Most people encountered the phrase “AI governance” sometime in the last eighteen months. A compliance email, a vendor pitch, a new line item in the budget, a job posting that did not exist the year before. The natural assumption is that the term is new, born out of the EU AI Act and the scramble to operationalize it. That assumption is wrong, and the way it is wrong tells you something important about the field.

The term is not new. What is new is that it finally means money. And the gap between when the governance of AI vs. “AI governance” became a market is the real history worth understanding, because that’s where most of today’s confusion lives.

The naming came early

The compound phrase “AI governance” shows up in print as a paper title in November 2017. Urs Gasser and Virgilio Almeida, writing in IEEE Internet Computing, proposed a layered model: a social and legal layer, an ethical layer, and a technical layer. Their framing was about black boxes and information asymmetry, the gap between the people who build these systems and the people who have to live with them. That paper is a decade old as of this writing.

A year later, in August 2018, Allan Dafoe published “AI Governance: A Research Agenda” and founded the Centre for the Governance of AI at Oxford’s Future of Humanity Institute. Dafoe was not describing a compliance function. He was trying to scope an entire research field, dividing it into the technical landscape, the politics, and the question of ideal institutions. By 2019, the principles were stacking up fast: the OECD AI Principles in May, the first intergovernmental set, and Singapore’s Model AI Governance Framework, one of the earliest practical guides aimed at organizations rather than academics.

So the term, the field, and the first frameworks all existed before most companies had heard the word. The intellectual work was largely finished before the market showed up.

The root nobody credits

There is an even older lineage that the academic story tends to skip. Before “AI governance” became a policy field, it was drifting away from enterprise data governance and model governance. IBM’s own people describe it through the original mechanical metaphor: the governor on a steam engine, the part that regulates flow and keeps the system from running away from itself. That is not a coincidence of language. Governance has always meant control, and the enterprise version of AI governance grew out of the unglamorous work of curating data, documenting models, and tracking risk inside IT functions through the 2010s.

This matters because it explains a tension that never went away. The policy people inherited a word that the enterprise people were already using, and the two communities meant slightly different things by it. One was talking about the geopolitics of a general-purpose technology. The other was talking about who signs off on a model before it ships. We are still paying for that ambiguity.

The principles era

From 2019 through 2022, the field produced principles faster than it produced definitions. Everyone had a framework. Almost nobody agreed on the vocabulary. Charlotte Stix captured this precisely in a 2022 paper with the knowing title “Artificial intelligence by any other name.” She traced how different groups coined terms such as trustworthy AI, responsible AI, ethical AI, and AI governance, each with its own objectives, none of them authoritative. The terminology was contested, and the contest was never formally resolved. It was just abandoned in favor of whichever phrase scaled best.

“AI governance” scaled best. It is short, it sounds operational, and it fits on a slide. That is most of why it won.

The scaffolding era

Then came the structures that gave the term institutional weight. ISO/IEC 38507 in 2022, the NIST AI Risk Management Framework in 2023 with GOVERN as its first cross-cutting function, ISO/IEC 42001 in 2023, and the EU AI Act entering into force in August 2024. Around these sat the summits and the treaties: Bletchley in November 2023, the Council of Europe’s Framework Convention, the Hiroshima Process, the UN’s “Governing AI for Humanity” work.

Here is the part that should stop every practitioner cold. Across all that scaffolding, no major body has actually defined the term “AI governance.” Not ISO. Not NIST. Not the OECD. Not the EU AI Act itself. They build governance functions, requirements, and frameworks on top of a word none of them defines. The phrase carries enormous institutional weight while remaining operationally undefined. That is not a trivia point. It is the central structural fact of the field.

Timeline

Conceptual Roots (Pre-2017)

• 1950s–2000s: The field of AI was born (Turing 1950; Dartmouth 1956). Machine ethics and roboethics emerge in philosophy; no governance frameworks yet.
• Early-mid 2010s: Bias incidents (COMPAS 2016) spark the FAccT community. “Governance of AI” enters think-tank language. Asilomar Principles (2017) set early ground rules.

