25 Practical Tips for AI Governance Leaders in 2025
How to succeed this year | Edition #6
Hey 👋
I’m Oliver Patel, author and creator of Enterprise AI Governance.
This free newsletter delivers practical, actionable and timely insights for AI governance professionals.
My goal is simple: to empower you to understand, implement and master AI governance.
I am delighted that over 1,600 professionals have subscribed to this newsletter in its first month. If you haven’t already, sign up below and share it with your colleagues. Thank you!
For more frequent updates, be sure to follow me on LinkedIn.
This week’s newsletter includes:
✅ 25 practical tips for AI governance leaders in 2025
✅ Cheat Sheet: 20 Practical Tips for AI Governance Leaders*
*if you’re wondering why the Cheat Sheet has 20 tips and the article has 25, it’s because 25 was too much for an infographic 😅
AI governance is not an easy career path. It requires knowledge and expertise across a range of complex domains, including law, public policy, technology and data. The array of topics and questions that AI governance leaders are expected to advise on is proliferating exponentially.
And the volume, complexity and pace of the work continues to ramp up, due to the rapid acceleration of AI adoption, heightened regulatory and media scrutiny, and the democratisation of AI.
Given the novelty of this profession and the lack of any real established blueprint, AI governance leaders, and those transitioning into this exciting career, need a playbook for success.
I promised subscribers of Enterprise AI Governance practical tips and actionable insights. So, this is exactly what you will get in this week’s post. Happy reading!
25 Practical Tips for AI Governance Leaders in 2025
Put people first
AI governance is change management. You have to put people first. Your most important mission is to win over hearts and minds across the organisation, by bringing everyone along on the journey with you. Do not focus on policies, processes and technology, whilst neglecting people, education and culture. Without driving meaningful cultural change, your AI governance framework will be ineffective, and your policies will be worthless.
Raise awareness by making AI governance relatable, relevant and realistic for everyone. To drive meaningful cultural change, people across the organisation need to understand why AI governance matters for them, why they should care about the risks of AI, and how they can do the right thing. Your role is to educate, upskill, and empower your colleagues on how to harness AI safely and responsibly, as well as how to protect themselves from its misuse, in an increasingly dangerous digital world. Remember, you won’t have any influence if you don’t educate and inspire. So, make it your priority to be a visible thought leader across the organisation.
Your role is to convene a broad church. Stakeholder management is one of your most important skills. Why? Because AI governance won’t succeed unless the ship is steered with input from a diverse range of people. Make sure all the voices that matter have a seat at the table, to drive legitimacy, sponsorship, and support across the organisation. HR and L&D needs to be there, as well as your core governance, risk and compliance functions, the technical AI and data science community, and business and product leaders.
Pragmatism fosters credibility
AI governance does not mean governing all AI. You must be proportionate and take a pragmatic, risk-based approach. Ruthless prioritisation is the only way to succeed. Spend 80% of your time on 20% of the use cases. AI will be ubiquitous and embedded in everything, so you can’t govern it all. Pick your battles wisely.
Realise and appreciate that the risks of not using AI are greater than the risks of using AI. If you're not aligned with your organisation’s risk appetite and business strategy, they won’t align with you. Every business faces intense commercial and competitive pressures if it fails to leverage AI and technology effectively. Furthermore, not pursuing AI innovation is unethical in some contexts, like healthcare diagnostics. Therefore, proportionate and pragmatic AI governance is pivotal to business success.
Govern with empathy and pragmatism, to foster credibility and mutual understanding. Always put yourself in the shoes of others. Think about how the policies, processes, and controls you are implementing and mandating will impact them. Showing you are a team player, who takes time to see things from the perspective of others, is the quickest way to foster credibility and win support.
Asking the right questions is your greatest superpower. The only way for time-poor executives to understand complex new AI technologies, applications, and use cases is to ask the right questions. When reviewing an AI project or engaging with a prospective vendor, think carefully about the questions you want to ask and listen to the responses with intent. Your role is to grasp the essence of what the main risks are and what can be done to mitigate them.
Enable and empower the business
AI governance must enable and empower the business. The most effective AI governance programmes enable the business to adopt AI at greater speed and scale, with increased trust and confidence. By providing robust guardrails and controls, stakeholders across the business can innovate and take smart risks. This means you need to match the AI ambitions of the business and keep pace with the speed of adoption.
AI governance is an essential part of the broader AI strategy. AI governance can only succeed as a business enabler. It must therefore be shaped by, and enable, the objectives of the business in relation to AI. For example, AI governance is best placed to provide the AI model and technology marketplace. As well as delivering risk oversight, this can enable anyone in the organisation to search for, and access, approved AI models and tools, to see what they can use or reuse for their work. Promoting AI reusability and reducing inefficiencies should therefore be part of the AI governance value proposition.
AI governance should serve as a data intelligence function. A huge amount of data and information is collected via AI governance and risk assessment processes, covering AI development, deployment, procurement, and use. Leverage this data to provide key metrics and insights on AI usage, trends, and risks, to inform strategic decision making and empower senior leaders.
