## 📈 AI Governance: A Strategic Imperative for Sri Lanka

The rapid integration of AI across banking, healthcare, and public administration necessitates a robust national governance framework to mitigate escalating ethical and security risks. • Current Global Context Global adoption of AI is accelerating, with major frameworks like the EU AI Act (2024) and Singapore’s Model AI Governance setting international standards. The 2026 data exposure incident involving a senior US CISA official highlights how even "For Official Use Only" data can be compromised via public AI platforms. • Systemic Organizational Risks Data Leakage: Research indicates 8.6% of employees have pasted company data into public tools like ChatGPT, with 4.7% including sensitive source code or client info. Training Vulnerability: Data submitted to public models may be stored and used for future training, leading to potential proprietary knowledge leakage. • Strategic Recommendations for Sri Lanka Framework Alignment: Adopting risk-based regulations similar to the EU and ISO/IEC 42001 standards to ensure global market alignment. Sectoral Guidelines: Establishing specific mandates for high-impact sectors like Finance, Telecom, and Logistics. Secure Alternatives: Moving toward enterprise-grade solutions (e.g., private models) with contractual guarantees on data isolation. • Conclusion Proactive governance is a competitive differentiator. Without it, Sri Lanka faces regulatory misalignment and a potential erosion of public trust in digital government initiatives.