It began quietly. A few meeting bots here, a transcription assistant there. However, in less than two years, AI has progressed from recording minutes to actively participating in the conversation.
Now, as machine-generated summaries, action points, and even recommendations flow through business channels, a new governance frontier has emerged, one that’s testing the limits of compliance across the world’s most regulated industries.
According to Theta Lake‘s 7th Annual Digital Communications Governance Report, based on data from 500 IT and compliance leaders in the financial services sector, 99 percent of firms are expanding AI in their unified communications ecosystems. Yet 88 percent say they’re struggling to govern AI-generated data and communications.
The rise of what Theta Lake terms “aiComms”; content produced by, or in collaboration with, AI, is now reshaping how risk, accountability, and compliance must be managed.
From Chat to Chaos: Understanding Risk and Compliance in the AI Era
The average financial firm now operates on six communication platforms, and the number using ten or more has more than tripled in a year. Each generates data with different retention, export, and security rules. Layer AI on top, from automated meeting summaries to synthetic assistants, and a single conversation can splinter into dozens of untracked data points.
Devin Redmond, CEO and co-founder of Theta Lake, said:
“Trying to bolt legacy compliance tools onto modern communication platforms is no longer sustainable. The volume and complexity of communications — now including AI participants — demand a unified, cloud-native governance model.”
The implications are far-reaching. Regulatory fines for “off-channel communications” already exceed billions in the financial services sector, and two-thirds of firms fear that employees are still using unmonitored apps. In parallel, 86 percent are increasing their compliance budgets, a rare consensus in a space under constant cost pressure.
When Legacy Compliance and Risk Meet the AI Age
Despite heavy investment, 62 percent of organisations admit they can’t easily reconstruct cross-channel conversations for investigation or audit. Nearly half struggle to migrate on-premise recordings to the cloud while maintaining chain-of-custody integrity.
Industry analyst Irwin Lazar, President at Metrigy, says this pattern extends beyond finance: “More than 65 percent of companies plan to increase spending on security and compliance to keep up with growing AI threats. Over 90 percent have either established or plan to establish a dedicated strategy for AI compliance.”
For CIOs, CISOs, and compliance chiefs, that means the governance model must evolve. Legacy compliance was built for humans. The next generation must be built for AI interlocutors, systems that learn, infer, and generate content autonomously.
The Path to Unified Governance
Theta Lake’s findings reflect a broader shift in compliance thinking. Rather than relying on point solutions for chat, voice, and video, enterprises are moving toward AI-native governance architectures capable of analysing all modalities, and their AI-generated offspring, in context.
The goal is not simply to record communications, but to understand them, encompassing intent, risk, and potential regulatory exposure, in real time. That’s the difference between compliance as a checkbox and compliance as a shield.
Key Takeaway
When the next regulatory inquiry arrives, your AI assistant’s notes may be Exhibit A.
As AI becomes a stakeholder in enterprise dialogue, leadership must decide whether to chase compliance with the technology or lead with it. The winners of the aiComms era will be those who treat governance not as a constraint but as a cornerstone of digital trust.
Theta Lake Sets Benchmark with “Industry First” Responsible AI ISO/IEC 42001 Certification
Last week, Theta Lake was awarded an ISO/IEC 42001 certification, vindicating transparency and trust in its AI functionality.
Theta Lake outlined that the new validation makes it the first AI-native vendor in DCGA to offer detailed transparency and explainability product capabilities. For tech leaders, especially those in regulated fields, this certification helps them understand that their provider’s use of AI is conducted securely.
This announcement is accompanied by a range of new features for the Theta Lake AI Governance and Inspection Suite, including the capability to detect AI jailbreaking and new API endpoints that integrate AI communications with observability and security platforms.