Buy-in comes from what you do, not what you say. Actions speak louder than words. Without credibility and executive support, AI governance will be ineffective. Solely highlighting the large potential EU AI Act fines is not going to be sufficient to land funding and support to scale AI governance.
Technical fluency is non-negotiable
Learn to speak the language of AI and data science. Although technical fluency is non-negotiable, you don’t need to become a data scientist or a software engineer. After all, there is a reason why different people have different roles. However, you do need to know what you’re talking about. Speaking the language of AI and data science is arguably more important than writing code in the language.
Never forget the ‘science’ in ‘data science’. It is called data science because, at its core, it’s about discovery, experimentation and testing hypotheses. Do not try and wrap your arms around all of the experimental and early-stage data science work across your organisation. This will be counterproductive and is also against the spirit of AI laws like the EU AI Act (which has broad exemptions for research and development). What you should care about is AI that is being developed for deployment in production.
Break down silos. Dedicate ample time to connecting with, and learning from, your technical colleagues. To govern AI effectively, you must understand how technical teams work, what their priorities and objectives are, the tools and platforms they are using, and the pressures and challenges they face. Nothing will undermine your credibility quicker than appearing out of sync with the reality of AI development in 2025.
Curiosity is king. You must carve out time to engage with foundational research and technology fundamentals. Read model cards, technical reports, safety evaluations, and architectural blueprints to truly understand what’s going on, under the hood, in the AI models and applications you are governing. There is no excuse for being uninformed.
Understand the AI platforms, architecture, and MLOps landscape in your organisation. Don’t focus excessively on the AI use cases and projects, whilst neglecting the platforms on which AI is being developed and deployed. You need to understand your organisation’s AI platform and MLOps landscape, so you can ensure that AI governance is configured at a technical level and engineered by design.
Track what matters most
Your filter focus must be razor sharp. Don’t get distracted by all the noise. Just because it’s interesting, doesn’t mean it’s relevant. Don’t try to read everything, as there is way too much going on in AI to keep up with it all. Zoom in on what matters most for your business, sector, jurisdictions, and customers. If you come across an edition of Enterprise AI Governance which is not relevant for you, I urge you to not read it! I promise that I will still be here the following week…
Read the EU AI Act — at least twice! Although I love Cheat Sheets, I urge you to read the EU AI Act (and any other AI regulations of particular relevance for your organisation) at least two to three times. It is the only way to truly understand its complex and overlapping requirements. To be candid, I didn’t feel like I grasped it, with real confidence, until my fifth reading. On top of this, follow the key updates in EU AI Act implementation and compliance, such as the Codes of Practices and Templates which the EU AI Office will publish, the outcomes of the ongoing AI Act public consultations, and the standardisation work led by CEN/CENELEC.
Don’t forget about China. China is one of the only other countries which has adopted tangible and impactful AI regulations. Anyone working in a global organisation must pay close attention to these. Not least because China’s AI laws have distinctly different policy objectives to the EU’s. Furthermore, China has also committed to adopting 50 technical AI standards by 2026.
Build for scale
Build bespoke. The AI governance framework must be tailored to the needs of your organisation and the specific context in which you are operating. Key factors include your organisation’s unique risk appetite, culture and values, as well as your sector, jurisdictional footprint, products, and customer base. Take inspiration and guidance from external frameworks and regulations, but do not merely copy and paste them.
Set yourself up for scale – and don’t become a bottleneck! As a leader, it is your role to make yourself redundant. You need to establish policies, processes, trainings, ways of working, and most importantly, cultural change, to ensure that, over time, you are no longer needed for AI governance to succeed. As AI governance scales, you have to let go of the ‘doing’.
Adopt a compliance by design mindset. Always think about what can be automated, and do so where possible. You should not overly rely on everyone having to read the policies and understand the processes to comply with AI governance requirements. Compliance should be engineered into the platforms and environments which the technical teams are using. For example, ongoing testing, monitoring and performance alerts should be automated.
Merge and streamline your digital governance and risk processes, to combat compliance fatigue. Organisations and their employees are currently grappling with a proliferation of parallel compliance processes, including privacy, cyber security and AI governance. By merging, integrating, and streamlining where possible, you will improve the end user experience, increase adoption of compliance processes, and govern in a more coordinated way.
AI is evolving at breakneck speed, so your approach to AI governance should too. AI technology continues to adapt and evolve, and you need to keep pace with it. Continuously measure, iterate, and improve the approach you are taking. And don’t reinvent the wheel and build everything from scratch. This takes too much time and is unnecessary. Many organisations are creating AI governance frameworks, toolkits, open source libraries, guardrails, policy templates, checklists, and other valuable resources, which you can leverage for your AI governance work. I will continue sharing many here.
Be persistent, patient and resilient, because it’s a long journey. Meaningful change doesn’t happen overnight and there is lots of challenging work ahead! Good luck 🫡
Cheat Sheet of the Week: 20 Practical Tips for AI Governance Leaders
