Janice Nand | ARQ Governance — AI, Robotics & Quantum Authority
Artificial Intelligence  ·  Robotics  ·  Quantum

ARQ Governance: The Strategic Foundation for Global Authority.

Bridging law, IT controls and board oversight — the rare convergence that turns regulatory exposure into procurement readiness. Confidential engagements only.

Get Your AI Risk Score Explore the ARQ Triad
Masters in Law ISO 42001 Lead Auditor Board Director
Confidentiality & Discretion

The clients are not on the website. That is the point.

Board-level governance work is conducted under fiduciary duty and written non-disclosure. We do not name our clients on this site, publish their testimonials, or surface their endorsements through automated feeds — even when anonymised. References are provided privately, with written client permission, after a scoping conversation.

Mutual NDAs by default

Every engagement begins with mutual non-disclosure. What is briefed in the room stays in the room.

Private references

Two named references — board chairs or general counsel — released privately after scoping, only with their written consent.

Aligned to international standards

All engagements aligned to ISO 42001, the EU AI Act, NIST AI RMF, ISO TC 299 and NIST PQC standards.

The Governance Triad

Three frontiers. One unified framework of accountability.

Most advisors govern one domain. Janice governs the convergence — interpreting multi-jurisdictional law, implementing auditable IT controls, and discharging board fiduciary duty across artificial intelligence, robotics, and quantum.

Pillar 01

AI Governance

ISO 42001 AI Management Systems and EU AI Act conformity — the structural foundation that maps to every emerging regulation.

ISO 42001 / EU AI Act →
Pillar 02

Robotics Safety

Governing the safety-critical actuation layer — where AI perception meets physical action in unstructured environments.

ISO TC 299 →
Pillar 03

Quantum Resilience

Post-quantum cryptography roadmaps that move boards from unawareness to strategic resilience ahead of "Q-Day".

PQC Roadmaps →
71%

Of large enterprises plan to align with ISO 42001 by 2027.

95%

Of organizations see zero ROI on AI — a failure of oversight, not technology.

Aug '26

EU AI Act enforcement begins — the catalyst for board-level accountability.

3-in-1

Law, IT controls and board oversight — unified in a single advisor.

Complimentary Diagnostic

The Shadow AI Discovery Tool

Unsanctioned AI is already inside your organization. Map your exposure in minutes — uncover where ungoverned models touch customer data, and receive a board-ready summary of your regulatory blind spots.

Discover Your Shadow AI
Begin With Clarity

Know where you stand before the regulator does.

The AI Risk Score is a guided, multi-step assessment that benchmarks your governance posture against ISO 42001 and the 2026 regulatory landscape.

Get Your AI Risk Score
The Profile

The Triple-Threat Profile: a convergence the market cannot replicate.

Legal professionals without IT depth cannot verify that abstract ethics translate into auditable code. Technologists without legal training cannot navigate suitability and fiduciary standards. Janice Nand is fluent in all three.

Vector One

Masters in Law

An LLM-credentialed legal mind that interprets complex, multi-jurisdictional regulation — and renders it actionable for directors and counsel.

  • / EU AI Act tiered risk & conformity
  • / Colorado SB 205 & NYC Local Law 144
  • / Fiduciary duty in the algorithmic age
  • / Global data sovereignty (GDPR / PIPL)
Vector Two

Deep IT Expertise

An extensive technology background that verifies governance is "built-in, not bolted-on" — from gateway-layer controls to model observability.

  • / Auditable technical control implementation
  • / Gateway-layer governance & runtime defense
  • / Agentic AI decision-boundary design
  • / Bias, drift & model-risk evaluation
Vector Three

ISO 42001 Lead Auditor

One of an estimated 50–60 qualified ISO 42001 professionals worldwide — credentialed to prepare organizations for certification and to audit AI Management Systems.

  • / Full AIMS build & certification readiness
  • / Annex A controls & evidence mapping
  • / Third-party & internal audit capacity
  • / Integration with ISO 27001 / ISO 9001
Governance Alpha

The ability to generate excess value by merging three traditionally siloed domains.

Janice's "triple-threat" profile addresses the three primary vectors of organizational anxiety simultaneously: the interpretation of complex law, the technical implementation of auditable IT controls, and the strategic fiduciary duties of the corporate board.

Backed by profound board experience, she positions governance not as an operational cost — but as the procurement gate that unblocks her clients' revenue.

LLM

Master of Laws

ISO 42001

Lead Auditor

Board

Director-level experience

JN

Janice Nand

[ Professional portrait — drop in licensed photography here ]

See how that profile maps to your organization.

