Are companies deploying AI faster than they can govern it?
Business Ethics Debates | read time: 6 min
Published: 2 July 2026
Introduction
GoodCorporation’s latest business ethics debate at the House of Lords explored a fast-moving and increasingly urgent question: whether companies are deploying AI faster than they can govern it. The discussion considered rapidly shifting topic of AI governance by reflecting on the different challenges businesses are facing as they seek to use and deploy AI efficiently and safely.
Hosted by Baroness Neville-Jones, formerly Chair of the Joint Intelligence Committee and Government Minister of State for Security and Counter-Terrorism, the debate was opened by GoodCorporation’s Chief Product Officer, Adam Spooner.
An AI policy is not the same thing as AI governance
Adam proposed that for most established businesses the real danger is not the absence of AI governance, but governance that looks real and works like theatre. He set out some of the recent high-profile problems companies have faced where work had been withdrawn or refunded after AI-generated sources turned out to be unverified or fabricated.
Adam argued that these problems were not caused by technology but by lack of oversight. He noted that 3 in 4 boards have approved major AI spend, but barely half have set any clear expectation for how it should be governed. In a survey of nearly 1000 C-suite and senior business leaders, 46% cite governance and compliance failures as a leading cause of AI underperformance. The instinctive response to such failures is to increase human oversight. However, this is often where oversight breaks down. Ask someone to supervise a machine that is right almost all of the time, and they soon stop supervising and start deferring to it. Adam also cited recent work by the ICO examining automated decision making in recruitment, where many employers believed a human was involved in their hiring decisions.
There is a further risk. A human placed in the loop without the time, information or authority to overrule the system becomes what researchers have called a “moral crumple zone“, left to absorb the blame for a decision they were never equipped to change. This, he argued, points to a problem of culture and incentives rather than technology.
Adam closed with some key statistics and questions for participants to take back to their boardrooms Only 17% of organisations say their board really oversees AI risk, raising the question of what boards can genuinely see. Moreover, while 75% of organisations have an AI usage policy, fewer than half monitor their live systems for drift or failure, prompting a further question about where human oversight is and whether it can actually halt a deployment.
Adam also referenced a European study of 1,400 professionals showing that when targets and ‘doing the right thing’ came into conflict, people tended to follow targets. Against this backdrop, he posed a vital question to answer honestly: does your organisation have a culture where someone will challenge the machine and be thanked for it?
In closing, Adam argued that the next wave of both corporate scandals and successes will be AI-driven. The difference, he suggested, will not be who has the best technology or wrote the strongest policy, but who built the accountability and culture alongside the technical capabilities to make oversight meaningful. Governance, he concluded, should not be seen as something that slows AI adoption. Instead, when done well, it is what makes adoption sustainable and creates the conditions for success.
The debate
Guests were asked if they felt they were deploying AI faster than they could govern it. Responses reflected a wide range of perspectives, shaped largely by how far each company had progressed on its AI journey and the scale of its deployment.
The unique challenge of governing AI
To govern AI well, a company has to understand not only how the technology is being used across the business, but the actual and potential risks that use creates. That is harder than it sounds. The risks are still taking shape, there are few established norms to rely on, and the ground keeps moving.
Participants often returned to the rapid pace of change. Some described having agreed a careful governance framework, only to see it overtaken as agentic AI began raising new questions about how far automated systems should shape decision-making within control functions. Others admitted it was becoming difficult simply to keep track of what the risks were. The shared conclusion was that the real test of AI governance is agility: keeping policies, systems and procedures in step with the development of the technology itself.
Speaking to senior leaders and the board
Several participants turned to the question of the board. Senior leaders need both the time and expertise to understand these risks properly and judge how well they are being managed. The challenge is whether they have the capacity and the skillset to do so, and whether they know enough to ask the right questions.
Views differed on where responsibility should sit. Some felt boards were moving too slowly, and that those making the most progress tended to be the ones with real expertise around the table. It was suggested that the compliance function, rather than the board, should define the terms used to describe AI risk, given how difficult it can be to convey the full picture in a single framework. A more pointed concern was also raised: in many companies no single person has the authority to stop an AI deployment outright. Should such authority sit at executive level?
More than just a policy
A recurring message was that a policy on its own achieves very little. Employees need training not only in how to use the tools, but in the risks those tools create for the business and how they should be avoided or mitigated. Several participants were developing governance models and training side by side, stressing the value of such a structured process. Others had gone further, setting up internal AI ‘academies’ to teach employees simultaneously how to use AI and how it is governed.
A frequent frustration was that employees don’t always understand how AI is actually being used at their companies, and this could lead to mistrust, particularly where it is felt that jobs may be in danger.
For smaller teams with limited resources, where a policy may still be at an early stage, the more immediate priority was simply helping people understand the technology. Those further along their journey reflected that how a policy is framed matters as much as what it says: setting it out in practical terms was felt to be key to making it land and actually be used.
The importance of culture and change management
Culture, as is so often the case, was seen as a vital factor. Companies are at very different points on their AI journey, and each will need to shape its approach around the technology it uses and the scale at which it is being deployed.
The range was wide, from early and relatively mature adopters running their own systems, to companies taking a deliberately slow, centralised route. Even among the more advanced organisations, questions remained, including whether the systems already in use were being actively tested once live. Several drew a distinction between governance on paper and practice on the ground, noting that in heavily regulated sectors, the two can diverge.
The point made most strongly was that governance lives or dies on behaviour. A policy sets the expectation; training, incentives and example determine whether anyone follows it. Closing the discussion, Baroness Neville-Jones observed that as the appetite for ever more capable AI grows, so too will the risk, and that there is still a great deal to learn. The final word from Adam spoke to the value of change management: he emphasised that for companies to successfully manage the transformative impacts of AI on how they operate day-to-day, they need to create an environment in which people feel able to raise a concern, or to overrule the machine, without fear of being penalised for it.
The GoodCorporation view
The debate showed companies at very different stages, but grappling with familiar questions. The appetite to adopt AI quickly, and to capture the advantage it offers, sits alongside a clear recognition that governance has to keep pace if effective adoption is to be achieved.
Culture is again at the heart of this. As with anti-bribery and the wider ethics and compliance agenda, having a policy is not the same as managing the risk. What counts is whether behaviour on the ground matches the policy on paper: whether people understand the risks they are taking, whether oversight is real rather than nominal, and whether those who speak up are supported when they do. The same holds for the supply chain and the third-party providers that companies increasingly depend on.
GoodCorporation has over 25 years of experience helping businesses to evaluate the effectiveness of their practices and procedures, not just in their own companies, but in associated entities, third parties and supply chains. We have extensive expertise in designing, building, embedding and assessing programmes, and we are now helping companies apply that same discipline to the governance of AI as the technology, the standards and the expectations around it continue to evolve.
Visit our AI webpage to learn more about how we support companies in strengthening their AI governance, or download a free copy of our Artificial Intelligence Governance Framework to help assess and strengthen your organisation’s AI governance below.
[/ux_html]