AI has become an active participant in the workplace, but as organizations race to deploy AI assistants, meeting notetakers, and agentic AI, governance is struggling to keep pace.
The scale of the challenge is highlighted in the findings from 500 IT and compliance leaders in Theta Lake’s 7th Annual Digital Communications Governance Report. Nearly all financial services firms (99%) plan to expand AI usage, yet 88% are already experiencing AI governance and data security challenges—creating a major obstacle to adoption. Establishing AI governance early enables organizations across all industries, regulated or not, to accelerate AI adoption.
There are the AI communications governance trends that will define 2026—and that organizations must be prepared for:
1. AI Will Be Treated as a “Participant” in Workplaces
In 2026, AI will no longer be viewed as a background productivity feature—it will be treated as an active participant in day-to-day communications.
With nearly all firms planning to implement or expand AI capabilities within Unified Communications and Collaboration (UCC) platforms, volumes of ‘aiComms’, a new category of communications, will increase significantly. These are not limited to “internal only” or “temporary” interactions—AI is drafting emails for clients, surfacing data in response to prompts, and summarizing client meetings. Moreover, AI interactions are typically conversational, unfolding over time as prompts change in response to prior outputs. Isolated prompt-response pairs limit the full context needed for meaningful oversight.
AI-generated interactions related to regulated business activity must be captured, supervised, and archived, just like a human participant, requiring controls that capture AI interactions in context and apply supervision at the point of creation.
2. Human-to-AI, and AI-to-AI Behaviors Will Require Oversight
This year, governance will focus not only on what AI produces but on how employees interact with AI.
New behaviors are emerging as employees interact with AI tools, including increasing attempts to bypass organizational or system-level guardrails. Techniques like “Jailbreaking” are used to access restricted information, override safeguards, or influence outputs in unintended ways.
Even when guardrails are in place, AI systems can inadvertently expose PII, client data, MNPI, or confidential internal documents. This makes two questions central to AI governance: Has sensitive data been exposed? and Is AI-generated content safe and compliant?
To answer these questions, firms need visibility into prompts, outputs, and behaviors. Content inspection must detect when confidential information appears where it should not, identify attempts to obtain or inject sensitive data, and flag use of unsanctioned AI tools. Without this visibility, risky behavior remains invisible, and unmanaged.
3. Organizations Will Demand Certified AI, Not Marketing Claims
As AI transforms productivity, the focus is shifting from whether to use AI, to proving it is governed responsibly. In an environment of “AI-washing,” firms are no longer satisfied with vendor assurances. Independent verification is becoming essential and will drive demand for ISO/IEC 42001 certification, one of the world’s first international standards for AI management systems.
ISO 42001 provides verifiable assurance of governance maturity and responsible AI development, and a certifiable, evidence-based way for vendors to show they are safeguarding their clients’ most valuable information. It aligns closely with emerging regulation, including the EU AI Act, offering an auditable pathway to demonstrate compliance.
In 2026, certified AI governance will be a requirement for any clients, partners, boards or regulators seeking confidence in how AI is deployed.
4. Regulators Will Explicitly Review aiComms as Part of Supervision
Regulators have been consistent: AI does not change accountability.
FINRA’s 2026 Annual Regulatory Oversight Report introduces a dedicated section on “GenAI: Continuing and Emerging Trends,” signalling that AI governance has moved firmly into supervisory scope. The report reinforces existing guidance that firms remain responsible for communications regardless of whether they are generated by humans or AI. Similarly, in the UK, the FCA has reiterated that existing regulatory frameworks apply to AI-enabled activities.
With 88% of firms already facing AI governance and data security challenges, regulators will increasingly expect organizations to demonstrate that they can:
- capture and archive regulated AI-generated communications
- supervise AI outputs with the same rigor as human content
- maintain clear controls over how AI tools are implemented and used
Accuracy and regulatory compliance of AI-generated content—already the top challenge cited by firms—will be a growing focus in examinations and enforcement.
5. AI Governance Will Require a Unified, Cross-Platform Strategy
In 2026, AI governance strategies will need to reflect the reality of AI sprawl.
Most organizations already rely on multiple collaboration platforms, with 82% using four or more UCC tools. AI capabilities are now embedded directly into platforms such as Microsoft Teams, Zoom, Webex, and RingCentral—often with overlapping and interacting AI capabilities.
This creates a new risk: fragmented governance. When AI is governed tool by tool, blind spots and inconsistent controls emerge—particularly as AI systems begin interacting with each other across platforms.
Effective governance will require a unified approach, ensuring AI-generated content is captured and reviewed consistently, regardless of where it originates. Whether interactions are human-to-AI or AI-to-AI, the same governance and regulatory considerations apply. Organizations need confidence that oversight is applied evenly across the digital workplace, not limited to isolated systems.
Looking Ahead
AI is transforming not only how communications are created, but how they must be governed, supervised, and explained.
Many organizations already recognise that they lack sufficient visibility into AI interactions. Without oversight of prompts, behaviours, and downstream outputs, risks remain undetected. Closing this gap will require governance capabilities designed specifically for aiComms—capable of detecting, inspecting, and remediating risk.
Firms that ensure governance is in place will be best positioned to unlock the full value of AI with confidence and meet any regulatory expectations that apply.
