This article was originally published on Autonomy Global.

The accelerating adoption of artificial intelligence (AI) in robotics brings enormous opportunities for businesses, but it also introduces new legal risks. Our previous Insight in the series discussed how combining autonomy, cloud connectivity and information technology/operational technology integration is expanding what robots can do for organizations and what can go wrong. As AI integration and scaling in robotics operations increases, so too does the scope and complexity of risks and liabilities organizations face. Responsible AI governance can help manage these risks and allow companies to responsibly scale AI robotics without scaling liability.

What is AI governance?

AI is no longer confined to innovation teams or experimental pilots. It is increasingly embedded in core business processes, policy execution and customer-facing decisions. As a result, AI risk is no longer a technical concern alone; it is a leadership, governance, and accountability issue.

AI governance is the management of rules, practices and risks to ensure AI usage or development across an organization is tracked, managed and secure. It helps protect organizations against AI-related risks, data concerns and unmonitored use, while aligning AI integration with legal and risk management requirements.

AI governance is also distinct from, though closely related to, cybersecurity. Cybersecurity focuses on protecting systems, networks and data from unauthorized access, breaches and malicious attacks. By contrast, AI governance addresses the design, deployment and use of AI systems themselves and their agents, including issues such as bias, transparency, decision‑making accountability and compliance with legal and ethical standards. While cybersecurity safeguards the integrity and security of the underlying technology and data, AI governance ensures that AI‑agentic driven outputs and decisions are lawful, fair and aligned with organizational risk tolerance and societal expectations.

Warnings and lessons learned

Although arguably AI governance is now an essential part of modern corporate governance, akin to financial or data governance, organizations continue to deploy AI faster than they are implementing oversight frameworks. This ‘governance gap’ creates exposure in areas such as data ownership, cybersecurity, and reputational harm arising from AI-driven errors or misuse.

Increasingly, regulators, courts and industry leaders are recognizing that responsible AI governance includes knowing when not to bring a product to market.

Even the world’s largest AI enterprises are signaling that the development and advancement of AI agents and platforms are outpacing the available guardrails that would ensure responsible AI governance. Anthropic’s decision in 2026 to withhold public release of its most advanced model, Claude “Mythos,” provides a clear case study in how AI governance, safety and legal risk are beginning to shape deployment decisions. Rather than releasing Mythos via an open API, Anthropic launched Project Glasswing, a gated initiative providing controlled access to vetted partners responsible for critical infrastructure.

Mythos is not an isolated case. Similar governance choices have emerged across the industry. OpenAI delayed release of an open‑weight frontier model in 2025, citing the irreversibility of harm once model weights are public. Meta published a Frontier AI Framework, committing not to release “high‑risk” or “critical‑risk” systems, such as those enabling large‑scale cyber or bio threats, absent meaningful mitigation.

Effective AI governance is not a one-time exercise, but an ongoing program integrated across the AI lifecycle, from design and development through deployment, monitoring and decommissioning. Key components of a practical governance framework include:

Policies and internal standards

  • Organizations should adopt formal AI policies that define acceptable uses of AI, identify prohibited practices and establish internal approval and review processes. These policies should clarify what qualifies as AI within the organization, require pre‑deployment reviews for new AI systems and mandate ongoing monitoring of AI outputs and performance.
  • Policies are most effective when paired with training, enforcement mechanisms and regular updates. Many Canadian organizations are also aligning internal policies with voluntary and international standards, such as Canada’s Voluntary Code of Conduct on Responsible AI, the International Organization for Standardization/ International Electrotechnical Commission 42001 framework and the American National Institute of Standards and Technology AI Risk Management Framework. Doing so helps demonstrate alignment with evolving expectations, even in the absence of binding legislation and regulation.

Accountability and training

  • Effective AI governance depends on organizational understanding, not just technical controls. Personnel at all levels should have a working understanding of how AI systems operate, including their inputs, outputs, limitations and potential failure modes.
  • As AI systems become more embedded in decision‑making, organizations should invest in training programs tailored to different roles, including end‑users, managers and technical teams. This includes educating employees on how to interpret AI outputs, recognize potential bias or errors, and understand when escalation or human intervention is required.
  • A key aspect of governance is ensuring that those responsible for deploying or supervising AI systems understand how the underlying models or agents function in practice, even at a high level. This enables organizations to build internal expertise, develop appropriate policies, and communicate expectations clearly across teams, rather than relying solely on external vendors or technical specialists.

Transparency and documentation

  • Comprehensive documentation is a recurring theme across AI governance frameworks. Organizations should maintain records describing AI system design, training data sources, testing results, known limitations and mitigation measures. Documentation supports internal oversight and becomes critical evidence if AI decisions are challenged by regulators or litigants.

AI governance in the context of robotics

AI governance takes on heightened importance when embedded in robotics and autonomous systems. Robotics are increasingly powered by AI, enabling unprecedented autonomy and human interaction, from self-driving vehicles to collaborative industrial robots in healthcare or public spaces.

Humans and robots cohabitating workspaces is becoming even more common, and these connected/collaborative robots (cobots) amplify risk in multiple dimensions: They blur lines between cybersecurity risks and physical safety concerns and can directly impact human well-being, which presents physical harm liabilities as well as data security and privacy concerns for organizations deploying AI-powered robots.

In other words, governing AI in robotics is about ensuring cyber-physical safety and clear accountability. In Canada, the Canadian Standards Association has now published CSA Z434:26, which adopts ISO 10218-1:2025 and ISO 10218-2:2025. Aligning robotics programs with the updated CSA Z434 framework and related ISO robotics standards helps organizations demonstrate the applicable standard of care and manage foreseeable safety risks in Canadian workplaces.

When it comes to cobots, cybersecurity and physical security are increasingly intertwined. Hackers are now deploying their own AI agents in attempts to “jailbreak” and manipulate AI models within organizations. Autonomous systems utilizing AI are susceptible to adversarial attacks and organizations are advised to adopt a “secure-by-design” approach and implement robust AI-specific security measures, as traditional cyber defenses are often insufficient against AI-powered attacks.

Those who proactively govern their AI-powered robots today will be best positioned to scale these technologies while safeguarding employees and stakeholders, capturing the benefits of innovation without scaling up liability. Effective legal counsel ensures AI systems adhere to national and international laws and regulatory standards and help mitigate the unique liability challenges presented by AI, particularly in the robotics spheres.

Every connected robot introduces connected risk, but with the practical and strategic advice on effective AI governance offered by the MLT Aikins AI and Emerging Technology team, those risks can be managed and mitigated as part of a future-ready, legally resilient robotics strategy.

Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.

Share