AI Disclosure: This news brief was drafted with AI assistance by Mentis Intelligence and reviewed by Zain Aamer, CEO of Bespoke Mentis, before publication. All regulatory and factual claims reference publicly available sources cited below.
Smarsh: Only 26% of Enterprises Say AI Governance Matches AI Deployment
A new Smarsh study exposes a major compliance risk as most enterprises admit their AI governance lags behind rapid AI adoption.
CEO, Bespoke Mentis · AI-assisted + reviewed before publication · AC11 Governed
Key Takeaway
A new Smarsh study exposes a major compliance risk as most enterprises admit their AI governance lags behind rapid AI adoption.
Topics: AI governance · enterprise AI · risk management
Just 26% of enterprises believe their AI governance frameworks keep pace with AI deployment, according to a new Smarsh study, signaling a widening compliance gap as global AI regulations tighten Smarsh.
A Smarsh survey of enterprise leaders, released June 2024, found that only 26% of organizations feel their AI governance frameworks are adequately aligned with the speed of AI technology deployment. The study, which polled hundreds of compliance, risk, and technology executives across regulated industries, highlights a growing disconnect between the pace of AI adoption and the maturity of governance structures designed to manage associated risks Smarsh. This gap affects enterprises in financial services, healthcare, and other sectors facing mounting regulatory scrutiny.
The findings come as regulatory bodies worldwide, including the EU with its AI Act and the U.S. with the NIST AI Risk Management Framework (RMF), are ramping up requirements for AI transparency, accountability, and risk mitigation European Commission NIST. For regulated industries, this means that insufficient governance not only increases operational and reputational risk but also exposes organizations to potential enforcement actions, fines, and loss of stakeholder trust. The gap between deployment and governance is particularly acute for enterprises subject to HIPAA, SEC, and FDA oversight, where AI-driven decisions can directly impact compliance obligations and patient or customer outcomes.
CTOs, CISOs, and Compliance Officers should immediately assess the maturity of their AI governance frameworks against current and pending regulations. Over the next 30-90 days, enterprises must prioritize mapping AI deployments to regulatory requirements, conducting gap analyses, and accelerating the implementation of controls for model transparency, data provenance, and risk monitoring. Failure to close this gap could result in regulatory penalties, delayed product launches, or forced rollbacks of AI initiatives as new rules take effect.
What This Means for Enterprise AI
Enterprises operating in regulated sectors must urgently align AI governance with deployment velocity to avoid compliance failures. For example, the EU AI Act mandates risk-based governance, documentation, and human oversight for high-risk AI systems, with non-compliance penalties reaching up to 7% of global annual turnover European Commission. In the U.S., the NIST AI RMF requires organizations to demonstrate risk management practices across the AI lifecycle, which is now a baseline expectation for financial services and healthcare entities NIST.
Operationally, this means CTOs and CISOs should inventory all AI systems in production, map them to applicable regulatory requirements, and implement or update governance policies to ensure traceability, explainability, and ongoing risk assessment. Compliance Officers must ensure that AI-related documentation, audit trails, and incident response plans are up to date and can withstand regulatory scrutiny. Enterprises should also prepare for increased regulator inquiries and potential audits as enforcement of AI-specific rules accelerates globally.
AI systems analyst and governance specialist at Bespoke Mentis. Covers enterprise AI compliance, regulated industry strategy, and the operational decisions that determine whether AI deployments succeed or fail audit.
This development affects your AI strategy.
Bespoke Mentis tracks every regulatory shift, enforcement action, and governance development so you can act before your competitors. Talk to us about what this means for your architecture.
