The Four Pillars of Enterprise AI Governance — And Which Tools Cover Each

Enterprise AI governance is not a single problem. It is four distinct problems that look similar but require different tooling at different layers of the stack.

The four layers

Layer 1: Developer observability What happened during a specific AI call? Which prompt was sent, how did the model respond, what was the latency, did the output match expectations? Tools: LangSmith, Helicone, OpenTelemetry with GenAI semantic conventions.

Audience: engineers building AI features. Signal: prompt traces, span-level execution, model evaluation scores.

Layer 2: Infrastructure and cloud governance What are the compute costs underlying AI workloads? How is GPU spend allocated? What are the cloud resource costs for model hosting and inference? Tools: Vantage, Cloudability, Kion, AWS Cost Explorer.

Audience: platform engineers, cloud FinOps teams. Signal: compute spend, reserved capacity utilisation, cross-cloud allocation.

Layer 3: Vendor-scoped AI governance Which users are consuming which AI features from which vendor? What are the utilisation rates, policy violations, and compliance signals within a specific vendor's ecosystem? Tools: Microsoft Purview (for Microsoft AI), AWS Bedrock governance features (for Bedrock), IBM OpenScale (for Watsonx).

Audience: IT Administrators, compliance teams, security teams. Signal: vendor-specific usage, policy enforcement, data governance within a single vendor boundary.

Layer 4: Cross-vendor AI subscription intelligence What is the total cost, utilisation, governance posture, and compliance exposure across all AI vendors simultaneously? Which seats are wasting budget? Which use cases are high-risk under the EU AI Act? Which vendors have GPAI compliance gaps? Tools: PromptKing.

Audience: IT Directors, CFOs, FinOps leads, legal and compliance teams. Signal: cross-vendor seat utilisation, ghost seat detection, Annex III classification, Article 26 evidence, confidence grading, board-ready reporting.

Why this matters for stack design

The most common governance gap in enterprise AI is not missing tooling at Layer 1 or Layer 2. It is missing tooling at Layer 4.

Most organisations have LangSmith or equivalent for their development teams. Most have AWS Cost Explorer or Vantage for their cloud teams. Many have Purview for their Microsoft environments.

Almost none have a cross-vendor intelligence layer that sees all of it simultaneously — ghost seats across six vendors, EU AI Act exposure across every use case, confidence grades per connector, board-ready cost reporting that includes every vendor in a single number.

That is the gap PromptKing fills.

The Purview relationship

Microsoft Purview is an excellent tool at Layer 3 for Microsoft AI. It provides deep governance for Copilot, Copilot Studio, Azure OpenAI, and GitHub Copilot — prompt monitoring, sensitivity labels, DLP policies, audit logs, and EU AI Act assessment templates, all within the Microsoft boundary.

The word in that sentence is "boundary."

Purview cannot see Anthropic Claude (direct). Purview cannot see Google Gemini (direct). Purview cannot see AWS Bedrock, IBM Watsonx, xAI Grok, or self-hosted models. These vendors do not connect to the Microsoft tenant infrastructure that Purview monitors.

For an enterprise running six AI vendors, Purview covers two or three. PromptKing covers the other three or four — at Layer 4, not competing with Purview's Layer 3 coverage.

Both platforms export FOCUS 1.4 conformant data, which means their outputs can be combined in a single BI model. The governance picture becomes complete when both are present.

The OTEL relationship

OpenTelemetry is a Layer 1 tool. It captures spans, traces, and metrics at the execution level — how an AI call happened, what the model received, what it returned, how long it took.

PromptKing is a Layer 4 tool. It aggregates session-level metadata from vendor billing APIs to deliver cross-vendor cost intelligence, compliance classification, and governance evidence.

These tools do not overlap. A team running LangSmith for model evaluation and PromptKing for enterprise governance is correctly using both for their respective purposes. Neither replaces the other.

The question that helps position each correctly: "Who uses this data to make a decision?" Developer debugging a model output → Layer 1. CFO reviewing AI spend before a board meeting → Layer 4.

Building the complete stack

A complete enterprise AI governance stack in 2026 typically needs:

• Layer 1: LangSmith, Helicone, or OTEL for developer observability
• Layer 2: Vantage, Cloudability, or AWS Cost Explorer for cloud cost governance
• Layer 3: Microsoft Purview for Microsoft AI governance
• Layer 4: PromptKing for cross-vendor AI subscription intelligence

Each layer is necessary. None of them is sufficient on its own.

The EU AI Act August 2 deadline makes Layer 4 urgent in a way that did not exist 12 months ago. Annex III classification, Article 26 evidence packs, GPAI vendor compliance status — these are Layer 4 questions that no Layer 1, 2, or 3 tool is designed to answer.

See how PromptKing covers the cross-vendor layer →