Executive Summary
The question is no longer whether Artificial General Intelligence will arrive. The question is whether your organisation will be ready to govern it when it does.
"The governance infrastructure that organisations need for AGI is the same infrastructure they need right now for the agentic AI systems already operating inside their enterprises today. The window to build it is open now — and it will not remain open indefinitely."
Leading AI researchers and the CEOs of the world's most advanced AI laboratories now broadly agree that AGI is likely to emerge within the next two to five years. Anthropic's CEO Dario Amodei has stated publicly that powerful AI systems will emerge in late 2026 or early 2027. OpenAI's Sam Altman has described AGI as arriving "sooner than most people think." Metaculus forecasters assign a 25% probability of AGI arriving by 2029 and a 50% probability by 2031.
This white paper argues that the organisations that build the right governance foundations in the next 12 to 18 months will be positioned to deploy AGI safely, compliantly, and competitively when it arrives. Those that do not will face the same outcome that Gartner predicts for more than 40% of agentic AI projects by 2027: cancellation — not because the technology failed, but because the governance did.
Part One: The AGI Timeline Is Closer Than Most Boards Realise
| Source | Prediction | Confidence |
|---|---|---|
| Dario Amodei, Anthropic CEO | Powerful AI in late 2026 or early 2027 | High (public statement) |
| Sam Altman, OpenAI CEO | "Sooner than most people think" | High (public statement) |
| Metaculus Forecasters (Feb 2026) | AGI by 2029 | 25% probability |
| Metaculus Forecasters (Feb 2026) | AGI by 2031 | 50% probability |
| AI 2027 Research Project | AGI-level in specific domains | 12–24 months |
Boards and executive teams do not need to wait for AGI to arrive to face AGI-level governance challenges. They are already here, in the form of agentic AI. Gartner projects that 40% of enterprise applications will embed task-specific AI agents by the end of 2026 — an eight-fold increase in a single year. The organisations that build the governance infrastructure to manage agentic AI today are building the infrastructure they will need for AGI tomorrow.
Part Two: The Six Governance Gaps That Will Break Under AGI
Gap 1: No Centralised AI Inventory
Most organisations do not have a complete, current record of the AI systems operating inside their enterprise. Under AGI, this gap becomes catastrophic — an ungoverned actor with potentially unlimited capability.
Gap 2: Governance Introduced After Deployment
In most enterprises, AI systems are built first and reviewed later. Gartner's prediction that more than 40% of agentic AI projects will be cancelled by 2027 is largely attributable to this pattern.
Gap 3: No Decision Traceability
When an AI system makes a decision, most organisations cannot reconstruct the reasoning behind it. ASIC's REP 798 identified this gap explicitly. APRA's April 2026 letter called for board-level accountability for AI decisions.
Gap 4: Policy on Paper, Not in Code
Most organisations document their AI governance policies in Word documents and compliance manuals. These documents describe what AI systems should do. They do not actually control what AI systems do.
Gap 5: Undefined Human-in-the-Loop Thresholds
Most organisations have not defined — in technical, enforceable terms — which AI decisions require human approval before execution. Regulators in Australia, the EU, and the United States are already moving toward mandatory human oversight requirements.
Gap 6: No Economic Governance Layer
One large enterprise recently disclosed they are budgeting $20,000 per developer per year in AI tokens today, with projections of $100,000 per developer per year within two years. Under AGI, the economic governance challenge is orders of magnitude larger.
Part Three: The Australian Regulatory Context
| Regulator | Document | Date | Key Requirement |
|---|---|---|---|
| ASIC | REP 798: Beware the Gap | Oct 2024 | AI inventory, consumer harm assessment, governance frameworks |
| ASIC | Open Letter to AFS Licensees | May 2026 | Board-level AI risk discussion; urgency, focus and accountability |
| APRA | Letter to Industry on AI | Apr 2026 | Step-change in AI risk management; information security; supplier risk |
| EU | EU AI Act (2024/1689) | Aug 2024 | Risk-based framework; human oversight; audit trails; technical documentation |
| ISO | ISO 42001:2023 | Dec 2023 | AI management system standard; benchmark for governance maturity |
"For APRA-regulated entities — banks, insurers, and superannuation funds — AI governance is now a prudential risk management obligation, not a discretionary best practice. The enforcement clock is already running."
Part Four: The Five Pillars of AGI-Ready Governance
Pillar 1: Real-Time AI Inventory and Observability
Every AI system operating inside the enterprise must be registered, monitored, and attributable to a business owner. This requires a technical control layer that intercepts and logs AI interactions in real time. You cannot enforce policy on a system you cannot see.
Pillar 2: Policy-as-Code Enforcement
Governance policies must be technically enforced at the point of execution. Every AI request is evaluated against machine-readable policies before it is executed — preventing PII from reaching unauthorised models, restricting model use to approved cases, and enforcing budget caps in real time.