Get Your AI Risk Score
The ARQ Triad

Three pillars of governance for the autonomous era.

AI, Robotics and Quantum are converging faster than oversight can adapt. Each pillar is a distinct discipline — and together they form a single, defensible standard of care.

Pillar 01

AI Governance

ISO 42001  ·  EU AI Act

ISO/IEC 42001 is the first certifiable standard for AI Management Systems — and the structural foundation that maps to every other emerging framework, from the NIST AI RMF to Colorado SB 205. Janice positions it as the procurement gate: the credential that keeps your sales team unblocked as Fortune 500 buyers add "ISO 42001 certified or roadmap" clauses to vendor questionnaires.

Scoping & Gap

AI inventory diagnostics that surface shadow AI and regulatory exposure.

AIMS Build

Policy drafting, Annex A controls and board-level accountability.

Audit & Certify

Internal audit or liaison for accredited certification bodies.

Pillar 02

Robotics Safety

ISO TC 299  ·  IEEE P7000

Robotics adds the layer of physical actuation and human-robot interaction. As systems move from fixed industrial arms into dynamic, unstructured environments, governance friction multiplies. Janice governs multimodal safety compliance — where AI-enabled perception meets machine-executed action — and advises boards on the liability implications of fail-safe design and autonomous-system transparency.

Collaborative Safety

Audits against ISO TC 299 collaborative robot standards.

D&O Risk

Board advisory on systemic resilience of robotic fleets.

Lifecycle

Decommissioning governance for energy & defense sectors.

Pillar 03

Quantum Resilience

PQC Roadmaps  ·  NIST PQC

Quantum computing is a dual-use revolution — and an existential threat to global cryptography. Janice's Quantum-Safe Migration Roadmap moves boards from unawareness to strategic resilience: mapping cryptographic exposure, phasing migration to NIST-approved post-quantum standards, and establishing the quantum committee charter that treats cybersecurity as a strategic — not technical — risk.

Map Exposure

Inventory cryptographic assets and quantify "harvest now, decrypt later" risk.

PQC Migration

Phased adoption of post-quantum standards with disclosure alignment.

Readiness Index

Board self-assessment across governance, risk and technology agility.

Which pillar is your board least prepared for?

The AI Risk Score assessment will tell you — across all three.

Get Your AI Risk Score
The Governance Suite

Authority, productized. From self-serve toolkits to fractional leadership.

A tiered path that decouples world-class governance from billable hours — so organizations of every size can access the ARQ framework.

Tier 01 · Self-Serve

Governance Checklists

Done-for-you compliance assets for GRC managers and lean teams ready to do 80% of the work internally.

On Application

Released after a short discovery call to confirm fit.

  • / 57-point ISO 42001 compliance checklist
  • / All 38 Annex A controls with evidence requirements
  • / Ready-to-use AI policy templates
  • / Quantum Readiness Index self-assessment
  • / Lifetime updates for 2026 regulatory changes
Tier 02 · Guided Most Popular

Executive Toolkits

Cohort-based programs and board toolkits that turn legal and board leaders into AI-fluent directors.

On Application

Cohort places confirmed by invitation; per-seat scoped to cohort size.

  • / Live workshops & office hours with Janice
  • / "AI Strategy for Legal & Board Leaders" curriculum
  • / Quantum-Ready Board Toolkit & committee charter
  • / Translating AI jargon into legal liability
  • / Everything in Tier 01 included
Tier 03 · Embedded

Fractional CAIO Retainer

Ongoing Chief AI Officer leadership — board briefings, risk monitoring and incident-response advisory.

On Application

Scoped to organisation size, sector and risk profile.

  • / Quarterly board briefings & risk heatmaps
  • / Continuous drift detection & vendor risk reviews
  • / Real-time regulatory incident-response advisory
  • / Framed as reputational & regulatory-fine insurance
  • / Everything in Tiers 01 & 02 included

Indicative pricing. All engagements are scoped to organizational size and risk profile.

Scoping & Engagement

Engagements begin with a private scoping call.

All engagements are scoped to organisational size, sector, and risk profile. Fees, billing currency, and payment terms are confirmed during scoping under mutual non-disclosure. No public checkout — by design.

Engagement Terms
  • / Mutual NDA executed before scoping
  • / Statement of work in your preferred currency
  • / Indicative fee ranges shared privately
  • / Payment via approved enterprise channel
Request Scoping Call
Complimentary Assessment

Get Your AI Risk Score.

