AI governance gap widens

A new global dataset shows companies are talking about artificial intelligence governance far more than they are proving it. (unesco.org) UNESCO and the Thomson Reuters Foundation said 43.7% of companies in their sample publicly describe an artificial intelligence strategy or guidelines, but only 13% publicly claim adherence to a formal governance framework. The report draws on nearly 100,000 data points covering 2,972 companies across 11 sectors and six regions. (unesco.org) The Thomson Reuters Institute said 71% of companies in the dataset reference ethical artificial intelligence principles, while formal governance adoption remains far lower. Its February 23, 2026 analysis said that gap is creating environmental, social and governance risk as investors and regulators ask for evidence, not broad statements. (thomsonreuters.com) Artificial intelligence governance is the paperwork and control system behind a model: who approved it, what data trained it, how risks were tested, and who can shut it down. The International Organization for Standardization says ISO/IEC 42001, published in 2023, is the first global standard for building that kind of artificial intelligence management system. (iso.org) Certification is starting to turn that framework into a market signal. Cognizant said on December 16, 2024 that it had become the first company to achieve accredited ISO/IEC 42001:2023 certification for artificial intelligence management systems, and KPMG in the United States said on November 18, 2025 that it had also achieved ISO 42001 certification. (news.cognizant.com, kpmg.com) Other companies are using the same badge to show customers and regulators they can document how their systems work. Automation Anywhere said on November 10, 2025 that it was among the first 100 companies worldwide to earn ISO/IEC 42001:2023 certification after a third-party audit. (prnewswire.com) The compliance pressure is no longer theoretical in Europe. The European Commission says the European Union Artificial Intelligence Act imposes transparency obligations on providers and deployers of certain systems, and it is separately drafting guidance and a code of practice for transparent generative artificial intelligence systems. (digital-strategy.ec.europa.eu) In the United States, the National Institute of Standards and Technology is still offering a voluntary model rather than a binding rule. NIST says its Artificial Intelligence Risk Management Framework, released in January 2023, is organized around four functions — Govern, Map, Measure and Manage — and it added a generative artificial intelligence profile on July 26, 2024. (nist.gov, nist.gov) The result is a widening split between companies that can show an audit trail and companies that mainly publish principles. As regulators, auditors and enterprise buyers ask for records, standards and certifications, artificial intelligence governance is moving from a policy page to an operating requirement. (unesco.org, iso.org, digital-strategy.ec.europa.eu)