Artificial intelligence governance is often reduced to technical compliance, obscuring its core function: the governance of decisions that carry institutional, legal, and social consequences. This article argues that effective AI governance is defined not by conformity to technical requirements, but by the legitimacy of AI-assisted decisions within public and organisational frameworks. By integrating insights from AI governance, digital forensics, and decision accountability, the analysis shows how compliance-driven approaches can coexist with governance failure when responsibility becomes diffused across systems, data pipelines, and human actors. The article reframes AI governance as a decision-centred practice, where explainability, traceability, contestability, and proportionality are essential to preserving authority and trust. Drawing on contemporary governance standards and policy research, the article highlights the distinction between governing of AI systems and governing with AI systems, demonstrating why legitimacy depends on reconstructible decision pathways rather than technical assurance alone. It concludes that governing AI means governing how institutions decide, ensuring accountability, oversight, and defensible reasoning in AI-assisted environments.