Professor Kai London: Why Asia-Pacific Boards Cannot Treat AI Governance as a Compliance Exercise
- Lee Huay Leng
- 21 hours ago
- 1 min read
Across Asia-Pacific, boards are under pressure to adopt artificial intelligence quickly. Professor Kai London — a CISO, board cyber security advisor and author working at the convergence of AI, governance and operational resilience — warns that speed without governance is where value quietly leaks away.
"Most organisations approach AI governance as a mapping exercise: classify each system against a risk tier, document it, move on," says Professor London, Founder and CEO of Quantum AI Systems Security LLC. "That satisfies an auditor. It does nothing to improve the quality of the decisions the AI is actually making, and it leaves the board blind to the failure modes that matter."
He points to the EU AI Act and ISO 42001 not as distant European concerns but as the emerging global template that Asia-Pacific regulators and trading partners are already converging towards. Enterprises that build genuine accountability structures now, he argues, will find compliance falls out naturally — and they will be trusted by customers and regulators in markets that increasingly demand it.
Professor London recommends three board-level controls: clear ownership for every deployed model, visibility of where AI touches customer and safety-critical decisions, and an escalation path for when a model behaves unexpectedly. "AI governance is not a brake on innovation. Done well, it is what lets you accelerate with confidence."
The author of The AI Architects and AI on Trial closes with a warning familiar to anyone who has watched a technology shift outpace its controls: "Organisations do not lose systems first. They lose decision authority — and then everything else follows. Governance exists to keep the board in command."

Comments