Next Article in Journal
VMkCwPIR: A Single-Round Scalable Multi-Keyword PIR Protocol Supporting Non-Primary Key Queries
Previous Article in Journal
AI-Based Academic Advising Across the Student Lifecycle: A Systematic Literature Review
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Information
Volume 17
Issue 4
10.3390/info17040336
information-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Artificial Intelligence Governance Mechanisms—The Chief Data Officer Perspective with a Focus on Agentic AI Governance

by
Erik Beulen
1,* and
Marla Dans
2
1
Alliance Manchester Business School (AMBS), The University of Manchester, Oxford Rd, Manchester M13 9PL, UK
2
DataZen LLC, 190 Eastwoods Road, Pound Ridge, New York, NY 10576, USA
*
Author to whom correspondence should be addressed.
Information 2026, 17(4), 336; https://doi.org/10.3390/info17040336
Submission received: 28 January 2026 / Revised: 14 March 2026 / Accepted: 20 March 2026 / Published: 1 April 2026
(This article belongs to the Section Artificial Intelligence)
Browse Figures
Versions Notes

Abstract

Artificial intelligence (AI) governance is becoming increasingly important due to technological development, widespread adoption, and the lack of boundaries. This triggers many opportunities for innovation but also increases risks. By conducting 23 subject-matter expert interviews with global Chief Data Officers and performing a workshop with 31 European Chief Data Officers, we explored five AI governance mechanisms identified in the literature, and we discussed the impact and developments regarding future legislation in a global context and the impact of data and operational sovereignty on (agentic) AI governance. Our data suggests that installing an AI governance steering committee is currently the most important mechanism and that stakeholder management and model ownership are prerequisite mechanisms; moreover, audit and impact assessments, as well as staff training, are hygiene mechanisms. In the context of agentic AI governance, we found that the mechanisms identified for AI governance must be applied with greater scrutiny, rigor, and consistency; in addition, in this second round of our research, we find that stronger AI tooling is required to effectively support governance practices. Our research resulted in an AI governance framework with six governance mechanisms and six AI governance good practices that provide a starting point for organizations to implement AI governance.

Graphical Abstract

1. Introduction

The EOCD defines AI as “an AI system is a machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments. AI systems are designed to operate with varying levels of autonomy.” [1] (p. 23). This is quite similar to the definition in the European Union AI Act [2] (p. 46), which defines AI as follows: “’artificial intelligence system’ (AI system) means a machine-based system designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations or decisions that can influence physical or virtual environments.” In our research, we applied the EU Act definition, as the definition also explicitly includes adaptiveness, which is related to machine learning and agentic AI.
Generative AI produces synthetic content, and AI agents execute tasks with limited to no human involvement while also expanding business processes [3]. Agentic AI goes beyond an AI personal assistant, for example, by facilitating financial transactions [4], building and testing software code [5], and urban planning [6]. Agentic Artificial Intelligence (agentic AI) systems can autonomously pursue long-term goals, make decisions, and execute complex, multi-turn workflows [7] (p. 2). In this research, agentic AI is defined as “Systems of multiple AI agents collaborating to achieve complex goals” [8] (p. 25), as organizations increasingly prepare for agent-to-agent interfacing to transact and innovate new business models [9]. In the context of governance, organizations must understand the autonomous character of agentic AI, which sets policy requirements such as human-in-the-loop oversight [10].
AI governance is required for any organization [11]. There are two AI risks. AI accident risks, which are related to an accident or misuse. The associated risks can still be significant, but they are typically relatively small compared to the second category of AI risks—AI systemic risks—which are inadvertent risks [12]. These risks include the following: 1. AI social risks, such as replacing human labor, facilitating inequality, and threatening human values; 2. AI race risks, which jeopardize fair competition; and 3. AI national risks, such as reinforcing totalitarianism and disturbing the international power balance between nation states and alliances [12,13,14].
Furthermore, AI is increasingly leveraged to increase the cyber resilience of organizations [15,16], while hackers are also increasingly using AI in preparing and executing hack attacks [17,18]. For all risks, oversight and governance are required.
In addition to all of this, AI also has an impact on the workforce, as tasks will be automated and new tasks will arise; this differs from job losses [19] but requires communication to all existing and potential employees [20], including the demystification of these known AI issues [21]. Potentially, AI will result in job polarization, as it automates routine tasks which are typically performed by middle-paid occupations, while non-routine tasks are concentrated among low-paid and high-paid staff [22].
Finally, spending on Artificial Intelligence (AI) is significantly increasing [23,24], and AI is becoming increasingly important and an integral part of doing business in the context of digital transformations [25,26]. Therefore, AI governance, along with understanding the business value and social assessment of AI, is important [27,28]. Currently, agentic AI is booming [29]. Agentic AI will also impact technology management [30].
Dafoe urges researchers to research AI governance: “… yet scholarly attention to the AI revolution remains negligibly. Research is thus urgently needed on the AI governance problem: the problem of devising global norms, policies, and institutions to best ensure the beneficial developments and use of advanced AI.” [12] (p. 1). Similarly, Papagiannidis et al. argue that research is required to better understand AI governance [27]. Furthermore, Wirtz et al. also stress that further research on AI governance is needed to ensure that organizations keep up with the pace of AI technology innovation [19], which is particularly important as AI and agentic AI require enhanced risk-tiered oversight, stressing the need for pre-emptive AI governance decision-making. Currently, the literature on AI governance is limited. Therefore, this study aims to expand academic contributions in the field of AI governance. Only high-level AI governance elements exist [31,32,33,34], with gaps identified in governance frameworks that do not govern the full life cycle [35,36] or that focus on specific contexts, such as AI outsourcing [37], the healthcare sector [38], or the public sector [39].
Our research objectives are:
  • Identify AI governance mechanisms.
  • Identify agentic AI governance mechanisms.
  • Provide organizations with guidance on the mechanisms that must be addressed in AI governance, with particular emphasis on the mechanisms for agentic AI.
This study is guided by two research questions:
  • RQ1. What are AI governance mechanisms?
  • RQ2. What are agentic AI governance mechanisms?
The outcome of this study and the specific guiding significance of the research conclusions is an AI governance framework addressing both adaptive AI, such as machine learning, and agentic AI. This research presents an AI framework consisting of six governance mechanisms and six AI governance good practices. This provides a foundation for organizations to implement AI governance and make AI governance decisions, and it is relevant for management, data management, technology management, policy makers, and consultants advising organizations on the implementation of AI governance.

