Skip to main content
Agentica

Answer — AI Governance

What is AI governance?

AI governance is the set of rules, roles, and records through which an organization knows what AI it uses, decides what is allowed, and can demonstrate both. In Québec and Canada it is anchored in Law 25 and, for financial institutions, in the AMF’s AI guideline and OSFI’s E-23.

Three questions, in this order

AI governance answers three questions, and the order matters:

  1. Know. Which AI tools and agents are in use across the organization — including the ones a vendor switched on that nobody declared? Without an inventory, everything else is theoretical.
  2. Govern. Who decides what is allowed, with what guardrails, what usage policy, what designated person? That is the work of rules and roles.
  3. Demonstrate. The day the board, the auditor, the regulator, or the insurer asks, can you prove — from contemporaneous records, not documents reconstructed after the fact — that the first two answers were true over time?

Many definitions written for Europe or the United States stop at the first two questions and the EU AI Act’s vocabulary. In Québec and Canada, the third question is decisive, because the applicable frameworks assess diligence, not perfection.

Which texts anchor AI governance here?

Canada has no federal AI statute in force: the AIDA bill died on the Order Paper in January 2025, and the federal strategy published in June 2026 targets specific risks rather than a horizontal regime. The real framework is provincial and sectoral:

  • Law 25, for any organization handling personal information in Québec — municipalities included: governance policies, a designated person in charge, privacy impact assessments (ÉFVP), and transparency for automated decisions.
  • The AMF’s AI guideline (in force May 1, 2027), for financial institutions under its jurisdiction: an AIS inventory, risk ratings, an accountable person, ongoing monitoring.
  • OSFI’s Guideline E-23 (same date), for federally regulated financial institutions: a model inventory and model risk management, AI included.

What does good governance actually produce?

Two complementary things: a tool and a proof. The tool is the living register — the inventory of every AI agent, what it can reach, where the gaps are — that lets you improve. The proof is the tamper-proof history of what actually happened, which lets you demonstrate reasonable diligence to anyone who asks.

That distinction is what Agentica, an AI Governance company in Montréal, puts into practice: continuously mapping every AI agent in your business environment and recording it in a tamper-proof history — a register to get better, and the record to prove it. AI governance is not a certification; no tool makes an organization compliant. It is the capacity, maintained day after day, to answer all three questions — with the evidence in hand.

Sources