Engaged Ai Governance; Addressing The Last Mile Challenge Through Ineternal Expert Collaboration

Chunk 0

--- Page 1 --- Engaged AI Governance: Addressing the Last Mile Challenge Through Internal Expert Collaboration SIMON JARVERS, Technical University of Munich, Germany ORESTIS PAPAKYRIAKOPOULOS, Technical University of Munich, Germany Under the EU AI Act, translating AI governance requirements into software development practice remains challenging. While AI governance frameworks exist at industry and organizational levels, empirical evidence of team-level implementation is scarce.

Chunk 1

We address this “Last Mile” Challenge through insider action research embedded within an AI startup. We present a legal-text-to-action pipeline that translates EU AI Act requirements into actionable strategies through internal expert collaboration by extracting requirements from legal text, engaging practitioners in assessment and ideation, and prioritizing implementation through collective evaluation.

Chunk 2

Our analysis reveals three patterns in how practitioners perceive regulatory requirements: convergence (compliance aligns with development priorities), existing practice (current work already satisfies requirements), and disconnection (requirements perceived as administrative overhead). Based on these patterns, we discuss when governance might be treated genuinely or performatively.

Chunk 3

Practitioners prioritize requirements that serve end-users or their own development needs, but view verification-oriented requirements as box-ticking exercises. This distinction suggests a translation challenge: regulatory requirements risk superficial treatment unless practitioners understand how compliance serves system quality and user protection.

Chunk 4

Expert collaboration offers a practical mechanism for transforming governance from external imposition to shared ownership and making previously invisible governance work visible and collective. CCS Concepts: • Social and professional topics →Governmental regulations; • Software and its engineering → Collaboration in software development.

Chunk 5

Additional Key Words and Phrases: AI Governance, AI Regulation, EU AI Act, Participatory Design, Expert Collaboration, Implementation Research, Action Research, SMEs ACM Reference Format: Simon Jarvers and Orestis Papakyriakopoulos. 2026.

Chunk 6

Engaged AI Governance: Addressing the Last Mile Challenge Through Internal Expert Collaboration. In The 2026 ACM Conference on Fairness, Accountability, and Transparency (FAccT ’26), June 25–28, 2026, Montreal, QC, Canada.

Chunk 7

ACM, New York, NY, USA, 24 pages. https://doi.org/10.1145/3805689.3812341 1 Introduction The European landscape of AI governance is undergoing a fundamental transformation.

Chunk 8

After years of voluntary principles, the EU AI Act (Regulation 2024/1689) establishes mandatory requirements for AI systems operating in European markets. High-risk AI systems now face legally binding obligations for technical documentation, data governance, risk management, transparency, performance evaluation, human oversight, and continuous monitoring.

Chunk 9

However, regulation alone does not ensure responsible AI, as companies may evade and avoid obliga- tions [38], or develop a “fine is a price” attitude [24]. Scholars therefore emphasize socio-technical solutions that embed ethical responsibility for all stakeholders who are involved in the design, development, and maintenance Authors’ Contact Information: Simon Jarvers, simon.jarvers@tum.de, Technical University of Munich, Professorship for Societal Computing, Munich, Germany; Orestis Papakyriakopoulos, orestis.p@tum.de, Technical University of Munich, Professorship for Societal Computing, Munich, Germany.

Chunk 10

This work is licensed under a Creative Commons Attribution 4.0 International License. FAccT ’26, Montreal, QC, Canada © 2026 Copyright held by the owner/author(s).

Chunk 11

ACM ISBN 979-8-4007-2596-8/2026/06 https://doi.org/10.1145/3805689.3812341 arXiv:2604.21554v1 [cs.AI] 23 Apr 2026 --- Page 2 --- FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Jarvers & Papakyriakopoulos of AI systems [8, 13, 30, 31]. Without such integration, the pattern observed with voluntary principles may repeat: formal compliance without meaningful change [14, 17, 25].

Chunk 12

Industry Level Regulations, Standards, Ethical principles Organization Level Governance structures, Company policies, Management systems “Last Mile” Challenge Team Level Development practices, Daily decisions Research focus: Insider access to team-level implementation Fig. 1.

Chunk 13

AI Governance Levels and the “Last Mile” Challenge. AI governance operates at three levels: industry (regulation and standards), organizational (policies and management systems), and team (development practices).

Chunk 14

Research concentrates on accessible upper levels through policy analysis and framework development. The transition from organizational policies to team practices presents the “Last Mile” Challenge, where proprietary processes and competitive concerns limit external research access [34].

Chunk 15

Our insider action research addresses this gap through embedded access to development team processes. To understand how regulatory requirements are implemented into real-world AI systems, the process can be divided into three levels [22, 35]: AI governance requirements are developed at (1) the industry level through regulation and standards, adapted by companies at (2) the organizational level through policies and management systems, but must ultimately be implemented on (3) the team level by developers who build AI systems day-to- day.

Chunk 16

This last step bears the risk of superficial compliance: When governance is imposed externally rather than integrated into development workflows, practitioners may lack ownership and treat requirements accordingly. We call this disconnect between organizational policies and team-level practice the “Last Mile” Challenge in AI governance, borrowing from logistics where reaching individual destinations proves disproportionately difficult compared to establishing distribution infrastructure.

Chunk 17

The core challenge is developing methods that foster meaningful integration rather than performative compliance. Expert collaboration represents one such method.

Chunk 18

This is why we ask the research question: How can collaborative workshops empower technical teams to integrate AI governance requirements into existing software development workflows? Related research has concentrated on the more accessible upper levels, analyzing regulatory frameworks and proposing ethical principles.

Chunk 19

Empirical implementation research remains scarce [6]: existing work typically interviews practitioners about challenges [1, 32, 36] rather than testing solutions, and most proposed frameworks lack real-world validation [3, 21, 26]. The team level presents particular access challenges: organizations protect proprietary processes, and competitive pressure limits transparency [34].

Chunk 20

Studying how governance actually becomes embedded in development practice requires access that external researchers rarely obtain. Methodologically, this paper employs insider action research to address both the access challenge and the implementation problem.

Chunk 21

Insider action research is an approach where researchers who are members of an organization study processes within that organization while actively participating in them [9, 23]. We present a “legal-text-to-action” pipeline for integrating AI governance requirements into software development workflows, tested in a resource-constrained startup environment.

Chunk 22

The core of this process constitutes a collaborative workshop engaging the development team in assessing EU AI Act requirements, ideating implementation strategies, and prioritizing actions. We capture practitioners’ opinions via a pre- and post-workshop survey and report the implementation of three requirements through detailed follow-up tracking of real-world actions.

Chunk 23

--- Page 3 --- Engaged AI Governance Through Internal Expert Collaboration FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Our findings suggest that expert collaboration can surface alignments between regulatory obligations and existing development priorities. For some requirements, participants identified concrete synergies with product quality goals, while others were perceived as administrative overhead.

Chunk 24

We discuss how practitioners’ understand- ing of who benefits from regulatory requirements influences the quality of governance engagement, and the value of internal expert collaboration in surfacing these connections. The structure of the paper follows the action research cycle of diagnosing, planning action, taking action, and evaluating action, as illustrated in Figure 2.

Chunk 25

Context and Purpose Section 2 Organizational setting, insider positioning Diagnosing Section 3 Literature review, gap identification Planning action Section 4 Requirement translation, workshop design Taking action Section 5 Workshop execution, implementation tracking Evaluating action Section 6 Strategy refinement, outcome discussion Fig. 2.

Chunk 26

Action Research Cycle mapped to paper structure. Adapted from Coghlan and Brannick [9].

Chunk 27

2 Context and Purpose Research Context. The research was conducted at an AI startup developing training and execution support solutions for industrial environments.

Chunk 28

The company employs approximately ten people in development and related roles, holds ISO 27001 and ISO 42001 certifications, and while current products do not fall into EU AI Act high-risk categories, leadership decided to prepare proactively for potential future requirements. The first author holds dual roles as (1) AI Governance Officer responsible for developing and implementing governance frameworks, and (2) researcher investigating AI governance implementation.

Chunk 29

This arrangement provides direct access to governance processes as they unfold. Organizational Governance Context.

Chunk 30

The company’s ISO 420011 certification establishes organizational- level governance structures: policies, procedures, and commitments to develop and use AI responsibly. However, a management system standard and product safety law operate at different levels.

Chunk 31

ISO 42001 certifies that an organization has processes for governing AI, analogous to how ISO 9001 certifies quality management without specifying what any particular product must do. The EU AI Act, by contrast, mandates requirements per AI system: what it must log, how it must be documented, what transparency it must provide.

Chunk 32

Holding organizational certification does not automatically translate into team-level awareness of these product-level requirements. This disconnect is the “Last Mile” gap our research investigates.

Chunk 33

The Dual Purpose of Action Research. Action research combines problem solving with knowledge genera- tion.

Chunk 34

Coghlan and Brannick define it as “an approach to research which is based on a collaborative problem-solving relationship between researcher and client which aims at both solving a problem and generating new knowl- edge” [9]. Both dimensions are present in our study.

Chunk 35

The problem-solving dimension addresses a practical challenge: making AI governance actionable within a resource-constrained Small and Medium-sized Enterprise (SME) and integrating it into existing software 1ISO/IEC 42001:2023 is the International Standard for AI management systems. It is not officially recognized as a harmonized European Standard and therefore not sufficient for complete high-risk EU AI Act compliance.

Chunk 36

For more information, see https://www.iso.org/home/insights- news/resources/iso-42001-explained-what-it-is.html --- Page 4 --- FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Jarvers & Papakyriakopoulos development workflows rather than maintaining it as a separate compliance function. We do not claim our approach achieves complete AI Act compliance nor do we want to present a framework for an AI Act conformity assessment.

