Lessons from Practice

Embedding AI governance into an organisation rarely follows a straight line. Practitioners navigating this space often find that the real challenges are not technical — they are cultural, organisational, and deeply human.

One recurring lesson from teams implementing AI governance frameworks is the importance of starting with what already exists. Rather than building a governance structure from scratch, the most effective approaches begin by mapping current decision-making processes, identifying where AI is already being used, and understanding the informal norms that govern data handling. This audit phase, though often underestimated, saves significant time and avoids duplication.

A second lesson concerns buy-in. Governance frameworks that are designed in isolation — typically by legal or compliance teams without input from product, engineering, or frontline staff — tend to sit unused. The initiatives that gain traction are those co-designed with the people who build and use the systems being governed. This means involving data scientists in the drafting of model documentation standards, and including customer-facing teams in the development of explainability guidelines.

Finally, practitioners consistently note that governance is iterative, not a one-time project. As AI systems evolve, so too must the oversight mechanisms around them. Building in regular review cycles — tied to model updates, regulatory changes, or incident reviews — is what separates enduring governance programmes from those that stall after initial rollout.