Over the past few months, I’ve been noticing a growing tension in projects when it comes to AI usage.
On one hand, organizations are introducing governance frameworks—policies, approvals, restrictions—to manage risks like data leakage, compliance, and misuse.
On the other hand, project teams are under constant pressure to deliver faster—and many are already using AI tools (often informally) to speed things up.
This creates an interesting dynamic:
Governance aims to reduce risk
Teams optimize for speed and efficiency
In some cases, I’ve seen governance become more of a bottleneck than a safeguard—especially when there’s no clear visibility into how AI is actually being used at the project level.
Curious to hear from others:
Are AI governance efforts in your organization helping projects run better, or are they slowing things down?
How are you balancing control vs. delivery speed in real-world projects?
Would love to hear practical experiences rather than theoretical approaches.
Saving Changes...
Sort By:
Sergio Luis ConteHelping to create solutions for everyone| Worldwide based OrganizationsBuenos Aires, Argentina
First of all: AI is a board term. But when generative AI emerges AI governance because a must. AI Governance must not be considered in isolation. AI Governance is a component inside Responsible AI module when organizations implements generative AI. I can talk about that because I am working in the in the largest consulting firm in the product that manage all related to Responsible AI. So, you can implement Responsible AI using generative AI. The key here is cost-benefit: the cost of the risks organizations will face due to dont implement Responsible Ai are too high.
...
1 reply by Rom C
Mar 25, 2026 6:06 AM
Rom C
...
You bring up a crucial point—AI governance shouldn't be a standalone silo; it’s a core pillar of Responsible AI. In my work, I’ve found that the "cost-benefit" you mentioned is the most effective way to get stakeholder buy-in. The "cost" of a single data leak or a compliance violation in a regulated industry far outweighs the "benefit" of a few weeks of unmanaged speed. When you implement Responsible AI, are you finding that the framework acts as a clear roadmap for teams, or is the complexity of "managing all things related to Responsible AI" still a significant hurdle for smaller project teams to clear?
What type of governance structures are you seeing? Is it more command and control or focused on adaptive decision rights?
...
1 reply by Rom C
Mar 25, 2026 6:06 AM
Rom C
...
That is the million-dollar question. Currently, I see a lot of "Command and Control" because organizations are reacting out of fear—fear of data leakage and fear of regulatory fines. However, the goal is definitely to move toward adaptive decision rights. The "command" approach tends to create the very bottlenecks that drive teams toward "Shadow AI." An adaptive model—where the level of oversight scales with the sensitivity of the data and the impact of the AI's decision—is the only way to keep pace with innovation without losing data sovereignty. Which of those two models are you seeing more of in your environment?
Medium-risk → lightweight guardrails and checklist-based reviews
High-risk (customer-facing, regulated data) → deeper oversight, but engaged early in the lifecycle
The key difference: governance moves from being a gate at the end to a design constraint at the start.
Two practical things that seem to help:
Standardize common use cases so teams aren’t reinventing approvals every time
Give teams clarity on “what good looks like” upfront (data usage, model choice, human-in-the-loop expectations)
When that’s in place, governance actually accelerates delivery because teams aren’t guessing—or backtracking after the fact.
Curious if others are seeing the same: is your governance model centralized control, or more distributed with guardrails?
...
1 reply by Rom C
Mar 25, 2026 6:07 AM
Rom C
...
"Governance as a design constraint at the start rather than a gate at the end"—I couldn't agree more. When governance shows up late, it’s a bottleneck; when it’s baked into the architecture, it’s an accelerant. Your tiered risk approach is exactly how we move from "theory" to "actionable strategy." By pre-approving patterns for low-risk work, you clear the runway for the high-risk cases that actually require deep oversight—like those involving customer PII or financial records. In your experience, when teams move to the "High-risk" tier, are they more comfortable using Private Cloud/On-Prem setups where they have total custody of the data, or are they still trying to make public APIs work with heavy redaction?
First of all: AI is a board term. But when generative AI emerges AI governance because a must. AI Governance must not be considered in isolation. AI Governance is a component inside Responsible AI module when organizations implements generative AI. I can talk about that because I am working in the in the largest consulting firm in the product that manage all related to Responsible AI. So, you can implement Responsible AI using generative AI. The key here is cost-benefit: the cost of the risks organizations will face due to dont implement Responsible Ai are too high.
