TL;DR: AI governance capacity is becoming a structural constraint as 73% of leaders cite technical skill gaps, 85% of companies offer AI training, and 41% of executives see separate data and AI governance models as a barrier, according to Deloitte, KPMG, and MIT Technology Review Insights with Databricks. The governance challenge is moving from staffing to system design, where scalable controls matter more than adding specialists.
NHIMG editorial — based on content published by OneTrust: Bridging the AI Talent Gap With Collaborative AI Governance Tools
By the numbers:
- Nearly three-fourths of leaders 73% said lack of technical talent and skill gaps were top challenges to adopting AI.
- More than eight in 10 85% companies provide some AI training, but 84% of those employees report needing more.
- 41% of executives view separate data and AI governance models as a primary barrier.
Questions worth separating out
Q: How should organisations scale AI governance when expert talent is limited?
A: They should standardise the repeatable parts of governance, then reserve experts for exceptions and high-risk decisions.
Q: Why do separate data and AI governance models create problems?
A: Separate models create duplicated reviews, inconsistent policy interpretation, and unclear ownership.
Q: What do security teams get wrong about AI governance maturity?
A: They often mistake policy documents and training coverage for operational control.
Practitioner guidance
- Redesign governance workflows for throughput Map the highest-friction approval, review, and evidence tasks in your AI programme, then move repeatable steps into standard workflows so experts handle only exceptions and high-risk cases.
- Build a shared control plane for AI oversight Connect privacy, security, compliance, and model-risk checks into one operating layer so policy decisions, exceptions, and approvals remain traceable across teams.
- Define evidence-producing controls Require every material AI governance decision to leave an audit trail that shows the policy basis, approver, exception rationale, and review date, then test whether those records are retrievable under audit pressure.
What's in the full article
OneTrust's full blog covers the operational detail this post intentionally leaves for the source:
- How the collaborative governance operating model is structured across product, data, security, privacy, and compliance teams
- Examples of where policy interpretation can be centralised without removing human review from complex decisions
- The specific ways governance tooling is intended to reduce repetitive manual work while preserving accountability
- How the approach aligns with emerging regulatory expectations for transparency and evidence
👉 Read OneTrust's analysis of the AI talent gap and governance operating model →
AI governance talent gaps: what it means for programme design?
Explore further
AI governance debt is now an operational risk, not a staffing gap. The article correctly frames the problem as an operating model limitation, but the deeper issue is that governance work accumulates faster than organisations can process it manually. When policy interpretation, approval routing, and evidence collection stay fragmented, the programme inherits hidden backlog and inconsistent decisions. Practitioners should treat this as governance debt that compounds until control quality degrades.
A question worth separating out:
Q: How do IAM and AI governance programs intersect in practice?
A: They intersect wherever access, approval, and accountability matter. AI governance needs the same patterns IAM uses for ownership, separation of duties, and traceable decision paths. That makes identity governance a useful operating model for managing high-risk AI systems, especially where sensitive data or privileged access is involved.
👉 Read our full editorial: AI governance talent gaps are becoming an operating model problem