2. Background and Related Work

2.1. AI Governance Initiatives and Legislation

Over the last decade, many intra-governmental AI initiatives have been launched. This includes the United Nations initiatives governing lethal autonomous weapons systems under the Convention on Certain Conventional Weapons in 2014, the adoption of AI ethics principles by the OECD in 2019, and the adoption of the Recommendation of Ethics of Artificial Intelligence by all 193 of UNESCO’s member states in 2021. In 2023, the BRICS countries formed an “AI study group”. The European Union and 28 countries signed the Bletchley Declaration on 2 November 2023. This declared identifying AI safety risks as a shared concern, building a shared scientific and evidence-based understanding of these risks, and sustaining that understanding as capabilities continue to increase in the context of a wider global approach to understanding the impact of AI in our societies (Bletchley Declaration, 2023). In 2024, the United Nations Global Digital Compact was established, which has a focus on AI governance and includes global principles for safe and ethical AI.
President Biden signed the AI Governance Executive Order (EO 14110, October 2023). In 2024, the Council of Europe (CoE) developed a legally binding international convention on AI and human rights. Furthermore, the European Union AI Act was adopted in 2024 and entered into force gradually with member state adoption. This legislation has a focus on risks and risk categorization, where applying agentic AI will typically qualify for a higher risk category. This is similar to the GDPR—article 22, which deals with automated individual decision-making.
On the one hand, all frameworks and legislations provide guidance for ensuring AI governance; on the other hand, fragmentation also introduces alignment complexities for organizations that operate in different jurisdictions ([40]—different national legislation; [36,41,42]—regulator perspective) and introduces the question of the extent to which human in the loop is required [43]. The current geopolitical turmoil has triggered both data and operational sovereignty discussions, which further increase complexity for any organization, regardless of whether the organization operates in one or multiple jurisdictions.
Furthermore, both frameworks and legislations have a focus on protection against AI risks—the precautionary principle—and, to a lesser extent, on harvesting AI opportunities [44].
In our research, we address both AI risk and AI opportunities, as suggested by Baum et al. [45].

2.2. AI Governance Purposes and Context

AI governance is applied to ensure the development of robust AI applications that neither trigger negative effects [20] nor generate unexpected and unintended consequences and/or introduce new forms of risks that need to be avoided [46]. The latter risk is typically an increased risk in agentic AI. In short, AI governance ensures AI safety with no unwanted outcomes [12], including ethical use of AI [47], which is important in the context of the growing public demand for ethical use of AI.
The two dominant standard bodies for AI governance are ISO and IEEE, which have a focus on efficiency and addressing ethical concerns and, to a lesser degree, on responsible employment and use of safety specifications in fundamental research [41]. The two most relevant ISO standards are as follows: 1. ISO/IEC 42001—Information technology—Artificial intelligence—Management system [48]; and 2. ISO/IEC 23053:2022—Framework for Artificial Intelligence (AI) Systems Using Machine Learning (ML) [49].
The most relevant series of IEEE standards includes: 1. IEEE 7000 (published standard) [50], 2. IEEE P2247 (project) [51], and 3. IEEE P3474 for autonomous driving agents [52]. IEEE 7000 examples are methodologies that address algorithmic bias in the development of AI systems (IEEE 7003) [53], ethically driven AI nudging methodologies (IEEE P7008) [54], and fail-safe design for AI systems (IEEE 7009) [55]. These stress the need for transparency, explainability, and traceability, which is harder for agentic AI. An IEEE P2247 example is IEEE P2247.2—Interoperability Standards for Adaptive Instructional Systems (AISs) [51].
The context of AI usage and AI governance examined in this research is data governance, IT governance, and corporate governance.
The focus of Chief Data Officers in data governance is on data access and data quality [56] and ethical use of data [57]. A technical layer links algorithms and data [40], as AI applications need to be trained [58]. Due to the increasing volumes of data organizations are consuming, data management tooling is required to safeguard identity and access management, facilitate data catalogs, and enable data storage [59,60].
In IT governance, Chief Information Officers are focused on unlocking value by facilitating the use of information technology, including applications, network services, and hardware. In many organizations, IT governance also includes cybersecurity and cyber awareness [61]. Furthermore, proper enterprise and IT architecture are important [62]. As AI is an innovative technology, AI developers typically have more degrees of freedom with regard to selecting their development toolsets and technology stacks than traditional software developers [63]. This increases the risk of inefficient use of resources and budget and technical debt [64]. Furthermore, both building an AI cloud and conducting AI testing are more complex than traditional development [20]. In the future, standardization of AI tooling and platforms might be needed and will restrict AI developers.
In addition to data governance and IT governance, corporate governance also needs to be aligned with AI governance, focusing on compliance and, in the short term and to a lesser degree, on ethics [40]. Chiu and Lim provide a different perspective by extending corporate governance for AI from the technical layer to business impact, which includes ethical considerations, as well as ethical debt [65]. Furthermore, not limited to AI governance but extended to information technology and innovations, organizations that install subcommittees enhance corporate governance [66,67], such as technical committees. Boards of directors governing AI must focus on assessing organizational risk and regulatory requirements [68]. Furthermore, AI may also shape the future of corporate governance by automating board-level decision-making. For now, most boards of directors will use AI primarily as a support tool—providing assisted and augmented scenarios [69].

