Most AI governance was built for the IT department: data, privacy, and bias. In energy, the decisions that can hurt someone live in OT. Governing AI as an IT problem leaves the highest-stakes decisions ungoverned. This is the case for fixing that.
By Matthew Bertram · President of ModalPoint, creator of Digital Information Governance® · 2026
There are two technology layers in every energy company. IT runs the data, the email, the ERP, the dashboards. OT (operational technology) runs the physical world: the control systems, the sensors, the SCADA, the safety-instrumented systems that open a valve, trip a compressor, or hold a wellhead inside its limits. AI is now making or shaping decisions in both layers. Almost every AI governance framework on the market was built for the first one.
That gap is the most dangerous unmanaged risk in energy AI today, and it is the reason a privacy policy and a model-risk checklist are not an AI governance program for an operator.
When AI gets an IT decision wrong, the damage is informational: a bad recommendation, a biased screen, a privacy exposure. Serious, governable, recoverable. When AI gets an OT decision wrong, the damage is physical: a missed integrity signal, a mis-timed shutdown, a control action no one reviewed. You cannot roll back a release or an incident. The stakes are not just higher in OT. They are a different kind of stakes, and they demand a different kind of governance.
IT governance asks "is the data protected and the model fair?" OT governance has to ask "who is accountable for this decision, could a human have caught it in time, and can we prove the oversight held?" Those are not the same questions, and the frameworks that answer the first do not answer the second.
Govern where the consequences are largest. For an operator that means the OT layer first, not the marketing stack. An AI governance program that never mentions the control room is governing the wrong building.
A model can read the sensor history and recommend the action. It cannot be licensed, certified, sued, or held responsible when the call is wrong. The accountable human is not a legacy cost to automate away. The accountable human is the control. Govern AI so a named person stays answerable for every decision that carries physical or legal weight.
IT governance logs data lineage. OT governance needs decision lineage: what the model recommended, who reviewed it, on what authority, and why they acted. That attestation, captured at decision time, is what turns "we have AI policies" into "we can prove our oversight held." This is the discipline of decision integrity.
Most OT-layer AI arrives inside vendor systems, not projects you launched. You are accountable for decisions made by models you did not build and cannot fully inspect. The first governance act is an honest inventory of where AI touches operations, including the suppliers' black boxes.
How AI represents your company to the outside world is its own control surface. When an AI search engine misstates what you do or how you operate, that becomes evidence a regulator, partner, or court can cite. Keeping a company accurately represented across AI systems is the externally-facing half of the same discipline. That is Digital Information Governance® (DIG®), and it belongs in the same program. See industrial and energy AI visibility.
This is no longer optional. NIST extended its AI work toward critical infrastructure across all sixteen sectors, which includes energy's OT environments. Texas put TRAIGA into effect, and the EU AI Act reaches companies with EU exposure. The common requirement is a defensible, documented account of how AI decisions are governed, in IT and in OT. See the NIST AI RMF guide and AI governance for energy companies.
In too many companies, AI risk is reported up through IT while OT AI runs unmonitored at the board level. The board cannot answer for what it cannot see. Oversight has to cross the IT/OT line, or the most consequential AI in the company stays invisible to the people legally responsible for it.
Energy does not get to treat AI governance as an IT housekeeping task. The industry runs physical systems where a wrong automated decision has physical consequences, under regulation that is arriving fast and asking who was accountable. Govern AI across IT and OT, keep a licensed human answerable for the decisions that matter, and prove the oversight held. The operators who do this will move faster with AI, not slower, because they will be the ones who can defend it.
This is the thesis behind the keynotes and the work. Matthew Bertram is an oil and gas AI keynote speaker, President of ModalPoint, and the creator of Digital Information Governance® (DIG®). He brings this to mainstage keynotes and closed-door board briefings.
Matthew delivers the OT-vs-IT governance case to energy boards and conferences. Check availability → · What boards need to know