The Real Question to Ask About AI Governance

· Source: MIT Sloan Management Review · Field: Business & Management — Corporate Strategy & Leadership, Operations & Process Management, Compliance & Risk Management · Depth: Intermediate, medium

Summary

Many Fortune 500 companies claim robust AI governance, yet most cannot identify who has the authority to shut down a misbehaving AI model. While an extensive governance industry has developed tools like model registries, classification systems, and monitoring dashboards, these provide visibility but lack the "governor" for action. Adobe's AI and data governance leader highlights that the challenge is organizational, not technical: establishing clear human accountability. Adobe addressed this by creating a federated governance model with named owners and a centralized steering committee reporting to trust and security, independent of product teams. This ensures decision authority is separate from product shipping incentives. With the EU's AI Act now in force, demanding documented decision-making and clear accountability, companies must prioritize organizational design to empower individuals to stop harmful AI systems, rather than relying solely on compliance paperwork.

Key takeaway

For Directors of AI/ML or VPs of Engineering overseeing AI deployments, your primary governance focus must shift from tool acquisition to establishing clear human accountability. You should explicitly identify and empower an "AI governor" or a governance committee with the independent authority to halt misbehaving models, ensuring their reporting line is separate from product development. This organizational design choice is critical for regulatory compliance, especially with acts like the EU AI Act, and for truly mitigating AI risks, moving beyond mere paperwork to demonstrable action.

Key insights

The core problem in AI governance is the lack of clear human authority to stop misbehaving models, not a deficit of monitoring tools.

Principles

Method

Adobe implemented a federated governance model with named AI system owners and a centralized steering committee reporting to trust and security, ensuring independent escalation authority.

In practice

Topics

Best for: CTO, Executive, Director of AI/ML, VP of Engineering/Data, Legal Professional

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by MIT Sloan Management Review.