October 29, 2025 - 4 min read
What Compliance Leaders Asked Us at GITEX
Irfan Shuttari
Director of Product Management, Arctera Insight eDiscovery
At GITEX, compliance leaders kept asking the same question: How do I govern AI like email?
AI isn’t waiting for policy to catch up. It’s already part of meetings, inboxes, and everyday business interactions.
Across our joint session with Microsoft, compliance, risk, and technology leaders all circled the same challenge: How to bring AI interactions under governance without slowing innovation.
The short answer? Treat AI interactions like every other regulated channel. The longer answer played out across dozens of conversations—and five questions rose to the top.
1. How do I supervise AI-generated interactions in day-to-day work?
Every regulated message—email, chat, or voice—gets captured, archived, and reviewed.
AI interactions shouldn’t be any different.
Leading firms are already capturing prompts and responses as first-class interaction records.
With Arctera Insight, those interactions flow into the same compliance pipeline that governs human communications, making them searchable, reviewable, and defensible.
It’s not about rebuilding governance; it’s about extending it.
Whether the interaction happens in Copilot, ChatGPT, or another AI assistant, the goal is the same: ensure those AI-prompted conversations are captured, retained, and supervised just like any other business exchange.
2. What counts as an “interaction” when it’s from AI?
If AI shapes what’s said, how it’s said, or who sees it—it’san interaction.
Prompts, AI-generated drafts, summaries, and contextual suggestions all influence business intent.
Regulators care less about who typed it and more about how it was created and shared.
That shift means surveillance programs must now account for AI’s role in shaping interactions, not just storing them.
3. Are regulators really asking for AI prompts and outputs?
Yes—and it’s happening faster than most expected.
Recent legal and regulatory actions show that AI interactions are already being treated as discoverable records.
In the U.S., the Tremblay v. OpenAI (2024) case required production of prompts and model responses in discovery, confirming that courts see these exchanges as part of the evidentiary record.
Across Europe, the EU AI Act takes a similar stance in principle: it requires organizations to maintain documentation and traceability for high-risk AI systems, including the data, logic, and human oversight influencing outcomes.
Together, these signal a clear direction of travel:
Courts and regulators are converging on a single expectation—AI interactions must be governed, preserved, and producible just like human communications.
4. How much AI-generated activity are we really talking about?
At enterprise scale, a self-hosting break-even point of ≈ 50 million tokens per month equals roughly 600 books of content—or about 25,000 AI-shaped emails every day.
That’s not pilot volume.
That’s business-critical scale.
Ignoring it doesn’t reduce risk—it only hides it.
5. How do we start governing AI without slowing innovation?
You don’t rebuild governance—you extend it.
The same principles that protect email and chat—capture, classify, retain, supervise—apply to AI-generated interactions.
With Arctera Insight, firms gain a unified view of human and AI interactions, closing compliance gaps while maintaining agility.
Governance becomes a growth enabler, not a bottleneck.
The Bigger Picture: Governance Must Catch Up
At GITEX, one theme echoed through every conversation: The safeguards of governance must evolve for AI.
Compliance teams already know how to oversee communication.
Now they need to include a new participant—AI itself.
Governance isn’t about slowing innovation; it’s about keeping it transparent, explainable, and defensible—the same principles that have guided resiliency in regulated industries for decades.
Quick Stats from the Session
That imbalance—between adoption and oversight—is exactly where the next phase of compliance leadership begins.
Hear it from the session: I shared how AI has become a first-class participant in enterprise communications—and why governance must catch up.
Listen to the clip:
What’s Next
Our next post dives deeper into the “how”: From Off-Channel to AI Channel — Why Prompts and Outputs Must Be Captured.
Until then, we invite you to explore Arctera Insight: www.arctera.io/compliance
AI is already part of your business interactions.
Your governance just needs to meet it there.