3. Theoretical Background

AI governance has been defined at different levels of granularity and by emphasizing different aspects. Dafoe defines AI governance studies as how humanity can best navigate the transition to advanced AI systems [12] (p. 6). This is quite aligned with the definition of Butcher and Beridze, who characterize AI governance as a variety of tools, solutions, and levers that influence AI development and applications [31] (p. 1). Batool et al. emphasize the policy element in AI governance in terms of the definition “AI governance encompasses a set of regulations, methods, procedures, and technological mechanisms used to ensure that an organization’s development and deployment of AI technologies align with its strategies, principles, and goals.” [36] (p. 3265).
Cath describes AI governance in more detail, including emphasizing the legal aspects: “A growing body of the literature covers questions of AI and ethical frameworks, laws to govern the impact of AI and robotics, technical approaches like algorithmic impact assessments, and building trustworthiness through system validation. These three guiding forces in AI governance (law, ethics and technology) can be complementary.” [70] (p. 2). The regulatory aspect is missing in all definitions. For our research, we define AI governance as an organizational body, consisting of business, technology, legal, and risk officers, responsible for ensuring the proper use of AI by setting and enforcing AI policies and stimulating and prioritizing AI usage. The organizational body is typically implemented as a steering committee that has periodic meetings. Depending on the size, maturity, and usage of AI, the frequency of meetings is monthly or quarterly. Mohanty et al. [71] defined five dimensions for an organizational AI governance body: 1. strategy and vision, 2. people and expertise, 3. processes and analytics, 4. ethics and oversight, and 5. culture and collaboration. Furthermore, they defined three maturity levels, 1. reactive, 2. proactive, and 3. transformative, to drive AI adoption and AI usage.
There are five AI governance mechanisms detailed in the AI governance and agentic AI governance literature (see Table 1): 1. artificial intelligence stakeholder management, 2. model and data ownership, 3. artificial intelligence steering committee, 4. audit and impact assessments, and 5. staff training.

3.1. Artificial Intelligence Stakeholder Management

AI and AI investments are dominating management and board meetings. The relevant stakeholders are not limited to technology and data experts; senior leaders of the organization are directly and indirectly involved in AI decision-making and monitoring. Furthermore, there are also external stakeholders, such as partners, suppliers, legislators, clients/citizens, and society at large. In our research, we apply Freeman’s definition: “any group or individual who can affect or is affected by [the organization]” [72] (p. 46). In the context of AI and AI governance, further exploration of stakeholder management is required [73], especially for agentic AI, in which there are AI service interactions [74]. Also, the contextual agenda is changing [47]. The technology developments in AI and AI applications are advancing rapidly, while not only public opinions on AI but also strategies and opinions on AI, as well as AI governance, in organizations are developing rapidly. For agentic AI, stakeholders also need to understand that, for AI systems, informed and consensual PAI practices are required [75]. This requires active stakeholder management that is not limited to AI but also includes AI governance [76], as well as, specifically for agentic AI, “human in the loop” considerations [77]. Expectation management will increase stakeholder trust in AI and AI governance [78], where it also promotes information processing [76] and offers the opportunity to address socially responsible AI usage [27,79]. This is all essential, as AI and, to a larger extent, agentic AI will be transformative and impact trust dynamics between stakeholders [80].

3.2. Model and Data Ownership

As AI applications are inherently opaque and unpredictable and pose technical challenges, strong accountability measures for AI must be in place [46]. Model and data ownership are essential. In this data loop, learning and feedback systems are important, even more so for agentic AI [81]. Ownership in terms of intellectual property and/or patents, while critical for protecting the interests of organizations, is not at the core of AI governance [82,83]. This is more of a legal challenge [84]. Data ownership [85], in combination with data stewards supporting data owners [86], is a known concept [56]. Especially for agentic AI, data ownership goes beyond ownership of initial training data [7]. In the context of AI governance, this can be extended to model ownership and model stewardship. For agentic AI, this is even more important, as agentic AI models operate more independently [87]. This makes it harder for agentic AI models to be in control [88]. These roles support knowledge sharing in organizations [89]. Model owners have senior management roles in organizations and fulfil this role in conjunction with many other responsibilities, while model stewards are typically subject-matter experts with a full-time focus on one or more AI applications. Model owners have a day-to-day accountability for AI applications, and they are supported by their model stewards. This includes the development of AI applications, including testing, and AI usage, including ethical usage, avoiding unwanted outcomes, and granting access to AI applications and/or the insights generated by the AI application. In organizations, AI applications are overseen by AI rules boards, which review the algorithms in use [90].

3.3. Artificial Intelligence Steering Committee

Similarly to the previous AI governance mechanism, the data steering committee [91]—data governance council [92]—is also quite similar to the AI steering committee. Nevertheless, embedding AI governance in the data steering committee is insufficient for providing AI governance, as this requires different expertise, additional responsibilities, and sustained availability. For now, in most organizations, the data steering committee and the AI steering committee are separate silos with potentially some dual roles. Ensuring proper governance by installing an AI steering committee is important. Effective governance for both AI and agentic AI is created by IT leaders [30] and business and risk management representatives [56].
The G20 implemented an AI steering committee on a cross-national level to ensure focus and coordination [93]. In organizations, the AI steering committee addresses technical, regulatory, and process aspects [47], which is needed even more in light of the rise of agentic AI [94]. This supports policy compliance and safeguarding organizational values. For agentic AI, reviewing agent behaviors and approving high-risk deployments require significant attention from AI steering committees [95]. Increasing legal and regulatory requirements, such as the European Union AI Act and the GDPR, also urge organizations to consider installing an AI steering committee [96]. In an AI steering committee, risk management also needs to be addressed. This includes model risk management, as the impact of losing control of models is typically greater than the impact of data leaks [97], despite the potential significance of any data leaks not being limited to compliance breaches (e.g., GDPR). In addition, a large variety of topics also need to be covered in an AI steering committee, such as AI tooling; third-party vendor management, which is relevant in the context of AI capability and the typical mixed composition of AI project teams; and oversight on review/testing/processes [98]. In AI steering committees, the acknowledgement that agentic AI introduces autonomous decision-making pipelines is key for defining underlying governance structures [99].

3.4. Audit and Impact Assessments

Although not specific to AI governance, third-line audits and impact assessments are important AI governance mechanisms that support first-line model owners and second-line AI steering committees in ensuring AI governance. Most organizations currently rely on internal audits and have included AI audits in their audit planning circles. In this context, AI assurance is important [100,101]. In both AI and agentic AI, the audit will address bias and discriminatory outputs. However, this is needed much more for agentic AI [102]. In agentic AI, the focus of the audits is on auditing AI decision-making logic [7]. In AI audits, it is important to consider internal and external perspectives, as external partners and software vendors [103] are involved on a large scale in the development and maintenance of AI applications. These ecosystems need to be included in the scope of audits [104]. Furthermore, audit firms have developed AI assurance offerings with associated specific frameworks that have various degrees of specificity. These offerings are predominantly offered by the big four: KPMG, PWC, EY, and Deloitte.
In addition to audits, AI impact assessments are important. The assessment supports model owners and AI steering committees in developing AI applications and AI usage. Data remains an important foundation for conducting AI impact assessments, as many legal obligations are also linked to the data consumed and produced by AI models [105]. Furthermore, the qualitative analysis of these assessments focuses on purpose, scope, organizational context, expected issues, timeframe, process and methods, transparency, and challenges with main topics [106].
In addition to auditing AI and agentic AI, audit firms and audit functions also use agentic AI to ensure tamper-proof auditability [107,108].

