The Gate Nobody Likes
How to turn governance from a bottleneck into a capability that people actually want
Deep Dive #7 in “The Agentic Enterprise” Series
Governance shouldn’t be a gate you wait at. It should be a service that runs alongside you.
I want to start with a confession. For most of my career, I treated governance the way most engineers treat compliance: as an obstacle to be managed, a cost centre that slowed delivery without proportionate benefit. I wasn’t wrong about the governance I encountered. I was wrong about what governance could be.
The Gate Pathology
Gate governance has a seductive logic. You want oversight. Oversight requires review. Review requires the work to stop. Stop, examine, pass or reject, send on.
Three structural flaws make it fail.
It’s adversarial. The delivering team wants to pass; the governance team wants to find problems. Both want good outcomes, but the gate structure makes them opposed. Teams present favourably. Governance compensates by being more demanding. Teams engage more superficially. The cycle produces the opposite of genuine scrutiny.
It’s slow. Work must stop, be reviewed, and restart. Governance teams are under-resourced relative to volume. The latency compounds: delayed decisions create downstream delays, which compress future reviews, which reduces their quality.
It’s late. Work arrives substantially complete. Most decisions governance might influence have already been made. The review is retrospective scrutiny of a fait accompli, dressed up as forward-looking oversight.
The result: governance adds latency, creates adversarial dynamics, and generates feedback on locked-in decisions. Organisations route around it whenever possible — not from malice, but from mathematics.
The Counter-Model Already Exists
The best counter-model sits inside most engineering organisations, practised daily, generating enormous value, and largely unrecognised as governance: code review.
Code review is governance. A quality control mechanism applying external scrutiny before changes affect production. Structurally, it’s a gate. But well-practised code review doesn’t feel like one, because of four properties:
Granularity. Reviews happen per change, not per quarter. Feedback is specific and actionable. Rework is minimal.
Speed. Turnaround in hours, not weeks. Context is still fresh. Changes are still cheap.
Specificity. “This query will produce a full table scan — add an index on customer_id” versus “please review performance implications.” One is actionable. The other is noise.
Posture. The best reviewers are collaborators, not gatekeepers. Authors welcome review, share early drafts, ask for feedback before completion. The review is part of the process, not a hurdle at the end.
Continuous integration took this further: automated governance checks — tests, linters, security scanners — running on every proposed change. Hundreds of policy checks in seconds, with perfect consistency. The insight isn’t that automation replaces governance. It’s that governance can be decomposed: automate the questions with objectively correct answers, reserve human attention for genuine judgement calls.
Agentic Governance Architecture
AI agents change governance economics dramatically, making continuous parallel governance feasible at scale. This is the most immediate, high-value application of agents in the enterprise.
The AI governance layer handles the routine:
Policy compliance checks run continuously against work in progress, not at submission time. The team sees violations in real-time while changes are still cheap to make.
Pattern matching against known risk profiles flags concerns specific enough to act on: “This vendor contract lacks a data processing addendum required under GDPR Article 28” — not “please review data protection implications.”
Consistency validation ensures work aligns with organisational standards automatically. The AI has read every standard, every precedent, every exception granted. It doesn’t forget. It doesn’t have inconsistent days.
Audit trail generation happens as a byproduct of continuous review, not as a separate documentation exercise.
The human governance layer handles genuine judgement:
Novel risk assessment — situations the patterns haven’t seen before
Strategic alignment — does this direction serve where we’re going, not just where we are?
Ethical considerations and stakeholder tradeoffs
Edge cases where the right answer requires contextual wisdom, not pattern matching
What changes for teams:
Instead of preparing a governance submission package, teams work with continuous AI-assisted review from day one. The agent flags issues as they emerge. By the time work reaches human review, the routine checks are already passed, the specific risks are already identified, and the reviewer can focus entirely on the judgement calls that justify their expertise.
Instead of a three-week wait for feedback, teams get real-time signals. The governance cycle compresses from “submit and wait” to “continuous refinement.” The latency tax disappears.
Instead of an adversarial presentation, teams engage governance as a capability they draw on. The compliance function knows the risk landscape, the regulatory requirements, the organisational precedents. When teams access this knowledge continuously rather than at a gate, compliance becomes a competitive advantage: teams that engage it well produce better work with fewer late-stage surprises.
Risk calibration becomes automatic. The AI layer assesses work against a risk taxonomy and routes accordingly. Low-risk work gets automated approval with audit trail. Medium-risk work gets lightweight human review. High-risk work gets intensive human scrutiny. The overhead calibrates to the actual risk, not to a one-size-fits-all process.
Redesigning One Gate
The practical starting point: take one approval gate and redesign it as a parallel service.
Choose a gate that creates significant latency — architecture review, security sign-off, budget approval. Then:
Encode the checklist as an AI-assisted self-service tool. The questions governance always asks become automated checks teams run themselves. If the team passes all checks, formal review becomes confirmation, not discovery.
Create continuous engagement points. The governance function is available throughout the work, not just at the end. Brief check-ins, not formal reviews. Flag concerns while they’re still cheap to address.
Decompose the gate. Separate automatable checks (policy compliance, known risk patterns, consistency validation) from genuine judgement calls (strategic alignment, novel risk, ethical tradeoffs). AI handles the first category. Humans focus on the second.
Measure what matters. Track latency (submission to resolution) and team satisfaction (did governance add value?). Both should improve. If they don’t, iterate.
Reserve intensive human governance attention for genuinely complex cases: high-risk work, novel situations, edge cases the automated checks don’t cover. This is where human judgement is irreplaceable — and where governance earns its place.
Governance that runs alongside the work, challenging and strengthening it continuously, doesn’t need to be a gate. It makes teams better rather than slower. It’s a service every team wants access to, not a bottleneck every team tries to minimise.
Start there. One gate. Redesign it as a service. See what happens when governance stops being the enemy of delivery and starts being its ally.
Next in the series — Deep Dive #8: 4,000 Pages Nobody Reads — Why your wiki is a graveyard — and how executable knowledge replaces documentation that gathers dust