As organizations deepen their adoption of artificial intelligence, the need for clear and operational governance structures has never been more important. 

A continual theme from our ongoing AI governance landscape research is that AI governance is not a single function, discipline or technology. Our diagram, “Mapping and understanding the AI governance ecosystem,” highlights the many different actors and functions involved in designing, developing and delivering AI governance. This includes external service providers, or AI governance vendors, as we will refer to this grouping of companies. 

While AI governance companies started appearing in the marketplace as early as 2010, there has been a significant increase in the need for these types of services in recent years. This has led to a significant increase in companies launching AI governance businesses. While many of these efforts are net new, there are many companies that have expanded their business offerings to meet this new demand.

When we originally conducted research for the ecosystem map, we saw that AI governance vendors were grouped into two categories: 1) assurance and tools, and 2) service, compliance and advisory.

Since last year when we started this research, we saw a maturation of what AI governance service providers offer. To bring structure to this rapidly evolving ecosystem, the IAPP has grouped AI governance capabilities into four overarching categories. These categories reflect both the functional needs of organizations and the patterns emerging across market offerings:

1. Policy and Compliance
   Tools and services focused on internal principles policy development, creation of internal and external governance boards, regulatory alignment and compliance support, documentation, risk identification and management, and internal governance and procurement processes.
2. Technical Assessments and Evaluations
   Tools and capabilities dedicated to analyzing data quality, robustness, model performance, safety, fairness and other factors that impact the development and ongoing monitoring of AI systems.
3. Assurance and Auditing
   Independent audits and evaluation of services and methodologies that help organizations demonstrate compliance with internal policies, standards and regulatory requirements.
4. Consulting and Advisory
   Advisory services supporting strategic planning, organizational readiness, capacity building and implementation of governance programs.

This framework is not intended to be a rigid taxonomy. Many organizations operate across multiple categories, and the boundaries between them may shift as the market matures. Instead, these groupings are designed to provide practitioners with a practical structure for evaluating vendors and understanding where different capabilities fit. We anticipate that in future versions of this report these categories will continue to expand or be refined.

It was important for us to try to categorize AI governance vendors into this framework as we receive many questions about what AI governance vendors provide, what sectors they operate in, what regions they serve and what type of experience they have.

When developing our report, we relied primarily on publicly available information. It is likely that in future versions of this report, there will be more comprehensive public information or self-reporting from vendors to the IAPP, which will help to develop a stronger classification.

As a policy neutral organization that seeks to advance the AI governance community, including vendors, we wanted to provide an objective view of the market as we currently understand it.

This report focuses only on comprehensive AI governance providers, rather than vendors offering isolated components such as single-purpose model evaluation tools or standalone data quality solutions. This distinction was important as we are starting to see more AI governance offerings embedded in tools like government-relation systems.

As the ecosystem continues to grow, distinguishing between full-stack governance offerings and specialized components will become increasingly important for practitioners who are navigating AI procurement and adoption decisions.

Help us build a more complete picture

The landscape of AI governance providers is dynamic and expanding. The organizations included in this analysis represent a starting point, not a definitive list. If you or an organization you collaborate with offers comprehensive AI governance capabilities and is not yet represented, we encourage you to share details through the submission form linked below.

Your input will help us ensure that future reports reflect the breadth and diversity of the global AI governance ecosystem.