Pillar 3: Immutable Decision Audit Trail
Every AI decision must be recorded in an immutable, timestamped audit trail that can be produced on demand for regulatory review, legal proceedings, or internal investigation. For AGI-level systems making consequential decisions autonomously, this audit trail is the primary mechanism of accountability.
Pillar 4: Human-in-the-Loop Architecture
Organisations must define, in technical and enforceable terms, the risk thresholds above which AI decisions require human review and approval before execution. These thresholds must be embedded in the governance infrastructure, not left to individual discretion.
Pillar 5: Economic Governance and Cost Attribution
Every AI interaction must be attributed to a cost centre, project, team, or individual, with budget caps that enforce automatically in real time. As AI systems become more autonomous, economic governance becomes a risk management function, not just a finance function.
Part Five: AGI Governance Readiness Self-Assessment
| Pillar | Level 1: Unprepared | Level 2: Developing | Level 3: AGI-Ready |
|---|---|---|---|
| AI Inventory | No central record; self-reported at best | Partial inventory; some systems registered | Real-time, technically enforced inventory of all AI interactions |
| Policy Enforcement | Policies documented but not enforced | Some technical controls; gaps exist | Policy-as-code enforced at infrastructure layer for all AI interactions |
| Audit Trail | No systematic record of AI decisions | Partial logging; not immutable or complete | Immutable, timestamped, complete audit trail for every AI interaction |
| Human-in-the-Loop | No defined thresholds; ad hoc | Some thresholds defined but not enforced | Risk-based thresholds technically enforced; escalation paths defined |
| Economic Governance | No cost attribution; monthly invoice surprise | Some attribution; no real-time enforcement | Real-time attribution and budget caps enforced at execution |
Most Australian enterprises are currently at Level 1 or Level 2 across all five pillars. The regulatory expectation from ASIC and APRA is Level 2 minimum, with a clear trajectory toward Level 3. AGI will require Level 3 across all pillars.
Part Six: How Songlines Control® Delivers AGI-Ready Governance
Songlines Control® operates as a provider-agnostic governance layer that sits between your organisation and every AI model you use — OpenAI, Anthropic, Azure OpenAI, AWS Bedrock, Google Gemini, and any other provider — enforcing governance policies in real time, building the audit trail automatically, and providing complete visibility into AI spend and usage.
| Pillar | Songlines Capability | Business Impact |
|---|---|---|
| AI Inventory | Real-time executive dashboard showing every model, team, and request | Board directors can answer "What AI are we running?" in seconds. Shadow AI is visible and governable from first use. |
| Policy-as-Code | Pre-built policy templates for PII, sovereignty, model restriction, approval gates, and cost caps — enforced at infrastructure layer | Policies cannot be bypassed by individual developers or applications. Compliance is technical, not aspirational. |
| Audit Trail | Immutable, timestamped log of every prompt, model, policy, and response — exportable for regulatory review | Directly addresses ASIC REP 798 and APRA April 2026 requirements. Evidence base for board accountability. |
| Human-in-the-Loop | Configurable approval gates that hold requests pending human review when risk thresholds are triggered | Implements APRA and ASIC human oversight requirements without requiring changes to developer workflows. |
| Economic Governance | Real-time cost attribution by team, project, and user; budget caps that enforce automatically | Eliminates end-of-month invoice surprises. Songlines Gateway reduces token spend by 30–60%. |
Part Seven: A Practical 90-Day Action Plan
| Timeframe | Action | Owner |
|---|---|---|
| Days 1–30 | Deploy a real-time AI inventory: instrument your environment to capture all AI interactions across all providers | CTO / CISO |
| Days 1–30 | Commission a board-level AI governance briefing aligned to ASIC and APRA requirements | CEO / Board |
| Days 30–60 | Implement policy-as-code for PII detection, model restriction, and cost attribution | CTO / CISO |
| Days 30–60 | Define human-in-the-loop thresholds for high-risk AI decisions | CRO / Legal |
| Days 60–90 | Produce first board-ready AI governance report with full AI inventory and policy compliance status | CRO / CTO |
| Days 60–90 | Initiate ISO 42001 gap assessment and roadmap to certification | CRO / Compliance |
Download the Full White Paper
Get the complete 10-page strategic brief including all five AGI governance pillars, the self-assessment framework, and the full 90-day action plan.
Download White Paper (PDF)References: Dario Amodei, Machines of Loving Grace (2024); Gartner Predicts 2026; ASIC REP 798 (Oct 2024); ASIC Open Letter to AFS Licensees (May 2026); APRA Letter to Industry on AI (Apr 2026); EU AI Act (2024/1689); ISO 42001:2023; Metaculus Forecasters (Feb 2026); AI 2027 Research Project.