EW-AiRM™ · The Book
Wiley Finance, 2026. A practitioner's framework for governing AI risk across the organisation, by Prof. Markus Krebsz. With forewords by Tobias Adrian, IMF, and Prof. Tshilidzi Marwala, Rector of the United Nations University.

INSIDE THE BOOK
Part 1
Chapters 1 - 3
Before you can govern AI, you need to agree on what counts as AI in the first place. Part I opens with sixteen precise, working definitions, from traditional machine learning through to agentic AI, foundation models, shadow AI and device-embedded AI, so a boardroom conversation about "AI risk" is finally about the same thing for everyone in the room. It then turns an honest, unflinching eye on the frameworks you already have: exactly where COSO, ISO 31000 and the standard ERM toolkit hold up against AI risk, and exactly where they don't. Part I closes by laying out the EW-AiRM™ architecture itself, three layers, six pillars, one ethical filter, as the blueprint everything that follows is built from.
Part 2
The largest part of the book, and the one most organisations skip. Six chapters, one pillar each: whether a deployment is genuinely necessary, whether the organisation is actually ready to govern it (including a full AI literacy requirement by role, and a governance culture maturity model), whether the data and technology stack can support it (with dedicated coverage of quantum resilience in your AI cryptographic stack, years before most risk functions are thinking about it), how risk appetite and prioritisation actually get decided, and how accountability holds up under pressure, including a named table of Governance Theatre Warning Signs for spotting the difference between governance that looks right and governance that works. It closes with the KXI methodology for monitoring an AI system through its entire lifecycle, not just at deployment.
Part 3
The chapter that turns "ethical AI" from an aspiration into something you can actually assess. Each of HAiPECR's seven dimensions, Human oversight, Accountability, inclusivity, Privacy, Ethics, Conduct risk and Rights, gets its own cross-layer assessment table, mapped explicitly to UNESCO's 2021 Recommendation on the Ethics of Artificial Intelligence and the wider regulatory doctrine behind it. This is the shortest part in the book and the one doing the most structural work: HAiPECR doesn't sit beside the three layers, it runs through all of them, and this is where you see exactly how.
Part 4
The engine room. Chapter 11 works through the MIT AI Risk Repository's seven domains and twenty-four subdomains one by one, each with its own risk profile and EW-AiRM™ governance augmentation. Chapter 12 builds the enhanced control framework across four quadrants, including a fully worked example (hallucination risk, taken step by step through the four-step control-to-risk mapping methodology) so the method is demonstrated, not just described. Chapter 13 is where the framework meets the calendar: the five non-negotiable requirements with their specific failure modes, the three-tier implementation model from SME to enterprise, a five-stage roadmap (Assess, Enhance, Build, Implement, Sustain), and six named implementation pitfalls with how to prevent each one before it costs you.
Part 5
The most dramatic chapter in the book, and the most operational. Eight categories of AI Black Swan, from emergent capability and systemic foundation-model concentration through to multi-agent emergence and the coming quantum cryptographic transition, each with its own governance response, not just a description of the danger. A full multi-agent containment architecture. A complete incident classification taxonomy with severity tiers, regulatory notification obligations and a Severity 1 critical incident response protocol you could hand to a crisis team on the worst day of the year. It closes with the post-incident learning cycle, because resilience isn't just surviving the black swan, it's institutionalising what you learned from it.
Part 6
The book's closing argument, and its safeguard against its own obsolescence. A jurisdiction-by-jurisdiction map of the global regulatory landscape, and the business case for early compliance as competitive advantage rather than cost. Then the part that sets EW-AiRM™ apart from a framework frozen at publication: the Taxonomy Governance Protocol, the mechanism that keeps the framework's evidence base current as the field moves, plus a ranked hierarchy of four alternative sources should the MIT AI Risk Repository itself ever become unavailable. This is the chapter that answers the question every serious reader eventually asks: what happens to this framework in three years?

ABOUT THE AUTHOR
Board portfolio executive, AI governance practitioner, and author. Founder of De-Risking Solutions Ltd and the Human-Ai.Institute. Independent Non-Executive Director on the Supervisory Council of Revolut Bank UAB since 2017. Honorary Professor at the University of Stirling. Clinical Professor of Practice at Woxsen University. Author of UNECE ECE/TRADE/486 (Common Regulatory Arrangement, 2024). Member of the EU AI Office DG CNECT Expert Group, GPAI Code of Practice plenary participant, UNESCO I4T Network founding member, ForHumanity Certified Auditor. HAIPECR has been listed on the OECD AI Policy Observatory since April 2023.
Full bio →One email when the book is published. Optionally, the quarterly framework update. No other use of your address.
The Human-Ai.Institute is an independent Think/Do Tank convening multilateral and multi-stakeholder dialogue on AI governance. The Institute engages with the UN, UNESCO, OECD, the EU Commission, and governments worldwide.
Home of EW-AiRM™ — the open, three-layer framework for enterprise-wide AI risk management, grounded in publicly licensed standards and aligned with UNESCO, UNECE, NIST, ISO, and the EU AI Act.
Commercial consulting, training, and advisory services are provided by De-Risking Solutions Ltd. and RiskAi.Ai
AI & TECHNOLOGY SOLUTIONS
AI, Agentic tools and technology solutions are provided by Human-Ai.Solutions.
Listed on the OECD AI Policy Observatory · Founding member of the UN University AI Network · Aligned with UNESCO, UNECE WP.6, NIST, and ISO 42001
EW-AiRM™ and HAiPECRTM are trademarks of De-Risking Solutions Ltd., registered in England and Wales (Company Number 09900565). All rights reserved.
© 2026 The Human-Ai.Institute.