3.5. Staff Training

To support AI and agentic AI governance, AI awareness among staff is essential. Agentic AI’s independence and broader functionality make this harder than with general AI [109]. Awareness addresses low adoption and resistance due to misunderstanding the potential of AI and/or fear of job losses or job transformation. Also, it addresses efficient AI development and AI usage by bridging differences in vocabulary across organizations [27]. In AI awareness, attention to the AI policies of the organization and legal context is also important [110]. Also, here, the complexity of agentic AI is greater than for general AI [111,112].
AI awareness training must not be limited to the use of large language models such as Microsoft Co-Pilot or OpenAI ChatGPT, regardless of version. Selected employees must also be trained in relation to organization-specific AI applications [113]. The training of existing staff is not a one-off project, as developments in AI are continuous. Organizations must not only focus on technology and data science teams but also on all other staff. The training required for agentic AI is more significant than for general AI [8,114]. Furthermore, organizations must also consider AI skillsets and awareness in recruiting new employees. The knowledge and experience of new hires can elevate the AI awareness of existing employees [114].
Table 1. AI governance mechanisms.
Table 1. AI governance mechanisms.
#AI Governance MechanismReferences (AI Governance)References (Agentic AI Governance)
1Artificial Intelligence Stakeholders Involvement[27,47,73,76,78,79][74,75,77,80]
2Model and Data Ownership[3,56,82,83,84,85,86,89,90][7,81,87,88]
3Artificial Intelligence Steering Committee[47,56,91,92,93,96,97,98][30,94,95,99]
4Audit and Impact Assessments[100,101,103,104,105,106][7,102,107,108]
5Staff Training[27,110,113,114][8,109,111,112]

4. Methodology

The descriptive research questions identify AI governance and agentic AI governance mechanisms by conducting quantitative research. By doing so, this study addresses both an empirical gap and a knowledge gap by presenting an AI governance framework to support organizational implementation and by offering a conceptual contribution through the clarification of six identified AI governance mechanisms. The envisioned outcome of our study was an overview of relevant governance mechanisms for AI governance, resulting in an AI framework that also addresses agentic AI. Secondary data is the foundation of our research; this is detailed in the following sections: “2. Background and Related Work” and “3. Theoretical Background”. This resulted in five AI governance mechanisms, which are summarized and referenced in Table 1. Round one of our research involved qualitative research, as we explored these mechanisms in subject-matter interviews (#23). The questionnaire is enclosed in Appendix A and includes 6 questions. In the interviews, we first establish alignment on AI definitions (Q1) and contextual understanding (Q2–Q5), followed by an examination of AI governance mechanisms in Q6, which are grounded in the literature review (Section 2 and Section 3 and Table 1). In the interviews, the focus was on Q6. The coding of the interviews was based on the literature review and identification of additional governance mechanisms, which resulted in an additional mechanism, AI tooling, and six good practices.
In the second round of our research, we conducted a workshop including five aligned agentic AI governance areas, supplemented with insights from the first round of our research using 1–7 Likert scores (#31). The focus of the workshop was to build on agentic AI insights from the interview round, addressing tooling, business involvement, model stewardship, auditing, and awareness.
The presented framework is an objective model that is adequate, reusable, and novel [115], as it addresses practical challenges organizations are facing in governing AI and agentic AI, and it addresses a gap in the literature. Our research also addresses Thalheim’s four dimensions [115]. First, the purpose of the framework is to provide guidance for organizations on how to govern AI and agentic AI. Second, our mapping is based on a literature review, followed by interviews and a workshop. Thirdly, the language is based on both academic and grey literature, as well as practitioners, e.g., interviewees and workshop participants. Finally, the value of our study is an actionable framework that organizations can use as a starting point for tailoring governance to their specific needs, while academics can use it to enhance and further refine their research.
The adoption approach for the framework is a soft approach, as both the technology and associated legislation are in flux and are jurisdiction- and sector-specific. The implication is that organizations must decide on how to operationalize their implementation. The presented framework provides a starting point for organizations.

4.1. Subject-Matter Expert Interviews

In our secondary research, we assessed the five identified AI governance mechanisms and discovered additional governance good practices by conducting subject-matter expert interviews—problem-centered expert interviews [116]. The duration of the interviews ranged from 45 to 60 min. All interviews were conducted online (ZOOM and MS Teams) for practical reasons, as the interviewees and authors are located globally and mostly in different time zones. The interviews were recorded with the permission of the interviewees and fully transcribed by the functionality of the video conference software [117].

4.2. Profiles of Subject-Matter Interviewees

The 23 interviewees were selected from the professional network of the authors, one of whom serves as an acting Chief Data Officer. We conducted the interviews from February to April 2025. To protect confidentiality and privacy, the interviews are analyzed anonymously.
All selected interviewees have a minimum of 10 years of working experience in data, relevant working experience in AI, and hold a Chief Data Officer role or equivalent positions with similar responsibilities, such as Field Chief Data Officer or Data Leader. As this study explores AI governance mechanisms, there is no bias in having elite informants [118]. The insights from our research are relevant to both academics and practitioners, regardless of their level of AI and AI governance maturity.
The interviewees are predominantly based in the Americas and Europe and work in various sectors, with financial services (#9) and government (#5) being the most represented sectors. Nevertheless, in our research, we did not perform a sector analysis due to the low number of interviews.
The profiles of the interviewees are detailed in Table 2. Interview numbers are used in the analysis and in our coding book. The interview questions are listed in Appendix A.

4.3. Coding of the Interviews

To articulate and display tacit knowledge, explicit knowledge, and expertise relevant to our work on AI governance, we conducted an explorative analysis by coding the subject-matter expert interviews [119].
We conducted open coding to analyze the data and discover AI governance mechanisms [120]. The authors independently analyzed the interviews, looking for additional governance mechanisms via eyeballing [119] or visual inspection. This analysis was followed by systematic coding (NVivo 15) [119]. In our coding template, we included five codes that were 1:1 linked to the literature that identified AI governance mechanisms, which are added in between brackets: 1. stakeholder (artificial intelligence stakeholder management); 2. model owner or data owner (model and data ownership); 3. committee or council (artificial intelligence steering committee); 4. audit or impact assessment (audit and impact assessments); and 5. training, awareness, or literacy (staff training). This is detailed in Appendix B.

