Critically, it is open and community-driven, without licensing fees or vendor lock-in positioning it as infrastructure for the field rather than a commercial product.

What Separates ADG from the Frameworks That Came Before

The ADG Framework’s value proposition is captured precisely by GlobalLogic’s Global Head of AI and Data Governance, ShanShan Pa, in her advisory board contribution: “The industry doesn’t lack AI frameworks; it lacks operational clarity.”

That observation defines the gap ADG is designed to close. Existing frameworks the NIST AI RMF, ISO/IEC 42001, and others provide principled structures for thinking about AI risk and governance. What they do not consistently deliver are the measurable indicators, auditable practices, and implementation-ready controls that allow organisations to move from framework adoption to demonstrable governance maturity.

ADG introduces 12 minimum controls that establish a concrete compliance floor, nine governance surfaces that define where oversight must exist within an AI system’s lifecycle, nine deployment overlays that adapt the framework to specific implementation contexts, and three autonomy tiers that calibrate governance requirements to the level of AI system autonomy involved. Every control maps to major global standards EU AI Act, NIST AI RMF, ISO/IEC 42001, OWASP Top 10 for LLM and Agentic AI, and MITRE ATLAS reducing the compliance fragmentation that has forced organisations to maintain parallel governance documentation across different regulatory jurisdictions.

For boards and audit committees evaluating AI governance readiness, the minimum controls architecture provides the auditable structure that abstract principle-based frameworks cannot. As Lewis V. Adams, VP of Enterprise AI at Citi and ADG contributor, notes: it turns “abstract standards into auditable practices” which is the difference, at board level, between scaling AI with demonstrable confidence and proceeding on a governance assumption that cannot be validated under scrutiny.

The Three-Pillar Structure and Its Security Dimension

The ADG Framework’s three pillars Adopt, Defend, and Govern are designed as an integrated governance lifecycle rather than sequential phases, and the Defend pillar specifically addresses the AI security threat landscape that most governance frameworks treat as a compliance appendix rather than a core programme requirement.

Adopt addresses deployment alignment: ensuring AI systems are introduced with clear business objective mapping, workforce readiness, and implementation accountability from the outset. Governance failures that manifest at scale frequently trace back to deployment decisions made without adequate organisational preparation the Adopt pillar establishes the controls that make deployment decisions defensible before systems are live.

Defend covers the attack surface that AI systems specifically introduce prompt injection, adversarial manipulation, model exploitation, data poisoning, and AI supply chain compromise. These are not theoretical risks. They are active threat classes that adversaries are operationalising against enterprise AI deployments now. A governance framework that addresses policy and compliance without explicitly incorporating these threat classes into its control structure is leaving the security dimension of AI governance unaddressed which is the gap that makes organisations vulnerable to the specific attacks their AI deployments face rather than the generic threats their existing security programmes manage.

Govern embeds continuous oversight, auditability, and risk management into AI systems from deployment through enterprise scale not as periodic review activity but as structural programme requirements with defined accountability mechanisms.

The Self-Assessment Tool and Its Evidence-Based Governance Value

Alongside the framework, EC-Council has released a free AI Readiness Self-Assessment Tool that allows organisations to measure their current governance posture across readiness, security, implementation discipline, and accountability before vulnerabilities emerge at scale.

The tool produces a prioritised implementation roadmap mapping the gap between current state and ADG minimum control requirements into sequenced programme actions. For organisations facing regulatory review, board scrutiny, or internal audit assessment of their AI governance programme, this roadmap provides the evidence-based view of governance preparedness that verbal assurances cannot substitute.

The self-assessment is available without cost or vendor commitment, which removes the procurement barrier that has historically delayed governance investment in organisations that need the visibility most urgently.

Workforce Capability as the Governance Infrastructure Layer

EC-Council‘s introduction of three new certifications aligned to the ADG operating model Certified AI Programme Manager, Certified Offensive AI Security Professional, and Certified Responsible AI Governance and Ethics Professional addresses the workforce dimension of AI governance maturity that frameworks alone cannot close.

Governance frameworks establish what needs to be done. Certified practitioners with the skills to implement, test, and maintain governance controls determine whether it actually gets done in production. The CAIPM, COASP, and CRAGE certifications create an explicit mapping between ADG governance requirements and the workforce capability needed to satisfy them giving organisations a talent development pathway aligned to their governance framework rather than generic AI literacy programmes that don’t connect to specific governance obligations.

The Offensive AI Security Professional certification is specifically notable. Testing AI systems against adversarial threat classes prompt injection, model exploitation, adversarial manipulation requires practitioners who understand both offensive AI technique and defensive governance architecture. Credentialing this capability aligns ADG’s Defend pillar to a defined workforce standard rather than leaving the security testing dimension of AI governance to ad hoc expertise.

The Governance Maturity Gap Is Board-Level Urgency

The 78% executive confidence figure the proportion of leaders who would not pass an AI governance audit within 90 days is not a background risk measurement. It is a board-level liability indicator for organisations that have characterised their AI governance programme as mature in stakeholder communications without the audit-ready evidence infrastructure to support that characterisation.

The ADG Framework and its supporting tools provide the programme architecture, minimum control standards, assessment tooling, and workforce certification pathway that close this gap not as aspirational governance, but as the execution discipline that enterprise AI programmes have been missing since deployment velocity outpaced accountability frameworks.

Research and Intelligence Sources: EC-Council

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com