AI governance and ethics: where do programmes still break down?

TL;DR: AI governance and ethics fails when organisations stop at principles and never operationalise intake, review, monitoring, and evidence, according to Collibra. Responsible AI only works when governance is embedded across the lifecycle, because post-deployment ethics checks arrive after data, workflows, and business dependence have already hardened.

NHIMG editorial — based on content published by Collibra: AI governance and ethics: How to build responsible AI from the ground up

By the numbers:

• Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, with 46% confirmed and 26% suspected.

Questions worth separating out

Q: How should organisations operationalise responsible AI governance?

A: Organisations should treat responsible AI as a lifecycle control, not a policy statement.

Q: Why do AI ethics programmes fail after deployment?

A: They fail because the organisation reviews the system too late.

Q: What do security teams get wrong about AI governance inventories?

A: They often inventory only the AI they built themselves and miss embedded AI inside vendor platforms and other shadow AI.

Practitioner guidance

• Build a pre-development intake gate Require every AI use case to be reviewed before engineering resources are committed.
• Create a live inventory of AI use cases, models, and agents Include embedded AI in vendor platforms, not just internally built systems.
• Route reviews automatically by risk tier Tie high-risk use cases to privacy, legal, security, and fairness checks without manual chasing.

What's in the full article

Collibra's full blog post covers the operational detail this post intentionally leaves for the source:

• The article expands on the EU AI Act, NIST AI RMF, and ISO/IEC 42001 and how each framework maps to responsible AI operating models.
• It walks through the accountability workflow elements in more detail, including inventory, intake, automated risk routing, human review, and continuous monitoring.
• The post explains how organisations should connect data lineage, policy traceability, and model ownership so governance evidence survives audits.
• It also provides the practical sequence for getting started, including how to walk one high-stakes use case through the full lifecycle.

👉 Read Collibra's analysis of AI governance and ethics from the ground up →

AI governance and ethics: where do programmes still break down?

Explore further

View Full Forum →  |  NHI Foundation Course →