4.4. Workshop Agentic AI Governance

At the fourth European CDOIQ symposium, in Lausanne, Switzerland, we organized a one-hour agentic AI governance workshop on 11 September 2025. In this workshop, 31 European Chief Data Officers participated in person and shared their insights on agentic AI governance. We selected the workshop format as our additional research method, balancing the goal of fulfilling participants’ expectations and interests with the need to collect data [121].
We discussed the five mechanisms identified in the secondary data collection for ensuring business resilience in the upcoming age of agentic AI. Likert scores of 1–7 were used to better understand the implications of agentic AI on AI governance [122,123]. In addition to the five mechanisms for AI governance, for agentic AI governance, we also added the importance of AI tooling in effectively governing multiple collaborating AI agents [124,125], which six subject-matter interviewees highlighted as good practice. This is detailed in Section 5.6.
In the round table, we used 1–7 Likert scales so that participants were not directed toward one side of the mechanism spectrum [126]. The Likert scores triangulated the subject-matter interview data [127]. All research activities were conducted in accordance with The University of Manchester’s Code of Good Research Conduct [128]. The data collection form is enclosed in Appendix C, and the Likert score is shown in Appendix D. The mapping of the interviews identified AI governance measures, and Likert scores were collected from the round table discussions on AI governance with respect to ensuring business resilience in the upcoming age of agentic AI; these results are mapped in Table 3.
Due to commercial sensitivities and to support the knowledge-sharing objective of the participants, the workshop discussion was not recorded. High-level workshop observations from both authors are included in our findings. Member checking was not possible due to the anonymous workshop participation [129]. The verification of these observations is limited to the alignment of the authors, who were both moderating the workshop.

5. Findings

The findings are structured in accordance with the literature-identified AI governance mechanisms. In addition, subject-matter experts mentioned AI governance good practices, which supplement the five governance mechanisms. In this section, the findings are linked to the interviewees in Table 2, where IX = interviewee X, and insights from the Likert scores in the agentic AI governance workshop are included. In Appendix B, the findings and interviewees are linked.

5.1. Artificial Intelligence Stakeholder Involvement

All interviewees explicitly mentioned the business as a stakeholder, except for five interviewees who mentioned the business implicitly: I5 (top management), I7 (AI users are those who are impacted by AI), I18 (consumers of AI), I19 (BoD and BoM), and I21 (everybody) and one interviewee who responded from an external perspective only, interviewee I23 (customers).
Also, some of the interviewees explicitly named C-level roles. Interviewee I19 mentioned the Chief Executive Officer and the Chief Financial Officer, while interviewees I1, I3, I19, and I20 mentioned the Chief Data Officer/Chief Data Analytics Officer. The Chief Information Officer was named by interviewees I1 and I20. Finally, interviewee I1 mentioned the Chief Information and Security Officer, and interviewee I3 mentioned the Compliance Officer. While not referenced in the interviews, the Chief Operating Officer (COO) may be implicitly inferred given that, in many organizations, the COO’s function is closely affected by AI and agentic AI initiatives and may hold related operational or data governance accountability. Furthermore, some interviewees explicitly mentioned representatives responsible for AI and data (I5 and I7) and for IT (I6). Interviewee I10 argues that clarity in terms of roles and responsibilities captured in an RACI table supports stakeholder management and is supportive in setting priorities for AI. All of this is necessary, as AI and agentic AI have significant potential.
Interviewee 14: “Our estimation is that leveraging AI agents to augment employees and improve processes support at a minimum 20 or 30% gains and returns in the short term. This is only the beginning.”
Following the internal perspective of stakeholder management, the external perspective was also addressed in the interviews. Third parties are mentioned as stakeholders by interviewee I7 in the context of external AI and data consultants, as well as vendors of AI software, regardless of version (e.g., Co-Pilot, Chat GPT) and IT services (e.g., cloud services and AI platforms). Similarly, interviewee I17 mentioned governments and regulatory bodies as stakeholders, emphasizing legislation (e.g., GDPR) and sector-specific compliance requirements set by regulators. Not all legislation and regulations across countries and even across jurisdictions are aligned. This complicates stakeholder management. Also, interviewees I20 and I23 mention external stakeholders, specifically customers, in the context of changing expectations, such as ethical standards and public opinion. The increasing demand from the general public for the ethical use of AI and for explainability impacts the requirements for AI applications.
The large diversity of internal and external stakeholders and their respective needs make it necessary to ensure that, from an AI governance perspective, the right stakeholders are managed and that AI governance addresses their needs at all times.
Interviewee 5: “Effective AI governance relies on the active engagement of a diverse range of stakeholders, each playing a crucial role in ensuring AI technologies are developed and deployed responsibly, using inclusive, transparent, and collaborative approaches. Engaging stakeholders effectively is about inclusive policymaking, transparency, communication, capacity building, education, collaborative partnerships, and continuous feedback loops to build a robust governance framework that promotes ethical, fair, and accountable AI practices.”