Chunk 37

Rather, we seek a workable path toward compliance given typical SME constraints. The knowledge-generation dimension produces insights extending beyond the immediate organizational context.

Chunk 38

Through systematic evaluation and reflection, we document how collaborative engagement functions as a mechanism for governance integration. As Coghlan and Brannick note, “the value in action research is not whether the change process was successful or not, but rather that the exploration of the data provides useful and interesting theory” [9].

Chunk 39

Managing Insider Positioning. The insider position creates tensions between organizational responsibilities and research objectives.

Chunk 40

Coghlan [23] identifies three challenges: preunderstanding (assumptions from organi- zational experience that may create blind spots), role duality (managing organizational membership alongside research), and organizational politics (navigating confidentiality and career considerations). We address these through several mechanisms.

Chunk 41

An external researcher co-facilitated the workshop, providing independent observation. Academic supervision ensures methodological decisions are reviewed independently of operational pressures.

Chunk 42

The research objective does not conflict with company interests: the goal is investigating whether expert collaboration enhance governance practices, not demonstrating that compliance has been achieved. Findings revealing challenges or limitations are as valuable as findings showing success.

Chunk 43

3 Diagnosing Following the action research cycle, this section diagnoses the landscape of AI governance implementation to identify gaps that motivate our intervention. 3.1 The Challenge of Translating Regulations into Actions Translating regulatory requirements into development practice remains a persistent challenge.

Chunk 44

Academic work has produced valuable frameworks addressing this translation at different levels. Shneiderman [35] proposed a three-layer governance structure with recommendations across team, organization, and industry levels.

Chunk 45

Lu et al. [22] developed patterns operationalizing ethics principles into governance, process, and design categories.

Chunk 46

Addressing the EU AI Act specifically, co-design approaches have produced impact assessment templates [7] and justice-oriented toolkits through expert collaboration [15]. These efforts engage compliance experts or cross-sectoral stakeholders in creating tools for development teams.

Chunk 47

Our work complements this by empirically studying what happens when an existing development team engages with regulatory requirements directly, capturing practitioner perceptions and prioritization dynamics during team-level operationalization. Beyond academic frameworks, official and practitioner resources provide additional guidance.

Chunk 48

The EU AI Act Service Desk offers compliance checkers and requirement explorers, though these operate at the policy interpretation level rather than offering team-level implementation guidance. At the time of this study the official harmonized European Standards that would provide concrete technical specifications remain under development.

Chunk 49

ISO 42001, a globally recognized AI Management System standard, offers organizational-level structure but is not approved by the EU AI Office as a harmonized standard for AI Act compliance. Practitioner resources such as the AppliedAI white paper on AI Act governance2 provide practical orientation, though evaluating and adapting such resources creates its own burden for resource-constrained organizations.

Chunk 50

A gap persists between these resources and implementation. Much analysis remains at the level of organizational recommendations without attention to how requirements integrate into development workflows.

Chunk 51

When tools are proposed, empirical validation of their effectiveness in actual development contexts is rare [6, 21]. The challenge is not lack of frameworks but lack of evidence about how they function when teams actually use them.

Chunk 52

2https://www.appliedai.de/en/insights/ai-act-governance-best-practices-for-implementing-the-eu-ai-act/ --- Page 5 --- Engaged AI Governance Through Internal Expert Collaboration FAccT ’26, June 25–28, 2026, Montreal, QC, Canada More recently, the “bridging the gap” metaphor itself has been challenged. Ruster and Davis [33] argue through fieldwork with three AI startups that principles and practices are not separated by a chasm but are “integrated, nonlinear, and dynamically evolving.” We support this distinction: governance implementation is not a one-time crossing but an ongoing process of negotiation.

Chunk 53

Our intervention tests one mechanism for supporting this ongoing negotiation. 3.2 Internal Expert Collaboration versus External Participation Participation is a significant topic in FAccT research.

Chunk 54

The “participatory turn” in AI design has produced frame- works mapping modes of participation to goals, scope, and forms of engagement [5, 11, 19] and has recently also been examined in the context of the EU AI Act [37]. However, terminological ambiguity obscures important distinctions.

Chunk 55

Kallina et al. [18] argue that clearer terminology is “crucial to avoid confusion and ‘ethics washing’,” proposing distinctions among others between participatory development (involving affected communities), and expert involvement (consulting domain experts).

Chunk 56

Most FAccT research on participation focuses on external stakeholder participation: engaging end-users, affected communities, and civil society in shaping AI systems. The power dynamic concerns those potentially harmed by AI gaining voice in decisions affecting them.

Chunk 57

This work addresses democratic legitimacy and the redistribution of decision-making power. Studies find that such external participation faces structural tensions with commercial priorities, with stakeholder involvement often driven by business interests rather than justice concerns [18].

Chunk 58

Our focus differs. We investigate internal expert collaboration in implementing AI governance requirements, where participants are development team members.

Chunk 59

Following Kallina et al.’s terminology, this constitutes expert involvement, though we extend this concept to collaboration as participants actively co-design governance strategies. The goal is implementation effectiveness and distributed ownership rather than democratic legitimacy.

Chunk 60

This approach draws from Scandinavian participatory design traditions, which emerged in workplace contexts to involve workers in designing technologies affecting their labor [2]. In our case, the affected stakeholders are software engineers who are expected to adhere to the AI governance frameworks.

Chunk 61

Three benefits emerge from the literature for this approach: developers possess domain knowledge about workflows that governance officers may lack [29]; collaborative strategies face less resistance than imposed requirements [1]; and the collaborative process surfaces assumptions and creates shared understanding [12]. We do not suggest that internal expert collaboration is sufficient for responsible AI development.

Chunk 62

External stakeholder engagement addresses concerns internal teams cannot: ensuring affected communities have voice, identifying harms invisible to developers, and providing democratic accountability. Internal expert collaboration addresses a different problem: ensuring governance becomes embedded in practice rather than remaining a superficial documentation and box-ticking exercise.

Chunk 63

3.3 Diagnosis The preceding analysis motivates our intervention along both dimensions of action research. Problem-solving Dimension.

Chunk 64

Despite valuable frameworks for translating legal requirements into organiza- tional practice, a persistent challenge remains: making governance actionable within development teams given real-world constraints. In the remaining paper we present how we developed and evaluated one potential solution to this challenge suitable to our context: a focused workshop format that creates explicit space for bridging work—the iterative labor required to translate between different stakeholders’ perspectives—seeks alignment between regulatory requirements and existing development priorities, and fits within the time and resource constraints of a small organization.

Chunk 65

Knowledge-generation Dimension. Three gaps in current understanding motivate our research.

Chunk 66

First, while frameworks exist, empirical evidence of how governance integration actually unfolds when development teams --- Page 6 --- FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Jarvers & Papakyriakopoulos 1 2 3 4 5 Legal Text • Scope: Art. 9-15, 50, 72, and Annex IV • Adapt to company- specific context Preparation Actions • Strategy refinement for implementation pipeline • Actions per requirement • Translation to Jira tickets Post-processing Requirements • Presentation of AI Act and workshop structure • 14 requirements in 6 themes Workshop Assessment • Assess current practice and development need • Draft aligned strategies • Breakout in small groups Prioritization • Trade-off discussion on impact-effort matrix • Plenary discussion Fig.

Chunk 67

3. From legal text to action: A translation pipeline for operationalizing EU AI Act requirements.

Chunk 68

The collaborative workshop forms the core of this pipeline, where practitioners learn about AI Act requirements, brainstorm implementation strategies grounded in current practices and development needs, and prioritize generated strategies based on impact and effort. engage with requirements remains scarce.

Chunk 69

Second, team-level implementation is under-researched because access is difficult; our insider positioning addresses this directly. Third, participatory approaches in AI governance have focused primarily on external stakeholder engagement; how internal expert collaboration functions as a mechanism for governance integration is less understood.

Chunk 70

4 Planning Action Translating legislation into team-level practices presents a core challenge for AI governance implementation. This section describes our approach to that transformation.

Chunk 71

Figure 3 illustrates the pipeline from legal text to actionable governance practices through five steps: preparation, presentation, assessment, prioritization, and post-processing. The collaborative workshop sits at the center of this pipeline, engaging the development team in translating requirements into strategies aligned with their existing work.

Chunk 72

4.1 From Legal Text to Requirements Given the limitations of existing resources outlined in Section 3.1, we worked directly with the legal text. After conducting an AI Act risk classification, we assessed Articles 9–15, 50, 72, and Annex IV as most relevant from the developer perspective.

Chunk 73

Building on prior work by the first author, which included consultation with legal scholars to address interpretive ambiguities, we extracted and consolidated the relevant provisions into specific requirements. The scope was deliberately bounded: the goal was not to produce an exhaustive conformity assessment, but to identify requirements that could meaningfully inform development team practices.

Chunk 74

Require- ments primarily concerning organizational leadership (governance structures, resource allocation) or external verification (conformity assessment, market surveillance) were set aside for separate treatment. --- Page 7 --- Engaged AI Governance Through Internal Expert Collaboration FAccT ’26, June 25–28, 2026, Montreal, QC, Canada This extraction produced 14 high-level requirements organized into six thematic pillars: Technical Documen- tation, Data Governance, Risk Management, Transparency, Performance Evaluation, and Human Oversight & Monitoring.

Chunk 75

The framework and research design was reviewed and validated through weekly meetings with the second author, a senior researcher independent of the company. Two preparatory meetings with the CTO adapted these requirements to the company context.

