AI is transforming business faster than governance can keep pace. Our survey of 200 leaders reveals a stark truth: while adoption accelerates, strategy and safeguards are lagging. The question for businesses isn’t whether to embrace AI – it’s how to do it responsibly and without risking revenue, reputation or compliance.

AI adoption outpacing strategy

According to our survey, 64% of companies report major performance gains from AI, yet governance isn’t keeping pace. Barely a third of organisations (32%) have advanced accountability frameworks in place, and regulated areas like HR and legal remain behind the curve.

The focus on quick wins – such as customer experience or productivity tools – is creating an imbalance that heightens risk. Without robust oversight, businesses face exposure to litigation, reputational damage and operational disruption.

Risk without rules

Evolving regulation is not a brake on AI. Most companies are proceeding with AI despite local regulatory uncertainty: only 29% say it has affected their organisation’s appetite for adopting AI.

But for most companies, AI governance is still in its early stages: just under one in five have designed and implemented a comprehensive AI governance framework. And 61% have not fully implemented an internal usage policy.

Scaling governance for growth

A small group of companies (18.5%) in our research demonstrate that AI governance correlates strongly with advanced AI adoption and performance. We call these companies the AI leaders, and they are more than twice as likely as other companies to have implemented an AI governance framework.

These leading companies are turning compliance into competitive advantage, building trust with regulators and clients alike. In a market where speed matters, governance isn’t bureaucracy – it’s strategy.

How we can help

Our mission is to help clients build and procure AI systems that are legally compliant, ethically robust and trusted by stakeholders – because AI governance is not just an audit exercise, it enables safe innovation and secures sustainable returns for our clients’ AI investments.

At an enterprise level, it’s imperative for organisations to start thinking about their AI governance programmes now, especially if they’re modifying foundation models in ways that may trigger provider obligations under the EU AI Act, and/or operating in heavily regulated sectors with higher-risk applications of AI.

There is no one-size-fits-all approach to AI governance. At Shoosmiths, we partner with clients to design and implement AI governance frameworks that integrate with existing operating models, rather than duplicating regimes. Our frameworks are designed to work in practice, embedding robust mechanisms for mapping AI supply chains and the roles of actors contributing to AI system development. This allows us to allocate risk and liability effectively in third-party contracts and operationalise compliance with the EU AI Act and emerging global standards.

By working with us to prioritise high standards of public safety and accountability, our clients not only perform better, but they also increase their reputational capital and gain a competitive advantage.