5.2. Model and Data Ownership

The interviewees stressed the need to have a stronger RACI for model ownership than for the previous AI governance mechanism, stakeholder management (I2, I5, I6, I15, I17, I18, I21, and I23), explaining the more formal character of model ownership compared to stakeholder management. Furthermore, interviewee I12 shared that, in their organization, the role of model owner is not formalized yet, and this is reducing the AI adoption rate, as priority setting takes more time, and the data scientist team is not fully utilized.
Many interviewees acknowledge the parallels between model and data ownership (I1, I2, I4, I5, I8, I10, I14, I17, I18, I20, I22, and I23). Interviewees stress that model and data ownership, as well as model stewardship and data stewardship, are intertwined (I1, I2, I5, I14, I18, I20, and I23), arguing that models need training data to generate new data and that both models and data need to be governed.
In the interviews, the role of the model owner was also explored. There was consensus that, similarly to the data owner role, the model owner role sits within the business, and the role of model owner is typically less mature than the data owner role (I14). The identified responsibilities of model owners are oversight on model development, implementation, model maintenance, and model validation (I7 and I21). More specifically, the responsibilities include the monitoring of the models (in the context of model drift) (I3), as well as knowledge distribution (access management) (I3 and I15). Two interviewees (I4 and I15) stressed the need for model and data owners to have a catalog in place (e.g., AI model registration). This data management tool helps both model and data owners with access management, which is much needed, especially when datasets are consumed by multiple models and models are used by more than one organizational unit. The rise of agentic AI has further increased the need for model ownership.
Interviewee 15: “The complexity of working with agents not only stressed the need for users to understand the complexity, but also from a governance perspective requires the full attention of model owners. Their focus must be on ensuring compliant architectures, which for agentic AI requires modularized governance and agent-based architectural design.”
Finally, the interviewees (I8, I9, I10, I18, I22, I23) reflected on the role of model stewards. Interviewee I8 argued that onboarding model stewards with the right skill set is a challenge, as this is a highly sought-after skill. Interviewees I18 and I23 have positive experiences with data scientists in model steward roles, as data scientists have the oversight, experience, and technical knowledge needed to maintain and, if necessary, update models. Interviewee I9 argued that a model owner can have multiple model stewards as the usage and complexity of models vary.
Interviewee 12: “Data ownership obviously is key when we talk about data governance. I think similarly, model ownership is pivotal to making sure that the responsibilities with regard to the model development, the implementation, the regular model maintenance and the model validation are assigned and that you have those resources required for these activities available.”
In conclusion, data ownership is challenging but represents a much-needed role/responsibility. Three interviewees suggested centralizing model ownership under an AI officer or a similar role (I10 and I22), or under risk management (I11). Organizations can consider this as an alternative governance mechanism in cases where business leaders are not capable of taking on the responsibilities of a model owner. Furthermore, interviewee I11 rightly pointed out that ownership of models always remains within the organization; the intellectual property rights of models never transfer to a model owner.

5.3. Artificial Intelligence Steering Committee

The interviewees, in general, were positive about the contribution of an AI steering committee for governance. An AI steering committee enables organizations to further embed governance in their organization, especially in the context of the rise of GenAI usage (I3). Typically, the implementation of an AI governance committee follows the implementation of a data steering committee (I6). Its setup is similar to IT architectural steering committees (I7) and is positioned at a tactical level, rather than at a strategic level, while ensuring alignment with the overall organizational strategy (I12).
Nevertheless, the interviewees had some concerns related to AI governance committees being too bureaucratic (slow and powerful) and hindering innovation (I2), which may not fit the purpose of small organizations (less than 250 m Euro in revenue) (I19). Also, a lack of maturity is a concern (I14 and I17). In immature organizations, general management, in conjunction with data scientists, de facto handles AI governance—informal governance instead of the formal governance from an AI steering committee. Interviewee I21 also challenged the collective responsibility embedded in this governance mechanism (not one throat to choke). This stresses the need to have clear roles and responsibilities (also acknowledged by I10—need for an RACI) and also an alignment with the model owner role.
The purpose of an AI governance committee is to make investment decisions (validate, accept, and reject projects) (I4 and I5), and the focus is less on technological oversight and more on managing decision-making processes and safeguarding compliance (I5). Also, safeguarding ethics was mentioned, with some organizations having a separate ethical committee (I13). In short, guiderails are needed, and they need to be monitored by an AI steering committee.
Interviewee 5: “Organizations need to set guiderails for the use of AI and agentic AI. With agentic AI the need for clear guiderails and risk management is needed more than ever. Organizations need to be firm to avoid ending up on a slippery slope. An AI steering committee must provide oversight.”
In terms of operationalizing this governance mechanism, interviewee I15 argued the need for a model catalog—analogous to a data catalog. Furthermore, organizations might consider adding external consultants to their AI steering committee to inject external knowledge and experience (I9). Finally, leveraging a dashboard was recommended to support AI steering committees (I22). This requires PMO support to set up and prepare dashboards over time.
Interviewee 20: “An AI steering committee is useful to have, especially now with a lot of organizations starting to use agentic AI. Your organization can very quickly get out of control. Furthermore, it is important to have policies in place and to make sure that they are also enforceable. The steering committee controls compliance with established policies.”
With regard to potential future development, the interviewees share relevant insights, and they are as follows: 1. while organizations mature over time, meeting frequencies could be reduced (I4); 2. integration with the data steering committee (I16 and I23) should be considered over time.
In conclusion, mature organizations must consider establishing an AI steering committee to govern AI and set priorities. Over time, organizations could consider combining the AI governance steering committee and the data steering committee.

5.4. Audit and Impact Assessments

The interviewees observe that many organizations, including most of their own, include AI in their audits, as AI is a relatively new and potentially high-risk technological innovation (I12 and I13), despite the observation that AI audit capabilities are not yet mature in most organizations (I19). Nevertheless, AI audits help improve AI applications (I8) and, at a minimum, create AI awareness (11). As a good practice, interviewee I9 highlighted the need to conduct proper root cause analyses, which are typically conducted by data scientist teams, guided by model owners, and supported by oversight from the AI steering committee. These root cause analyses provide valuable input for AI audits and support monitoring throughout the model lifecycle (I10).
Interviewee 11: “Especially in the agentic AI space, organizations are figuring out how they can have some extra layers around controlling bias, managing that complexity, and figuring out a way to have operational efficiency around it. In addition to this, using unstructured data requires extra governance measures. All of this requires the attention of auditors.”
The interviewees shared AI audit topics, including transparency and explainability (I3), ethical issues (I5 and I17), and bias of models (I23). In addition, topics such as compliance (I1, I3, I4, I17, and I21), privacy and security (I6), training data and algorithms (I16), data lineage (I17), IP infringement (I21), and logging code and versioning (I2) were mentioned. Furthermore, interviewees indicated that audits help in communications with clients and suppliers (I5) and regulators (I7), and they suggested combining AI audits with data audits (I7). Also, the frequency of audits is important (I2, I15, and I17).
Interviewee 2: “In any organization audits and impact assessments are extremely important because AI is about risk and compliance. Typically, third-line audits are done annually, while other reviews happen more frequently.”
“Everything developed has to be audited or reviewed by the Ethical Committee, and that has real cash value.”
With regard to impact assessment, the consensus was that, in the decision-making process prior to approval, an impact assessment must be carried out.
In conclusion, audits positively contribute to AI governance by increasing awareness, supporting AI adoption, and identifying risks that support continuous improvement, while impact assessments are considered a core element of business acumen.