Chunk 76

The first meeting established strategic alignment: confirming company priorities for proactive governance preparation, securing approval for the workshop and its research component, and agreeing on the involvement of an external co- facilitator. The second meeting reviewed the adapted requirements to ensure relevance to actual development work, finalized participant selection, and settled operational details.

Chunk 77

The 14 requirements from this preparation provided the foundation for the workshop. 4.2 Workshop Design The workshop structure emerged from consultation with four researchers with backgrounds in political and computer science that are experienced in participatory research and conducting workshops.

Chunk 78

These consultations informed a three-phase structure following the diamond model of divergent-then-convergent thinking: first expanding the solution space through open ideation (step 2), then narrowing toward concrete priorities through structured evaluation (step 3). (1) Presentation.

Chunk 79

The first author presented the AI Act context, explained the governance objectives motivating the workshop, and introduced the 14 identified requirements. This phase established shared vocabulary and ensured all participants understood the context and purpose of the workshop.

Chunk 80

(2) Assessment and Ideation. Participants were purposefully split into three groups to balance their domain knowledge and seniority level.

Chunk 81

Each group got assigned to two pillars. They documented their current practices for each requirement, identified product and development needs, and generated implementation strategies.

Chunk 82

The format encouraged practitioners to draw on their implicit knowledge of existing workflows, something a governance officer working in isolation would lack. (3) Prioritization.

Chunk 83

Groups reconvened for plenary discussion. Each group presented their strategies, followed by collective mapping onto an impact-effort matrix.

Chunk 84

This phase surfaced trade-offs, built consensus on priorities, and ensured the resulting action plan reflected team judgment rather than top-down imposition. The workshop was supported by an external co-facilitator.

Chunk 85

Within a preliminary meeting with the external facilitator, the workshop design was tested, and the distribution of roles were established: the first author led content presentation and requirement explanation while the co-facilitator supported group work and documented observations from an independent perspective. Participants and Consent.

Chunk 86

The workshop was conducted in November 2025, lasting 90 minutes. This was the maximum resource investment from an economic perspective of the leadership.

Chunk 87

Eight participants attended: three AI engineers, four full-stack developers, and a product owner. The format was hybrid, with two participants joining remotely.

Chunk 88

A participant information sheet was distributed three days before the workshop, explaining both the operational purpose (developing governance strategies) and the research component (studying expert collaboration). Workshop participation was a company activity during paid working hours.

Chunk 89

Contribution of data to the research was voluntary, with informed consent obtained and documented within the pre-workshop survey. Data Collection.

Chunk 90

Data was collected during different stages: a pre- and post-workshop survey was distributed among participants to capture their attitudes, knowledge, and opinions of the workshop. Given the small sample size (n=8), we focus on descriptive analysis to inform our interpretation.

Chunk 91

During the workshop, a collaborative, digital whiteboard (i.e., Miro board) was used to document status quo assessments, identified needs, generated strategies, and prioritization outcomes. The external co-facilitator documented observations independently, focusing on group dynamics, moments of insight or resistance, and discussion patterns that the first author might --- Page 8 --- FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Jarvers & Papakyriakopoulos have missed while facilitating content.

Chunk 92

An overview of survey questions and the observation notes template can be found in Appendix B. 4.3 Post-Processing Following the workshop, the generated strategies required translation into actionable form.

Chunk 93

The authors assessed workshop artifacts, refined the strategies based on prioritization outcomes and feasibility considerations, and developed concrete actions corresponding to each of the 14 requirements. These refined strategies and actions were discussed with the company’s CTO to establish a 12-month imple- mentation roadmap.

Chunk 94

Concrete actions were translated into tickets within the company’s project management system (Jira), integrating governance work into the normal development workflow rather than maintaining it as a separate track. Three of these concrete actions are reported in detail in Appendix A: implementing a self-hosted AI monitoring system (i.e., Langfuse) to address logging and performance evaluation requirements, auditing AI interaction disclosure to address transparency requirements, and establishing technical documentation practices to address documentation requirements.

Chunk 95

These examples illustrate how workshop-generated strategies translated into actual development work. 5 Taking Action The workshop produced implementation strategies for all 14 EU AI Act requirements across the six governance pillars.

Chunk 96

Table 1 presents the complete mapping from requirements to concrete actions. This section analyzes these outcomes to identify patterns in how practitioners engage with different types of requirements, drawing on follow-up tracking of selected implementations to ground our interpretation.

Chunk 97

5.1 Three Patterns of Requirement Engagement Analyzing the workshop outcomes and their subsequent implementation reveals three distinct patterns in how development teams relate to regulatory requirements. These patterns can help to understand how practitioners’ interpretation of requirements shapes governance engagement.

Chunk 98

5.1.1 Pattern 1: Convergence Between Compliance and Quality Goals. Some requirements address concerns that development teams already prioritize.

Chunk 99

Here, regulatory obligations and development needs converge on shared solutions, creating genuine alignment rather than imposed burden. Logging System (Req.

Chunk 100

5.1) exemplify this pattern. Article 12 mandates automatic recording of events relevant for risk identification and post-market monitoring.

Chunk 101

For our development team, this requirement converged with an existing priority: implementing observability tools for debugging AI behavior and diagnosing customer-reported errors. The team implemented Langfuse, an open-source observability platform, to address both needs through a single solution.

Chunk 102

One AI engineer captured the alignment: “Previously when customers reported errors, we relied on their descriptions which were often incomplete. Now we can trace exactly what happened.” A workshop participant made the connection explicit: “Logging requirement directly aligns with our drive to improve quality through an understanding of system steps.” The compliance requirement did not impose new work but validated and structured work the team already wanted to do.

Chunk 103

Other requirements showing this convergence pattern include Changes Disclosure (Req. 4.1), which aligned with needs to improve customer communication, and Instructions for Use (Req.

Chunk 104

6.2), which connected to ongoing efforts supporting deployers navigating a growing feature set. 5.1.2 Pattern 2: Requirements Satisfied by Existing Practice.

Chunk 105

Where Pattern 1 involves new implementation work motivated by shared goals, Pattern 2 captures cases where existing practice already satisfies the requirement with minimal additional effort. These requirements formalize what teams already do, often for reasons predating any --- Page 9 --- Engaged AI Governance Through Internal Expert Collaboration FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Pillar ID Requirem.

Chunk 106

Article Actions (First Actions in Bold) Pat. Technical Documenta- tion 1.1 Technical Documenta- tion 11; IV Develop C4 architecture diagrams.

Chunk 107

Use simplified technical documentation for SMEs (to be released by EC); assign ownership; consolidate existing documentation; clarify maintenance strategy 3 Data Governance 2.1 Data Governance 10 Create data flow diagram. Clarify scope for foundation-model users (testing data, input quality, output lineage); structure test data catalog 3 Risk Man- agement 3.1 Risk Management 9 Update existing risk management system.

Chunk 108

Communicate ISO 42001 risk management to team; connect monitoring data to risk identification 3 4.1 Changes Disclosure 13(3c); IV(2f)(6) Evaluate channel options (trust center, email, in-app). Formalize release notes template; integrate performance metrics from monitoring 1 4.2 Interpretable System Design 13(1) Update API documentation.

Chunk 109

Two-track approach: (A) Improve API documentation for technical deployers; (B) Add end-user interpretability features (quality indicators, content origin marking) 1 & 2 Trans- parency 4.3 AI Interaction Disclosure 50(1) Audit current AI disclosure touchpoints. Standardize AI disclosure across platform; create UX pattern for consistency; ensure accessibility 2 4.4 Synthetic Content Marking 50(2) Design content metadata schema (origin, timestamp, sources, edit history).

Chunk 110

Implement content provenance system: metadata tagging at creation; visual indicators for AI content; version control for edit tracking 1 5.1 Logging System 12 Set up Langfuse instance. Deploy Langfuse as central governance infrastructure serving logging, metrics, monitoring, and debugging needs 1 Performance 5.2 Metrics & Validation 15(1)(3); IV Document existing evaluation framework.

Chunk 111

Expand test suite with customer data; leverage Langfuse; establish human evaluation protocol 1 & 2 Evaluation 5.3 Robustness & Resilience 15(4) Document existing robustness measures. Update error handling based on monitored data; conduct stress testing; develop custom deployment 1 & 2 5.4 Cybersecurity Measures 15(5); IV(2h) Document security measures aligned with ISO 27001.

Chunk 112

Layered security: input scanning, AI threat model, regular penetration testing 2 Human 6.1 Human Oversight Design 14 Create human oversight documentation with screenshots and workflow diagrams. Document current oversight design (reviewing, access controls, no autonomous actions); design automation bias warnings 2 Oversight & Monitoring 6.2 Instructions for Use 13(2)(3); 14(4) Review and update existing Instructions for Use document.

Chunk 113

Populate with current information; introduce tutorial feature for in-app guidance 1 & 2 6.3 Post-Market Monitoring 72; 9(2c) Implement post-market monitoring plan based on EC template (not yet available). Leverage Langfuse; formalize customer feedback 1 Table 1.

Chunk 114

Refined workshop outcomes: 14 EU AI Act requirements mapped to actions across 6 governance pillars. Included Articles of the AI Act are: 9–15, 50, 72, and Annex IV.

Chunk 115

The Workshop was conducted with 8 development team members (3 AI engineers, 4 full-stack developers, 1 product person). regulatory consideration.

Chunk 116

AI Interaction Disclosure (Req. 4.3) exemplifies this pattern.

Chunk 117

Article 50(1) requires that natural persons interacting with an AI system are informed unless obvious from context. The workshop identified this as a “quick win” requiring verification rather than new development.

Chunk 118

The subsequent audit confirmed that existing design choices—feature naming, iconography, and introductory messaging—already satisfied the requirement. Compliance work consisted solely of documenting these existing practices.

