UK AI founder publishes three open-access governance papers

By AI, Created 4:21 PM UTC, June 04, 2026, /AGP/ – Rami Mohammed Kheir, founder of mAIb Tech LLC and principal of AOS Trust, released three working papers on AI governance for regulated enterprises ahead of EU AI Act enforcement for high-risk systems in August 2026. The papers outline a control plane, a continuous-verification certification scheme and an operating model for non-AI-native firms.

Why it matters: - The papers target a core problem for regulated enterprises: proving that AI systems do what policy requires in production, not just on paper. - The release comes ahead of the EU AI Act’s high-risk-system enforcement window, which begins in August 2026. - The work aims to give financial services, insurance, audit and other regulated sectors a deployable governance model.

What happened: - Rami Mohammed Kheir, founder of mAIb Tech LLC and principal of AOS Trust, published three open-access working papers on the operational standard for AI governance. - The papers are part of the AOS-1 Working Paper Series and are archived on Zenodo with permanent DOIs. - The three papers are: The External Governance Layer, AOS-1 Verified, and The GAIO Doctrine. - The papers are available in full at the whitepaper archive and the GAIO paper page.

The details: - The External Governance Layer proposes an out-of-process control plane that intercepts AI agent actions, applies operator policy in milliseconds and writes a tamper-evident audit record. - The paper carries DOI 10.5281/zenodo.20446525. - AOS-1 Verified proposes a continuous-verification certification scheme for AI management systems. - The certification paper argues that annual AI certification is inadequate because AI behavior can drift within a single audit cycle. - AOS-1 Verified carries DOI 10.5281/zenodo.20452961. - The GAIO Doctrine defines the boundary between traditional governance, risk and compliance work and agentic AI work. - The GAIO paper includes a 90-day adoption roadmap for mid-tier audit firms and internal audit functions. - The GAIO paper carries DOI 10.5281/zenodo.20457628. - All three papers are released under the Creative Commons Attribution 4.0 International licence. - The papers are ORCID-linked to 0009-0009-6458-6606. - Kheir also lodged named written submissions with the UK AI Safety Institute, NIST and the European Commission’s AI Office during the week of publication. - The NIST submissions cover the AI Risk Management Framework and the AI 600-1 Generative AI Profile. - The European Commission submission addresses the General-Purpose AI Code of Practice consultation. - The AOS-1 standard is in deployment at first-mover regulated enterprises in financial services, insurance and audit. - AOS-1 Verified is on a published path toward EU AI Act Article 43 notified-body designation via ISO/IEC 17065 accreditation. - The AOS-1 standard version 0.11 was published in May 2026. - AOS-1 consists of 47 controls organized into 15 control families. - The standard maps to eight frameworks: ISO/IEC 42001:2023, the EU AI Act, the NIST AI Risk Management Framework 1.0, the NIST AI 600-1 Generative AI Profile, ISO/IEC 27001:2022, SOC 2, the Colorado AI Act and the Korean AI Framework Act. - The cross-walk is publicly maintained at the AOS-1 crosswalk. - The working papers have also been submitted to SSRN for indexing and abstract distribution.

Between the lines: - Kheir is pushing for governance to become continuous and machine-operational, rather than periodic and document-driven. - The certification angle suggests an attempt to formalize AI assurance in the same way regulated industries already treat security and quality standards. - The public crosswalk to multiple frameworks positions AOS-1 as a unifying layer for firms facing overlapping compliance demands.

What’s next: - The papers are expected to circulate through SSRN indexing and abstract distribution. - The public-comment, versioned standard suggests additional revisions to AOS-1 may follow. - AOS-1 Verified will likely continue toward the accreditation steps needed for notified-body designation in the EU.