July 2026: CMS - AI governance: strengthen your compliance
Kinexio is introducing stronger governance controls to help organisations adopt AI with greater transparency, oversight and confidence.
The framework is designed to give customers clearer control over where AI can be used, which capabilities are available and which users have agreed to access them. It also supports more reliable audit and compliance processes as AI functionality expands across the platform.
What it is and why it matters
AI Governance provides a structured way to control and oversee AI-powered capabilities within Kinexio.
Rather than treating AI as a single platform-wide feature, individual capabilities can be governed separately. This helps organisations introduce AI gradually and in line with their own legal, security, procurement and risk policies.
The framework is designed to support:
-
Organisation-level approval.
-
Property-level controls.
-
Separate controls for individual AI capabilities.
-
Explicit user acknowledgement or opt-in.
-
Records of configuration changes and user consent.
-
Clear explanations when an AI feature is unavailable.
This helps prevent accidental or unauthorised use while giving organisations evidence that AI access is being managed responsibly.
When to use this
Use AI Governance when:
-
Reviewing whether AI is permitted within your organisation.
-
Enabling an AI capability for selected properties.
-
Keeping AI disabled at sensitive or higher-risk locations.
-
Introducing a new AI tool to authorised users.
-
Recording user acknowledgement before first use.
-
Demonstrating how AI access is controlled during an audit or compliance review.
-
Applying different rules to separate AI capabilities.
It is particularly useful for organisations that want to adopt AI progressively rather than enabling every capability across an entire portfolio at once.
How it works (high-level)
AI access is managed through several layers of control.
An AI capability must first be approved at the relevant organisation level. It can then be enabled or restricted for individual properties and made available only to users with the appropriate access.
Where user consent is required, the user is shown clear information about the capability before using it for the first time. Their decision can then be recorded for governance purposes.
AI capabilities default to being unavailable until the required approvals and access conditions have been met.
This means a user may be unable to access a feature because:
-
AI has not been approved by the organisation.
-
The capability is disabled for the property.
-
That particular AI capability has not been enabled.
-
The user does not have the required role or permission.
-
The user has not completed the required acknowledgement.
Governance records can help authorised stakeholders understand where AI is enabled and how access has been granted.
Best practice tips
-
Agree your organisation’s AI policy before enabling individual capabilities.
-
Involve legal, privacy, security and risk stakeholders where appropriate.
-
Start with a limited group of properties or users before wider rollout.
-
Enable only the AI capabilities that support a clear business need.
-
Use plain internal guidance so users understand what the AI feature does and does not do.
-
Review property-level access where assets have different risk requirements.
-
Keep user roles and permissions current.
-
Retain records of approvals, configuration changes and user consent.
-
Review AI settings whenever a new capability is introduced.
-
Remind users to check AI-generated output before relying on or publishing it.