Companies embrace AI but fall short on accountability and governance structures

A new multi-regional study finds that while AI adoption is accelerating across industries, formal responsibility for managing its risks remains fragmented, underpowered, or entirely absent in many organisations.

The study, titled "Where Are the AI Governance Roles? An Early-Stage Empirical Mapping of Presence, Absence, and Structure in Organisational AI Oversight," published in Businesses, maps how firms are structuring AI oversight, revealing a landscape marked by uneven adoption of governance roles, weak institutional integration, and limited executive accountability.

Formal roles exist, but governance remains inconsistent and uneven

According to the study, AI governance roles are far from standard practice. While some organisations have introduced positions such as Chief Artificial Intelligence Officer, Responsible AI Lead, or AI governance committees, many others either lack formal roles entirely or embed responsibility within existing functions like IT, risk, or compliance.

This inconsistency reflects a deeper structural issue. The study finds that governance is not simply absent in some organisations but varies widely depending on sector, geography, and institutional pressure. Highly regulated industries such as banking, healthcare, and public administration are more likely to establish formal governance roles due to compliance demands and risk exposure. In contrast, less regulated sectors, including retail and logistics, often rely on informal or fragmented oversight systems.

Geographical disparities further highlight this unevenness. North America and Europe show higher levels of formal governance adoption, particularly in roles like Responsible AI Leads and governance committees. Meanwhile, regions such as Africa and Latin America exhibit fewer executive-level roles, with governance responsibilities often pushed into operational or compliance units.

Despite these differences, a consistent pattern emerges: governance roles, where they exist, are often limited in scope and influence. The study notes that even in organisations with formal positions, responsibility for AI is frequently unclear, diffused across departments, or insufficiently institutionalised.

The scale of the issue becomes more striking when viewed against adoption trends. According to the study, 73 percent of surveyed organisations already use AI systems, while an additional 14 percent plan to adopt them within 18 months. This suggests that most firms are already operating in environments where AI governance is necessary, yet many lack the structures to support it.

Authority, resources, and leadership gaps limit governance effectiveness

The study identifies structural weaknesses that limit the effectiveness of AI governance. One of the most significant findings is the lack of executive-level ownership. Only a small share of organisations place AI governance roles in the C-suite, with most positioned at the vice president, director, or managerial level.

Governance functions are often treated as operational responsibilities rather than strategic priorities, reducing their ability to shape high-level decision-making. Reporting structures reinforce this limitation, with many roles reporting to CIOs, Chief Risk Officers, or other executives instead of directly to CEOs or boards.

Authority is another major constraint. The study finds that most AI governance roles operate in an advisory capacity, with only a minority holding the power to approve or block AI systems. This creates a gap between accountability and control, where individuals may be responsible for oversight but lack the authority to enforce decisions.

Resource allocation adds another layer of disparity. Some organisations maintain dedicated teams for AI governance, while others rely on small groups, shared responsibilities, or even a single individual. In some cases, no dedicated resources exist at all. This uneven distribution suggests that governance capacity depends not just on role creation but on organisational commitment to supporting those roles.

The study also highlights a lack of internal clarity. A significant number of respondents reported uncertainty about governance structures, including reporting lines, authority levels, and resource allocation. This points to fragmented ownership and weak organisational integration, further undermining effective oversight.

These findings suggest that the challenge is not only whether governance roles exist, but how they are embedded within organisational systems. Without authority, resources, and clear positioning, formal roles risk becoming symbolic rather than functional.

Four governance models reveal maturity gap across organisations

To better understand these patterns, the researchers developed a typology of AI governance maturity based on clustering analysis. The study identifies four distinct configurations: Governance Absence, Symbolic Governance, Operational Governance, and Institutionalised Governance.

• Governance Absence: At the lowest level, this configuration describes organisations with no formal roles, minimal authority, and little to no dedicated resources. In these cases, responsibility for AI oversight is either undefined or dispersed informally across teams.
• Symbolic Governance: It represents organisations that have established formal roles but without meaningful authority or resources. These structures often serve to signal compliance or legitimacy rather than deliver substantive oversight.
• Operational Governance: This reflects a more developed stage, where roles are embedded within operational units and supported by moderate authority and resources. However, these roles still lack strong integration at the strategic level.
• Institutionalised Governance: It includes organisations with well-defined roles, significant authority, dedicated resources, and strong organisational integration. These firms demonstrate higher governance maturity and are better positioned to manage AI risks effectively.

The study finds that fully institutionalised governance remains rare. Most organisations fall into the symbolic or operational categories, indicating transitional or low-capacity governance systems. This distribution highlights a critical gap between the rapid adoption of AI technologies and the slower development of governance structures. While firms are investing heavily in AI capabilities, they are not matching that investment with equivalent attention to oversight and accountability.

The findings also introduce the concept of "absence-based ethics," which shifts the focus from failures in governance to the absence of governance itself. According to the study, ethical risks can arise not only from flawed systems but from the lack of clearly assigned responsibility for managing those systems.

Structural design, not principles, determines governance capacity

The study challenges a key assumption in AI policy and ethics frameworks: that organisations already possess the internal capacity to implement governance mechanisms. Instead, it argues that governance should be understood as a structural and organisational design issue rather than purely a technical or ethical one.

Current frameworks from institutions such as the OECD and ISO emphasise accountability, transparency, and risk management. However, they often assume that organisations have clearly defined roles and systems in place to support these principles. The empirical evidence presented in this study suggests otherwise.

Establishing governance roles without granting authority, resources, and integration is unlikely to mitigate risks for managers. Effective governance requires deliberate design, including clear reporting lines, decision-making power, and alignment with organisational strategy.

For policymakers, the findings raise questions about reliance on self-regulation. Regulatory frameworks often expect firms to implement governance structures independently, but the prevalence of weak or symbolic governance suggests that this expectation may not hold, particularly in less regulated sectors or regions.