Regulatory change management (RCM) is the continuous discipline of detecting regulatory change at its source, interpreting it into specific obligations, and operationalizing those obligations through policies, controls, and evidence before deadlines hit. It allows organizations to anticipate regulatory shifts, maintain compliance, and avoid penalties while reducing firefighting and enabling growth.
That's exactly what the UK's updated Corporate Governance Code, specifically Provision 29, now asks of boards. And if your organization has any connection to the UK (a subsidiary, a trading relationship, UK operations, or UK customers), you need to understand what it means for the GRC program you run every day.
An AI inventory is the controlled record of AI systems and AI-enabled capabilities used across the organization — recording what each system does, who owns it, what data it touches, what controls apply, and whether it is governed. Without it, risk classification, control design, regulatory registration, and board reporting all sit on a weak foundation.
