When we spoke to governance leaders about their predictions for the wider GRC profession in 2026, their answers were less about distant hypotheticals and more about responding to forces already reshaping how organizations operate.
Whether these commentators sit in AI, governance, compliance, transformation, board oversight or enterprise risk, there is a shared view that incremental change will not be enough. The coming year will force organizations to rethink fundamentals rather than refine the margins.
Below, we run through the topics that will be top of mind for GRC professionals and legal counsel in the next 12 months.
AI is here to stay
AI governance sits at the center of many predictions. Nithya Das, general manager, governance at Diligent, frames 2026 as a decisive moment, saying, ‘In 2026, we anticipate that the pace of AI regulation will remain unpredictable and increasingly stringent.’
Rather than expecting clarity or simplification she points to mounting pressure driven by new and emerging laws. ‘As new laws, like California’s SB 53, set a precedent for nationwide regulatory trends, organizations will face mounting pressure to prove their AI systems are compliant, transparent, and ethical,’ she says, predicting a structural shift at the top of organizations. ‘2026 will mark a turning point, with boards and executive teams institutionalizing AI governance as a core competency,’ she explains, emphasizing that governance must be embedded through ‘continuous learning, proactive oversight and agile risk management.’
Nithya Das, general manager, governance at Diligent
For Das, the organizations that thrive will be those that view governance as ‘always evolving’ and capable of ‘strike[ing] the right balance between enabling innovation and maintaining trust.’
That balance becomes harder as AI adoption accelerates. ‘Over the past 12 months, we’ve seen AI become deeply embedded in day-to-day business operations,’ says Scott Bridgen, general manager of risk and audit at Diligent. Investment levels reinforce that trend. ‘With 67 percent of business leaders increasing their investment in AI, the momentum is undeniable,’ he explains.
But Bridgen is direct about the downside. ‘This presents huge opportunities for the C-suite, [but] it also introduces a new class of risks that are far more complex than traditional IT concerns.’ He lists threats that are no longer abstract: ‘Data misuse, algorithmic bias, uncontrolled model drift and potential legal or regulatory violations are not hypothetical.’ Looking ahead, he is unequivocal: ‘Rigorous AI governance is an absolute must for 2026.’
Governance expectations push on
Bridgen also argues that governance expectations are rising well beyond documentation. ‘It’s no longer enough to simply establish policies, risk registers and standard operating procedures,’ he says. Instead, organizations must embed ‘robust model testing, validation and ongoing assurance for every AI system they develop or procure.’ Continuous evaluation for ‘accuracy, fairness, explainability and compliance’ alongside ‘clear human oversight at every stage’ will be essential. For leadership teams under pressure to deliver results quickly Bridgen offers a warning: ‘Accelerating adoption without strong governance, controls and assurance mechanisms will expose the business to significant risk.’
Another complicating factor is that compliance – as a function – is also under strain. Amanda Carty, general manager of compliance solutions at Diligent, predicts that ‘in 2026, we anticipate that compliance will undergo a fundamental reset.’ The drivers are already visible. Organizations are grappling with ‘regulatory complexity and resource fatigue,’ a challenge that ‘61 percent of compliance teams experience.’
In response, Carty expects a shift toward ‘integrated, AI-enabled compliance frameworks that streamline processes, surface real-time insights, and strengthen accountability across the business.’ Automation will change the nature of the role itself. ‘With the introduction of AI and automation, we’ll see a reduction of manual burden, and compliance professionals will move into more strategic roles,’ she says, guiding decisions around ‘ethics, risk and corporate integrity.’
Amanda Carty, general manager of compliance solutions at Diligent
However, Carty stresses that tools will not deliver resilience unaided. ‘Technology alone won’t close the gap,’ she says. ‘Organizations will also need to invest in culture, training, and leadership to sustain resilient teams.’ Her vision of the next era is clear: ‘The next era of compliance will be defined not by checklists, but by confidence.’
Compliance as a wider discipline
Grant Ostler, industry principal atWorkiva, says the market has reached ‘a tipping point, driving organizations toward a complete reset in compliance’. As organizations enter 2026, the challenge will be ‘to move beyond basic compliance to deliver integrated financial and operational assurance.’
Ostler highlights data as the foundation of this shift. ‘The first priority for leadership should be to eliminate data silos that fragment risk information across the organization,’ he says, calling for GRC data to be unified with finance so that risk becomes ‘an integral part of business performance.’
Ostler is blunt about the dangers of fragmented systems. ‘When data is scattered across disparate systems and manual processes operated in silos by different departments, the ability to make data-supported, informed decisions is challenging at best,’ he says. Worse still, ‘applying new technology on top of poor-quality data can only create an efficient path to inaccuracy.’
