The Implementation Gap in Enterprise AI
The wave of AI investment following ChatGPT’s launch will produce a predictable result in most large organisations: individual employees will become meaningfully more productive with AI assistance, and the organisation will not become meaningfully more capable. The gap between individual improvement and organisational improvement is the implementation gap, and it is the result of a consistent mistake in how AI adoption is managed.
The mistake is to treat AI as a productivity tool and stop there. When AI is introduced to individuals as a way to do their current tasks faster, it delivers individual productivity improvements that do not aggregate. An analyst who writes reports twice as fast while the reporting process is unchanged has given the organisation half the analyst’s time back. If there is no process change to direct that freed time toward higher-value work, the time diffuses into the background of organisational life without changing outputs. The AI investment has produced tool adoption without process improvement.
The alternative is to treat AI adoption as a process redesign initiative with a technology component. The question is not “how does this tool help employees do their current work faster?” It is “how does AI capability change what work is worth doing, how it should be done, and who should be accountable for which parts of the result?” That question produces a different kind of planning and a different kind of change management.
AI Use Policy Development
The first process work that cannot be deferred is policy. AI tools are being adopted now, by individual employees and teams, with or without organisational awareness or governance. The absence of policy does not prevent adoption; it prevents governed adoption.
The policy questions that need answers are not primarily philosophical. They are operational. What categories of data can be processed through external AI services? Customer personal data, financial data, strategic business information, and regulated content all have different implications when sent to third-party systems. Employees using public AI interfaces may not be aware that their inputs are used to improve the model, or that they persist beyond the session, unless the policy makes this explicit.
What constitutes appropriate human review of AI-generated outputs before they are relied upon in business decisions? The answer will differ by use case: AI-assisted drafting of internal communications requires different review standards from AI-assisted analysis used in customer-facing recommendations or regulatory filings. Making these distinctions explicit prevents both over-reliance and under-reliance on AI outputs.
Who has authority to approve AI tool adoption? Shadow IT adoption of AI tools is already widespread in most organisations. A policy that prohibits unapproved adoption without providing an accessible approval process will be ignored. A policy with a lightweight approval process that reviews data handling and outputs risk will be used, and will create the visibility needed to govern AI adoption at organisational scale.
Data Governance for AI Inputs
The processes that govern data access, classification, and handling were designed before AI created the current data access patterns. An employee who uses AI to analyse a dataset is doing something that existing data governance frameworks were not designed to address: they are sending potentially sensitive data through a third-party processing system, potentially extracting implicit information that is not in any individual field, and potentially retaining outputs that embed sensitive information in ways that are difficult to control.
Data governance for AI inputs requires extending existing classification and handling rules to cover AI processing. Confidential data that cannot be emailed externally also cannot be sent through an external AI service, and the policy should make this connection explicit. Data that requires access logging under regulatory requirements requires that AI access to it be logged, which means using AI services with appropriate audit capability rather than consumer tools without it.
The governance extension is not a new framework built from scratch. It is an update to existing data classification, handling, and access control frameworks that adds AI processing as a category of data handling with specific requirements. Organisations that have invested in data governance infrastructure have a foundation to extend. Organisations that have not are discovering that the absence of data governance is an AI governance problem as well as a data privacy problem.
Accountability Frameworks for AI-Assisted Decisions
When an AI system assists in or produces an output that is used in a decision, accountability for that decision must remain with a human. This is not just a regulatory principle; it is an operational requirement. AI systems produce incorrect outputs. The frequency and type of errors depend on the use case, but no current AI system is reliable enough to be accountable for a consequential business decision without human oversight.
The accountability framework for AI-assisted decisions specifies which roles are accountable for reviewing, approving, and acting on AI-generated outputs in different decision contexts. For a customer service decision supported by AI recommendation, the accountable human is the customer service agent who reviews the recommendation before acting on it. For a security alert triaged with AI assistance, the accountable human is the security analyst who decides whether to escalate the alert. For a financial analysis that includes AI-generated components, the accountable human is the analyst or manager whose sign-off the analysis carries.
Making this accountability explicit in the process design does two things. It ensures that AI outputs are reviewed by someone with the context to assess them, rather than being acted on automatically because the system produced them. And it creates a clear escalation path when an AI output is incorrect or inappropriate, which is essential for organisational learning and for regulatory accountability.
Skills Development for AI-Augmented Roles
The skills that AI augmentation requires are not primarily technical. Most employees do not need to understand how large language models work in order to use them effectively. What they need is judgment about when to use AI assistance, how to evaluate the outputs it produces, and how to maintain the critical thinking and domain expertise that AI cannot substitute for.
The skills development investment that prepares an IT organisation for AI augmentation has several components. AI literacy at a practical rather than technical level: what AI tools can and cannot do, how to prompt them effectively, how to identify when an output is likely to be incorrect or misleading. Critical evaluation of AI outputs: the habits of review that prevent the over-reliance that emerges when AI outputs are plausible but wrong. Domain expertise maintenance: the understanding that AI assistance with a domain requires more domain expertise to use well, not less, because the human’s job shifts from doing the work to evaluating the work.
The skills development programme is also a change management programme. It communicates organisational intent about AI: that AI is a capability amplifier, not a workforce replacement, and that the organisation is investing in employees’ ability to work with AI effectively. That communication shapes the cultural reception of AI adoption in ways that affect whether the adoption produces the intended outcomes.
The Change Management That AI Adoption Requires
The largest variable in enterprise AI adoption is not the technology. It is whether the people whose work the technology is designed to augment understand the change, trust the intent, and have the support to develop new working patterns. Organisations that deploy AI without managing the change get tool adoption without the process redesign that converts individual productivity into organisational capability.
The change management for AI adoption follows the same principles as other operational change programmes, with one specific addition. AI adoption changes the cognitive content of work in ways that other technology changes do not. Employees whose work is augmented by AI are no longer doing exactly what they were doing before. They are doing something that partially resembles their previous work, partially involves new skills, and requires a different relationship to the technology tools they use. The change management that addresses this transition is more nuanced than the change management for a system migration, because the change being managed is to professional identity and work meaning as much as to workflow.
The organisations that navigate AI augmentation well in 2023 will be the ones that start this process work now, before the technology deployments they are planning, and that treat the process change as the primary investment and the technology as the enabler.