Chunk 119

This pattern appeared across several requirements. Human Oversight Design (Req.

Chunk 120

6.1) were built into the product as deliberate UX --- Page 10 --- FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Jarvers & Papakyriakopoulos decisions: creating what one developer called a “feeling of co-creation” rather than outsourcing tasks to AI entirely. Cybersecurity Measures (Req.

Chunk 121

5.4) aligned with existing ISO 27001 certification maintained for business reasons. The workshop revealed that teams were already “doing governance” without recognizing it as compliance, a finding consistent with prior research [20].

Chunk 122

The collaborative format surfaced these existing practices and connected them to regulatory language. 5.1.3 Pattern 3: Requirements Perceived as Disconnected from Practice.

Chunk 123

Unlike the previous two patterns, where practitioners either see shared goals (Pattern 1) or recognize existing practice (Pattern 2), some requirements add work where practitioners see no clear connection to system quality or user experience. Here, compliance risks becoming symbolic: documentation satisfying formal criteria without genuine engagement.

Chunk 124

The percep- tion of disconnection was consistent across these requirements, though the underlying reasons differed: some requirements were perceived as burdensome paperwork and rigid processes competing for scarce resources in fast-paced development environments, while others faced legal ambiguity that left practitioners uncertain about what compliance entails. Technical Documentation (Req.

Chunk 125

1.1) exemplifies the burden dynamic. Article 11 requires comprehensive technical documentation as specified in Annex IV.

Chunk 126

When asked about benefits beyond compliance, developers assessed the value as “negligible.” While documentation could theoretically support onboarding or customer communica- tion, these potential benefits were not perceived as sufficient to justify the effort independently of compliance requirements. The ongoing maintenance burden was identified as a significant concern.

Chunk 127

Risk Management (Req. 3.1) followed a similar logic.

Chunk 128

Developers engage in intuitive risk identification and mitigation as part of their daily work when debugging, testing, and reviewing code. However, they perceived the formal and auditable risk management process mandated by Article 9 as rigid and disconnected from these existing practices.

Chunk 129

The requirement landed in the “Money Pit” quadrant (Figure 4), because the formalized process was perceived as serving auditors rather than informing their own work. Data Governance (Req.

Chunk 130

2.1) and the delayed SME documentation template for Technical Documentation illustrate the ambiguity dynamic. Article 11(2) mandates a simplified documentation template for SMEs, but eighteen months after enactment this template remains unavailable, leaving SMEs uncertain whether to invest in comprehensive documentation now or wait for anticipated simplification.

Chunk 131

Similarly, as foundation model users who do not train their own models, the team struggled to identify applicable actions for data governance. The EU AI Act as horizontal regulation addresses diverse AI systems through uniform requirements, but this generality creates uncertainty for specific use cases.

Chunk 132

Here, the perceived disconnection stems from legal ambiguity. 5.2 The Risk of Performative Compliance These three patterns document how practitioners’ interpretation of regulatory requirements shapes whether they might treat governance genuinely or performatively.

Chunk 133

The distinction hinges on a question that emerged organically during the workshop: Who benefits from this requirement? Cui bono?

Chunk 134

The impact-effort prioritization (Figure 4) made this dynamic visible. Requirements serving end- users (AI interaction disclosure, human oversight, instructions for use) or developers (logging, performance monitoring) clustered as high-impact.

Chunk 135

Requirements serving primarily auditors and regulators (technical docu- mentation, formal risk management) clustered as low-impact despite substantial effort. This distribution emerged from practitioners’ own assessments, not from facilitator framing.

Chunk 136

The pattern suggests a simple logic: software developers care about making products work well. When regulatory requirements connect to this professional commitment, practitioners engage meaningfully.

Chunk 137

When requirements are perceived as serving external verification rather than system improvement, they receive correspondingly superficial treatment. Compliance experienced as box-ticking will be approached as box-ticking.

Chunk 138

--- Page 11 --- Engaged AI Governance Through Internal Expert Collaboration FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Quick Wins   Big Projects Money Pit Fill-​In Tasks Impact Effort Mapping Low Effort High Effort High Impact Low Impact 4.3 6.1 6.2 4.2 6.3 4.4 5.1 5.2 5.4 1.1 3.1 2.1 4.1 5.3 Fig. 4.

Chunk 139

Impact-effort mapping of the 14 workshop-generated strategies. Participants discussed each strategy until reaching consensus on placement within the continuous matrix; this distribution emerged from practitioners’ own assessments rather than facilitator framing.

Chunk 140

Numbers and colors correspond to Table 1. Notable clustering emerged: Transparency (4.X) and Human Oversight & Monitoring (6.X) requirements fell within or near the Quick Wins quadrant (high impact, low effort), Performance Evaluation (5.X) requirements clustered in the Big Projects quadrant (high impact, high effort), while Technical Documentation (1.X), Data Governance (2.X), and Risk Management (3.X) landed in the Money Pit quadrant (low impact, high effort).

Chunk 141

Implications for Regulatory Design. This observation does not argue that verification-oriented requirements are unnecessary; external oversight of self-interested organizations requires evidence.

Chunk 142

However, the same legal obligation can be understood as “document your system so you understand it and can improve it” or as “document your system so external parties can verify what you did.” Both framings may be accurate, but practitioners in our workshop engaged genuinely with the former framing and performatively with the latter. The core insight is that the path from legal text to development practice involves translation, and that translation shapes the reality of how companies address the “Last Mile” Challenge in AI Governance.

Chunk 143

Collaborative approaches like the workshop we conducted can support this translation by helping teams discover the improvement-oriented rationale behind requirements themselves. When practitioners understand why compliance matters, the quality of their engagement improves.

Chunk 144

6 Evaluating Action The previous section examined what the workshop produced and how practitioners’ interpretation of requirements shapes governance engagement. This section turns to the knowledge-generation dimension of action research: how collaborative engagement functions as a mechanism for governance integration in resource-constrained environments.

Chunk 145

Table 2 summarizes what the workshop achieved alongside challenges that remain unsolved. In the following subsections we reflect on our proposed solution of the “Last Mile” Challenge in AI governance.

Chunk 146

6.1 The Struggle of Governance Work in Practice Governance Challenges in a Startup. The challenge of embedding AI governance in resource-constraint environments is not primarily technical [27, 29].

Chunk 147

It is relational and interpretive: how does one make regulatory --- Page 12 --- FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Jarvers & Papakyriakopoulos Theme Workshop Achievement Open Challenge Actionable Outputs Workshop produced actionable outcomes and concrete strategies forming the basis for a 12-month implementation roadmap developed with the CTO Resource competition with product development remains structural; implementation effort remains substantial Alignment Discovery Surfaced latent alignments between compliance and development priorities; identified requirements already satisfied by existing practice Verification-oriented requirements (e.g., technical documentation) remain disconnected from perceived quality benefits Practitioner Attitudes Shifted framing from “necessary evil” to potential benefit; enabled discovery of alignment rather than top-down persuasion Durability of attitude shifts under sustained operational pressure remains unknown Ownership & Expertise Generated practitioner ownership through collaborative discovery rather than external imposition Did not transfer compliance expertise; legal interpretation remains specialized work requiring ongoing translation Governance Visibility Made previously invisible bridging work visible and collective; governance became shared concern rather than isolated burden Visibility does not create additional capacity; final compliance responsibility remains with AI governance officer Table 2. Workshop achievements and unsolved challenges, illustrating collaborative workshops as mechanisms for governance integration rather than solutions to underlying structural tensions.

Chunk 148

requirements meaningful to colleagues who experience them as external impositions competing for scarce development time? Research consistently identifies organizational factors as primary obstacles: harmonizing standards, demarcating scope, and driving communication and change management [27].

Chunk 149

These challenges are particularly acute in smaller organizations, where dedicated governance teams, comprehensive toolkits, and extensive consultancy are not feasible [10, 16]. Post-workshop surveys confirmed this structural tension: seven of eight participants agreed that “AI governance requirements compete with product quality improvements for limited time and resources.” Even after a collaborative session that surfaced alignment opportunities, practitioners recognized the resource competition.

Chunk 150

Who Decides how Governance is Operationalized? The EU AI Act specifies what must be achieved but leaves discretion in how.

Chunk 151

Currently, much of this determination falls to leadership, governance officers, and legal advisors—or in small businesses without dedicated governance roles, whoever can spare the time. Development teams typically implement what others define.

Chunk 152

This division of labor may be efficient, but it creates conditions for superficiality. Top-down mandates risk creating the very decoupling between formal policies and actual practices that scholars have documented [1, 4, 28].

Chunk 153

Successful implementation requires alignment with existing workflows; innovations “stick better” when they sustain rather than disrupt established practices [36]. Our workshop exemplified this principle through what Sloane and Zakrzewski call “piggybacking” [36]: rather than requesting dedicated time for a standalone governance intervention, the AI Governance Officer proposed the workshop during an already-scheduled two-day strategy session where remote developers came to the company’s headquarters for product planning.

Chunk 154

This alignment with existing rhythms reduced friction and signaled that governance was continuous with product work, not separate from it. Making Governance Work Visible and Collective.

Chunk 155

Before the workshop, AI governance existed primarily in the AI Governance Officer’s head and in documentation others rarely engaged with. This reflects what Deng et al.

Chunk 156

describe as “bridging work” [12]: the iterative labor required to translate between different perspectives, work that “teams don’t understand” and that creates “additional burden, frustration, and burnout”. The AI Governance Officer had been performing this work alone: translating legal requirements into technical language, advocating --- Page 13 --- Engaged AI Governance Through Internal Expert Collaboration FAccT ’26, June 25–28, 2026, Montreal, QC, Canada for governance attention amid product launch pressures.

