Skip to content

UK governance-first AI consultancy

AI your board can answer for.

We design the governance and build the systems that meet it. One team, UK-hosted, with audit trails and human approval written into the code. Run by people who have shipped AI inside regulated organisations, not only advised on it.

Book a 15-minute callSee what we've built

Not ready to talk? Take the free 2-minute Board AI Scorecard

One unbroken line runs from the boardroom to the code.

Diagram: a board decision leads to a policy, the policy becomes a control enforced in code, and the control produces audit evidence a regulator can rely on.Board decisionWhat the board approves.PolicyThe rule, written down.Control in codeThe policy, enforced in code.Audit evidenceA record a regulator can rely on.

  • 24,676.

    resident messages handled in productionas of 20 Apr 2026

  • 1,313.

    jobs created from 20,000+ inspection photosas of 20 Apr 2026

  • Six.

    AI systems designed and built, from a governance platform to public-sector evidence

Founded by Dr Karl George MBE. Creator of the tgf Governance Code, endorsed by Sir Adrian Cadbury.

Working with regulated UK organisations

  • Public sector & NHS
  • Financial services
  • Legal & professional services
  • Property & housing
  • Listed & FTSE companies
  • Regional & combined authorities

Most AI governance is performance, not protection.

It looks like oversight. It does not survive a regulator's question. One firm writes the strategy, a different team writes the code, and the controls a board needs never make it into the system. The gap between recommending AI and running it safely is where the money goes.

~95%

of enterprise GenAI pilots returned no measurable financial result

MIT, 2025

80%+

of AI projects never reach production

RAND

42%

of companies abandoned most of their AI initiatives in 2025

S&P Global

We remove the handoff. The same team writes the governance and the code, so the controls a board needs are built into the system, not bolted on to pass a review.

We write the governance. We build the system. Same team.

Advisors recommend but rarely build. Builders ship but rarely govern. We do both, under one engagement, and we can show the code that proves it.

We build, we don't only advise

Most firms hand over a readiness assessment or a policy. We have shipped real systems: a governance platform, a public-sector evidence workspace, and bespoke client builds across property, surveying, finance and restructuring.

Governance is engineered in, not bolted on

Our systems enforce governance in code: read-only database access, append-only audit ledgers, denied-vocabulary checks, confidence floors that overrule the model, and schema-constrained outputs.

Advisory by design. The human decides

AI assists; a named person decides, and we can prove who decided and when. Our systems don't score bids, post to the ledger or contact anyone on their own.

Built for UK governance standards

UK data residency and UK GDPR alignment, with compliance artefacts mapped to the frameworks regulated organisations ask for, from ISO/IEC 42001 to the NCSC cloud principles.

Governance designed and built in one pass.

A finite, legible delivery model. Each step ties to a real control we put in the system, not a slide we hand over.

  1. Diagnose

    We map where AI could help, where it must not, and what your board and regulators will need to see. Honest about what shouldn't be automated.

  2. Design

    We design the workflow and the governance together: the decisions a human keeps, the controls in code, the evidence the system records.

  3. Build

    We write the software. One team designs the governance and ships the code, so nothing is lost in a handoff between advisor and developer.

  4. Govern

    Audit trails, confidence floors, human approval gates and citation provenance are built in, not added afterwards to pass a review.

  5. Assure

    We map the build to the standards you answer to and leave you with the evidence to defend it, whether to a board, an auditor or a regulator.

Advise on AI governance. Build the systems that meet it.

Two service lines from one team. The advisory work is grounded in the board-governance practice of our founder, Dr Karl George MBE. The build work is grounded in shipped software.

Advise

Board-level AI governance, grounded in the practice of our founder, Dr Karl George MBE.

  • AI Wake-Up Call

    A board literacy session that gets directors fluent in the AI decisions in front of them.

  • GovernIQ™ Diagnostic

    A structured read of where your AI governance stands today.

  • AI Governance Playbook

    The policies, roles and controls your organisation needs, written to be used.

  • Data & Security Diagnostic

    A focused review of the data and security questions AI raises for you.

