Who is responsible for AI in the organisation?

As AI is adopted in an ever-growing number of work processes, the same question arises in many organisations: Who is actually responsible for AI?

Is it the IT department? HR? The quality manager? Senior leadership?

The challenge is that AI rarely fits neatly within a single department.

An AI tool can simultaneously affect data protection, information security, quality, work processes, customer handling and decision-making. This quickly makes it unclear who should own the risk, the guidelines and the follow-up.

Many organisations start by placing responsibility with IT. This is understandable, but often insufficient.

IT can take responsibility for the technology and security, but rarely has the position to assess how AI affects the professional areas that use it.

If HR uses AI in recruitment, HR must understand the risks and own the process. If the marketing team uses generative AI for content production, the marketing team must take responsibility for how the tool is used. If the finance department uses AI for analysis or decision support, they must own their part of the usage.

Just as departments own their own systems and work processes, they must also own the AI solutions they use.

Large organisations are now beginning to establish AI steering groups, AI governance functions and dedicated leads for coordinating AI work.

The goal is not necessarily to control all use of AI, but to create visibility and ensure the organisation has shared guidelines and risk assessments.

For smaller organisations, dedicated AI roles are rarely necessary. There it is often more realistic to distribute responsibility between leadership, IT, quality functions and the departments that actually use the technology.

One of the challenges many organisations are now discovering is that they do not have a full overview of how AI is being used internally.

EU AI Act sets out different requirements depending on how AI is used. Before an organisation can assess which requirements apply, it must first map which AI systems are actually in use.

This is difficult for one person to do alone.

To gain an overview, the organisation must involve multiple professional areas. Each department must contribute information about which tools are in use, what they are used for and which processes they form part of.

Many organisations are looking for one person who can own AI.

In practice, good AI governance is often less about finding a single accountable individual and more about establishing clear roles and responsibilities across the organisation.

Someone must coordinate the work. Leadership must own the governance. But those who use AI day to day must also own the risk and the responsibility for how the technology is used in their own processes.

It is only when these roles are clearly defined that the organisation gains the visibility and control that both leadership, ISO 42001 and the EU AI Act call for.

We help organisations with advisory services, establishment and further development of AI management systems. Get in touch to find out how we can help you!