Chunk 157

This labor remained invisible precisely because it happened in the spaces between colleagues’ primary work. The workshop made this labor visible and collective.

Chunk 158

For 90 minutes, governance became everyone’s work. Governance moved from something done to the team to something done by the team.

Chunk 159

6.2 The Value of Collaboration From “necessary evil” to Discovered Alignment. Two post-workshop responses capture a transformation in how participants understood governance: “It is interesting to think about regulatory requirements as a base for possible improvements in our product, instead of being annoyed by them.” (P4) “I now see governance less like a necessary evil and do start to see how there can be an overlap with improving product quality.” (P5) The phrase “instead of being annoyed” reveals a prior framing of governance as something to endure.

Chunk 160

The language of “necessary evil” positions compliance as fundamentally opposed to productive work: necessary (legally required) but evil (burdensome, value-destroying). The workshop destabilized this binary through discovery rather than persuasion.

Chunk 161

When the Performance Evaluation group recognized that their planned Langfuse implementation for debugging also satisfied logging requirements, this was not information transmitted but connection made. The alignment existed in their work already—the workshop surfaced it.

Chunk 162

As one participant reflected: “Before the meeting, I wasn’t aware of how much we have in common with the law and that some of the points are also in our own interest” (P7). This finding resonates with prior research suggesting practitioners are not hostile to regulation and many already implement governance practices without recognizing them as compliance [20].

Chunk 163

Discovery Generates Ownership. Ali et al.

Chunk 164

document how ethics workers must rely on diplomatic persuasion because they lack formal authority, taking on “personal risk” when advocating for governance [1]. The workshop inverted this dynamic.

Chunk 165

Rather than the governance officer advocating for compliance and hoping teams would comply, participants themselves identified what needed doing and why it mattered. When asked about their preferred governance model, four participants preferred “Collaborate” (governance officer and developers decide and implement together) and two preferred “Involve” (implement together).

Chunk 166

None preferred purely informational involvement. The strategies generated were not technically novel.

Chunk 167

Any compliance consultant might recommend implementing logging, adding AI disclosures, documenting oversight mechanisms. What differed was ownership.

Chunk 168

When developers generated strategies from their own assessment of requirements and priorities, the resulting commitments carry different weight than externally imposed mandates. Open Challenges.

Chunk 169

Despite the workshop’s achievements the right column in Table 2 warrants equal attention. The workshop did not resolve structural resource competition nor did developers become governance experts: translating legal requirements into accessible terms remains specialized work that someone must perform.

Chunk 170

Practitioners still feel that verification-oriented requirements do not result in product quality improvements. Collaborative workshops may offer a mechanism for governance integration, not a solution to the underlying tensions between regulatory demands and development priorities.

Chunk 171

7 Limitations Workshop Design Limitations. Participant feedback identified areas for methodological refinement.

Chunk 172

Several participants noted that legal terminology remained challenging despite pre-processing requirements for accessi- bility. One observed that requirements “could mean everything and nothing,” indicating that even simplified legal language creates interpretive difficulty.

Chunk 173

Suggestions included clearer task instructions for the strategy ideation phase and more explicit guidance on requirement scope and complexity. The small group structure was necessary to enable detailed discussion of all 14 requirements within the available time.

Chunk 174

However, it meant each group had --- Page 14 --- FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Jarvers & Papakyriakopoulos limited understanding of the whole process and all requirements, resulting in some overlap and occasionally mismatched strategies. Future iterations might benefit from structured cross-group synthesis.

Chunk 175

Limits of a Single Intervention. We should not overstate what a 90-minute workshop can achieve.

Chunk 176

The trans- formation observed in survey responses may prove ephemeral. Organizational pressures like product timelines, competing priorities, or the invisibility of governance labor, do not disappear because of one collaborative session.

Chunk 177

Moreover, not all requirements align with development priorities. Technical documentation, rated as high-effort with primarily compliance benefit, represents genuine burden without clear quality payoff.

Chunk 178

Honest governance integration must acknowledge these tensions rather than dissolving them through rhetorical reframing. Our study tracked implementation over eight weeks.

Chunk 179

Longer-term tracking continues, but sustained engagement requires more than initial enthusiasm. Future work should examine whether collaborative practices persist, what organizational factors predict sustained engagement, and how governance approaches adapt as regulatory interpretation evolves.

Chunk 180

Generalizability Constraints. Our findings report one case study of a resource-constrained startup with proactive governance orientation and existing ISO certifications; results may differ in less favorable conditions.

Chunk 181

The first author’s insider positioning enabled access to implementation processes that external researchers rarely obtain [34], but creates inherent tensions: participants may respond differently to a colleague than to an external researcher. We addressed this through external co-facilitation, academic supervision, and transparent positioning, but cannot eliminate insider dynamics.

Chunk 182

These constraints represent trade-offs inherent to in-depth qualitative research in real-world AI development. We provide detailed description of context, methods, and findings to enable assessment of transferability.

Chunk 183

We encourage further research applying collaborative governance approaches in different organizational settings and regulatory environments. 8 Future Work Several directions emerge from this research, informed both by our findings and by the open questions they surface.

Chunk 184

Sustaining Collaborative Governance. Our study captures the initial effects of a single 90-minute in- tervention.

Chunk 185

Longitudinal research tracking governance practices over months or years would clarify whether collaborative engagement produces durable change or whether initial enthusiasm fades under operational pres- sures. Of particular interest is understanding what organizational factors predict sustained engagement: leadership commitment, integration with existing development practices, or visible results from early implementation may all play a role.

Chunk 186

Comparative studies across organizations with different sizes, sectors, and governance orientations would help identify boundary conditions for collaborative approaches. Addressing Disconnected Requirements.

Chunk 187

Our Pattern 3 findings identify two dynamics within perceived disconnection. For requirements experienced as burdensome paperwork in fast-paced development environments (technical documentation, formal risk management), future work could explore whether alternative framings that emphasize system improvement over external verification shift practitioner engagement.

Chunk 188

For requirements facing legal ambiguity (data governance for foundation model users, awaited SME templates), sector-specific guidance and worked examples may prove more effective than general regulatory text. Both dynamics warrant investigation across different regulatory requirements and organizational contexts.

Chunk 189

Aligning Team Strategies with Regulatory Intent. Collaborative workshops empower teams to generate implementation strategies but do not guarantee regulatory alignment.

Chunk 190

Future research should examine how to integrate legal validation into collaborative processes without reintroducing the top-down dynamics that collaborative approaches seek to avoid. As EU AI Act implementation guidance matures, including anticipated Harmonized Standards and SME-specific simplifications, research should examine how evolving regulatory clarity affects practitioner engagement with governance requirements.

Chunk 191

--- Page 15 --- Engaged AI Governance Through Internal Expert Collaboration FAccT ’26, June 25–28, 2026, Montreal, QC, Canada 9 Conclusion This paper asked how collaborative workshops can empower technical teams to integrate AI governance re- quirements into existing software development workflows. Through insider action research embedded within an AI startup, we developed and tested a legal-text-to-action pipeline that translates EU AI Act requirements into concrete actions.

Chunk 192

Our approach addresses the “Last Mile” Challenge in AI governance by involving software developers in the ideation and prioritization of implementation strategies to find interest alignment and foster meaningful AI governance adoption. We find three patterns how practitioners engage with regulatory requirements: (1) compliance aligns with development priorities, (2) current work already satisfies requirements, or (3) requirements are perceived as administrative overhead.

Chunk 193

Practitioners assess requirements serving end-users or their own development needs as meaningful, but might treat verification-oriented requirements as box-ticking exercises. While external oversight of self-interested organizations is essential, distinguishing requirements that drive system improvement from those that primarily document compliance may help focus implementation effort where it creates most value.

Chunk 194

Internal expert collaboration offers a practical mechanism for transforming governance from external im- position to shared ownership. The workshop made previously invisible bridging work visible and collective: governance changed from something done to the team to something done by the team.

Chunk 195

When practitioners themselves identify connections between regulatory obligations and existing priorities, the resulting strategies carry different weight than externally imposed mandates. Structural resource competition remains, and not all requirements align with development priorities.

Chunk 196

Yet collaborative engagement achieves something valuable: sur- facing latent alignments, distributing governance awareness, and creating conditions where genuine compliance becomes more likely than performative documentation. --- Page 16 --- FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Jarvers & Papakyriakopoulos Acknowledgements We are grateful to the eight workshop participants whose engagement made this research possible as well as to the CTO and leadership of the organisation that allocated time for the workshop and supported the implementation work that followed.

Chunk 197

Naira Paola Arnez Jordan co-facilitated the workshop and contributed independent observation notes that shaped our analysis; her earlier input on participatory methodology also informed the research design. We thank Dalia Ali and Chiara Ullstein for guidance and methodological feedback on the research design.

Chunk 198

We also thank the anonymous FAccT reviewers for their reviews that strengthened the manuscript. Ethical Considerations Statement Workshop participation was a company activity during paid working hours.

Chunk 199

Contribution of data to the research was voluntary, with informed consent obtained and documented within the pre-workshop survey. Participants were explicitly informed of the first author’s dual role as AI Governance Officer and researcher, and that declining research participation would have no impact on their employment or performance evaluation.

Chunk 200

Given the small sample size and the first author’s insider position, maintaining complete anonymity for survey responses was not possible. We therefore adopted confidentiality-based protocols: individual survey responses would not be shared with the employer, only aggregated findings would be reported, and publications would use pseudonyms where appropriate.