Emergence of the Term (2017–2020)

• 2017–2018: First titled uses appear: Gasser & Almeida’s “A Layered Model for AI Governance” (2017), Oxford’s GovAI center, and Dafoe’s agenda (2018). Singapore drafts its Model Framework.
• 2019: Frameworks proliferate: OECD AI Principles (first intergovernmental), Singapore’s published framework, EU Ethics Guidelines, IBM’s ethics board.
• 2020: Organizational definitions emerge, translating ethics into rules, processes, and tools.

Institutionalization (2021–Early 2023)

• National strategies and standards grow. EU AI Act proposed (April 2021). China issues algorithm rules (2021–2022). US AI Bill of Rights blueprint (2022). WEF AI Governance Alliance launches (June 2023).

Regulatory Boom & GenAI Acceleration (Late 2023–2024)

• 2023: ChatGPT shifts focus from ethics to urgent risk. Biden EO (Oct), Bletchley Summit (Nov), NIST AI RMF.
• 2024: EU AI Act in force (Aug 1). Council of Europe treaty signed. Seoul Summit, UN Global Digital Compact, and the first AI Governance Day.

Mainstream Explosion (2025–2026)

• 2025: EU Act phases hit (prohibitions Feb, governance/GPAI Aug). Trump revokes Biden EO and pivots to deregulation. Dozens of state and national actions. Roles, vendors, and tools boom.
• 2026: Core high-risk obligations near (Aug 2). UN Global Dialogue advances. Regimes fragment: EU strict, US innovation-first, China sovereign. Enterprise governance is now a standard practice.

The saturation

Which brings us to the surge everyone actually noticed. The EU AI Act’s phased enforcement turned an abstraction into a deadline. Prohibitions and AI literacy obligations landed in February 2025. Governance infrastructure and general-purpose AI obligations followed in August 2025. The core high-risk obligations arrive in August 2026, with some legacy systems running to 2027 and beyond. Deadlines do what principles never could. They create budgets, roles, audits, and vendors.

The pattern is the same one we lived through with GDPR. The principles existed years earlier. The explosion came with enforcement. By 2025, the term had jumped from niche to corporate imperative, complete with dedicated offices, ISO certifications, observability tooling, new governance frameworks, and board-level oversight. Oliver Patel’s review of the year cataloged seventy or more distinct milestones. The field did not get clearer. It got crowded.

And it fragmented. Europe went strict and risk-based. The United States pivoted hard toward innovation and deregulation, with the new administration revoking the prior executive order early in 2025. China continued down a path of sovereign control first. The Global South pushed for inclusion in rooms it was rarely invited to. There is still no single binding international regime, and the voluntary commitments are honored unevenly. As of mid 2026, AI governance is simultaneously everywhere and undefined, mandatory, and contested.

The realist read

Strip away the timeline, and here is what remains. AI governance is a discipline whose name arrived in 2017, whose institutions arrived by 2019, whose enforcement arrived in 2025, and whose definition has not arrived at all. We built compliance regimes, certification standards, and entire corporate functions on a term that no standards body will define. The weight is real. The anchor is missing.

That gap is not academic. It is the difference between governance that constrains a system and governance that decorates a slide deck. When the word means everything, it risks meaning nothing, and the organizations that treat AI governance as a checkbox will discover the difference at exactly the wrong moment. People first, technology last, is not a slogan here. It is the test of whether any of this scaffolding actually protects the humans on the other side of the black box.

The history of AI governance is the history of a name that outran its substance. The work now is to catch up on the substance.

So before your next governance initiative ships, ask the only question that separates the enforceable from the decorative: if no one can define the word, how exactly are you measuring whether yours is working?

---

If you find this content valuable, please share it with your network.

Follow me for daily insights.

Book me to speak at your next event.

Start managing your agents for free.

Chris Hood is an AI strategist and author of the #1 Amazon Best Seller Infailible and Customer Transformation, and has been recognized as one of the Top 30 Global Gurus for Customer Experience. His latest book, Unmapping Customer Journeys, is available now!