A guided, multi-step assessment benchmarking your governance posture against ISO 42001 and the 2026 regulatory landscape. Takes about four minutes. Board-ready summary delivered to your inbox.

1
2
3
4

GHL Multi-Step Survey Embed Slot

AI Risk Score Assessment

Your GoHighLevel survey will render here — step 1 of 4. The visual progress bar above mirrors the survey's native steps.

Step 1

Organization profile & AI footprint

Step 2

Regulatory exposure (EU AI Act, SB 205)

Step 3

Controls maturity & board oversight

Step 4

Corporate email — receive your score

Powered by GHL Surveys · Results scored against ISO 42001 & 2026 regulatory updates

Lead Diagnostic

The Shadow AI Discovery Tool.

Unsanctioned AI is already inside your organization — in browser extensions, vendor features, and employee workflows. Map your exposure and receive a board-ready summary of the regulatory blind spots hiding in plain sight.

Why It Matters

From unregulated experimentation to strict accountability.

The market has shifted. Governance is no longer an operational cost — it is a prerequisite for market access and procurement. Yet most boards are authorizing AI investment with limited visibility into what is actually deployed.

01

Surface the inventory

Identify where ungoverned models touch customer data and sensitive workflows.

02

Quantify the exposure

Map each finding to EU AI Act, ISO 42001 and sector-specific obligations.

03

Brief the board

Receive a one-page residual-risk summary written for directors, not engineers.

Start the Discovery

Map your Shadow AI exposure

Enter your corporate email to begin. Results are delivered instantly and confidentially.

Corporate domains only — free email providers are filtered by the GHL funnel.

GHL Funnel Embed Slot

Engage

Begin the governance conversation.

Whether you are scoping a diagnostic engagement, reserving a cohort seat, or exploring a Fractional CAIO retainer — start here.

LinkedIn
Janice Nand — ARQ Governance
Conversation AI
Use the assistant in the corner — trained on ISO 42001 and 2026 regulatory updates — for an instant answer.

GHL Contact Form Embed Slot

Insights

The Regulatory Watchtower.

Pattern recognition for directors, counsel and CIOs navigating the convergence of AI, robotics and quantum.

All Regulatory Watchtower ARQ Framework Boardroom Insider Quantum
Regulatory Watchtower 14 May 2026 · 4 min read

Why the EU AI Act's High-Risk Classification Will Reshape Your HR Tech Stack by 2027

Most boards have read the headlines about €35M fines. Few have read Annex III. Under the EU AI Act, any system that "evaluates candidates" — from sourcing tools that rank LinkedIn profiles to interview-summarisation copilots that quietly transcribe and score — falls into the high-risk classification once enforcement begins in August. That classification is not a label; it is a workflow. It triggers conformity assessment obligations, human-oversight requirements, post-market monitoring, and a fundamental-rights impact assessment that must be evidenced before the system is deployed. For most HR tech stacks built between 2022 and 2025, none of those artefacts exist. The cost is rarely the fine. It is the procurement freeze that follows when your enterprise customers — who are now liable as deployers — ask for your conformity documentation and you cannot produce it. This piece walks through the three vendor categories most at risk, the four documents to assemble in the next ninety days, and the one clause counsel should be inserting into every renewal.

Continue reading →
ARQ Framework 7 May 2026 · 5 min read

ISO 42001 vs NIST AI RMF: Why You Need the Standard, Not Just the Framework

Boards routinely ask whether the NIST AI Risk Management Framework is "enough." It is an excellent framework — Govern, Map, Measure, Manage are the right verbs — but a framework is not a management system. ISO/IEC 42001 is the first certifiable standard for AI Management Systems, and it follows the Annex SL high-level structure that integrates with ISO 27001 and 9001 systems your organisation may already operate. The practical difference shows up at procurement. NIST conformance is a self-attestation; ISO 42001 certification is an external auditor signing their professional reputation to a recurring assessment. When a Fortune 500 buyer adds "ISO 42001 certified or roadmap" to a vendor questionnaire — and many already have — a framework alignment statement will not unblock the deal. The architectural recommendation is to treat ISO 42001 as the structural foundation, then map NIST controls into it as one of several evidence sources. This article walks through the integration premium for organisations with an existing ISMS, and the three Annex A controls that most often surface gaps.

