The Real Question to Ask About AI Governance
Summary
Many Fortune 500 companies claim robust AI governance, yet most cannot identify who has the authority to shut down a misbehaving AI model. While an extensive governance industry has developed tools like model registries, classification systems, and monitoring dashboards, these provide visibility but lack the "governor" for action. Adobe's AI and data governance leader highlights that the challenge is organizational, not technical: establishing clear human accountability. Adobe addressed this by creating a federated governance model with named owners and a centralized steering committee reporting to trust and security, independent of product teams. This ensures decision authority is separate from product shipping incentives. With the EU's AI Act now in force, demanding documented decision-making and clear accountability, companies must prioritize organizational design to empower individuals to stop harmful AI systems, rather than relying solely on compliance paperwork.
Key takeaway
For Directors of AI/ML or VPs of Engineering overseeing AI deployments, your primary governance focus must shift from tool acquisition to establishing clear human accountability. You should explicitly identify and empower an "AI governor" or a governance committee with the independent authority to halt misbehaving models, ensuring their reporting line is separate from product development. This organizational design choice is critical for regulatory compliance, especially with acts like the EU AI Act, and for truly mitigating AI risks, moving beyond mere paperwork to demonstrable action.
Key insights
The core problem in AI governance is the lack of clear human authority to stop misbehaving models, not a deficit of monitoring tools.
Principles
- Governance requires human accountability, not just tools.
- Authority to stop AI must be independent of product teams.
- Visibility into AI problems does not equate to action.
Method
Adobe implemented a federated governance model with named AI system owners and a centralized steering committee reporting to trust and security, ensuring independent escalation authority.
In practice
- Appoint an AI governor with explicit stop authority.
- Establish governance reporting lines independent of product.
- Identify who can say "no" to an AI deployment.
Topics
- AI Governance
- Human Accountability
- AI Regulation
- EU AI Act
- Organizational Design
- Risk Management
Best for: CTO, Executive, Director of AI/ML, VP of Engineering/Data, Legal Professional
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by MIT Sloan Management Review.