AI adoption in a company usually does not fail because the model was too weak. It fails because no one knows which workflows are actually in production, what data they can access, who is allowed to approve what, and where to find evidence later.
2026 makes this especially important, because the European Union AI Act is being applied gradually: prohibited practices and AI literacy obligations have applied since 2 February 2025, general-purpose model obligations since 2 August 2025, and most of the regulation becomes applicable on 2 August 2026, while some high-risk systems have an extended transition period.
The AI Act Service Desk timeline and the European Commission’s AI Act overview also note the Digital Package on Simplification, around which there is active discussion in 2026.
If a leader wants a practical control package, it should start with five parts. First, make all AI use visible: which models, which workflows, which data, which external services.
Second, connect each use case to a data class and permissions: whether it includes personal data, trade secrets, or confidential customer information. Third, establish human control in mandatory places: external messages, financial decisions, contract and HR actions, database changes.
Fourth, put logs and traceability in place. Fifth, do not evaluate a software provider only by the capability of the model. Also ask how data, keys, roles, retention, and incidents are managed. The NIST AI RMF Playbook is useful here because it helps map, measure, and manage AI risks.
From a data protection perspective, it is important that AI does not cancel existing obligations. In 2025, European data protection authorities moved towards much more practical guidance.
The EDPS updated guidance on generative AI emphasizes clarity of roles and responsibilities, defining the legal basis, purpose limitation, and an action-oriented checklist that helps assess whether a specific use is lawful.
For a leader, this means the following in simple terms: if you do not know who the controller is, what data the system sees, and why the processing is lawful, then the use case is not yet ready for use in the company.
Security risks are just as practical. The ENISA Threat Landscape 2025 describes how AI systems create a new attack surface: malicious packages, malware disguised as AI tools, supply chain compromise, vulnerabilities in code assistants and agents, and broader integration risks.
This means that AI governance is not only “ethics” and not only “regulation”; it is also access management, key management, security standards, isolated test environments, and a recovery plan.
When should AI use not be expanded? When the policy exists on paper, but the controls live in Excel and in people’s heads.
Also when the company cannot answer four questions: which AI uses are currently in production, whose data they use, who is allowed to change them, and how we immediately stop the use if something goes wrong.
This is not a “large corporation luxury”; it is a minimum management framework that a small or medium-sized company needs just as much as a group enterprise.
How do you measure whether governance works? Do not measure the existence of a policy, measure coverage. How many AI use cases have an assigned owner? For how many workflows are logs and access rights documented?
How quickly can permissions be closed, keys rotated, or a service shut down? How many employees have completed AI literacy or usage policy training?
If the answers to these questions are unknown, risk management is not mature, even if there is a beautiful “AI policy” PDF on the intranet.