Governance & guardrails
AI governance consulting
AI governance consulting sets up the policies, controls, and review process that let your teams use AI without betting the company on it. That's the work we do, and unlike most firms selling it, we'll tell you what it costs before you talk to anyone.
What you get
Governance that exists only as a PDF is theater. We build the working version:
- an AI use policy your people can actually follow, not a manifesto
- access rules and data boundaries for every AI system and vendor tool
- a system inventory with risk tiering mapped to the NIST AI RMF and, where it applies, the EU AI Act's risk categories
- a review cadence and clear ownership, so someone is accountable when a model or a vendor changes
- the documentation trail auditors and enterprise customers ask for
How the engagement runs
We start small on purpose. The first step is a fixed-scope AI risk assessment: we inventory what you're running, tier the risk, and hand you a gap report with a first-90-days plan. If the honest recommendation is that a policy and an approved-tools list are all you need, that's what the report says. Implementation and ongoing advisory work follow only when the assessment shows they're worth paying for.
What it costs
The assessment is $20,000 to $80,000 over 3–6 weeks; where in that range depends on scope: how many systems and teams we assess, company size, and regulatory exposure. For context, published boutique ranges for a comparable 4 to 8 week governance maturity assessment run $25,000–$75,000. We publish our range because we'd want it published if we were buying, and because how consulting is priced is knowable (we wrote up the wider market in our guide to AI consulting rates).
What we don't do
We're not a certification body and we don't audit for a certificate; if you're headed for ISO 42001, we do the readiness work and an accredited body does the audit. We sell no training, resell no software, and take no vendor commissions, so a recommendation only ever has one reason behind it.
Who does the work
The senior people at Tillerbridge are Nick Major, an engineer, and Isaac Major, an operator. What you see in the first call is who does the work. Backgrounds are on the about page. If you need governance owned inside your leadership team rather than advised from outside, that's the fractional chief AI officer engagement, and standing up governance is its first-quarter deliverable.
Questions people ask
- What is AI governance consulting?
- It's help setting up the rules and controls around how your company uses AI: usage policies, access and data boundaries, risk tiering, review processes, and the paper trail that goes with them, usually mapped to a named framework like the NIST AI RMF or ISO/IEC 42001. The point is AI your auditors, lawyers, and operators can all live with.
- How much does AI governance consulting cost?
- Published boutique ranges run $25,000–$75,000 for a 4 to 8 week governance maturity assessment. Our fixed-scope assessment is $20,000 to $80,000 over 3–6 weeks; where in that range depends on scope: how many systems and teams we assess, company size, and regulatory exposure. Larger implementation and advisory work is scoped after that, only if the assessment earns it.
- Do we need governance if we only use vendor tools like Copilot or ChatGPT?
- Usually yes, just less of it. Vendor tools still move your data, make errors your staff act on, and show up in places you haven't inventoried. A policy, an approved-tools list, and data boundaries cover most of it. A risk assessment tells you whether you need more than that.
- Which frameworks do you work against?
- The NIST AI RMF, ISO/IEC 42001, and the EU AI Act where it applies to you. They overlap heavily, so we build controls once and map them to whichever regimes you have to answer to. We published the full comparison as an AI compliance framework crosswalk.
- How is this different from your AI risk assessment?
- The risk assessment is the fixed-scope first step: it finds and tiers the risk and hands you a plan. Governance consulting is the ongoing work of building and running the controls that plan calls for. Most clients start with the assessment.
Tell us about the work.
A few lines is enough. We read every enquiry ourselves and reply within one business day.