Continue reading →
Boardroom Insider 29 April 2026 · 3 min read

Stop Asking for AI "Updates." Start Asking for Residual Risk Heatmaps

If your board papers contain a slide titled "AI Update" with three green ticks and a deployment count, your board does not have oversight. It has reassurance theatre. The fiduciary question is not "what are we doing with AI"; it is "what is the residual risk after our controls, by use case, expressed in the same colour as everything else we monitor." Residual risk heatmaps force three useful conversations management often avoids: which models could not be mitigated and were therefore retired (and why); where inherent risk is high but control maturity is low (the actual board attention zone); and which use cases have shifted classification since the last meeting. The change is administrative, not technological. It turns AI from a vague capability narrative into a comparable line item alongside cyber, regulatory and operational risk. Once you have asked for it twice, the conversation in the room shifts.

Continue reading →
Quantum 22 April 2026 · 4 min read

Q-Day and the Board: Three Questions Every Director Should Ask About Quantum Risk

"Q-Day" is the shorthand for the moment a sufficiently capable quantum computer can defeat the asymmetric cryptography underpinning most secure communications. Reasonable people disagree on the date. None disagree that "harvest now, decrypt later" — the practice of intercepting encrypted traffic today to decrypt it once Q-Day arrives — is already happening. That makes quantum a present-tense board issue, not a future one. The three questions every director should be asking management are deceptively simple. What is our risk exposure if data captured today is decrypted tomorrow? What is our migration roadmap to NIST-approved post-quantum cryptography, and which classes of asset move first? Do we have the talent — internally or on retainer — to govern this transition? The first question quantifies the asset; the second sequences the work; the third tests the bench.

Continue reading →
ARQ Framework 15 April 2026 · 5 min read

Governing Agentic AI: Why "Decision Boundaries" Matter More Than "Guardrails"

The word "guardrail" has become a comfort blanket. It implies an edge the system bounces off — passive, retrospective, and almost always reactive. The governance question for agentic AI is the opposite: where, deliberately, do we let the agent act, and where, deliberately, must it escalate to a human? That is a decision boundary, and it is the single most useful artefact your AI risk register can produce. Decision boundaries are codified at three layers. At the gateway layer, virtual keys and rate limits enforce policy per developer, team or product line. At the model layer, runtime defence actively blocks requests that violate safety or privacy rules. At the workflow layer, the agent's action space is enumerated explicitly, and any action outside that space generates a human-in-the-loop ticket. Boards do not need to understand the implementation. They need to ask whether decision boundaries exist, who owns each, and where the audit log lives.

Continue reading →
Regulatory Watchtower 8 April 2026 · 4 min read

Colorado SB 205: How "Reasonable Care" Just Made ISO 42001 a Legal Shield

Colorado's Senate Bill 205 is the first US state law to explicitly recognise an ISO 42001-aligned risk-management programme as evidence of "reasonable care" against algorithmic-discrimination claims. The legal mechanism is quietly important. "Reasonable care" is a familiar tort standard, and when a statute names a specific framework as evidence of it, plaintiffs' counsel must overcome that evidence rather than start from blank. For organisations operating across multiple US states, the practical consequence is that ISO 42001 stops being a procurement asset and starts being a litigation shield. Build the AIMS once, point to it across jurisdictions. The compliance argument writes itself when New York Local Law 144's bias-audit obligations, Colorado's reasonable-care standard, and the EU AI Act's conformity assessments all map to the same underlying management system.

Continue reading →
Subscribe

The Regulatory Watchtower, in your inbox.

Fortnightly. Pattern recognition for directors and counsel. No promotions, no fluff.

By subscribing you agree to the Privacy & Terms.

Signature Topics

Five keynotes built for boards, not basements.

Keynote 01

The ARQ Triad: Three Frontiers, One Standard of Care

Why AI, Robotics and Quantum cannot be governed in three separate committees — and the operating model that unifies them under board oversight.

Keynote 02

EU AI Act: The Procurement Gate Hidden in Plain Sight

Why the next year of enterprise procurement, not regulatory enforcement, will determine who wins the AI build-out — and the four documents that unblock the deal.

Keynote 03

Quantum-Safe by Design: The Board's Five-Year Migration

How directors should sequence post-quantum cryptography migration without holding the business hostage to a date no one can predict.

Keynote 04

Governing Agentic AI: From Guardrails to Decision Boundaries

The shift from passive controls to enumerated action spaces — and why "human-in-the-loop" is a design choice, not a slogan.

Keynote 05

Residual Risk, Not Reassurance: A Director's Toolkit

Re-engineering the AI agenda item from "update slide" to a heatmap that sits alongside cyber, regulatory and operational risk in every board pack.

Bespoke

Custom Briefings

Closed-door sessions for individual boards, audit & risk committees, and executive leadership teams. Confidentiality assumed.

Engagement Formats

Choose the format that fits the room.

