AI Governance Institute logo
AI Governance Institute

Intelligence for Compliance and GRC Teams

← News
Research2025-05-30

Nearly 90% of Companies Lack a Named AI Governance Framework, Survey Finds; Complaint Mechanisms Present at Just 2.3%

Source

Corporate AI Governance Report 2025

AICDI Global Insights

Via AICDI Global Insights

What happened

The Corporate AI Governance Report 2025 was published by AICDI Global Insights and presents a quantitative baseline of corporate AI governance maturity across a global company sample. The report finds that 87% of companies have not publicly committed to a named AI governance framework such as ISO 42001, the NIST AI RMF, or EU AI Act compliance requirements. Only 13% of organizations maintain documented human oversight policies for AI systems, and just 2.3% have a dedicated complaints mechanism for AI-related harms or disputes. The report examines four structural dimensions: board-level oversight of AI risk, escalation pathways for AI incidents, workforce grievance mechanisms, and formal framework adoption. The findings are especially significant given that emerging regulations including the EU AI Act, Colorado SB 205, and the Texas Responsible AI Governance Act explicitly require or strongly expect documented governance programs as a prerequisite for demonstrating compliance.

Why it matters

  • ·Regulatory exposure is acute: the EU AI Act's August 2026 high-risk system deadlines require documented human oversight policies and stakeholder redress mechanisms under Articles 13 and 26, and the 87% framework non-adoption rate means most organizations cannot yet demonstrate the baseline compliance posture regulators will audit first.
  • ·Operational impact is compounded by the absence of foundational program infrastructure, since human oversight policies and escalation pathways are prerequisite controls for operationalizing any specific regulatory requirement, and without them compliance, legal, and risk functions have no structure from which to build.
  • ·Organizational risk is heightened by the board oversight gap: without governance accountability at the executive and board level, neither human oversight policies nor complaint mechanisms are likely to be resourced or enforced, leaving organizations exposed to enforcement action and reputational harm even when nominal controls exist on paper.

Governance controls affected

What to do now

  • Benchmark your organization against the four governance dimensions in the report (framework adoption, human oversight policy, complaints mechanism, and board oversight) and assign a named owner and remediation timeline to each identified gap.
  • Select and formally document a primary AI governance framework (such as ISO 42001 or the NIST AI RMF) to unlock downstream control-mapping, audit readiness, and regulatory gap analysis ahead of EU AI Act enforcement timelines.
  • Draft a human oversight policy for high-risk AI applications, route it through legal and relevant business line owners, and publish it internally before the EU AI Act's August 2026 high-risk system deadlines.
  • Engage compliance, HR, and customer affairs functions to scope and build a dedicated AI-specific grievance and redress channel for external stakeholders, using EU AI Act Article 13 transparency requirements and applicable consumer protection obligations as the design baseline.
  • Verify that AI risk appears as a standing agenda item at both the risk committee and board level, and formalize the escalation chain from operational AI teams to senior leadership before the next reporting cycle.

What to watch next

Compliance teams should monitor the enforcement posture of EU regulators as the August 2026 high-risk system deadline approaches, paying particular attention to whether national market surveillance authorities begin issuing guidance on how they will audit framework adoption and oversight policy documentation. Developments under Colorado SB 205 and the Texas Responsible AI Governance Act should also be tracked, as both frameworks may issue implementing rules that set more specific expectations for complaints mechanisms and board-level accountability. The FTC's evolving treatment of AI-driven consumer services as subject to existing redress obligations is an additional signal worth monitoring for organizations with consumer-facing AI deployments.

AI Governance Weekly

Weekly intelligence on AI regulation, enforcement, and governance. Every Thursday.

Powered by Buttondown.

Related Coverage

Research2026-07-10

Fabricated Court Citations in Deloitte Australia AI Report Cost $290,000 and Expose QA Gap in Professional Services

An AI-generated consulting report produced by Deloitte Australia using an Azure OpenAI agent contained non-existent court citations and fabricated quotes, forcing the firm to return a portion of its $290,000 fee. The failure traced directly to absent two-person verification for legal references and no mandatory human review of numerical and citation claims in AI-assisted deliverables. The incident is documented in a Risk and Insurance analysis of AI governance failures in professional liability contexts.

Research2026-06-25

Deloitte Australia Forced to Repay $290,000 After AI Chatbot Fabricates Citations and Court Quotes in Client Report

Deloitte Australia produced a client report containing AI-generated misinformation, including fabricated citations and a court quotation that does not exist, resulting in the firm returning $290,000 in fees. The incident, documented in Good.Lab's analysis of major responsible AI failures, exposes two critical control gaps: the absence of hallucination detection checks and the lack of mandatory human verification for AI-generated outputs. The case has become a reference point for enterprise compliance teams building controls around AI-assisted professional deliverables.

Research2026-07-16

100% Model Registration Compliance Achieved Across Azure, Databricks, and Vertex AI Using IBM OpenPages, Case Study Shows

A TechVest Global case study documents how an organization deployed IBM OpenPages as a unified governance backbone across three major ML platforms, achieving full model registration compliance and a 30% reduction in audit cycle times. The implementation embedded risk scoring, bias audit checkpoints, and human-in-the-loop validation triggers directly into model lifecycle workflows. The case study offers a reproducible framework for enterprises managing AI governance across fragmented multi-cloud environments.