Below is an outline of Enterprise Architect (EA) activities aligned with the TOGAF® Standard, 10th Edition Architecture Development Method (ADM) that incorporate essential AI governance tasks. The goal is to ensure the development of safe, explainable AI solutions—and their compliant implementation and operations—while adhering to broader architectural best practices.

1. Preliminary Phase

Key EA Activities

• Establish AI Governance Framework:
  • Define high-level principles for AI usage (ethical, explainable, compliant with EU AI Act).
  • Document initial roles/responsibilities (e.g., who owns AI oversight, data governance, compliance monitoring).
• Assess Organizational Readiness:
  • Conduct a maturity assessment for AI operations, data governance, security, and risk management practices.
  • Identify key stakeholders, including Legal, Risk, Compliance, Security, and Data Science teams.
• Define High-Level AI-Related Requirements:
  • Outline expectations for explainability, fairness, and data privacy that all AI initiatives must meet.
  • Align with enterprise vision, strategic drivers, and compliance obligations.

Outcome: A foundational AI governance approach and initial stakeholder alignment, ensuring the enterprise is prepared to integrate AI considerations throughout the ADM.

2. Phase A: Architecture Vision

Key EA Activities

• Scope AI Initiatives:
  • Identify prospective AI solutions or enhancements (e.g., generative AI use cases, Guardian Agents/AI Overseers).
• Set AI Governance Objectives:
  • Incorporate AI compliance, bias mitigation, and risk management objectives into the overall architecture vision.
• Create High-Level AI Oversight Model:
  • Outline how Guardian Agents or AI governance tooling will integrate with existing enterprise architecture.
• Outline Business Value & Risk:
  • Summarize expected ROI from AI solutions and highlight compliance or ethical risks to guide priority-setting.

Outcome: A vision for how AI initiatives (and their governance) fit within the broader enterprise strategy—ensuring stakeholders agree on scope, objectives, and compliance imperatives.

3. Phase B: Business Architecture

Key EA Activities

• Model Business Processes & AI Use Cases:
  • Map where AI capabilities will transform or support business processes (e.g., automated decision-making, generative text for customer service).
• Define Policy and Compliance Requirements:
  • Derive business requirements tied to the EU AI Act, data ethics, and organizational risk appetite.
  • Document the need for “meaningful human oversight” where relevant (especially for high-risk AI applications).
• Capture Stakeholder Perspectives:
  • Ensure buy-in from executives, process owners, and compliance/legal for specific AI-driven changes.
• Establish AI-Related KPIs:
  • Determine success measures (e.g., improvement in turnaround time, reduced bias incidents) and how AI oversight will verify them.

Outcome: Clear business requirements and processes that incorporate AI solutions with well-defined compliance checkpoints, facilitating further architectural detail in subsequent phases.

4. Phase C: Information Systems Architecture

(Data Architecture & Application Architecture)

Key EA Activities

1. Data Architecture
   • Data Governance Integration:
     • Specify how data lineage, quality controls, and privacy constraints are enforced to support AI compliance (EU AI Act, GDPR).
   • Metadata & Access Management:
     • Define how AI Guardian Agents utilize metadata (e.g., data provenance, user permissions) to detect unauthorized data usage or data drift.
   • AI Data Lifecycle:
     • Ensure data retention, anonymization, or deletion policies align with both business needs and legal standards.
2. Application Architecture
   • Application Components & AI Modules:
     • Identify which applications embed AI models or generative components (e.g., chatbots, recommendation engines).
     • For each, plan integration with Guardian Agents (monitoring, controlling outputs, enforcing thresholds).
   • Explainability and Observability:
     • Define how AI modules expose logs or model interpretation features for review/audit by Guardian Agents or compliance teams.

Outcome: A robust data & application blueprint where AI components are governed from ingestion to inference, with oversight tools and processes embedded in the architecture.

5. Phase D: Technology Architecture

Key EA Activities

• Reference Architecture for AI Oversight:
  • Incorporate Guardian Agents (or similar AI governance platforms) into the enterprise’s overall tech stack (e.g., MLOps pipelines, security layers).
• Security and Infrastructure Requirements:
  • Specify how the infrastructure (cloud, on-prem, hybrid) must support real-time AI monitoring and secure data handling.
  • Plan for scalability, ensuring high-volume AI inference can be monitored without performance bottlenecks.
• Compliance and Security Hardening:
  • Define technical controls (e.g., encryption, event-driven alerts, role-based access) that Guardian Agents will enforce.
  • Outline how incident response protocols incorporate AI-related anomalies or adversarial attacks.

