating it in a single compliance team. This means building internal communities of practice where lessons from early deployments can be shared and creating a safety-first environment that allows practitioners to surface problems before they become incidents.

This is where the human aspects of AI governance — the element that no regulation fully captures — becomes essential. To achieve this distributed governance model, the panel also pointed out the importance of AI literacy. Knowing how these systems work and how to manage them across the various roles that are involved with system management is essential.

What's next for the AI Act? 

While EU leaders may have shifted their focus to sovereignty, practitioners are still very focused on the details of the AI Act. Even with timelines for high-risk systems pushed back to 2 Dec. 2027, practitioners are realizing that this is still not a lot of time to develop their compliance strategy.

In my panel on the AI Act Omnibus, we reviewed the change in timelines, the updates to AI literacy requirements, the new "nudifier" rules, and the updated and enhanced role of the AI Office.

However, standards were the central focus of our conversation. Printze provided a timeline, which you can see in the presentation, on which standards are underdevelopment and a timeline to complete these. Scannel recognized, as a lawyer, the important role standards play in the implementation of the act. While I was initially hesitant to bring together a policy and standards discussion, this was validation that these conversations need to be happening together, not in parallel.

One key takeaway for me: Printze stressed that more technical subject matter experts are needed to help inform the development of these standards. Not only will that help get standards to market faster, but it will also help them to be as useful and comprehensive as possible.

If you are interested in joining a standards development process to support the EU AI Act, I would highly recommend reaching out to Printze, or one of the other chairs of these standards.

The community is the infrastructure 

Perhaps the most important takeaway from AIGG Europe is that the AI governance profession as a whole is a form of critical infrastructure. The regulations will evolve. The technology will evolve even faster. What endures is the network of people who know what they've tried, what's failed and what they wish they had known sooner.

Europe is at a crossroads. The rules exist. Now comes the harder work of making them real.