Chunk 201

The workshop itself involved face-to-face discussion among colleagues and could therefore not be anonymous. To address potential bias from insider positioning, an external researcher co-facilitated the workshop and provided independent observation.

Chunk 202

Research design was reviewed by the second author, a senior researcher independent of the company. The company reviewed this manuscript solely to verify that no proprietary or commercially sensitive information was disclosed; the company did not review, edit, or prevent publication of any research findings or interpretations, including those identifying implementation challenges or limitations.

Chunk 203

Positionality Statement The first author conducted this research from within the organization it examines, occupying simultaneously the role of AI Governance Officer responsible for implementing compliance work and the role of researcher studying that same work. This position enabled a depth of access that external researchers rarely obtain, including observation of preparatory conversations with leadership and direct involvement in the implementation work that followed the workshop.

Chunk 204

It also shaped what could be seen. Coghlan [9] calls this pre-understanding: the accumulated assumptions that organizational membership produces, which can obscure patterns an external researcher might more readily notice.

Chunk 205

The first author cannot fully separate the interpretation of the workshop from the investment of having designed and facilitated it, or from the professional stake in governance work succeeding at the company. Having no affiliation with the studied organization, the second author provided an external academic perspective throughout.

Chunk 206

Weekly supervisory meetings served as a recurring check on insider framings, surfacing questions the first author had not considered and pushing back on claims that risked overstating the intervention’s effects. This arrangement does not dissolve the tensions inherent to insider action research, but it introduces a vantage point outside the organizational culture and commercial context of the research site.

Chunk 207

Our findings should be read with this positioning in mind. Generative AI Usage Statement Generative AI tools were used during the preparation of this manuscript.

Chunk 208

Specifically, Claude (Anthropic, versions Sonnet 4.5 and Opus 4.5) assisted with: (1) identifying and summarizing relevant literature during the literature --- Page 17 --- Engaged AI Governance Through Internal Expert Collaboration FAccT ’26, June 25–28, 2026, Montreal, QC, Canada review process, (2) grammar and style editing to improve clarity and fluency, (3) formatting of figures and tables, (4) reviewing draft sections to identify potential weaknesses and areas for improvement, and (5) drafting the image descriptions for accessibility compliance. All AI-generated suggestions were critically evaluated by the authors, and the authors retain full responsibility for the originality, accuracy, and integrity of all content in this manuscript.

Chunk 209

References [1] Sanna J. Ali, Angèle Christin, Andrew Smart, and Riitta Katila.

Chunk 210

2023. Walking the Walk of AI Ethics: Organizational Challenges and the Individualization of Risk among Ethics Entrepreneurs.

Chunk 211

In Proceedings of the 2023 ACM Conference on Fairness, Accountability, and Transparency (Chicago, IL, USA) (FAccT ’23). Association for Computing Machinery, New York, NY, USA, 217–226.

Chunk 212

doi:10.1145/3593013. 3593990 [2] Peter M.

Chunk 213

Asaro. 2000.

Chunk 214

Transforming society by transforming technology: the science and politics of participatory design. Accounting, Management and Information Technologies 10, 4 (2000), 257–290.

Chunk 215

doi:10.1016/S0959-8022(00)00004-7 [3] Amna Batool, Didar Zowghi, and Muneera Bano. 2025.

Chunk 216

AI governance: a systematic literature review. AI and Ethics 5, 3 (2025), 3265–3279.

Chunk 217

doi:10.1007/s43681-024-00653-w [4] Elettra Bietti. 2020.

Chunk 218

From ethics washing to ethics bashing: a view on tech ethics from within moral philosophy. In Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency (Barcelona, Spain) (FAT* ’20).

Chunk 219

Association for Computing Machinery, New York, NY, USA, 210–219. doi:10.1145/3351095.3372860 [5] Abeba Birhane, William Isaac, Vinodkumar Prabhakaran, Mark Diaz, Madeleine Clare Elish, Iason Gabriel, and Shakir Mohamed.

Chunk 220

2022. Power to the People?

Chunk 221

Opportunities and Challenges for Participatory AI. In Proceedings of the 2nd ACM Conference on Equity and Access in Algorithms, Mechanisms, and Optimization (Arlington, VA, USA) (EAAMO ’22).

Chunk 222

Association for Computing Machinery, New York, NY, USA, Article 6, 8 pages. doi:10.1145/3551624.3555290 [6] Teemu Birkstedt, Matti Minkkinen, Anushree Tandon, and Matti Mäntymäki.

Chunk 223

2023. AI governance: themes, knowledge gaps and future agendas.

Chunk 224

Internet Research 33, 7 (06 2023), 133–167. arXiv:https://www.emerald.com/intr/article-pdf/33/7/133/1214024/intr-01-2022- 0042.pdf doi:10.1108/INTR-01-2022-0042 [7] Edyta Bogucka, Marios Constantinides, Sanja Šćepanović, and Daniele Quercia.

Chunk 225

2024. Co-designing an AI Impact Assessment Report Template with AI Practitioners and AI Compliance Experts.

Chunk 226

Proceedings of the AAAI/ACM Conference on AI, Ethics, and Society 7, 1 (Oct. 2024), 168–180.

Chunk 227

doi:10.1609/aies.v7i1.31627 [8] Mark Anthony Camilleri. 2024.

Chunk 228

Artificial intelligence governance: Ethical considerations and implications for social responsibility. Expert Systems 41, 7 (2024), e13406.

Chunk 229

arXiv:https://onlinelibrary.wiley.com/doi/pdf/10.1111/exsy.13406 doi:10.1111/exsy.13406 [9] David Coghlan. 2019.

Chunk 230

Doing Action Research in Your Own Organization. SAGE Publications Ltd, London :.

Chunk 231

http://digital.casalini.it/ 9781526481719 [10] Keeley Crockett, Edwin Colyer, Luciano Gerber, and Annabel Latham. 2023.

Chunk 232

Building Trustworthy AI Solutions: A Case for Practical Solutions for Small Businesses. IEEE Transactions on Artificial Intelligence 4, 4 (2023), 778–791.

Chunk 233

doi:10.1109/TAI.2021.3137091 [11] Fernando Delgado, Stephen Yang, Michael Madaio, and Qian Yang. 2023.

Chunk 234

The Participatory Turn in AI Design: Theoretical Foundations and the Current State of Practice. In Proceedings of the 3rd ACM Conference on Equity and Access in Algorithms, Mechanisms, and Optimization (Boston, MA, USA) (EAAMO ’23).

Chunk 235

Association for Computing Machinery, New York, NY, USA, Article 37, 23 pages. doi:10.1145/3617694.3623261 [12] Wesley Hanwen Deng, Nur Yildirim, Monica Chang, Motahhare Eslami, Kenneth Holstein, and Michael Madaio.

Chunk 236

2023. Investigating Practices and Opportunities for Cross-functional Collaboration around AI Fairness in Industry Practice.

Chunk 237

In Proceedings of the 2023 ACM Conference on Fairness, Accountability, and Transparency (Chicago, IL, USA) (FAccT ’23). Association for Computing Machinery, New York, NY, USA, 705–716.

Chunk 238

doi:10.1145/3593013.3594037 [13] Virginia Dignum. 2023.

Chunk 239

Responsible Artificial Intelligence: Recommendations and Lessons Learned. In Responsible AI in Africa: Challenges and Opportunities, Damian Okaibedi Eke, Kutoma Wakunuma, and Simisola Akintoye (Eds.).

Chunk 240

Springer International Publishing, Cham, 195–214. doi:10.1007/978-3-031-08215-3_9 [14] Thilo Hagendorff.

Chunk 241

2020. The ethics of AI ethics: An evaluation of guidelines.

Chunk 242

Minds and machines 30, 1 (2020), 99–120. doi:10.1007/s11023- 020-09517-8 [15] Tomasz Hollanek, Yulu Pi, Cosimo Fiorini, Virginia Vignali, Dorian Peters, and Eleanor Drage.

Chunk 243

2025. A Toolkit for Compliance, a Toolkit for Justice: Drawing on Cross-sectoral Expertise to Develop a Pro-justice EU AI Act Toolkit.

Chunk 244

In Proceedings of the 2025 ACM Conference on Fairness, Accountability, and Transparency (FAccT ’25). Association for Computing Machinery, New York, NY, USA, 1184–1194.

Chunk 245

doi:10.1145/3715275.3732078 [16] Aspen Hopkins and Serena Booth. 2021.

Chunk 246

Machine Learning Practices Outside Big Tech: How Resource Constraints Challenge Responsible Development. In Proceedings of the 2021 AAAI/ACM Conference on AI, Ethics, and Society (Virtual Event, USA) (AIES ’21).

Chunk 247

Association for --- Page 18 --- FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Jarvers & Papakyriakopoulos Computing Machinery, New York, NY, USA, 134–145. doi:10.1145/3461702.3462527 [17] Anna Jobin, Marcello Ienca, and Effy Vayena.

Chunk 248

2019. The global landscape of AI ethics guidelines.

Chunk 249

Nature machine intelligence 1, 9 (2019), 389–399. doi:10.1038/s42256-019-0088-2 [18] Emma Kallina, Thomas Bohné, and Jatinder Singh.

Chunk 250

2025. Stakeholder Participation for Responsible AI Development: Disconnects Between Guidance and Current Practice.

Chunk 251

In Proceedings of the 2025 ACM Conference on Fairness, Accountability, and Transparency (FAccT ’25). Association for Computing Machinery, New York, NY, USA, 1060–1079.

Chunk 252

doi:10.1145/3715275.3732069 [19] Emma Kallina and Jatinder Singh. 2024.

