In the age of AI, governing decisions matters more than governing infra, say experts

With AI systems influencing real-time decisions across sectors, experts at The Hindu Tech Summit 2026 cautioned that traditional governance, risk, and compliance (GRC) models are yet to catch up, exposing organisations to new and poorly understood risks.

At a session titled ‘Governance, Risk, and Intelligence: The Next  GRC Framework’, Balakrishna Kanniah, vice-president-IT, IS and Digital, Alten India Pvt. Ltd., said that while platforms change, some things remain standard and static. “Agentic AI has not changed the fundamentals of GRC. Governance models may change, but GRC itself has not been reinvented for projects. What has changed is the adoption rate. In my 25 years in the industry, earlier GRC was seen as audit-driven. Now that has changed. GRC has become a key driver of success for risk frameworks, operations, new projects, and products. Everything falls under it,” he said.

Responding to a question on whether companies now govern infrastructure or decision- making, Gowdhaman Jothilingam, Global CISO and Head of IT at LatentView Analytics Ltd., said organisations today govern decisions, not infrastructure, which has largely been stabilised and scaled. The real differentiator, he said, is accountability.

From a cybersecurity standpoint, Mr. Jothilingam recommended the FAIR (Factor Analysis of Information Risk) model, an open-source standard for quantifying cyber risk. With threat actors and attack vectors constantly evolving, FAIR helps translate cyber risks into business impact when leadership seeks clarity on priorities. It facilitates sharper prioritisation, budget justification, and return on security investment by framing risk in financial terms that resonate with boards, he added.

Speaking about the shift to continuous governance oversight in regulated sectors such as banking, Vennimalai Sundaresan, vice president-data governance, Standard Chartered, said that while banks already have robust GRC frameworks and strong regulatory oversight, the real challenge lies in aligning traditional governance models with adaptive, real-time technologies.

“Earlier systems were largely rule-based and predictable. Today, AI- and cloud-driven systems are dynamic, while governance processes still operate on fixed cycles, with policies reviewed annually, controls quarterly, and audits once a year. This creates a clear mismatch with technologies that function in real time,” he said.

As a result, leadership increasingly demands real-time dashboards and risk visibility, which remains difficult to implement. Governance, Mr. Sundaresan argued, can no longer remain an external supervisory layer; it must be embedded across every level of the organisation.

A fundamental issue with AI, Sakthi Balan Muthaiah, Professor,  Shiv Nadar University, pointed out, is anthropomorphism. “We use words like intelligence, learning, and understanding, assuming AI behaves like humans. It does not. For example, humans learn multiplication assuming addition is already understood. AI models do not learn that way — they learn through pattern recognition. This assumption can go wrong, especially in auditing and regulation,” he said.

The session was moderated by Koushik Ramani, Managing Partner, NetworkGain.