This site is also available in:
The gap between investment and impact in IT has rarely been as wide as it is today. Companies spend millions on LLMs, copilots, agent systems and automation platforms and yet the effects often remain meagre.
Pilot projects fizzle out, use cases don’t scale, and in the end the question remains: where is the ROI? The answer is uncomfortable, but it is clear that the actual problem is rarely of a technological nature. It is a governance problem.
AI does not change software, it changes decisions
As long as artificial intelligence summarizes texts or generates images, it is a tool. Exciting, but manageable. However, as soon as AI begins to prioritize processes, evaluate risks, prepare decisions or execute processes autonomously, the role shifts fundamentally. The tool becomes an actor who has a say in decisions, often without anyone being able to understand why in detail.
This raises precisely one question: Who controls the decision-making logic? Who is responsible if a model rejects an application, misclassifies a customer or escalates a workflow? In classic software stacks, this question is trivial. In agent-based, AI-controlled systems, it quickly becomes existential, especially in regulated industries.
“AI doesn’t just change software, it changes who makes which decisions in a company. This is exactly where governance comes in.”
The problem
Why traditional AI projects fail
Most AI initiatives start locally: a chatbot in service, a co-pilot in development, isolated automation in the back office. This works in the short term, creates selective efficiency and looks good in every demo. What is missing is the structural embedding in the company’s process and decision-making architecture.
Without this embedding, typical patterns emerge that are repeated across industries:
01
Unclear responsibilities between business, IT and compliance.
02
Lack of traceability of AI decisions over time.
03
Shadow AI models and prompts that no one has officially released.
04
Inconsistent outputs because each team builds its own workflows.
05
Compliance risks that only become visible during the audit.
06
Lack of scalability because each use case remains an individual case.
The result: AI not only accelerates good decisions, but also bad ones, and at a speed that traditional control mechanisms cannot keep up with.
The solution
AI Governance Architecture
The answer to this problem is not another AI platform. It is an architectural approach that anchors AI in the process landscape rather than alongside it. At ONLU.CH, we build AI-native process architectures based on BPMN, DMN, Camunda and the Camunda fork CIB seven, supplemented by AI services and enterprise integrations.
“AI must not run outside the processes. AI must become part of governance.”
The idea behind it is simple: when an AI component makes a decision, this decision itself is a process step with input data, responsibility, escalation path and audit trail. This is exactly what BPMN models. This is exactly what DMN enforces. And this is exactly what a production-ready workflow engine like CIB seven does.
BPMN as the control layer of AI transformation
In many companies, BPMN is still seen purely as a modeling language – a pretty diagram that a business analyst draws before the developers build something “real”. This understanding is outdated. In the age of AI, BPMN is becoming a control layer on which people, models and systems can be orchestrated.
BPMN can be used to clearly define responsibilities, control escalations, integrate human approvals, document AI decisions and technically enforce compliance instead of just describing it in policies. Audit trails are not created retrospectively, but as a by-product of execution. This makes the difference between an AI prototype and a production-ready system.
Camunda and CIB seven as a foundation
In terms of technology, we at ONLU.CH rely on Camunda and above all on CIB seven, the open source fork of Camunda 7, which has become the natural migration path for many companies following the strategic switch from Camunda to the cloud platform.
CIB seven has three characteristics that are rarely found together in regulated industries:
Stability
Long-term stability thanks to a genuine open source community.
Independence
Technological independence from vendor roadmaps.
Compatibility
Full BPMN and DMN compatibility incl. On-Prem & Sovereign Cloud.
For Swiss banks and insurance companies, the option of operating the engine on-premise or in a sovereign cloud is no longer a detail but a strategic requirement.
Human-in-the-loop instead of blind automation
We do not believe in “AI replaces humans”. We believe in decision-making architectures in which AI and humans have clearly defined roles. AI analyses, prioritizes and recommends. Humans validate where scope, regulation or ambiguity require it. The governance layer checks that both roles follow their mandate – and the BPMN engine seamlessly documents who decided what and when.
The result is systems that the specialist area, risk and audit can trust equally: secure AI workflows, traceable decisions, controlled automation and regulatory security that is not only added after incidents.
AI orchestration instead of AI chaos
The future of enterprise AI does not lie in individual models, but in orchestrated decision-making processes. In practice, a realistic end-to-end flow rarely looks like “one LLM answers everything”. It looks more like this:
End-to-end flow
- Document upload by clerk or interface.
- OCR service for structured extraction.
- LLM analysis for classification and plausibility check.
- Risk scoring via deterministic rules.
- DMN decision on the further path.
- Human approval at defined threshold values.
- ERP or core bank update as the final action.
- Audit storage of the entire decision-making process.
“The BPMN engine thus becomes the company’s control center, governance layer and AI operating system.”
Particularly relevant for regulated industries
The approach particularly addresses those sectors in which “AI-first” alone is not enough:
Banking & Insurance
Pharma & Life Sciences
Public sector
Manufacturing & Energy
It is not enough for a model to provide good answers. It must be possible to prove why it gave precisely this answer – and under what conditions it would decide differently next time.
Compliance-by-design instead of compliance-as-cleanup.
This is exactly what the combination of BPMN, DMN, Camunda/CIB seven and integrated AI services delivers.
The central idea
AI transformation is not a tool issue. It is an architectural decision.
Those who introduce AI without governance are not only scaling speed, but also risks. On the other hand, those who combine process architecture, decision-making logic and AI in a consistent model will build a structural advantage – one that cannot be copied overnight.
AI without governance scales chaos.
BPMN makes AI controllable.
Camunda and CIB seven make it production-ready.
ONLU.CH turns it into real transformation.
Do you want to implement this in your company?
At ONLU.CH, we support you in setting up an AI governance architecture – from determining the location to the BPMN/DMN architecture to the productive workflow engine based on CIB seven.
