EC-Council launches AI governance framework as enterprises scramble to catch up
EC-Council, the credentialing body behind the Certified Ethical Hacker certification, released the Adopt. Defend. Govern. (ADG) AI Framework and a free self-assessment tool designed to help enterprises establish governance structures for artificial intelligence systems.
The framework was built with input from practitioners at Citi, JPMorgan Chase, Microsoft, KPMG, Deloitte, NTT Data, GE Healthcare, GlobalLogic, Prudential, and Salesforce. It organizes AI governance around three operational pillars, 12 minimum controls, and nine governance surfaces aligned with the EU AI Act, ISO/IEC 42001, and the NIST AI RMF.
The governance gap is widening
Global AI spending is projected to reach $2.5 trillion in 2026. Yet governance maturity lags far behind deployment. Only 1% of leaders believe their AI governance capabilities are mature, according to industry findings.
Seventy-eight percent of executives said they would not feel confident passing an AI governance audit within 90 days. The mismatch reflects a pattern: organizations deployed AI first and tried to govern it second.
"Most organizations approached AI with a deploy-first mindset, prioritizing speed while governance and security struggled to keep pace," said Jay Bavisi, Group President of EC-Council.
How the framework is structured
The three pillars cover distinct operational areas. Adopt aligns AI deployment with business objectives and workforce capability. Defend secures AI systems against threats including prompt injection and data poisoning. Govern embeds oversight and risk management from deployment through enterprise-scale operations.
Every control references major standards: the EU AI Act, ISO/IEC 42001, NIST AI RMF, OWASP Top 10 for LLM and Agentic AI, and MITRE ATLAS.
The accompanying AI Readiness Self-Assessment Tool measures maturity across governance readiness, operational resilience, security posture, and accountability structures. It generates a prioritized implementation roadmap.
Practical adoption for operations teams
For operations professionals, the framework provides operational clarity rather than abstract principles. Lewis V. Adams, VP of Enterprise AI and Capital Productivity Transformation at Citi, said: "The ADG Framework is the operating model that enterprise AI has been missing. The industry doesn't lack AI frameworks; it lacks operational clarity."
Kathy Baxter, Principal Architect and VP of Responsible AI and Tech at Salesforce, added that the framework reflects the cross-functional model used by leading organizations to scale AI responsibly.
EC-Council structured the framework as an open, community-driven initiative with no licensing fees or vendor lock-in. Organizations can adopt it freely and it is designed to evolve as AI technologies advance.
New certifications align with the framework
EC-Council introduced three certifications tied to the ADG model: Certified AI Program Manager, Certified Offensive AI Security Professional, and Certified Responsible AI Governance and Ethics Professional.
Operations managers seeking to understand AI governance, security, and responsible deployment can explore the AI Learning Path for Operations Managers.
Your membership also unlocks:
