Key Takeaway
AI governance embedded in a model configuration is not governance infrastructure. It is configuration. When a vendor updates their model, the system prompts, guardrails, and behavioral constraints that organizations call governance change with it or disappear entirely. Genuine AI governance infrastructure is model-agnostic: it defines how AI outputs are evaluated, documented, and acted upon in a layer that sits above any specific model version. Three things must live in that layer: externalized decision logic that does not depend on a system prompt, audit trails that capture the governance record independently of the model that produced the output, and clinical context and permission state that the deploying organization controls. Organizations whose governance would not survive a model change do not have governance infrastructure. They have vendor dependency.
The Governance Configuration Problem: When Model Changes Break What You Thought You Had
A clinical documentation AI tool deployed at a regional hospital system had been in production for fourteen months when the vendor pushed a model update. The vendor did not announce the update as a governance event. They announced it as a performance improvement. But when the health system's compliance team reviewed the updated system against their AI governance documentation, they found a problem: the oversight criteria they had documented, the review thresholds their clinical staff were supposed to apply, and the escalation conditions they had described in their AI policy were all derived from how the previous model version behaved. Not from a governance layer that sat above the model. From the model itself.
The system prompt had changed. The model's output patterns had shifted. The review criteria the compliance team thought they had documented were now describing a system that no longer existed. And the AI governance infrastructure they believed they had in place turned out to be, on inspection, a description of a specific model configuration that was now out of date.
This scenario is not unusual. It is, in my experience, the pattern that emerges most reliably when organizations that believe they have AI governance undergo any kind of serious review. What they have is documentation of how their AI system behaved. Not a governance layer that would hold regardless of what the model does next.
The Assumption That Creates Exposure
Most health technology organizations assume that vendor-configured guardrails, system prompts that define clinical behavior, and fine-tuning that shapes model outputs constitute AI governance. They do not. They constitute vendor configuration. The organization does not own them, cannot audit them independently, and cannot guarantee they persist through a model update. Treating vendor configuration as governance infrastructure is the most common governance gap we find in health tech vendor assessments.
Why AI Governance Embedded in a Model Configuration Is Not Governance Infrastructure
The distinction between governance infrastructure and model configuration maps directly onto the distinction this blog has drawn since its first post: governance is not what an organization intends, it is what an organization has built to ensure its intentions are met. A system prompt is a statement of intent expressed in natural language, passed to a model, and subject to change whenever the model changes, the vendor updates their defaults, or the underlying weights are retrained.
Governance infrastructure, by contrast, is model-agnostic by design. It defines how AI outputs are handled regardless of which model produced them. It is enforced by systems the organization controls, not by a configuration the vendor maintains. And it creates records that survive model changes, because those records are generated by the governance layer, not by the model itself.
"AI governance that lives inside a model configuration is not governance infrastructure. It is configuration. When the model changes, the governance changes with it, or disappears."
The NIST AI RMF's GOVERN function makes this concrete. It requires organizations to establish accountability structures before AI deployment: defined roles, decision rights, and oversight responsibilities that exist at the organizational level, not at the model level. Those structures cannot live inside a model that a vendor can update without notice. If they do, they are not accountability structures. They are model behaviors that the organization has mistaken for accountability structures.
The Three Things That Must Live Outside the Model
Translating this into operational terms requires identifying specifically what must be model-agnostic in a clinical AI deployment. Three categories of governance-critical content must live in a layer above the model, in systems and documentation that the deploying organization controls independently of the vendor relationship.
Pillar 1 of 3
Externalized Decision Logic: Rules That Do Not Depend on a System Prompt
The criteria by which AI outputs are reviewed, accepted, or escalated must be documented outside the model and enforced by the oversight system, not by the model itself. In a clinical context, this means the review criteria a clinician applies to a sepsis prediction flag, the thresholds that determine whether a care management recommendation triggers a second review, and the conditions that escalate an AI-influenced decision to a senior clinician must exist in the organization's governance documentation and workflow design. Not in a system prompt that may or may not persist through the vendor's next update.
If an organization cannot produce a document that describes its AI review criteria independently of what any system prompt currently says, it does not have externalized decision logic. It has prompting.
In practice: Written oversight criteria for each clinical AI use case, maintained in the organization's governance documentation and updated through a formal change process, not automatically when the vendor updates their model configuration.
Pillar 2 of 3
Audit Trails That Are Model-Agnostic: Documenting Why, Not Just What
The record of what the AI system recommended, what the reviewer evaluated against, and what action was taken must be captured independently of the model that produced the output. An audit trail that depends on the model's own logging infrastructure can be disrupted by a model update. If the model changes how it generates explanations, logs its reasoning, or reports its confidence, the audit trail changes with it.
The governance layer must create the audit record, not the model. This means the organization's own systems capture: what output the AI produced, which version of the oversight criteria were in effect at the time of review, who reviewed the output and when, and what decision was made. That record is owned by the organization and survives any model change the vendor makes.
In practice: A logging architecture that captures governance-relevant events at the organizational layer, not exclusively through vendor-provided logging. The organization's audit trail and the model's output logs are distinct artifacts; only the organization's trail is a governance record.
Pillar 3 of 3
Clinical Context and Permission State: Owned by the Organization, Not the Vendor
Patient context, decision rights, permission states, and clinical workflow integrations must live in systems the deploying organization controls. An AI vendor that holds patient context as part of the model's session state, memory, or embedded configuration is holding governance-critical information that the organization cannot audit, correct, or retain independently of that vendor relationship.
This is the governance dimension where agentic AI systems create the greatest exposure. An agentic system that retains memory across sessions, manages patient context over time, and takes sequential actions is accumulating governance-critical state. If that state lives in the vendor's infrastructure rather than in systems the organization controls, the organization's ability to audit, correct, and account for that state depends entirely on the vendor's cooperation and continuity.
In practice: A data architecture that ensures patient context, workflow state, and permission records are held in organization-controlled systems, with AI systems accessing that state through defined interfaces rather than holding it internally.
Does your governance live above the model or inside it?
A 30-minute Clarity Session with Health-Vision.AI maps your current AI deployments to their governance architecture and identifies where governance-critical content is living inside vendor configuration it should not depend on.
Book a Clarity SessionWhat This Means for Health Tech Vendors and the Organizations That Deploy Them
For health technology vendors, model-agnostic governance is a procurement argument as much as a governance one. Enterprise healthcare buyers are increasingly asking for governance documentation that describes the system: how outputs are evaluated, what review criteria apply, how audit records are generated, and how clinical context is managed. Documentation that describes how a specific model version behaves is not what they are asking for, and it is not what satisfies regulatory review.
Vendors who can demonstrate that their governance architecture is model-agnostic — that their clients' oversight criteria, audit trails, and clinical context are held independently of the model layer — are vendors who can withstand a model update without triggering a governance gap in their clients' environments. That is a meaningful competitive differentiation in enterprise healthcare procurement, and it is increasingly a procurement requirement rather than a selling point.
For health systems deploying vendor AI, the question is symmetric: does your vendor's governance architecture allow you to maintain your own governance independently of their model decisions? If a vendor update changes the model behavior, can you detect the change, evaluate it against your documented oversight criteria, and decide whether your governance posture needs to be updated? If the answer is no, your governance posture is a function of your vendor's decisions, not of your organization's.
Agentic Village Framework
The Agentic Village AI Governance Framework's Archetype 2 (Autonomous High-Risk) specifically addresses AI deployments where governance-inside-the-model creates the greatest patient safety exposure: systems that take autonomous actions in clinical workflows with minimal human review at each step. For these systems, model-agnostic governance infrastructure is not an architectural preference. It is the baseline governance requirement. The free risk assessment at agenticvillage.net evaluates your AI deployments against these archetype-specific requirements.
The Practical Question: Would Your Governance Survive a Model Change?
The test for whether an organization has AI governance infrastructure or AI model configuration is direct. If your primary clinical AI vendor changed their model tomorrow — pushed a version update, retrained on new data, or modified their system prompt defaults — could you answer the following questions with reference to documentation your organization controls?
Do your oversight criteria still accurately describe the review process your clinical staff are applying?
Does your audit trail still reflect what actually happened, or did it depend on output formats the model no longer produces?
Do you know what changed, and does your change control process require you to re-evaluate governance before the updated system touches patients?
If the answer to any of these is no, the governance infrastructure is not where it needs to be. Not because something went wrong, but because most organizations have not yet separated the governance layer from the model layer. The model was the easier thing to deploy. The governance layer required building something the vendor did not provide.
That gap is addressable. It requires documenting oversight criteria independently of vendor configuration, building or integrating audit logging at the organizational layer, and establishing a change control process that treats model updates as governance events requiring review. None of those steps require replacing the AI system. They require building the governance infrastructure that makes the AI system defensible regardless of what version runs underneath it.
Key Takeaways
AI governance embedded in model configuration is not governance infrastructure. System prompts, vendor guardrails, and fine-tuned behaviors are vendor configuration. When the model changes, they change or disappear.
Genuine AI governance infrastructure is model-agnostic. It defines how AI outputs are evaluated, documented, and acted upon independently of which model produced them. It lives in a layer above the model, enforced by systems the organization controls.
Three things must live outside the model: externalized decision logic that does not depend on a system prompt, model-agnostic audit trails that capture the governance record at the organizational layer, and clinical context and permission state held in organization-controlled systems.
For health tech vendors, model-agnostic governance architecture is a procurement argument. Enterprise buyers are asking for governance documentation that describes the system, not the current model version.
For health systems, the question is whether your governance posture would survive a vendor model update. If not, the governance lives in the model rather than above it.
Model updates are governance events. An organization with genuine governance infrastructure treats them as such, evaluates the updated system against documented oversight criteria, and decides whether the governance posture needs to be updated before the new version touches patients.