Sphere Partners

Blog category

Govarix

18 posts in this category.

AI Audit Logs as Compliance Evidence: What to Capture, Retain, and Present to Regulators

AI Audit Logs as Compliance Evidence: What to Capture, Retain, and Present to Regulators

Most AI platforms log conversations. Regulators need something different: a record of every governance control action the platform took. EU AI Act Article 12 mandates a minimum 6-month retention period for high-risk AI system logs. Here is what that log must contain and how to use it when inspectors ask questions.

Read the article
Building an AI System Registry That Actually Satisfies Regulators

Building an AI System Registry That Actually Satisfies Regulators

The EU AI Act requires a live, auditable AI system registry — not a spreadsheet last updated in January. Here is what a compliant registry must contain, how to surface the AI systems you do not know you are using, and how to produce the regulator-ready export on demand.

Read the article
Multi-Model Enterprise AI: Why Model Flexibility Is a Governance Requirement, Not a Feature

Multi-Model Enterprise AI: Why Model Flexibility Is a Governance Requirement, Not a Feature

Locking enterprise AI to a single vendor's model is not a commercial preference — it is a governance failure. Commercial risk, data residency constraints, model quality evolution, and regulatory exposure all require the ability to switch or add models without rebuilding your compliance layer.

Read the article
How to Choose an Enterprise AI Platform: 8 Questions Every Compliance and IT Leader Must Ask

How to Choose an Enterprise AI Platform: 8 Questions Every Compliance and IT Leader Must Ask

Enterprise AI vendor evaluations are dominated by model benchmarks and UI quality. The questions that actually determine whether a platform is deployable in a regulated organisation concern governance architecture, security depth, compliance tooling, and audit capability — criteria most platforms fail before the demo ends.

Read the article
The Context Tax: How Enterprise AI Costs You 50 Hours Per Employee Per Year

The Context Tax: How Enterprise AI Costs You 50 Hours Per Employee Per Year

Your employees spend 12 minutes every day re-establishing context with their AI. That is 50 hours per person per year — more than a full working week — of pure overhead that generates zero new output. Persistent memory eliminates it entirely.

Read the article
AI in Financial Services: What FINRA, MiFID II, DORA, and the EU AI Act Require

AI in Financial Services: What FINRA, MiFID II, DORA, and the EU AI Act Require

Financial services organisations face more AI-specific regulation than any other sector. Seven frameworks, applied simultaneously, to the same employees on the same platform. Here is what each requires, where they overlap, and how to enforce all of them without a separate compliance programme for each one.

Read the article
Enterprise AI Cost Control: Token Budgets, Per-Team Limits, and Real-Time Budget Alerts

Enterprise AI Cost Control: Token Budgets, Per-Team Limits, and Real-Time Budget Alerts

Giving 250 employees unrestricted access to frontier AI models without cost controls is how you generate a $40,000 monthly API bill in week three. Here is how enterprise AI cost governance actually works — and why model choice alone creates a 25× cost variance per query.

Read the article
AI Governance vs AI Compliance: The Difference That Determines Your Risk

AI Governance vs AI Compliance: The Difference That Determines Your Risk

Compliance documents what you did. Governance controls what happens. Building one without the other leaves you with paperwork that cannot prevent the problem it describes — and a regulator who will use that paperwork against you.

Read the article
CSRD AI Emissions Reporting: A Practical Step-by-Step Guide for Sustainability Teams

CSRD AI Emissions Reporting: A Practical Step-by-Step Guide for Sustainability Teams

You need to report the carbon footprint of your organisation's AI usage under ESRS E1. Your AI vendors provide none of the data. Here is exactly how to gather it, calculate it, and produce an auditable disclosure — with or without automated tracking.

Read the article
Engram: How Persistent AI Memory Turns Every Interaction Into Organisational Intelligence

Engram: How Persistent AI Memory Turns Every Interaction Into Organisational Intelligence

Enterprise AI is stateless by design — each session starts from zero regardless of how long the platform has been running. Engram fixes this with 9 memory types, 4 maturity stages, and self-organising gravity wells that accumulate institutional knowledge permanently.

Read the article
Enterprise AI Content Policies: Why Per-Team Governance Outperforms Platform-Wide Controls

Enterprise AI Content Policies: Why Per-Team Governance Outperforms Platform-Wide Controls

A FINRA-compliant AI policy that protects your trading desk will break your engineering team's workflow. Precision governance — applied per team, per regulation — delivers both compliance and adoption. Here is how it works.

Read the article
EU AI Act Risk Classification: A Step-by-Step Guide for Compliance Teams

EU AI Act Risk Classification: A Step-by-Step Guide for Compliance Teams

How to classify every AI system your organisation uses across all five risk levels — the questions to ask, the eight Annex III domains that determine High-Risk status, fine thresholds at each tier, and what each classification requires you to do next.

Read the article

How RAG Works in Enterprise AI — And Why Your Knowledge Base Architecture Determines Answer Quality

Enterprise AI vendors describe their knowledge base feature as "your AI trained on your documents." It is not. The accuracy of every answer depends on five architectural decisions about chunking, embedding, retrieval, and generation — most of them invisible to users.

Read the article
Why Enterprise AI Gets Your Company-Specific Questions Wrong

Why Enterprise AI Gets Your Company-Specific Questions Wrong

GPT-4o and Claude are trained on essentially all of human knowledge. On questions about your own organisation, they will fail the majority of the time. The problem is not the model. The problem is context — and there are two ways to provide it.

Read the article
Prompt Injection and the 6 Threat Categories Targeting Enterprise AI Platforms

Prompt Injection and the 6 Threat Categories Targeting Enterprise AI Platforms

Prompt injection is ranked the number one risk in OWASP's LLM Top 10. Adaptive attacks succeed against unprotected systems at rates exceeding 85%. The attack surface is unlike anything in conventional security — and bypasses every control applied inside the language model itself.

Read the article
CSRD and AI Carbon Emissions: What 50,000 EU Enterprises Are Required to Report

CSRD and AI Carbon Emissions: What 50,000 EU Enterprises Are Required to Report

The Corporate Sustainability Reporting Directive requires disclosure of AI carbon emissions under ESRS E1. Ten of thirteen major AI vendors provide zero environmental data to customers. Here is what the regulation requires and how to build the numbers without vendor cooperation.

Read the article
Shadow AI: The Enterprise Governance Gap That Regulators Are Coming For

Shadow AI: The Enterprise Governance Gap That Regulators Are Coming For

Seventy percent of enterprise AI now operates outside IT oversight. Under the EU AI Act, an incomplete AI system inventory is a compliance violation — regardless of whether you knew the tools existed.

Read the article
EU AI Act: What Every Enterprise Must Do Before August 2026

EU AI Act: What Every Enterprise Must Do Before August 2026

Full enforcement begins on 2 August 2026. Here is what the regulation actually requires, what fines apply at each level, and the concrete steps your organisation must complete before the deadline — with less than three months remaining.

Read the article
← All posts