Chunk 253

Stakeholder Involvement for Responsible AI Development: A Process Framework. In Proceedings of the 4th ACM Conference on Equity and Access in Algorithms, Mechanisms, and Optimization (San Luis Potosi, Mexico) (EAAMO ’24).

Chunk 254

Association for Computing Machinery, New York, NY, USA, Article 1, 14 pages. doi:10.1145/3689904.3694698 [20] Fiona Koh, Kathrin Grosse, and Giovanni Apruzzese.

Chunk 255

2024. Voices from the Frontline: Revealing the AI Practitioners’ viewpoint on the European AI Act.

Chunk 256

In Proceedings of the Annual Hawaii International Conference on System Sciences. Hawaii International Conference on System Sciences, Maui, Hawaii, USA, 1870–1879.

Chunk 257

doi:10.24251/HICSS.2024.235 [21] Blaine Kuehnert, Rachel Kim, Jodi Forlizzi, and Hoda Heidari. 2025.

Chunk 258

The “Who", “What", and “How" of Responsible AI Governance: A Systematic Review and Meta-Analysis of (Actor, Stage)-Specific Tools. In Proceedings of the 2025 ACM Conference on Fairness, Accountability, and Transparency (FAccT ’25).

Chunk 259

Association for Computing Machinery, New York, NY, USA, 2991–3005. doi:10.1145/ 3715275.3732191 [22] Qinghua Lu, Liming Zhu, Xiwei Xu, Jon Whittle, Didar Zowghi, and Aurelie Jacquet.

Chunk 260

2024. Responsible AI Pattern Catalogue: A Collection of Best Practices for AI Governance and Engineering.

Chunk 261

ACM Comput. Surv.

Chunk 262

56, 7, Article 173 (April 2024), 35 pages. doi:10.1145/3626234 [23] Robert MacIntosh, Marc Bonnet, and David Coghlan.

Chunk 263

2007. Insider action research: opportunities and challenges.

Chunk 264

Management Research News 30, 5 (05 2007), 335–343. arXiv:https://www.emerald.com/mrr/article-pdf/30/5/335/2055095/01409170710746337.pdf doi:10.1108/01409170710746337 [24] Mariano Méndez-Suárez, Virginia Simón-Moya, and Javier Muñoz-de Prat.

Chunk 265

2023. Do current regulations prevent unethical AI practices?

Chunk 266

Journal of Competitiveness 15, 3 (2023), 207. doi:10.7441/joc.2023.03.11 [25] Brent Mittelstadt.

Chunk 267

2019. Principles alone cannot guarantee ethical AI.

Chunk 268

Nature machine intelligence 1, 11 (2019), 501–507. doi:10.1038/s42256- 019-0114-4 [26] Jakob Mökander, Maria Axente, Federico Casolari, and Luciano Floridi.

Chunk 269

2022. Conformity assessments and post-market monitoring: a guide to the role of auditing in the proposed European AI regulation.

Chunk 270

Minds and Machines 32, 2 (2022), 241–268. doi:10.1007/s11023-021-09577-4 [27] Jakob Mökander and Luciano Floridi.

Chunk 271

2023. Operationalising AI governance through ethics-based auditing: an industry case study.

Chunk 272

AI and Ethics 3, 2 (2023), 451–468. doi:10.1007/s43681-022-00171-7 [28] Luke Munn.

Chunk 273

2023. The uselessness of AI ethics.

Chunk 274

AI and Ethics 3, 3 (2023), 869–877. doi:10.1007/s43681-022-00209-w [29] Nadia Nahar, Shurui Zhou, Grace Lewis, and Christian Kästner.

Chunk 275

2022. Collaboration challenges in building ML-enabled systems: communication, documentation, engineering, and process.

Chunk 276

In Proceedings of the 44th International Conference on Software Engineering (Pittsburgh, Pennsylvania) (ICSE ’22). Association for Computing Machinery, New York, NY, USA, 413–425.

Chunk 277

doi:10.1145/3510003.3510209 [30] Emmanouil Papagiannidis, Patrick Mikalef, and Kieran Conboy. 2025.

Chunk 278

Responsible artificial intelligence governance: A review and research framework. The Journal of Strategic Information Systems 34, 2 (2025), 101885.

Chunk 279

doi:10.1016/j.jsis.2024.101885 [31] Petar Radanliev, Omar Santos, Alistair Brandon-Jones, and Adam Joinson. 2024.

Chunk 280

Ethics and responsible AI deployment. Frontiers in Artificial Intelligence 7 (2024), 1377011.

Chunk 281

doi:10.3389/frai.2024.1377011 [32] Bogdana Rakova, Jingying Yang, Henriette Cramer, and Rumman Chowdhury. 2021.

Chunk 282

Where Responsible AI meets Reality: Practitioner Perspectives on Enablers for Shifting Organizational Practices. Proc.

Chunk 283

ACM Hum.-Comput. Interact.

Chunk 284

5, CSCW1, Article 7 (April 2021), 23 pages. doi:10.1145/3449081 [33] Lorenn P Ruster and Jenny L Davis.

Chunk 285

2025. The Gaps that Never Were: Reconsidering Responsible AI’s Principle-Practice Problem.

Chunk 286

In Proceedings of the 2025 ACM Conference on Fairness, Accountability, and Transparency (FAccT ’25). Association for Computing Machinery, New York, NY, USA, 350–360.

Chunk 287

doi:10.1145/3715275.3732024 [34] Morgan Klaus Scheuerman. 2024.

Chunk 288

In the Walled Garden: Challenges and Opportunities for Research on the Practices of the AI Tech Industry. In Proceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency (Rio de Janeiro, Brazil) (FAccT ’24).

Chunk 289

Association for Computing Machinery, New York, NY, USA, 456–466. doi:10.1145/3630106.3658918 [35] Ben Shneiderman.

Chunk 290

2020. Bridging the Gap Between Ethics and Practice: Guidelines for Reliable, Safe, and Trustworthy Human-centered AI Systems.

Chunk 291

ACM Trans. Interact.

Chunk 292

Intell. Syst.

Chunk 293

10, 4, Article 26 (Oct. 2020), 31 pages.

Chunk 294

doi:10.1145/3419764 [36] Mona Sloane and Janina Zakrzewski. 2022.

Chunk 295

German AI Start-Ups and “AI Ethics”: Using A Social Practice Lens for Assessing and Implementing Socio-Technical Innovation. In Proceedings of the 2022 ACM Conference on Fairness, Accountability, and Transparency (Seoul, Republic of Korea) (FAccT ’22).

Chunk 296

Association for Computing Machinery, New York, NY, USA, 935–947. doi:10.1145/3531146.3533156 [37] Chiara Ullstein, Simon Jarvers, Michel Hohendanner, Orestis Papakyriakopoulos, and Jens Grossklags.

Chunk 297

2025. Participatory AI and the EU AI Act.

Chunk 298

Proceedings of the AAAI/ACM Conference on AI, Ethics, and Society 8, 3 (Oct. 2025), 2550–2562.

Chunk 299

doi:10.1609/aies.v8i3.36737 [38] Rui-Jie Yew, Bill Marino, and Suresh Venkatasubramanian. 2025.

Chunk 300

Red Teaming AI Policy: A Taxonomy of Avoision and the EU AI Act. In Proceedings of the 2025 ACM Conference on Fairness, Accountability, and Transparency (FAccT ’25).

Chunk 301

Association for Computing Machinery, --- Page 19 --- Engaged AI Governance Through Internal Expert Collaboration FAccT ’26, June 25–28, 2026, Montreal, QC, Canada New York, NY, USA, 404–415. doi:10.1145/3715275.3732028 --- Page 20 --- FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Jarvers & Papakyriakopoulos A Detailed Follow-up Tracking of First Actions The three actions reported below were selected to illustrate different relationships between compliance require- ments and development priorities: strong alignment (logging), compliance documenting existing practice (AI interaction disclosure), and compliance as additional burden (technical documentation).

Chunk 302

The reported implemen- tation of the actions happened within 8 weeks after the workshop. A.1 Logging System Action: Set up Langfuse instance.

Chunk 303

Langfuse is an open-source observability platform designed for LLM applications.3 It provides tracing, monitor- ing, and analytics capabilities that allow development teams to inspect inputs, outputs, latency, token usage, and costs across AI workflows. For our context, Langfuse addresses both a development need (debugging AI behavior, understanding customer-reported errors) and a compliance requirement (Article 12 logging for traceability and post-market monitoring).

Chunk 304

Implementation. Two full-stack developers implemented Langfuse as a self-hosted instance within the company’s cloud infrastructure.

Chunk 305

The implementation required approximately 32 person-hours across two working days. On the first day, the team encountered a technical roadblock related to the self-hosting configuration.

Chunk 306

Given competing priorities, the CTO timeboxed the remaining work to one additional day, noting that further delays would risk missing a critical customer delivery deadline. The implementation was completed within this constraint.

Chunk 307

This resource competition illustrates that even for strategies with strong compliance-quality alignment, implementation competes with other development priorities. The 32-hour investment represents a substantial commitment for a team of fewer than ten developers.

Chunk 308

Current scope. Langfuse is deployed and operational in the development, test, and production environment.

Chunk 309

AI workflows are instrumented with tracing, enabling the team to inspect LLM calls, monitor performance, and diagnose errors. One AI engineer reported that Langfuse has already proven valuable for customer support: “Previously when customers reported errors, we relied on their descriptions which were often incomplete.

Chunk 310

Now we can trace exactly what happened.” Compliance status. The current implementation partially addresses Article 12 requirements.

Chunk 311

Logging capa- bilities now enable recording of events relevant for identifying risks (Article 12(2)(a)) and facilitating post-market monitoring (Article 12(2)(b)). However, a gap remains: Article 12(3)(d) requires identification of natural persons involved in result verification for certain high-risk systems.