  • Governance AI Quality Mark

    A route to demonstrable, accredited AI governance maturity.

Build

Bespoke AI systems, engineered governance-first, plus our own governance platform.

  • Bespoke AI systems

    We design and build production AI around your workflow, with governance written into the code.

  • BoardServe platform

    Our own governance platform: board effectiveness, skills audits, AI-governance maturity and compliance, with defensible audit trails.

  • Governance engineering review

    We assess an existing AI system against the controls a board and regulator expect. Then we fix the gaps.

The build proves the advice.

Anyone can write a policy. We write the control that enforces it, in the system itself. This is from a platform we run in production, not a diagram.

// Runs as a database role that holds only SELECT.// INSERT, UPDATE and DELETE are refused by Postgres itself.const { data, error } = await supabase.rpc(  "run_grace_readonly_sql", { query: sql },);if (error) return { ok: false, error: clean(error) };return { ok: true, rows: data ?? [] };
Exhibit. Read-only by construction. The model proposes the query. A database role holding only SELECT executes it. Write access is not restricted. It is absent.grace/readonly-sql.ts
Explore our services

The controls are specific.

These are not promises. They are the mechanisms we write into the systems we build, so accountability survives contact with production.

Read-only by construction

Where AI only needs to read, the database itself rejects any write. It is enforced at the engine, not by a prompt.

Append-only audit ledgers

Every AI suggestion records the model, the input, the output and the named human's accept, modify or reject decision. No silent edits.

Human-in-the-loop gates

Cost approvals, external contact and final reports require a recorded human decision before anything happens.

Confidence floors & reason codes

Below a set confidence, deterministic code overrules the model and routes the case to a person, with an explicit reason for the hold.

Anti-hallucination checks

Quoted evidence must be a literal substring of its source, or the extraction fails. The system can't invent a citation.

Denied-vocabulary blocklists

Prohibited language is injected into the prompt and re-scanned on output; a violating result is rejected, not published.

Standards we work to

  • ISO/IEC 42001
  • NIST AI RMF
  • EU AI Act
  • UK GDPR & the ICO
  • NCSC Cloud Security Principles
  • ATRS
  • Cyber Essentials
  • UK Corporate Governance Code

We align work to these standards and prepare clients for certification by accredited bodies. We are not a certification body, and we don't claim certifications we don't hold.

How we keep AI accountable

Systems we've shipped, not slideware.

Anonymised, but real. Each one carries governance in its architecture. The metrics are dated and the maturity is stated plainly.

All case studies
Abstract illustration of a property operations system routing messages, inspections and approvals.Property management

In production

An AI operations layer for a property company

A multi-agent operations layer woven into daily property work — resident messaging, contractor coordination, voice-based staff check-ins and photo-led inspection triage — with read-only analytics and human approval throughout.

24,676

resident messages handled

Read
Abstract illustration of an evidence workspace linking citations to source passages.Public sector

Deployed to our infrastructure · pre go-live

A governance-first evidence workspace for the public sector

A retrieval-and-investigation workspace that helps a public body assemble cited, defensible evidence — advisory-only by hard constraint, with every answer traceable to its exact source.

Advisory-only

no automated decisions, by design

Read
Abstract illustration of invoices validated against an ERP with explicit decision codes.Finance operations

In production · internal tool

Governance-first invoice automation into an ERP

An internal tool that reads invoices from email and attachments, validates them against the live ERP, and either auto-posts or returns an explicit query code — with the AI never writing to the ledger.

14 / 14

validation scenarios passed

Read

Our governance lineage runs to the source. Dr Karl George MBE created the tgf Governance Code, a twelve-principle framework endorsed by the late Sir Adrian Cadbury, who chaired the 1992 committee that defined board accountability for a generation. The principles that governed organisations then were transparency, accountability and answerability. They are the principles AI requires now.

Find out where your AI exposure sits.

We'll tell you plainly what's worth doing, what isn't, and what a board or regulator will expect to see. No pitch deck.

Book a 15-minute callSee what we've built

No obligation · no pitch.