By contrast ‘strategic unification provides continuous, comprehensive and enterprise-wide risk visibility’ and lays the groundwork for modern assurance. He also predicts a transformation in the role of GRC teams themselves. ‘To be truly effective, GRC functions like internal audit, compliance and risk management must shift from backward-looking compliance functions into objective-focused, forward-thinking intelligence engines,’ he explains.
Reporting expectations to shift
Changes to reporting requirements could further reshape compliance workloads. Chelsea Hall, industry principal at Workiva, points to comments from SEC Chair Paul Atkins suggesting a potential rule change that would allow companies to choose semi-annual or quarterly reporting. Such a move could ‘promote capital formation, reduce compliance costs and free companies to focus on longer-term results,’ she notes.
But Hall highlights the risks. ‘Even if companies stop filing quarterly 10-Qs, many would still likely publish news releases or update their websites with quarterly metrics,’ she says. Doing so ‘outside of today’s established, controlled filing processes could make reports more prone to error and erode investor confidence.’
Chelsea Hall, industry principal at Workiva
Her prediction is more nuanced: ‘After considering public comments, the SEC will end up reducing reporting requirements’ for certain categories of filers rather than eliminating quarterly reporting wholesale, she suggests. Regardless of structure, Hall emphasizes that ‘the need for trusted financial data supported by a robust control environment will remain just as pressing as it is today.’
At the board level the implications of these shifts are profound. Pippa Begg, CEO at Board Intelligence, notes that expectations of deregulation have not materialized. ‘Many expected Trump 2.0 and a pro-business Labour government in the UK to herald a new era of deregulation.’
That hasn’t happened, she says. Instead ‘regulation is evolving faster and becoming harder to predict than ever before.’ Boards now face ‘a twin challenge: to anticipate and to adapt.’ Begg argues that ‘the old compliance playbook, treating regulation as a downstream risk to be managed after decisions are made, no longer works.’ Successful boards will integrate foresight into strategy and ‘stop seeing policy changes as constraints and instead start seeing them as catalysts for better governance and long-term value.’
Pippa Begg, CEO at Board Intelligence
Begg also highlights cultural and behavioral shifts. ‘Anything that leads to less of a tick-box approach to corporate governance is welcome,’ she says, pointing to renewed emphasis on explanation rather than rote compliance. Investors are sharpening their focus too.
‘Activists increasingly use governance quality as a signal of board strength,’ she notes, with director competency on ESG becoming a visible benchmark. While language may fluctuate ‘authenticity has become a non-negotiable.’
Boards to grapple with technology risk
For boards, AI still presents perhaps the greatest challenge. ‘For boards, AI upends everything,’ Begg says, yet adoption remains slow: ‘More than half (54 percent) of the directors we surveyed told us that the threat of disruption from emerging technologies such as AI is not a standing item on their board agenda.’ Looking at 2026 she concludes that ‘the most effective boards will be those that embrace continuous, structured learning.’
Not all predictions place AI at the center of risk management solutions. Richard Seiersen, chief risk officer at Qualys, cautions against overconfidence in data-driven forecasting. ‘Using AI for compliance is going to expand in 2026,’ he says. ‘However, using AI based on previous data to manage future risk is not going to make the huge difference that some might think.’ He explains that many enterprise risks face ‘irreducible uncertainty’ where historical data offers limited guidance.
Richard Seiersen, chief risk officer at Qualys
‘The problem isn’t automation, it’s uncertainty,’ Seiersen says, arguing that expert judgment and structured forecasting will regain importance. For 2026 he advises organizations to be precise. ‘Mapping out your AI initiatives along with the related value at risk will be key.’
Regulators are unlikely to accept vague assurances. Joe Knight, senior managing director in the data and analytics practice at FTI Consulting, predicts that ‘AI governance in 2026 is moving from high-level principles to enforceable rules.’ Expectations will include ‘documented AI inventories, risk classifications, third-party due diligence and model lifecycle controls.’ While rules may vary, Knight expects convergence around ‘transparency, human oversight, security and bias mitigation.’ Governance will be measured ‘by clear KRIs or KPIs, not just policies on paper.’
Dera Nevin, managing director in the technology segment at FTI Consulting, broadens that message beyond compliance. ‘In 2026, AI governance will be about much more than regulatory compliance,’ she says. ‘It will be integral to doing good business.’ Organizations that build governance into how they develop and deploy AI will gain ‘competitive edge’ and be better positioned to ‘reduce related regulatory and litigation exposures.’
Taken together these predictions suggest that 2026 will not reward surface-level fixes. Whether through AI governance, compliance transformation or board capability, the message is consistent: the future of GRC belongs to organizations willing to invest in depth structure and judgment and to treat governance not as a burden, but as a driver of trust and performance.