These frameworks emerged directly from building two real systems and researching the enterprise governance gap. They are not prescriptive standards — they are structured thinking tools, grounded in practice, versioned and evolving.
Three frameworks are published. Frameworks 04 and 05 are in active development, completing the full path from governance obligation to working AI system.
Start with the Hourglass to understand the governance obligation. Use the Enterprise Framework to design your operating model. Apply the Guardrail Framework to make AI safe. Engineering Disciplines and LLM Integration Patterns — completing the path — are in active development.
What this framework answers
Why must AI be governed? And how do external regulatory obligations translate into concrete technical controls?
The Hourglass model provides the governance rationale. It shows that enterprise AI sits within a nested hierarchy of obligation — from supranational regulation down to individual technical control. The "waist" of the hourglass is the critical point: organisational policy, where external obligations are interpreted and converted into internal requirements.
This framework answers the "why govern at all?" question that many AI programmes skip. It grounds subsequent frameworks in a clear accountability structure — making it the essential first lens before any operating model or guardrail design begins.
What it contains
This framework connects to → Enterprise AI Framework (Framework 02) — the Hourglass establishes why governance is needed; the Enterprise Framework defines how to structure it.
What this framework answers
How should an organisation structure its AI activity — from early experimentation through to operational deployment at scale?
The Enterprise AI Framework introduces a dual-mode operating structure: the Lab (explore, experiment, learn) and the Hub-and-Spoke (operationalise, govern, scale). These are not sequential stages — mature organisations run them simultaneously, with a Transition Path enabling capability and knowledge to flow from experimental to operational.
Three horizontal layers cut across both modes: Governance & Culture (the human system), AI Engineering (the technical system), and AI Value & Risk Management (the measurement system). This framework is the operating design for any enterprise serious about AI adoption beyond ad-hoc pilots.
What it contains
This framework connects to → AI Guardrail Framework (Framework 03) — once you have your operating structure, the Guardrail Framework defines how to make each system in it safe.
What this framework answers
How do you make a probabilistic AI system safe and accountable within a deterministic enterprise environment?
The AI Guardrail Framework — also called the Sandwich Model — treats the AI's probabilistic core as something to be harnessed, not constrained. The framework allows the model to reason freely within its capabilities, while deterministic layers above and below it enforce the boundaries that the enterprise requires: input validation, output verification, human-in-the-loop oversight, and graceful fallback.
This is the framework that directly resolves the "beast and the gap" problem the research identified. It is applicable to any AI system — from a simple LLM integration to an autonomous agent — and scales with the risk tier of the use case.
What it contains
This framework connects to → AI Engineering Disciplines (Framework 04) and LLM Integration Patterns (Framework 05) — both in active development, completing the path from safety model to buildable implementation.
The research programme is ongoing. Six frameworks are in active development — including Frameworks 04 and 05 which extend the published set to full implementation, and four further frameworks addressing additional gaps identified through the research.
Maps the full XOps stack required to run AI in an enterprise — from DataOps and MLOps foundations through LLMOps and AgentOps, to eight cross-cutting disciplines including PromptOps, FinOps for AI, AI Security Engineering, and Responsible AI Engineering.
Nine concrete integration patterns across three maturity phases — Direct, Augmented, and Agentic Integration — each with its own risk profile, governance requirements, and HiTL obligations. The Guardrail Sandwich invariant from Framework 03 applies across all nine patterns.
A classification engine for assigning AI use cases to risk tiers — with specific governance requirements, HITL obligations, and audit rules per tier. Closes the gap left by all five existing frameworks, each of which references tiers but does not define how to assign them.
A structured canvas for deciding, before any build begins, whether AI should be involved in a given decision at all — and at what level of autonomy. Four zones: Full Autonomy, AI-Assisted, AI-Advisory, AI-Excluded. Operationalises HITL at the decision level rather than the system level.
A five-dimension self-assessment model for diagnosing an organisation's current AI maturity and identifying the capability gaps that must be closed to progress. Designed to generate an actionable priority list from a 90-minute team session.
Organisational response choreography for when AI systems fail — output errors, model drift, data poisoning, regulatory inquiry. Covers severity classification, response roles, evidence preservation, and the post-incident → guardrail improvement loop.
These frameworks are grounded in a body of enterprise AI governance literature. The following sources were particularly influential in shaping the structure and content of the frameworks above.
NIST AI Risk Management Framework (AI RMF 1.0)
Provided the foundational risk vocabulary and the Govern / Map / Measure / Manage structure that informed the Hourglass Model's policy waist layer and the risk tiering approach across all frameworks.
EU Artificial Intelligence Act
Established the regulatory context for the Hourglass Model's upper zone. The Act's prohibited and high-risk use case classifications directly informed the Tier 0 and Tier 1 definitions in the risk tiering work.
ISO/IEC 42001:2023 — AI Management Systems
Informed the audit trail, governance board, and documentation requirements in the Organisational Policy waist of the Hourglass, and shaped the governance layer obligations in the Enterprise AI Framework.
Accelerating Enterprise AI Adoption — Overcoming Key Barriers
The Lab / Transition / Hub-and-Spoke dual-mode structure in the Enterprise AI Framework directly reflects the "experimental vs. operational" tension documented in enterprise AI adoption research, of which this is a key primary source.
The State of AI in 2024
Provided quantitative evidence on enterprise AI adoption rates, governance gaps, and the gap between AI experimentation and operational deployment — directly informing the research problem framing and the Enterprise Framework's maturity staging.
Patterns for Building LLM-based Systems & Products
A practitioner-authored catalogue of LLM integration patterns that informed the Phase 1–3 structure of the LLM Integration Patterns framework and the technical architecture of the guardrail invariant.
MLOps: Continuous delivery and automation pipelines in machine learning
Foundational reference for the DataOps / MLOps / ModelOps base layer in the AI Engineering Discipline Framework, and for the maturity staging of the Transition Path's operational readiness gates.
Applying these frameworks to your organisation is a different problem than reading them.
Every organisation's governance context is different — different risk appetite, regulatory environment, maturity level, and AI ambition. These frameworks are a starting point. Making them work in a specific context — mapping the Hourglass to your regulatory obligations, calibrating the Guardrail tiers to your risk appetite, designing your Lab-to-Hub transition path — is where advisory conversations are valuable.