Keynote (45–60 min)

Conference plenary or industry summit; one signature topic, audience Q&A.

Board Briefing (90 min)

Closed session for the full board or audit & risk committee.

Executive Workshop (half-day)

C-suite working session that ends with a one-page residual-risk artefact.

Panel Moderation & Fireside

Structured conversation with industry leaders; recorded and unrecorded formats supported.

Recent Stages

Where the conversations have happened.

Selected stages below. A full list, with dates and recordings where available, is shared with confirmed bookings on request.

  • / Director summits — board technology & risk tracks
  • / Global privacy & AI-governance conferences
  • / Audit & compliance professional forums (ISO 42001)
  • / University executive-education programmes
  • / Closed-door board briefings (organisations omitted by NDA)

A curated list. Closed-door engagements omitted by default; references provided on request, with client permission.

Booking, media enquiries, and press requests.

Confirmed bookings within ten business days. Press requests on regulatory developments responded to same-day where possible.

Book or Enquire Press Desk
Legal

Privacy & Terms.

Last updated: 14 May 2026. Template prepared for janicenand.com — review by qualified legal counsel before publication.

1. Who we are

This website is operated by Janice Nand. For enquiries about this notice contact [email protected].

2. What we collect

We collect only information needed to respond to your enquiry, deliver a requested asset, or run a contracted engagement:

  • Identity and contact data — name, work email, organisation, role.
  • Engagement context — information you provide in a form, survey or briefing request.
  • Technical data — IP address, browser type, and basic analytics events via standard server logs and our hosting provider.

We do not knowingly collect sensitive personal information through this website.

3. How we use it

We use information you submit to: respond to enquiries; deliver the AI Risk Score, Shadow AI Discovery summary, and Regulatory Watchtower newsletter where you have opted in; operate and improve the website and our services; meet our legal, regulatory and professional obligations. We do not sell personal information.

4. Who processes it on our behalf

We use service providers to operate the website: our forms, survey, payments and conversational-AI platform (GoHighLevel), our email and calendar tools, and our analytics provider. Each is bound by a written processing agreement.

5. International transfers

Our service providers may process information in jurisdictions other than your own. Where required, transfers rely on appropriate safeguards such as standard contractual clauses.

6. Retention

We retain personal information for as long as needed for the purpose it was collected and any legal, accounting or contractual obligations that follow.

7. Your rights

Depending on where you reside, you may have the right to access, correct, delete, restrict or object to processing of your personal information, and to data portability. EU/UK residents have rights under the GDPR; Australian residents under the Privacy Act 1988; California residents under the CCPA/CPRA. To exercise any right, email [email protected].

8. Cookies and analytics

We use strictly necessary cookies and, where you consent, a privacy-respecting analytics provider that does not use third-party advertising cookies.

9. Security

We apply commercially reasonable safeguards. No system is perfectly secure; please use discretion when submitting information through any web form.

10. Children

This website is not directed to children under 16, and we do not knowingly collect their personal information.

11. Changes to this notice

We may update this notice from time to time. Material changes will be indicated by a revised "Last updated" date.

12. Terms of use

All content is general information about governance frameworks and standards. It does not constitute legal advice, a regulatory opinion, or audit findings. No solicitor–client, consultant–client, or fiduciary relationship is created by accessing this site. Services are governed solely by individual statements of work and engagement letters.

Content is the intellectual property of Janice Nand unless otherwise indicated. You may share excerpts with attribution; please do not reproduce in full without permission.

13. Contact

Privacy: [email protected]. General: [email protected].

Note for the site owner. Starting-point template only. Review and sign-off by qualified legal counsel familiar with the privacy and consumer-law regimes that apply to your operations is required before publication.

JN
Janice Nand
ARQ Governance

The strategic foundation for global authority across Artificial Intelligence, Robotics and Quantum governance.

Navigate
Home The Profile ARQ Triad Governance Suite Insights Speaking & Media
The ARQ Triad
AI Governance — ISO 42001 / EU AI Act Robotics Safety — ISO TC 299 Quantum Resilience — PQC Roadmaps
Engage
Get Your AI Risk Score Shadow AI Discovery Tool Contact Privacy & Terms

© 2026 Janice Nand · ARQ Governance. All rights reserved.

Conversation AI trained on ISO 42001 & the 2026 regulatory landscape.

Content on this site is general information about governance frameworks and standards. It does not constitute legal advice, regulatory opinion, or audit findings. Client identities, engagement details and fees are kept confidential by policy; references shared privately on request. Engagements are governed by individual statements of work.