You bring up a crucial point—AI governance shouldn't be a standalone silo; it’s a core pillar of Responsible AI. In my work, I’ve found that the "cost-benefit" you mentioned is the most effective way to get stakeholder buy-in. The "cost" of a single data leak or a compliance violation in a regulated industry far outweighs the "benefit" of a few weeks of unmanaged speed. When you implement Responsible AI, are you finding that the framework acts as a clear roadmap for teams, or is the complexity of "managing all things related to Responsible AI" still a significant hurdle for smaller project teams to clear? Saving Changes...
What type of governance structures are you seeing? Is it more command and control or focused on adaptive decision rights?
That is the million-dollar question. Currently, I see a lot of "Command and Control" because organizations are reacting out of fear—fear of data leakage and fear of regulatory fines. However, the goal is definitely to move toward adaptive decision rights. The "command" approach tends to create the very bottlenecks that drive teams toward "Shadow AI." An adaptive model—where the level of oversight scales with the sensitivity of the data and the impact of the AI's decision—is the only way to keep pace with innovation without losing data sovereignty. Which of those two models are you seeing more of in your environment?
...
1 reply by Aaron Porter
Mar 25, 2026 9:47 AM
Aaron Porter
...
I'd call it a mix. There is some command and control - I'm not sure it will entirely go away - plus adaptive decision rights, and guardrails. I'd like to say there are controls built in to the models we are using - several of the third party tools we use have AI built in, now, but I can only think of one that isn't a full generative AI model that is simply bundled with the tool, so there's a good chance that we could ask business questions in our dev tool AI and get good answers. That should probably concern me more than it does.
I recall seeing a reddit post, not too long ago, where someone was talking about using another company's chatbot to write code. There are ways to avoid this, but it can happen when someone with no dev background that doesn't understand guardrails or controls uses AI or simple online instructions to build an AI tool built on a full AI model.
Medium-risk → lightweight guardrails and checklist-based reviews
High-risk (customer-facing, regulated data) → deeper oversight, but engaged early in the lifecycle
The key difference: governance moves from being a gate at the end to a design constraint at the start.
Two practical things that seem to help:
Standardize common use cases so teams aren’t reinventing approvals every time
Give teams clarity on “what good looks like” upfront (data usage, model choice, human-in-the-loop expectations)
When that’s in place, governance actually accelerates delivery because teams aren’t guessing—or backtracking after the fact.
Curious if others are seeing the same: is your governance model centralized control, or more distributed with guardrails?
"Governance as a design constraint at the start rather than a gate at the end"—I couldn't agree more. When governance shows up late, it’s a bottleneck; when it’s baked into the architecture, it’s an accelerant. Your tiered risk approach is exactly how we move from "theory" to "actionable strategy." By pre-approving patterns for low-risk work, you clear the runway for the high-risk cases that actually require deep oversight—like those involving customer PII or financial records. In your experience, when teams move to the "High-risk" tier, are they more comfortable using Private Cloud/On-Prem setups where they have total custody of the data, or are they still trying to make public APIs work with heavy redaction? Saving Changes...
That is the million-dollar question. Currently, I see a lot of "Command and Control" because organizations are reacting out of fear—fear of data leakage and fear of regulatory fines. However, the goal is definitely to move toward adaptive decision rights. The "command" approach tends to create the very bottlenecks that drive teams toward "Shadow AI." An adaptive model—where the level of oversight scales with the sensitivity of the data and the impact of the AI's decision—is the only way to keep pace with innovation without losing data sovereignty. Which of those two models are you seeing more of in your environment?
I'd call it a mix. There is some command and control - I'm not sure it will entirely go away - plus adaptive decision rights, and guardrails. I'd like to say there are controls built in to the models we are using - several of the third party tools we use have AI built in, now, but I can only think of one that isn't a full generative AI model that is simply bundled with the tool, so there's a good chance that we could ask business questions in our dev tool AI and get good answers. That should probably concern me more than it does.
I recall seeing a reddit post, not too long ago, where someone was talking about using another company's chatbot to write code. There are ways to avoid this, but it can happen when someone with no dev background that doesn't understand guardrails or controls uses AI or simple online instructions to build an AI tool built on a full AI model. Saving Changes...
Community Champion
