White paper summary
AI governance systems often assume someone can answer all setup questions directly: what actions are allowed, who has authority, what evidence is required, and when execution should be blocked or escalated.
In practice, those answers are scattered across policies, SOPs, forms, screenshots, audit findings, exception procedures, training materials, tickets, and informal practice. This paper argues that governance intake must come before runtime enforcement.
A sidecar cannot enforce governance that has never been extracted into executable form.