Who Owns AI at Work?
Why Every Department Has a Role – But Leadership Owns the Outcome
Artificial intelligence has moved from experimentation to everyday business. Employees are using generative AI to draft proposals, write software, analyse spreadsheets, prepare presentations and support customer service. Yet while adoption has accelerated rapidly, governance has often lagged behind.
For many organisations, particularly small and medium-sized businesses, one question continues to emerge:
Who actually owns AI?
Is it an IT responsibility because it is technology? Is it HR because employees are using it? Does Legal own compliance? Or is it ultimately a board-level issue?
The evidence suggests the answer is both simpler and more challenging than many organisations expect. No single department owns AI. Instead, effective AI governance requires clearly defined responsibilities across multiple functions, with ultimate accountability resting at executive level.
AI governance is becoming a business requirement
Whether organisations are ready or not, AI governance is shifting from best practice to business necessity.
As AI becomes embedded in daily operations, regulators and governments worldwide are sending a consistent message: organisations must prove AI is used responsibly, safely and with appropriate human oversight. Accountability can no longer sit with individuals or single teams—it must be built into the organisation.
This is reflected in major frameworks such as the OECD AI Principles, NIST’s AI Risk Management Framework, ISO/IEC 42001 and the EU AI Act. While they differ in scope, all emphasise governance, risk management, transparency and clear accountability.
AI governance is therefore not just an IT concern but an organisational responsibility requiring defined ownership, cross-functional coordination and executive oversight. Those who establish these foundations early will be better positioned to adopt AI confidently as regulation and expectations evolve.
Collectively, these frameworks reach the same conclusion: AI governance is an organisational responsibility, not simply an IT project.
The ownership problem
Unlike previous technology initiatives, AI cuts across almost every business function.
Marketing teams use AI to generate content. Finance teams rely on AI-assisted analysis. HR professionals are experimenting with AI to draft job descriptions and screen applications. Developers increasingly use AI-assisted coding tools, while customer service teams are embedding AI into everyday interactions.
Every one of these activities introduces different considerations—confidentiality, data protection, intellectual property, bias, regulatory compliance and reputational risk.
This explains why assigning AI solely to IT or HR inevitably creates governance gaps. Each department understands only part of the challenge.
A practical division of responsibilities
Although no single governance model fits every organisation, most recognised frameworks point towards shared responsibility.
The key point is that while responsibilities can be delegated, accountability cannot. Directors remain responsible for ensuring appropriate governance exists, just as they do for financial controls, cyber security and health and safety.
Function
IT
Primary responsibility
AI platforms, cybersecurity, access controls, data protection and technical assurance.
HR
Employee training, acceptable use policies, AI literacy, recruitment and workforce adoption
Legal & Compliance
Regulatory compliance, privacy, contractual obligations and intellectual property
Business Leaders
Identifying appropriate use cases, operational oversight and ensuring AI delivers measurable business value
Board & Executive Team
Risk appetite, governance framework, investment decisions and ultimate organisational accountability
The challenge facing SMEs
For large organisations, this shared model is relatively straightforward. Dedicated HR, IT, Legal and Compliance teams already exist, making it easier to allocate responsibilities.
For smaller businesses, the picture is very different.
A company employing 75 people may have one IT Manager, one HR Manager and no in-house legal or compliance specialists. AI adoption often begins informally, with employees introducing tools that improve productivity before any formal governance has been considered.
This creates what might be described as an AI governance vacuum.
Unlike GDPR, where organisations quickly identified a Data Protection Officer or nominated a responsible individual, AI has arrived organically. Employees have simply started using ChatGPT, Microsoft Copilot and other AI-powered tools as part of their daily work. In many organisations, no one has formally been asked to decide which tools are approved, what information may be entered into them or how their use should be monitored.
This lack of ownership is often the greatest risk.
Questions that appear simple quickly become complex:
- Can employees upload client information into public AI platforms?
- Who checks that AI-generated reports or contracts are accurate?
- Who ensures recruitment decisions supported by AI remain fair and unbiased?
- Who trains employees to use AI responsibly?
- Who monitors emerging legal obligations?
- Who reviews new AI tools before they are adopted?
In many SMEs, the honest answer is that nobody has been given explicit responsibility.
Initially, this may not appear to matter. Employees become more productive, repetitive tasks are automated and the business benefits from faster decision-making.
However, without governance, productivity gains can gradually be accompanied by inconsistent risk. Confidential information may be entered into public AI tools. AI-generated content may contain inaccuracies or infringe intellectual property. Different departments may adopt different platforms with no oversight, creating what many experts now refer to as "shadow AI"—the widespread use of AI applications outside formal organisational governance.
The risk is rarely that employees misuse AI intentionally. More often, they simply lack clear guidance about what constitutes appropriate use.
Governance should enable innovation
One of the biggest misconceptions surrounding AI governance is that it exists to slow innovation.
In reality, effective governance enables organisations to adopt AI with greater confidence.
When employees know which tools have been approved, what information they can safely use, when human review is required and where to seek advice, they are more likely to embrace AI responsibly. Governance creates confidence rather than bureaucracy.
