
DR. JOHN VOURGANAS
MSc · PhD · CEng
AI Governance
Executive
AI systems in regulated environments don't fail because the technology is wrong.
Risk
Assurance
I design that layer. Then I build what sits beneath it.
Governance
Information systems, AI integration, and digital transformation, governed at the level where they actually carry regulatory and operational risk.
Where I Operate
I work at the level where AI strategy, regulatory accountability, and system architecture converge, in environments where the cost of getting it wrong is high.
My work covers four domains:
AI governance frameworks built for accountability, defensibility, and regulatory scrutiny, not compliance theatre
Risk architecture and model governance embedded as structural system properties, from design through to live deployment
Regulatory alignment across EU AI Act, GDPR, NIS2, ISO 42001, and Swiss revFADP, translated into operating models boards can stand behind
Executive advisory for CEOs, CTOs, and CROs navigating consequential AI adoption decisions in regulated environments
Information systems and enterprise AI integration designed as governed capability, so that adoption, transformation, and compliance hold together as one operating model rather than three competing agendas.

Dr. Vourganas
AI systems in regulated environments don't fail because the technology is wrong. They fail because the decision space was never explicitly designed.
I design that layer. Then I build what sits beneath it.
For over a decade I have operated at executive level in environments where AI governance failure means regulatory action, financial liability, clinical harm, or infrastructure exposure, holding accountability from board conversation to system architecture, across cybersecurity, financial services, digital health, and critical infrastructure.
I work with organisations across Swiss, UK, and EU markets, and directly with CEOs, CTOs, and CROs who need a thinking partner who holds the technical depth, the regulatory accountability, and the executive perspective simultaneously.
Where I Have Operated
Cybersecurity & Critical Infrastructure
AI systems in national security and critical infrastructure environments fail when decision processes lack transparency and human oversight. I have designed governance architectures for explainable threat detection, responsible automation, and resilient AI deployment in environments where operational failure has institutional and national consequences.
Digital Health
Clinical AI operates under strict safety, liability, and regulatory constraints. As CTO of a regulated digital health platform, I led AI development and governance under GDPR, MHRA, and NHS clinical safety frameworks, taking the system from concept to regulated pilot deployment in live patient care environments.
Financial Services
AI systems in regulated financial environments must withstand supervisory scrutiny, model risk review, and audit traceability. I design governance and explainability frameworks ensuring documented model accountability, regulatory alignment, and audit-ready lifecycle governance from design to deployment.
Digital Transformation and Enterprise AI
Most AI transformation programmes stall not on technology but on governance, integration, and organisational readiness. I lead enterprise AI adoption as a governed transformation: aligning information systems, risk architecture, and regulatory obligation into a single readiness model that boards can approve and operators can run.
Systems I Have Built
Private LLM Systems for Regulated Fintech
Large language models deployed in-house within a regulated payments perimeter, isolated from the cardholder data environment, with no public egress. A policy-enforcement gateway sits ahead of the model, handling identity and purpose validation, prompt-injection and data-loss controls, and tool authorisation; retrieval is confined to approved, access-controlled knowledge; consequential actions require human approval; and every interaction is written to an immutable audit trail. Designed from scratch to hold under PCI DSS and the EU AI Act.
Agentic AI Oversight System
A governance layer between autonomous AI agents and enterprise systems. Every consequential action an agent attempts, moving money, changing a customer record, accessing regulated data, is intercepted and evaluated by a deterministic policy engine against the agent's delegated authority, data classification, jurisdiction, financial impact, and current security posture, then allowed, restricted, routed for human approval, denied, or suspended. Approved actions execute under a single-use authorisation bound to the approved parameters, and the full decision and execution chain is recorded for audit. The system also discovers unauthorised Shadow AI across the organisation. Designed, built, and tested end to end.
Etheras. AI Cybersecurity & Governance Platform
An AI-driven cybersecurity and governance platform, conceived and built end to end. Explainability, bias detection, and real-time Tier 1 and Tier 2 auditing operate at its core, extended with counterintelligence, a layered governance-by-design architecture, zero-day detection, and an integrated attack-simulation lab. Governance is a structural property of the system, not an added control.
AI Governance Assessment Engine
An assessment engine built on a formal governance model. It scores an AI system across four structural dimensions, algorithmic fairness, model transparency, data governance, and human oversight, through a non-compensatory geometric scoring engine with sector-specific thresholds and a gate condition requiring every dimension to clear its floor. Each control is mapped to the specific obligation behind it across the EU AI Act, GDPR, ISO/IEC 42001, NIST AI RMF, and Swiss revFADP, and the output is a deployment determination with an executive action plan.
AI Governance Advisor
A retrieval-based advisory system grounded in current regulatory frameworks and real deployment experience. It answers specific governance questions, EU AI Act applicability, revFADP obligations, FINMA expectations for AI in financial services, with structured, cited responses drawn from the source frameworks rather than ungrounded generation.
Explainable AI and Model-Audit System
An explainability and model-audit system that exposes a model's reasoning, surfaces bias, and produces a traceable evidence record. Designed and built end to end, hardware to model, and proven in a regulated clinical setting: a home-based rehabilitation platform that guides patient recovery and detects 17 comorbidities while remaining interpretable and clinically defensible. This work established the principle, interpretable and auditable AI, that runs through the systems above.
Continuous Assurance and Regulatory Intelligence System (FCRAS) (In Development)
A platform that turns compliance from a periodic audit into a continuous operational process. Governed evidence pipelines ingest telemetry from across a fintech's estate, identity, SIEM, cloud, payment systems, AI registries, and an assurance engine tests whether controls are operating in real time, distinguishing a genuine control failure from missing or unreliable evidence rather than reporting false green. A regulatory-intelligence engine monitors legislation, supervisory guidance, and standards, isolates what changed, and maps each obligation to the affected systems, controls, and owners through a regulation-to-evidence knowledge graph. Currently at prototype stage.
Does Your AI System Pass Governance Scrutiny?
Most organisations find out their governance has gaps at the worst possible moment, during regulatory review, audit, or after a deployment failure.
This executive assessment evaluates your AI system's readiness across four structural dimensions, producing a deployment determination and executive action plan aligned with EU AI Act, ISO/IEC 42001, and Swiss revFADP.
No registration. No consultation required. Run it now.
Have a Governance Question?
Unsure how EU AI Act obligations apply to your system? Need to understand revFADP requirements for your deployment? Navigating FINMA expectations for AI in financial services?
The AI Governance Assistant provides structured, governance-aligned responses, grounded in international regulatory frameworks and real deployment experience across financial services, healthcare, cybersecurity, and critical infrastructure.
No registration. No consultation required. Ask now.
Applications of Machine Learning in Cyber Security: A Review
Journal of Cybersecurity and Privacy (MDPI), 2024
A structured review of ML and AI in cybersecurity, examining real-world applicability gaps and their implications for trustworthy, auditable AI governance.
Responsible AI for Home-Based Rehabilitation
Sensors (MDPI), 2021
An ethical AI framework for home-based rehabilitation, introducing a hybrid machine learning model demonstrating governance-by-design in regulated clinical environments.