Outcome: A technology architecture that fully integrates AI governance capabilities—covering compute, storage, networking, and security layers essential for safe and explainable AI.

6. Phase E: Opportunities & Solutions

Key EA Activities

• Evaluate AI Governance Tools:
  • Assess vendor solutions or in-house builds for AI monitoring, bias detection, or drift analysis.
  • Identify potential “Guardian Agent” frameworks that fit the established data/app/tech architectures.
• Prioritize AI Governance Projects:
  • Create a roadmap that balances compliance-critical capabilities (e.g., high-risk models) with high-value opportunities.
  • Consider cost, impact, and regulatory deadlines (e.g., EU AI Act compliance timelines).
• Solution Architecture Prototypes:
  • Design prototypes or proofs of value focusing on crucial AI governance aspects (bias detection, explainability, real-time auditing).

Outcome: A set of solution options and a recommended approach to embed AI governance and Guardian Agents across the portfolio—supported by cost-benefit analysis and compliance requirements.

7. Phase F: Migration Planning

Key EA Activities

• Define Implementation Steps:
  • Sequence AI governance initiatives (e.g., integrate Guardian Agents for the most critical use cases first).
  • Outline short-, mid-, and long-term milestones (e.g., model audits, bias scanning rollout, full operationalization of Guardian Agents).
• Estimate Resources & Budget:
  • Factor in the cost of additional AI governance tooling, training, and transitional overhead (e.g., data cleanup, policy refinement).
• Risk Mitigation Strategies:
  • Plan fallback approaches if certain Guardian Agent functionalities or compliance checks are delayed or show unexpected complexity.

Outcome: A practical migration roadmap that coordinates new AI governance implementations with existing enterprise-wide transformation efforts, ensuring continuity and minimal disruption.

8. Phase G: Implementation Governance

Key EA Activities

• Oversee AI Governance Execution:
  • Validate that development teams implement Guardian Agent integrations and compliance checks as per architectural specifications.
• Enforce Policies & Standards:
  • Regularly audit AI solutions in development to confirm they align with defined thresholds for bias, explainability, and security.
  • Confirm that needed logs, metrics, and oversight features are operational before go-live.
• Coordinate with DevSecOps & MLOps:
  • Ensure Guardian Agents are part of the CI/CD pipeline, testing procedures, and post-deployment monitoring.
• Review & Approve Changes:
  • Assess change requests (e.g., new AI features, data expansions) for alignment with AI governance principles and compliance requirements.

Outcome: AI solutions move into production safely, with ongoing alignment to compliance rules and the architectural vision for governance, thereby reducing unplanned rework or risk exposures.

9. Phase H: Architecture Change Management

Key EA Activities

• Monitor Post-Deployment AI Performance:
  • Ensure the Guardian Agent is capturing logs, drift, anomalies, or new forms of bias in real time.
  • Adjust thresholds or policies if the environment or data changes significantly.
• Regulatory and Technology Updates:
  • Track updates to EU AI Act guidelines or new organizational requirements, refining governance rules as needed.
  • Plan for potential expansions (e.g., new business units adopting AI, more advanced generative models).
• Continuous Improvement:
  • Incorporate lessons learned into updated reference architectures, best practices, and training sessions.
  • Periodically revalidate cost-benefit analyses and ensure AI governance solutions continue to deliver ROI and compliance benefits.

Outcome: A living architecture that evolves alongside new AI technologies, shifting business needs, and regulatory changes—ensuring sustained safety, explainability, and compliance over time.

Conclusion

By embedding AI governance tasks and Guardian Agent integrations into each TOGAF 10 ADM phase—from initial readiness in the Preliminary Phase to ongoing compliance in Architecture Change Management—Enterprise Architects can systematically deliver:

• Safe & Explainable AI: Through rigorous data architecture, model oversight, and policy enforcement.
• Compliance with the EU AI Act: By integrating compliance checkpoints, risk mitigation measures, and transparent audit trails.
• Sustainable AI Operations: With automated monitoring (Guardian Agents) and continuous architecture management that adapt to new technological or regulatory demands.

This holistic approach aligns AI governance with the enterprise’s overall architectural vision, ensuring that advanced AI capabilities remain reliable, secure, and trusted in every stage of the transformation journey.

Authored by Alex Wyka, EA Principals Senior Consultant and Principal