This is particularly important for SMEs, where AI has the potential to deliver significant productivity gains but where resources to manage risk are often limited.
Not every growing business needs a full-time AI Governance Manager. Many simply need someone to take ownership of the subject. That may be an existing senior leader with appropriate support, or increasingly it may involve accessing specialist expertise through independent consultants on a fractional basis - much as organisations already do with virtual Chief Information Security Officers, outsourced HR Directors or Data Protection Officers.
As AI regulation evolves and organisational use becomes more sophisticated, this flexible model is likely to become increasingly common, allowing smaller businesses to access expertise without creating permanent executive roles.
The role of leadership
Perhaps the most important lesson emerging from today's governance frameworks is that executive leadership cannot delegate accountability for AI.
Directors do not need to understand every AI tool, prompt or technical model. They do, however, need confidence that appropriate governance exists, responsibilities are clearly assigned, employees are properly trained and significant risks are understood and managed.
The organisations that will gain the greatest competitive advantage from AI are unlikely to be those adopting the newest tools first. They will be those creating clear governance that allows innovation to flourish safely, consistently and responsibly.
The question, therefore, is no longer Who owns AI?
A better question is:
Has your organisation clearly defined who owns each part of AI governance?
For larger organisations, that responsibility may naturally be shared across HR, IT, Legal and Risk functions. For smaller businesses, where those departments may not exist independently, the challenge is greater - but no less important.
The absence of dedicated teams cannot become the absence of governance.
As AI becomes embedded into everyday business, organisations that establish clear ownership today will be far better placed to innovate with confidence tomorrow. Those that leave responsibility undefined may discover that the greatest risk is not the technology itself, but assuming somebody else is managing it.
How Ashdown Can Help?
For many organisations, particularly SMEs, the challenge isn't recognising the importance of AI governance - it's knowing where to start.
Unlike larger enterprises, smaller businesses rarely have dedicated IT security, compliance, legal and HR teams with the capacity to develop AI governance frameworks internally. Many simply need experienced guidance to establish appropriate governance without recruiting a full-time specialist.
Ashdown can help organisations assess their current level of AI readiness and, where appropriate, introduce experienced independent consultants who provide flexible, fractional support.
AI Governance Readiness Review
Our initial assessment is designed to help leadership teams understand where they are today and what level of governance is appropriate for their business.
Typical areas of review include:
- How widely is AI currently being used across the organisation?
- Which AI tools have been adopted, and are they formally approved?
- Is there an AI policy or acceptable use framework?
- Has responsibility for AI governance been clearly assigned?
- Are employees receiving appropriate guidance and training?
- Are AI-related skills gaps beginning to affect recruitment or workforce capability?
- Does the organisation require permanent AI leadership, access to a fractional adviser, or simply clearer internal governance?
The outcome is a practical recommendations report highlighting governance priorities, organisational risks and suggested next steps.
Access to Fractional AI Governance Expertise
Where additional expertise is required, Ashdown can introduce experienced independent specialists who support organisations on a flexible basis.
Typical assignments include:
- Developing an AI strategy aligned with business objectives.
- Establishing practical governance structures and accountability.
- Drafting AI policies and acceptable use guidance.
- Advising boards and senior leadership on AI opportunities and risks.
- Supporting the safe adoption of AI technologies across the organisation.
- Designing AI awareness and employee training programmes.
- Preparing organisations for recognised governance standards such as ISO/IEC 42001 and evolving regulatory requirements, including the EU AI Act where relevant.
For many businesses, a few days of experienced advice each quarter can provide the governance and confidence needed to adopt AI safely without the cost of creating a permanent executive role.
As AI becomes embedded across every business function, having access to the right expertise—whether through recruitment, interim leadership or fractional advisory support—will become an increasingly important part of building a resilient, future-ready organisation.
Our Salary Guide focuses on major roles in the IT, Accountancy, HR and Marketing sectors, created from data analysed from over 3,400 organisations, 23,000 registered jobs, 360,000 recently active candidates, ONS data and other external data sources. Explore industry specific salary data and salaries for individual job roles, based on experience and location.
Latest Jobs
Full Stack Developer
A growing cloud communications tech company based in Manchester is seeking a talented Full Stack Developer with proven experience in building robust web applications and integrating communication APIs. The ideal candidate will be passionate about creating high quality software, thrive in a collaborative environment, and have a strong understanding of both front-end and back-end development....
Read moreQA Lead / Test Lead – 6 month FTC
This is a newly created position for a QA Lead / Lead Tester to take an instrumental position within a growing SME. This role paying circa £60,000 pro rata and is a 6 month FTC with the likelihood of extensions. This role can be predominantly work from home, but you must be able and willing...
Read morePeople Coordinator
HR Administrator / People Coordinator – Initial 6 month contract – Hourly rate £17.20 – Hybrid working (2-3 days per week in Harrow, North West London) – To be considered you will need to be registered with the DBS Checking Service A reputable morganisation in North West London are looking for an HR...
Read more