top of page

Where I Operate

I work at the level where AI strategy, regulatory accountability, and system architecture converge, in environments where the cost of getting it wrong is high.

My work covers four domains:


AI governance frameworks built for accountability, defensibility, and regulatory scrutiny, not compliance theatre


Risk architecture and model governance embedded as structural system properties, from design through to live deployment


Regulatory alignment across EU AI Act, GDPR, NIS2, ISO 42001, and Swiss revFADP, translated into operating models boards can stand behind


Executive advisory for CEOs, CTOs, and CROs navigating consequential AI adoption decisions in regulated environments

Information systems and enterprise AI integration designed as governed capability, so that adoption, transformation, and compliance hold together as one operating model rather than three competing agendas.

Screenshot 2022-07-08 at 13_edited_edite

Dr. Vourganas

AI systems in regulated environments don't fail because the technology is wrong. They fail because the decision space was never explicitly designed.


I design that layer. Then I build what sits beneath it.

For over a decade I have operated at executive level in environments where AI governance failure means regulatory action, financial liability, clinical harm, or infrastructure exposure, holding accountability from board conversation to system architecture, across cybersecurity, financial services, digital health, and critical infrastructure.


I work with organisations across Swiss, UK, and EU markets,  and directly with CEOs, CTOs, and CROs who need a thinking partner who holds the technical depth, the regulatory accountability, and the executive perspective simultaneously.

Where I Have Operated
Cybersecurity & Critical Infrastructure

AI systems in national security and critical infrastructure environments fail when decision processes lack transparency and human oversight. I have designed governance architectures for explainable threat detection, responsible automation, and resilient AI deployment in environments where operational failure has institutional and national consequences.

Digital Health

Clinical AI operates under strict safety, liability, and regulatory constraints. As CTO of a regulated digital health platform, I led AI development and governance under GDPR, MHRA, and NHS clinical safety frameworks, taking the system from concept to regulated pilot deployment in live patient care environments.

Financial Services

AI systems in regulated financial environments must withstand supervisory scrutiny, model risk review, and audit traceability. I design governance and explainability frameworks ensuring documented model accountability, regulatory alignment, and audit-ready lifecycle governance from design to deployment.

Digital Transformation and Enterprise AI

Most AI transformation programmes stall not on technology but on governance, integration, and organisational readiness. I lead enterprise AI adoption as a governed transformation: aligning information systems, risk architecture, and regulatory obligation into a single readiness model that boards can approve and operators can run.

Systems I Have Built
Private LLM Systems for Regulated Fintech

Large language models deployed in-house within a regulated payments perimeter, isolated from the cardholder data environment, with no public egress. A policy-enforcement gateway sits ahead of the model, handling identity and purpose validation, prompt-injection and data-loss controls, and tool authorisation; retrieval is confined to approved, access-controlled knowledge; consequential actions require human approval; and every interaction is written to an immutable audit trail. Designed from scratch to hold under PCI DSS and the EU AI Act.

Agentic AI Oversight System

A governance layer between autonomous AI agents and enterprise systems. Every consequential action an agent attempts, moving money, changing a customer record, accessing regulated data, is intercepted and evaluated by a deterministic policy engine against the agent's delegated authority, data classification, jurisdiction, financial impact, and current security posture, then allowed, restricted, routed for human approval, denied, or suspended. Approved actions execute under a single-use authorisation bound to the approved parameters, and the full decision and execution chain is recorded for audit. The system also discovers unauthorised Shadow AI across the organisation. Designed, built, and tested end to end.

Etheras. AI Cybersecurity & Governance Platform

An AI-driven cybersecurity and governance platform, conceived and built end to end. Explainability, bias detection, and real-time Tier 1 and Tier 2 auditing operate at its core, extended with counterintelligence, a layered governance-by-design architecture, zero-day detection, and an integrated attack-simulation lab. Governance is a structural property of the system, not an added control.

AI Governance Assessment Engine

An assessment engine built on a formal governance model. It scores an AI system across four structural dimensions, algorithmic fairness, model transparency, data governance, and human oversight, through a non-compensatory geometric scoring engine with sector-specific thresholds and a gate condition requiring every dimension to clear its floor. Each control is mapped to the specific obligation behind it across the EU AI Act, GDPR, ISO/IEC 42001, NIST AI RMF, and Swiss revFADP, and the output is a deployment determination with an executive action plan.

AI Governance Advisor

A retrieval-based advisory system grounded in current regulatory frameworks and real deployment experience. It answers specific governance questions, EU AI Act applicability, revFADP obligations, FINMA expectations for AI in financial services, with structured, cited responses drawn from the source frameworks rather than ungrounded generation.

Explainable AI and Model-Audit System

An explainability and model-audit system that exposes a model's reasoning, surfaces bias, and produces a traceable evidence record. Designed and built end to end, hardware to model, and proven in a regulated clinical setting: a home-based rehabilitation platform that guides patient recovery and detects 17 comorbidities while remaining interpretable and clinically defensible. This work established the principle, interpretable and auditable AI, that runs through the systems above.

Continuous Assurance and Regulatory Intelligence System (FCRAS)  (In Development)

A platform that turns compliance from a periodic audit into a continuous operational process. Governed evidence pipelines ingest telemetry from across a fintech's estate, identity, SIEM, cloud, payment systems, AI registries, and an assurance engine tests whether controls are operating in real time, distinguishing a genuine control failure from missing or unreliable evidence rather than reporting false green. A regulatory-intelligence engine monitors legislation, supervisory guidance, and standards, isolates what changed, and maps each obligation to the affected systems, controls, and owners through a regulation-to-evidence knowledge graph. Currently at prototype stage.

Does Your AI System Pass Governance Scrutiny?

Most organisations find out their governance has gaps at the worst possible moment, during regulatory review, audit, or after a deployment failure.


This executive assessment evaluates your AI system's readiness across four structural dimensions,  producing a deployment determination and executive action plan aligned with EU AI Act, ISO/IEC 42001, and Swiss revFADP.


No registration. No consultation required. Run it now.

​[Run the Assessment →]

Have a Governance Question?

Unsure how EU AI Act obligations apply to your system? Need to understand revFADP requirements for your deployment? Navigating FINMA expectations for AI in financial services?


The AI Governance Assistant provides structured, governance-aligned responses, grounded in international regulatory frameworks and real deployment experience across financial services, healthcare, cybersecurity, and critical infrastructure.
No registration. No consultation required. Ask now.

[Ask the Assistant →]

c5cc93e7-f468-495a-9b2b-b2db8d667971 up.png
Applications of Machine Learning in Cyber Security: A Review

Journal of Cybersecurity and Privacy (MDPI), 2024

A structured review of ML and AI in cybersecurity, examining real-world applicability gaps and their implications for trustworthy, auditable AI governance.
​​​​​​

[Read the paper →]

Responsible AI for Home-Based Rehabilitation
Sensors (MDPI), 2021​​​

An ethical AI framework for home-based rehabilitation, introducing a hybrid machine learning model demonstrating governance-by-design in regulated clinical environments.

[Read the paper →]

Contact Information

  • LinkedIn

Thanks for submitting!

© Copyright
Research and applied experience spanning:

University of Cambridge · University of Strathclyde · Abertay University · University of Glasgow · University of Law
Industry partnerships across:

IBM · Siemens · European Space Agency · NHS · Macmillan Cancer Support · Intel
Government appointments across:
Hellenic Ministry of Development and Investments · Hellenic Air Force Academy · Hellenic Military Academy
bottom of page