A reference for AI governance practitioners

GovernAI federates the public sources you'd otherwise track separately — vulnerabilities, AI incidents, regulatory documents, framework guidance, research papers, and business news — into a single practitioner-oriented dashboard. It exists because the AI governance landscape is fragmented, and the people responsible for navigating it often don't know where to start.

What this is

GovernAI is a read-only federation tool. It pulls from twenty-plus open-licensed sources twice a day, normalizes their content into a shared schema, and surfaces it through nine focused views: AI frameworks, frameworks watch, software vulnerabilities, incidents and exploits, regulations, business news, academy (research papers), vendor research, and a transparency sources page.

Everything is attributed. Every record links back to its source. We don't mirror, paywall, or rebrand third-party content; we just make it findable.

Who it's for

Anyone who has been handed responsibility for AI governance, AI security, or AI compliance — and is trying to figure out which frameworks apply, which regulations matter in their jurisdiction, and what's actually happening upstream.

  • Risk and compliance teams at banks, insurers, and other regulated firms standing up AI governance programs
  • Security engineers mapping AI-specific threats to existing detection programs
  • Policy researchers tracking how regulatory expectations evolve across jurisdictions
  • Vendors and integrators trying to position their AI offerings against the prevailing standards
  • Anyone curious about AI safety, security, and governance as fields

What it federates

Each source comes from a publicly-accessible feed or API, under an open license that permits redistribution of headlines and metadata. The current set includes:

NVD & CVE Project
CC0 · AI-relevant CVEs
CISA KEV
Public domain · exploited vulns
EPSS (FIRST.org)
Public domain · exploit probability
AI Incident Database
CC-BY 4.0 · real-world AI failures
EU / UK / US regulators
Public sector RSS + APIs
US Federal Register
17 U.S.C. § 105 · public domain
Framework bodies
NIST, OWASP, MITRE, CSA, ENISA…
arXiv
Open access · AI safety research
Reputable business press
Reuters, FT, Bloomberg, WSJ…

For the full, live source list with record counts and last-fetch timestamps, see the Sources tab on the portal.

How it works

The pipeline is a small Python application that runs every twelve hours. Each source has a dedicated fetcher with its own normalisation, filtering, and AI-relevance heuristics. Self-healing fallbacks mean that if a source goes dark, the portal keeps serving the previous day's data with a warning, rather than going blank. The full rebuild produces a single feed.json that the portal serves as a static page — no live backend, no user tracking beyond aggregate visit counts.

Resilience and data integrity are non-negotiable. We use atomic file writes, per-source error isolation, and a global time budget so a single hung upstream can't block the whole refresh.

Editorial principles

  • Attribution always. Every record names its source. We do not mirror full content; we surface headlines and snippets and link out.
  • Open licensing. Sources must permit programmatic access and reasonable redistribution. Paywalled or restrictively-licensed content does not get federated.
  • Practitioner relevance. AI-relevance filters are applied at the fetch layer so the portal isn't drowned in adjacent content. False positives are tolerated; false negatives are not.
  • Transparent provenance. The Sources tab shows what's pulled, when, and how much. If a source goes empty, you can see it.
  • No SEO games. No tracking. No retargeting. No newsletter pop-ups. No ads.

Contribute

GovernAI is built and maintained by navigating.ai.risk as a community resource. The portal was developed with the help of Claude (Anthropic), with broader AI-assisted research used throughout. The pipeline behind it uses rule-based keyword filters over editor-reviewed taxonomies. We mention this up front because the tool we're building should be transparent about how it works.

The portal is improving steadily, but it is not finished — and the landscape it tracks changes daily. We welcome contributions of every kind:

  • Suggest sources we should be federating (regulators, framework bodies, reputable publishers)
  • Report broken links, mis-categorized records, or low-quality matches
  • Propose new tabs or filter dimensions for practitioner workflows you actually run
  • Submit pull requests for fetchers, normalisers, or portal improvements when the repository is published
  • Translate the portal into other languages
  • Share GovernAI with peers who'd find it useful

Contact: navigating.ai.risk@gmail.com. Repository details and contribution guidelines will be announced on the portal once published.

What this isn't

GovernAI is not a regulator, not a consulting firm, not a vendor, and not a substitute for legal advice. Everything federated here is one click away from its primary source. We try to surface the right thing; you confirm with the source.

Privacy

We count page views and tab interactions in aggregate so we know which views are useful. No visitor identifiers, IPs, or cookies are stored. There is no analytics third-party. The visit count log is a single JSON file maintained server-side and never leaves the server.