Building Responsible AI Governance: What Businesses Can Do
Building Responsible AI Governance: What Businesses Can Do
Building trust, transparency and accountability
June 2026
While AI can certainly support decision-making in business, accountability for outcomes remains with the organisation deploying the technology. This principle sits at the heart of many emerging AI governance frameworks and standards, including the NIST AI Risk Management Framework and ISO/IEC 42001 (NIST, 2023; ISO, 2023). In practice, this means establishing clear ownership for AI systems and defining who is responsible for oversight, monitoring and risk management. It also means recognising where human judgement should remain part of decision-making processes, particularly in situations involving significant financial, legal, ethical or social implications.
As with many aspects of ESG, accountability cannot be delegated entirely to technology. Effective governance requires organisations to maintain appropriate human oversight and clear decision-making responsibilities.
A RAPIDLY EVOLVING REGULATORY LANDSCAPE
Alongside growing stakeholder expectations, organisations are also navigating an evolving regulatory environment. The European Union's AI Act represents one of the first comprehensive attempts to regulate AI and introduces a risk-based approach to governing different types of AI systems (European Union, 2024). Meanwhile, frameworks such as the OECD AI Principles, the NIST AI Risk Management Framework and ISO/IEC 42001 are helping organisations establish more structured approaches to responsible AI integration in everyday practices.
While regulatory requirements continue to evolve, the direction of travel is increasingly clear: organisations are being expected to demonstrate that AI systems are managed responsibly, monitored appropriately and aligned with ethical and governance expectations. This expectation is reflected in recent business research, carried out by the Institute of Directors (IoD) in collaboration with Hiscox. A survey among business leaders identified governance, security, privacy concerns and limited organisational expertise among the key barriers to AI adoption, highlighting the importance of building appropriate oversight and governance arrangements alongside technological capability (IoD, 2025). In the same way that building infrastructure to support and monitor AI’s impact on the environmental and social realms of business, organisations developing governance practices now are also likely to be better prepared as future requirements emerge.
PRACTICAL STEPS FOR ORGANISATIONS USING AI
Organisations do not need to be AI experts to begin strengthening their governance around its use; some initial practical steps could include:
Establish oversight of AI use: Create visibility around where and how AI is being used across the organisation, including both formal deployments and employee-led experimentation. Understanding the organisation's AI footprint is often the first step towards effective governance.
Develop an AI governance framework: Establish clear policies, responsibilities and processes that support consistent and responsible use of AI. This could include defining approved uses of AI, assigning ownership for AI-related activities, setting requirements for human review, establishing risk assessment procedures and determining how AI systems will be monitored and evaluated. A clear framework helps organisations move from ad hoc AI adoption to a more structured and accountable approach. This is an area where many organisations continue to face challenges. Research by the Thomson Reuters Foundation and UNESCO highlights a gap between AI ambition and AI governance, finding that while many organisations publicly communicate AI strategies, far fewer demonstrate the governance processes needed to support responsible implementation (Thomson Reuters Foundation and UNESCO, 2026).
Define roles and accountability: Ensure that responsibility for AI oversight is clearly assigned. This may include identifying individuals or teams responsible for approving AI use cases, monitoring performance, managing risks and responding to incidents. Clear accountability helps prevent governance gaps and supports more effective decision-making.
Create an AI policy: As AI use becomes more widespread, employees may begin using tools independently without fully understanding the associated risks. An effective policy can provide guidance on approved tools, acceptable use, confidentiality requirements, data protection considerations, quality assurance processes and expectations around human review of AI-generated outputs.
Apply a risk-based approach: Not all AI applications carry the same level of risk. Organisations should consider where AI is being used and assess the potential implications for customers, employees, operations and compliance obligations. Higher-risk applications may require additional controls, oversight and review.
Strengthen data governance: The quality and integrity of AI outputs depend heavily on the data used to train and operate systems. Robust data governance practices, including data quality, privacy, security and access controls for the essential foundations for responsible AI use.
Build governance capability: Effective AI governance is not solely an operational or IT responsibility. Senior leaders and boards should have sufficient understanding of AI opportunities, risks and governance considerations to provide appropriate oversight and strategic direction. Research from the Institute of Directors suggests that gaps in organisational expertise remain a significant barrier to responsible AI adoption (IoD, 2025).
Review governance arrangements regularly: AI technologies, organisational use cases and regulatory expectations are evolving rapidly. Governance arrangements should therefore be reviewed periodically to ensure they remain effective, proportionate and aligned with organisational objectives.
THE BIGGER OPPORTUNITY
AI governance is often viewed as a mechanism for reducing risk or meeting regulatory requirements. While these are important considerations, governance can also play a strategic role in helping organisations use AI more effectively and with greater confidence. As AI becomes increasingly embedded in business operations, organisations will need to make decisions about where AI should be used, how outcomes should be monitored and who remains accountable for the results. Strong governance provides the structure needed to answer these questions consistently and transparently and ensures the teams implementing and utilising AI are well-equipped to do so responsibly.
Effective governance can also help organisations move beyond reactive decision-making; rather than responding to issues after they arise, clear governance arrangements enable businesses to identify risks earlier, establish appropriate safeguards and make more informed decisions about AI adoption and investment.
Importantly, governance should not be viewed as a constraint on innovation, as when responsibilities, expectations and decision-making processes are clearly defined, employees and leaders can explore AI opportunities with greater confidence. This can help organisations innovate responsibly while maintaining the trust of customers, employees, investors and regulators. The organisations most likely to realise long-term value from AI may not be those that adopt the technology the quickest, but those that establish the governance, oversight and accountability needed to use it responsibly, consistently and at scale.
HOW ESGMARK® CAN HELP
At ESGmark® we help organisations to credibly demonstrate and improve their Environmental, Social and Governance (ESG) credentials. We do this through ESGmark® Certification (visit page), carbon footprint measurement (visit page), and sustainability support. Speak to our friendly team to get started today by contacting us.
EXPLORE MORE: ESG & AI
This is the third blog in our series looking at how AI use links to Environmental, Social, and Governance (ESG) areas, and the considerations companies can take to use it responsibly.
Head to our other articles to explore more on this topic:
Understanding AI and its Environmental Implications (link here)
Sources
European Union (2024) EU Artificial Intelligence Act. Available at: https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
Institute of Directors (IoD) and Hiscox (2026) IoD AI in business survey insights. Available at: https://www.iod.com/resources/iod-ai-in-business-survey-insights/
ISO (2023) ISO/IEC 42001 Artificial Intelligence Management Systems. Available at: https://www.iso.org/standard/42001
National Institute of Standards and Technology (NIST) (2023) AI Risk Management Framework. Available at: https://www.nist.gov/itl/ai-risk-management-framework
OECD (2019) OECD Principles on Artificial Intelligence. Available at: https://oecd.ai/en/ai-principles
PWC (2025) 2025 Responsible AI survey: From policy to practice. Available at: https://www.pwc.com/us/en/tech-effect/ai-analytics/responsible-ai-survey.html)
UNESCO and Thomson Reuters Foundation - AI Company Data Initiative (AICDI) (2024) Responsible AI in practice: 2025 global insights from the AI Company Data Initiative. Available at: https://www.thomsonreuters.com/en-us/posts/human-rights-crimes/ai-governance-gap-human-cost/
World Economic Forum (2024) The Presidio Recommendations on Responsible Generative AI. Available at: https://www.weforum.org/publications/the-presidio-recommendations-on-responsible-generative-ai/