05

Governance & Responsible AI

AI REPORT 2025

05

Governance & Responsible AI

AI REPORT 2025

05

Governance & Responsible AI

INTRODUCTION

Is Governance Slowing or Speeding Up AI Potential?

Governance, when properly implemented, is crucial for addressing and mitigating the challenges associated with the use of AI across an organization. Effective governance ensures that AI is used responsibly and in alignment with the company's goals and values.

Have companies reached full efficacy? And how is it impacting their views on responsible AI?

THE RESULTS

Enterprises Are a Long Way from Reaching Governance Maturity

75%

of advanced companies agree or strongly agree that their leadership has a clearly defined AI strategy, compared to 70% of disruptors.

4%

of disruptors, on the other hand, say they have a fully fleshed governance plan, compared to 1% of the rest of our participants.

63%

of disruptors already have a C-suite level role dedicated to AI. Yet, AI ethics and governance-related roles were the second least in-demand roles, following AI product managers.

QUESTION

How is your organization approaching AI in light of impending regulations?

18

Months

Average time estimated across companies at all levels to roll out an effective AI governance model.

18

Months

Average time estimated across companies at all levels to roll out an effective AI governance model.

WHAT THEY MEAN

Organizations Know They Are Behind on Governance, Yet They Are Not Letting It Slow Progress …

While companies agree that their leadership has a strong strategy in place, they understand that their AI governance is not where it should be — and it won’t get there for a while.

With just 1% of all companies saying that they have a fully effective governance model, some executives are turning toward outside expertise for help, bringing Chief Artificial Intelligence Officers (CAIOs) on board. In fact, 63% of disruptors have a dedicated CAIO to oversee and guide their AI strategies. Among companies that don’t have this specific role, many combine AI oversight with other leadership positions, such as Chief Data Officer (33%) or Chief Information Officer (33%). This highlights the importance of AI governance at the highest levels of the organization, ensuring that AI initiatives align with broader business strategies.

Despite this, few plan to invest in creating AI ethics and governance roles, favoring instead machine learning engineers and AI researchers — even with the understanding that that their current approach toward implementing governance is likely to take a year and a half.

WHAT THEY MEAN

Organizations Know They Are Behind on Governance, Yet They Are Not Letting It Slow Progress …

While companies agree that their leadership has a strong strategy in place, they understand that their AI governance is not where it should be — and it won’t get there for a while.

With just 1% of all companies saying that they have a fully effective governance model, some executives are turning toward outside expertise for help, bringing Chief Artificial Intelligence Officers (CAIOs) on board. In fact, 63% of disruptors have a dedicated CAIO to oversee and guide their AI strategies. Among companies that don’t have this specific role, many combine AI oversight with other leadership positions, such as Chief Data Officer (33%) or Chief Information Officer (33%). This highlights the importance of AI governance at the highest levels of the organization, ensuring that AI initiatives align with broader business strategies.

Despite this, few plan to invest in creating AI ethics and governance roles, favoring instead machine learning engineers and AI researchers — even with the understanding that that their current approach toward implementing governance is likely to take a year and a half.

… And They Are Better Equipped to Handle New Regulations

No less significant an issue is compliance due to the tsunami of regulations from countries, regions, states and even city governments.

The most comprehensive legislation, to date, is the European AI Act, a risk-based framework that defines four levels. “Unacceptable” uses of AI include those that target children and/or which are a “clear threat” to human safety. “High risk” applications are those deployed in critical infrastructure, healthcare and others. Uses of AI in these risky scenarios are subject to audit, outside review and other obligations. Non-compliance of the prohibited AI practices under the AI Act can lead to administrative fines up to 35,000,000 EUR or, if the offender is an undertaking, up to 7% of its total worldwide annual turnover for the preceding financial year, whichever is higher. Such companies will no doubt also suffer substantial reputational damage.

But the AI Act is just the tip of the iceberg. Other countries are busily formulating, or have enacted, similar regulations. And AI-enabled applications will of course be subject to existing laws and regulations such as the General Data Privacy Regulation (GDPR), among others.

The data shows that top-performing companies are better equipped to navigate these AI-related regulatory hurdles. They are more likely to continue implementing their AI programs while remaining vigilant of new regulations. Being proactive in addressing these challenges is key to staying competitive and compliant in an AI-driven world.

… And They Are Better Equipped to Handle New Regulations

No less significant an issue is compliance due to the tsunami of regulations from countries, regions, states and even city governments.

The most comprehensive legislation, to date, is the European AI Act, a risk-based framework that defines four levels. “Unacceptable” uses of AI include those that target children and/or which are a “clear threat” to human safety. “High risk” applications are those deployed in critical infrastructure, healthcare and others. Uses of AI in these risky scenarios are subject to audit, outside review and other obligations. Violators of the AI Act can be fined up to 6% of annual revenue and will no doubt suffer substantial reputational damage as well.

But the AI Act is just the tip of the iceberg. Other countries are busily formulating, or have enacted, similar regulations. And AI-enabled applications will of course be subject to existing laws and regulations such as the General Data Privacy Regulation (GDPR), among others.

The data shows that top-performing companies are better equipped to navigate these AI-related regulatory hurdles. They are more likely to continue implementing their AI programs while remaining vigilant of new regulations. Being proactive in addressing these challenges is key to staying competitive and compliant in an AI-driven world.

HEAR FROM EPAM LEADERS

“At EPAM, we recognize that true innovation thrives when guided by a strong ethical and governance foundation.  We focus on developing AI-related solutions, both for our own use and for our clients, that incorporate evolving governance and compliance considerations while also delivering transformative business value.”

Ed Rockwell
General Counsel & Secretary, SVP, EPAM