96% of financial institutions have AI governance policies. Only 53% have turned them into technical controls. AEGIS is the bridge — an open-source governance enforcement platform that operationalises policy into auditable, explainable, real-time compliance evidence.
The data from 2025–2026 is unambiguous. Financial institutions have built the governance architecture. They have not built the controls. The gap between policy and proof is where regulatory exposure lives — and where careers in AI governance are made or broken.
Every governance system needs a founding incident. For AEGIS, it is a scenario that plays out across regulated financial institutions with increasing frequency as EU AI Act enforcement approaches.
A model-assisted research report on a high-yield credit instrument has been distributed to institutional clients. A routine supervisory review flags an anomaly in the model's output. The FCA issues a Section 165 information request: produce the documentation trail for the AI system that contributed to this report — the intake record, the risk classification, the human oversight sign-off, the version used, and the approval chain.
The Documentation Lead has 10 business days to respond. She knows the model was reviewed. She knows a human signed off. She cannot prove either. The model card exists in a draft Confluence page. The approval was an email thread. The intake form was a Word document on a shared drive that has since been reorganised.
The governance existed. The evidence did not. Under the FCA's model risk rules in effect since May 2024, and under EU AI Act Annex IV, undocumented governance is non-compliant governance.
A fictional but architecturally realistic reference institution. Meridian represents the governance profile of a mid-to-large asset manager operating across three regulatory jurisdictions — the precise environment where the policy-to-control gap is most costly.
AEGIS is designed for the professional at the intersection of all three governance policies — the person accountable for the artefact evidence chain from intake to publication, operating between engineering, compliance, and the regulator.
Sofía's journey from receiving a new AI model intake to producing a regulator-ready audit trail. Five stages. The difference between 14 days of manual archaeology and 4 minutes of automated evidence generation.
AEGIS operationalises three governance policies into a live enforcement system. Each layer maps directly to a policy, a regulatory requirement, and a measurable outcome. Every decision the system makes is explained in plain language — no black boxes, no unexplained classifications.