AI governance: the framework most executive committees haven't set yet
Most organizations manage AI at the use-case level, not the governance level. It should be the other way around.
By Ludivine Gustave Dit Duflo
The problem isn't AI. It's the missing framework.
For two years, it's the question that keeps coming up across discussions, reading, and conversations with executives on the subject: "Which AI use cases should we prioritize?" That's the wrong question.
Before choosing use cases, an organization needs to answer three governance questions:
- Who decides? Which AI-related decisions stay at executive level, which are delegated, and on what criteria?
- Who is accountable? If an AI system fails, bias, error, drift, who bears responsibility, and to whom?
- What gets measured? Without governance indicators (not just performance ones), the organization is flying blind.
What I see in the field
The most advanced organizations aren't the ones that deployed the most use cases. They're the ones that set a governance framework before scaling deployments, a framework that clearly separates controlled experimentation from industrialization.
What needs deciding now
Three trade-offs can no longer wait:
- The acceptable level of risk by decision category (operational, strategic, regulated).
- The board's role in AI oversight, often absent from current governance charters.
- The line between automation and human decision, which cannot be left to each team's discretion.
These three trade-offs are governance matters, not technical ones. That's exactly why they belong at the executive committee level, and why they can't be delegated to the technical function alone.
Related topics