Less than half of businesses have an AI governance policy

Less than half of businesses currently have an artificial intelligence (AI) governance policy in place, according to the PEX Report 2025/26.

The report, based on the results of a PEX Network survey of more than 200 professionals, paints a comprehensive picture of the modern business transformation landscape. It found that while businesses are investing in various types of AI to support transformation, governance is lagging.

Just 43 percent of surveyed organizations have an AI governance policy, with a quarter (25 percent) still in the process of implementing one. Almost a third of organizations (29 percent) have no AI governance policy.

This is in line with other research. International professional association ISACA found that while the majority (83 percent) of IT and business professionals in Europe believe employees in their organization are using AI, many are dragging their heels when it comes to implementing formal guidance and regulation for staff. Only 31 percent of surveyed organizations have a formal, comprehensive AI policy in place.

Likewise, a recent Checkmarx survey discovered that organizations are generating up to 60 percent of code with AI coding assistants despite only 18 percent having related governance policies. 

Businesses are investing heavily in AI 

Businesses are investing heavily in AI, the PEX Report 2025/26 indicates. Almost two-thirds (63 percent) use generative AI, with 62 percent using standard/traditional AI and 40 percent using AI agents/agentic AI. Only 10 percent of those polled say their business uses none of these.

Almost half (48 percent) of surveyed businesses are prioritizing AI adoption in the coming year, while almost three-quarters (70 percent) state that AI is either “critical” or “very important” to their organization’s strategic goals.

Efficiency is by far the biggest driver of AI-enhanced business transformation, selected by 43 percent of respondents

Why is AI governance so important?

“Governance isn’t optional, it’s your AI backbone,” according to Lee Bogner, global chief generative AI and AI strategic enterprise architect at Mars. “Without it, you’re risking bias, compliance failures and technical drift.”

Governance should be a key aspect of any AI program, agreed Andreas Welsch, thought leader and author of the AI Leadership Handbook. “After all, you need to know what you’re building towards and why, and who’s involved. Putting governance in place ensures that roles and responsibilities are clearly defined and you can track the progress of your AI projects and their estimated versus realized value.”

What’s more, having a well-run governance process is also the foundation for compliance with rules and regulations. AI risks can be assessed and decisions can be taken whether or not to pursue an AI project to begin with, he added.

Register for All Access: AI in Business Transformation 2025!

10 pillars of AI governance

AI governance should be built upon 10 key pillars, according to Sana Zia Hassan, senior manager – AI at EY.

1. Purpose and principles: Define your organization’s stance on responsible AI, fairness, transparency, explainability, human oversight and social impact.
2. Roles and accountability: Clarify who is responsible for what, from data owners and model developers to risk officers and business leaders. Establish an AI governance board or committee to oversee initiatives.
3. Model lifecycle management: Outline standards and processes for model development, validation, deployment and decommissioning, including version control, testing protocols and performance monitoring.
4. Risk and compliance: Integrate legal, ethical and regulatory requirements, such as GDPR, HIPAA or emerging AI regulations and define thresholds for acceptable risk.
5. Bias detection and mitigation: Establish methods for detecting and reducing algorithmic bias across training data, models and outputs.
6. Explainability and auditability: Ensure models can be interpreted and explained, especially in high-stakes applications. Create audit trails for decisions made by AI systems.
7. Data governance: Define how data is sourced, labeled, secured and used across AI pipelines. Maintain data lineage and consent tracking.
8. Monitoring and model drift management: Set up processes for ongoing monitoring of model performance, drift detection and retraining.
9. Human-in-the-loop oversight: Determine when and how human intervention is required, especially in scenarios involving critical decisions or uncertainty.
10. Education and culture: Include training for teams on responsible AI practices and foster a culture where ethical considerations are part of every AI initiative.