5.5. Staff Training

The interviewees differentiated between AI awareness training (I2-I5, I7, I9, I12, and I13) and specialist training (I4, I5, and I13). Also, a wide variety of training programs were offered, including those with a focus on AI policies (I8, I10, and I15), compliance (I8), the use of personal AI products (e.g., Chat GPT and Gemini) (I2, I7, and I9—continuous learning; and I13), and privacy (I6). There was one interviewee (I16) who was not convinced that training would contribute much to AI governance, arguing that the impact of training would be greater on AI adoption. For increasing adoption through training, interviewees I20 and I23 suggested that starting at the top, management should act as change agents, which would result in increased AI adoption. Also, an attractive learning format, such as hackathons, will increase AI adoption (I10 and I17).
Interviewee 10: “We did an executive education course at MIT to upskill our most senior leaders in AI as quickly as possible because leadership literacy is key to workforce capability. Of equal importance we ran data hackathons and AI accelerators where all staff together tackled real operational problems. This hands-on, collaborative training allowed them to gain skills, contribute meaningfully, and scale solutions across the organization.”
Furthermore, the need for dedicated training was stressed (I20 and I23), which was detailed further by highlighting the implications of different legislations (by country or even by region within a country) (I21) and explainability (I9). Also, organizing data hackathons will support staff training (I10 and I17)
Interviewee 9: “Every human who interacts with an AI needs to be aware and be able to revert an AI decision. This is an important element in staff training and becomes even more importing with the rise of agentic AI.”
Finally, in addition to training, recruiting was also mentioned as a mechanism to increase AI governance (I10 and I13).
In conclusion, training is important from the perspective of AI adoption and innovation and must be tailored to specific learners, such as AI users, data scientists, model owners, and management.

5.6. Additional AI Governance Mechanisms and Observations

In the interviews, we identified AI tooling as an additional governance mechanism (I20 and I23). Other interviewees acknowledged AI tooling as an additional governance mechanism and added specific elements to this governance mechanism: automation (I3), processes (I5), data management tooling (I13), and cataloging (I15).
Interviewee 3: “Validation of source, an awareness of the lineage, assurance of the data as it flows through the supply chain, auditability, and then validation of the data from its source to consumption is key. Only with the support of tools, can compliance be ensured.”
AI tooling is needed even more for organizations that are leveraging agentic AI.
Interviewee 1: “We want the machines to work well already and avoid human in the loop as much as possible, because as soon as you have human in the loop your cost will increase. This is why AI tooling is essential, and even more essential for organizations that leverage agentic AI.”
Furthermore, they provided good practices for the AI governance domain, which can be adopted by organizations and are not necessarily related to a governance mechanism: good practices are detailed in Table 4—AI governance good practices.
In addition, the interviewees share relevant insights for further consideration. Organizations might also consider AI governance to manage AI excitement and enthusiasm despite being concerned that staff training will increase the AI adoption rate (I7). Furthermore, self-regulation was mentioned as an alternative AI governance mechanism. However, this was explicitly dismissed by interviewee I1. There needs to be a balance between legislation and self-regulation; the relationship is inverse: where legislation decreases, self-regulation will need to increase.

5.7. AI Governance Framework

Based on the analysis, the AI governance mechanisms for both AI governance and agentic AI governance can be positioned in an AI governance framework, which is detailed in Figure 1 and consists of six governance mechanisms and additional good practices.

6. Discussion

The implications of compliance with respect to AI governance and agentic AI governance were mentioned by all interviewees to various degrees. Looking ahead, there are two scenarios: Either legislation will continue to be stricter, or legislation will transform into less strict legislation. The current geopolitical turmoil makes it hard to predict what will happen. Potentially, there will be a divide in terms of the strictness of legislation, where it is conceivable that the European Union will continue to implement stricter legislation for technology, including AI, while the United States of America might decide to make legislation less strict. It is even harder to predict what countries such as Brazil, China, India, Indonesia, Russia, and the United Kingdom will decide. It is clear that organizations that operate in different jurisdictions need to make decisions on how to deal with this uncertainty [130,131]. The organizations have two options: First, comply with the strictest standard in any jurisdiction they are operating in, and second, adopt a federated model, ensuring that each federated AI application is compliant in each jurisdiction. Organizations will most likely look for a sensible middle ground (e.g., on federated AI applications for the EU)—a layered approach [132]—similarly to how organizations are structuring their IT governance [133,134]. This is aligned with the envisioned soft adoption approach. In this context, developments in legislation adoption are relevant [135,136] and are trending towards stricter legislation adoption, such as DORA and NIS2, which establish clear accountabilities for executives, including personal liability, fines, and even disqualification.
Related to the geopolitical turmoil is the sovereignty debate. Despite Schrems I (Safe Harbor—2015) and Schrems II (Privacy Shield—2020), data sovereignty is not the issue [137]; it will only drive up costs, as restrictions to data processing and storage will trigger high cloud computing costs. AI cost control is important and will become more important in the future [138,139]. This is aligned with good practice C, as shared by I9 and detailed in Table 4. The true challenge is in operational sovereignty, which will impact AI governance decision-making [140]. In technological choices made by AI governance steering committees, the sovereignty aspect needs to be taken into account. The French government forced hyperscalers to set up services in France, which resulted in a Google–Thales partnership for data centers in France operated by a French legal entity. The recent withdrawal of software service access for the chief prosecutor, Karim Khan, of the International Criminal Court by Microsoft, based on an executive order from the President of the United States, is triggering business resilience concerns. Organizations need to assess potential implications and risks and potentially explore operational sovereign options, such as Giai-X. Nevertheless, cybersecurity concerns and cost implications, arising from operating at smaller scale than hyperscalers, need to be taken into account. This challenge is much more difficult than the legislation challenge.