Chunk 312

The current implementation tracks usage at the tenant (organization) level rather than individual user level (human overseer). Addressing this gap would require changes to the authentication and logging architecture and potentially raising conflicting concerns with data privacy.

Chunk 313

A.2 AI Interaction Disclosure Action: Audit current AI disclosure touchpoints. Article 50(1) requires that natural persons interacting with an AI system are informed of this interaction unless it is obvious from context.

Chunk 314

The audit examined whether current practices meet this requirement. Findings.

Chunk 315

The primary AI interaction point is a chatbot feature. The audit identified three disclosure mecha- nisms already in place: (1) the feature name explicitly references a well-known chatbot (e.g., similar to “ChatGPT”), (2) a commonly recognized AI icon appears alongside the name, and (3) upon opening the chat interface, an introductory message discloses how the system should be used, notes that AI can make mistakes, advises users to verify results, and states that the user remains responsible for decisions.

Chunk 316

3https://langfuse.com/ --- Page 21 --- Engaged AI Governance Through Internal Expert Collaboration FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Based on this assessment, the requirement was judged to be sufficiently fulfilled by existing practice. No product changes were required.

Chunk 317

Documentation. Compliance work consisted of creating a documentation file recording the assessment and verification of Article 50(1) compliance.

Chunk 318

This documentation provides evidence that the requirement was evaluated and met. The audit and documentation took approximately two hours.

Chunk 319

Additional considerations. The audit prompted discussion about extending AI disclosure beyond direct interaction points.

Chunk 320

Currently, processing steps that involve AI are marked with “(AI)” text labels. The team discussed whether adopting consistent visual iconography across all AI-facilitated features would improve transparency, though this was identified as a potential enhancement rather than a compliance gap.

Chunk 321

This case illustrates that some requirements may already be fulfilled through existing design practices without explicit legal obligation. The compliance effort was minimal: documenting and verifying what was already in place.

Chunk 322

A.3 Technical Documentation Action: Develop C4 architecture diagrams. Article 11 requires comprehensive technical documentation as specified in Annex IV.

Chunk 323

Among other elements, Annex IV(2)(c) requires “the description of the system architecture explaining how software components build on or feed into each other and integrate into the overall processing.” Implementation. The AI Governance Officer conducted interviews with three software developers and collaboratively created C4 model diagrams at three levels of abstraction:4 System Context (showing the AI system’s relationship to users and external systems), Container (showing major technical building blocks), and Component (showing internal structure of key containers).

Chunk 324

The collaborative approach ensured accuracy while distributing the knowledge-elicitation burden. Total effort was approximately eight hours.

Chunk 325

Compliance status. The diagrams address part of the Annex IV requirements but do not constitute complete technical documentation.

Chunk 326

Full compliance with Article 11 remains uncertain because the European Commission has not yet released the simplified documentation template for small and microenterprises mandated by Article 11(2). Twenty months after the AI Act’s enactment, this template remains unavailable.

Chunk 327

This regulatory uncertainty creates a practical dilemma: investing in comprehensive documentation now risks economic sunk costs if the simplified template requires a different structure. Perceived value.

Chunk 328

When asked about benefits beyond compliance, the developers assessed the value of the documentation as negligible. While technical documentation could theoretically support onboarding, internal communication, or customer-facing trust centers, these potential benefits were not perceived as sufficient to justify the effort independently of compliance requirements.

Chunk 329

The ongoing maintenance burden—keeping documentation current as the system evolves—was identified as a significant concern. This case illustrates a requirement where compliance and development priorities show limited alignment.

Chunk 330

The documentation was created primarily as a compliance exercise rather than to address a felt development need. B Data Collection Protocols B.1 Pre-Workshop Survey The pre-workshop survey was distributed three days before the workshop via Microsoft Forms.

Chunk 331

Estimated completion time was 10–15 minutes. Only the consent question was required; all other questions were optional.

Chunk 332

4https://c4model.com/ --- Page 22 --- FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Jarvers & Papakyriakopoulos ID Question Response Format Consent & Introduction Q1 Do you consent to the participant information sheet? Yes/No (required) Q2 What’s your name?

Chunk 333

Free text Q3 What comes to your mind when you hear ‘AI governance’? Free text Knowledge & Experience Q4 Have you previously participated in any AI governance training?

Chunk 334

Yes/No Q5 If you answered ‘Yes’ in the previous question, please briefly describe the format (e.g., online course, workshop, consultant-led session) and what you remember from it. (1–2 sentences) Free text (conditional) Q6 How would you rate your current knowledge of the EU AI Act?

Chunk 335

5-point ordinal scale Q7 How would you rate your current knowledge of ISO/IEC 42001 (AI Management System)? 5-point ordinal scale Q8 Please list any specific AI governance requirements you’re aware of that apply to your work.

Chunk 336

If you can’t think of any, write ‘none’. Free text Q9 How often do you notice or are you influenced by AI governance requirements/processes in your daily work?

Chunk 337

5-point frequency scale Q10 Please describe a specific example where AI governance requirements influenced your work or a decision. If you can’t think of one, write ‘none’.

Chunk 338

Free text Attitudes Q11a AI governance requirements compete with product quality improvements for limited time and resources 5-point Likert + “I don’t know” Q11b AI governance requirements ask us to do things that don’t actually improve product quality 5-point Likert + “I don’t know” Q11c AI governance requirements and product quality improvements are separate concerns that don’t affect each other 5-point Likert + “I don’t know” Q11d AI governance requirements naturally align with our product quality goals 5-point Likert + “I don’t know” Q11e Meeting AI governance requirements directly improves our product quality 5-point Likert + “I don’t know” Q11f AI governance requirements help us discover quality problems we wouldn’t have found otherwise 5-point Likert + “I don’t know” Q11g AI governance requirements make our quality practices more systematic and consistent 5-point Likert + “I don’t know” Q11h Meeting AI governance requirements and showing proof (certification) increase customer trust in our product 5-point Likert + “I don’t know” Q12 Is there anything else about AI governance the survey did not cover? Do you have any other remarks before the workshop?

Chunk 339

Free text Table 3. Pre-workshop survey questions.

Chunk 340

--- Page 23 --- Engaged AI Governance Through Internal Expert Collaboration FAccT ’26, June 25–28, 2026, Montreal, QC, Canada B.2 Post-Workshop Survey The post-workshop survey was administered immediately after the workshop, before participants left. Estimated completion time was 10 minutes.

Chunk 341

All questions were optional. ID Question Response Format Basic Information Q1 What’s your name?

Chunk 342

Free text Q2 What’s ONE thing you learned or realized during this workshop? If you can’t think of one, write ‘none’.

Chunk 343

Free text Q3 Please list any specific AI governance requirements you’re aware of that apply to your work. If you can’t think of any, write ‘none’.

Chunk 344

Free text Attitudes (identical to pre-workshop Q11a–Q11h) Q4 Same eight attitude statements as pre-workshop Q11 5-point Likert + “I don’t know” Alignment Evidence Q5 Please, give ONE specific example from today’s workshop where you saw a compliance requirement align with a product quality improvement. Be as concrete as possible.

Chunk 345

If you can’t think of one, write ‘none’. Free text Q6 Was this workshop a good use of your time?

Chunk 346

Why or why not? What could be improved?

Chunk 347

Free text Responsibility & Participation Q7 Based on your experience in today’s workshop, who should be primarily responsible for ensuring AI governance is successfully implemented at [company name]? Select the statement that best matches your view.

Chunk 348

5-point spectrum Q8 When a new AI governance requirement needs to be implemented at [company name], what level of developer participation should there be? 5-point IAP2 spectrum Q9 Do you have any other thoughts or feedback regarding the workshop or AI governance?

Chunk 349

Free text Table 4. Post-workshop survey questions.

Chunk 350

--- Page 24 --- FAccT ’26, June 25–28, 2026, Montreal, QC, Canada Jarvers & Papakyriakopoulos B.3 Observation Notes Template The external co-facilitator documented observations using a structured template organized by workshop phase. The template guided attention to specific dynamics while preserving flexibility for emergent observations.

Chunk 351

Phase Observation Focus Guiding Questions Phase 1: Introduction & Requirements (15 min) Initial reactions to AI Act presentation Engagement, skepticism, confusion, or interest? Language in participant questions Burden vs.

Chunk 352

opportunity framing? Phase 2: Status Quo Assessment (20 min) Group dynamics during Miro documentation Collaborative brainstorming vs.

Chunk 353

individual contributions? Task comprehension Is the task clear?

Chunk 354

Phase 3: Strategy Ideation (20 min) Compliance-quality connection Do participants naturally connect compliance to quality, or struggle to see alignment? Self-censoring despite instructions If yes, intervene: ‘imagine unlimited budget/time’ Solution character Creative/ambitious solutions vs.

Chunk 355

safe/obvious incremental fixes? Phase 4: Discussion & Prioritization (20 min) Participation patterns Who drives conversation?

Chunk 356

Who remains quiet? Impact definition How is ‘impact’ defined and reasoned about?

Chunk 357

Quality improvement mentioned? Decision dynamics Consensus patterns vs.

Chunk 358

conflicts? Deference to technical experts or leadership?

Chunk 359

Cross-cutting observations Quotes & language Statements revealing compliance-quality alignment (or disconnection) Dual role dynamics Instances where first author’s operational role might influence research outcomes Unexpected patterns Connections participants make that weren’t anticipated Table 5. Observation notes template used by external co-facilitator.

Chunk 360

The template structured systematic observation across workshop phases while allowing documentation of emergent findings.