7. Conclusions

In exploring AI governance mechanisms, we conclude that there are two preconditions: artificial intelligence stakeholder management and model and data ownership. For now, installing an artificial intelligence steering committee is advisable for most organizations, but this requires AI maturity and sufficient organizational scale (+250 m Euro revenue). In the future, organizations must consider merging an AI governance steering committee with a data steering committee. Specifically, for agentic AI governance, business involvement and model and data ownership were highlighted (highest Likert scores: 5.8 and 5.4 on a 1–7 Likert scale). Furthermore, the implementation of AI and data management tooling was identified as important. Finally, audit and impact assessments and staff training have been identified as hygiene governance mechanisms.
Looking ahead, organizations need to address the compliance challenges related to future changes in applicable legislation, as well as the implications of data and, even more so, operational sovereignty. In addition, organizations need to keep an eye on AI technology developments and predominantly on agentic AI; if needed, they should adjust their AI architectures accordingly. Organizations and external consultants can use the above detailed insights in implementing AI governance.
The academic contribution of this study is conceptual, as provided by the developed framework. More specifically, the clarification of six identified AI governance mechanisms and good practices was provided, contributing to Dafoe’s [12] and Wirtz et al.’s [19] call for developing and enhancing a framework for AI governance.
This study is a qualitative study, and adding quantitative research will further strengthen rigor and potentially enrich insights on AI and agentic AI governance. Also, this study has only taken into account the Chief Data Officer’s perspective, and the number of interviewed Chief Data Officers was limited to 23. Including additional Chief Data Officers and the perspectives of other C-level roles, as well as expanding the European focus on agentic AI governance to a global focus, will enrich the presented AI governance framework. Furthermore, an increased focus on the identification of additional governance mechanisms, including adding the impact of legislation risk categorization (e.g., AI EU act and GDPR) on AI governance decision-making, must be considered in conducting future research. This, amongst others, can also include AI cost control, which is presented in this research as a good practice and further discussed in the Discussion Section.

Author Contributions

Conceptualization, E.B. and M.D.; methodology, E.B.; software, E.B.; validation, E.B. and M.D.; formal analysis, E.B. and M.D.; data curation, E.B. and M.D.; writing—original draft preparation, E.B.; writing—review and editing, M.D.; visualization, E.B. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Ethical review and approval were waived for this study due to the outcome of the University of Manchester assessment for our market research. This assessment includes assessing 1. personal information, 2. sensitive/confidential information, 3. involvement of vulnerable groups, and 4. risk of disclosure. The outcome of this assessment was that in none of the categories were there risks.

Informed Consent Statement

Informed consent was obtained from all subjects involved in this study.

Data Availability Statement

The datasets presented in this article are not readily available because we agreed to anonymous participation, protecting commercial and public interests. Requests to access the datasets should be directed to Erik Beulen.

Acknowledgments

The authors wish to express their gratitude to all interview and survey participants for generously sharing their time, expertise, and insights. Their contributions were instrumental to this research. In accordance with the assured confidentiality, participants are not named individually.

Conflicts of Interest

Marla Dans is employed by DataZen LLC. The remaining author declares that the research is conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.

Appendix A. Questionnaire Subject-Matter Interviews

  • AI Governance definition: How would you define AI Governance?
  • Purpose of AI Governance: What are the three most important outcomes of AI Governance?
  • AI Governance context:
    • How is legislation versus self-regulation impacting AI Governance?
    • How is AI Governance related to Data Governance?
    • How is AI Governance related to Information Technology Governance?
    • How is AI Governance related to Corporate Governance?
  • AI Stakeholders: Who are the stakeholders for AI Governance and how can the stakeholders be engaged?
  • AI Model life cycle:
    • AI Model Development—data scientist perspective: What practices in AI Model Development are required for AI Governance?
    • AI Model Maintenance—data scientist perspective: What practices in AI Model Maintenance are required for AI Governance?
  • AI Governance mechanisms & measures:
    • Is a “human” in the loop a pre-requisite for AI Governance?
    • Is model- and data ownership pivotal in achieving AI Governance?
    • How is AI Governance impacted by leveraging unstructured data versus structured data?
    • Are organizations benefiting from an AI Steering Committee?
    • Are organizations benefiting from conducting audits and impact assessments? What is the recommended frequency?
    • Are organizations benefiting from staff training—including awareness training? Is training diversification for targeted audiences important?

Appendix B. Overview Interview Findings by Governance Mechanism

Governance MechanismsInterviewees
1. Stakeholder (Artificial Intelligence Stakeholders management)All interviewees mentioned business as stakeholder, except for four interviewees—implicit mentioning (I5, I7, I18, I19, and I21) and external perspective (I23)
Mention explicit C-level roles (I1, I3, I5, I6, I17, I19, and I20) and clarify roles and responsibilities (I10)
2. Model owner or data owner (Model and data ownership)Need for RACI for model ownership (I2, I5, I6, I15, I17, I18, I21 and I23)
Parallels for model and data ownership (I1, I2, I4, I5, I8, I10, I14, I17, I18, I20, I22, and I23)
Model stewards (I8, I9, I10, I18, I22, I23)
3. Committee or council (Artificial Intelligence steering committee)Positive contributions—all interviewees were generally positive on AI steering committee as governance mechanism
Concerns (I2, I5, I10, I14, I17, I19 and I21)
Making investment decisions (I4 and I5)
4. Audit or impact assessment (Audi and impact assessments)Despite low AI audit capabilities interviewees were generally positive on audit and impact assessments as governance mechanism
Interviewees shared AI audit topics (I2, I3, I4, I5, I6, I15, I17, I21 and I23
5. Training or awareness or literacy (Staff training)AI awareness training (I2-I5, I17, I19, I12, and I13) versus AI specialist training (I4, I5, and I13)
6. AI toolingAdditional governance mechanism (I3, I5, I13, I15, I20 and I23)

Appendix C. Round Table Information Gathering Form

Information 17 00336 i001

Appendix D. Round Table 1–7 Likert Scores

#Q1Q2Q3Q4Q5
156657
217745
377337
417325
565667
645767
753636
837553
957667
1067546
1137745
1277321
1332454
1445546
1545767
1656567
1754654
1855646
1937543
2066612
2167445
2255642
2356667
2466526
2544445
2635544
2736745
2857575
2957675
3056646
3165466
4.55.85.44.45.2AVERAGE
1.501.311.201.501.66STDEV
Q1 = AI for AI governance; Q2 = greater business involvement in AI governance to define and monitor key parameters; Q3 = increased model & data stewardship effort; Q4 = greater audit effort and more frequent assessments; Q5 = increased AI awareness.

References

  1. OECD. Artificial Intelligence in Society; OECD Publishing: Paris, France, 2019. [Google Scholar] [CrossRef]
  2. European Union. Artificial Intelligence Act (Regulation (EU) 2024/1689). 2024. Available online: https://eur-lex.europa.eu/eli/reg/2024/1689/oj (accessed on 1 June 2025).
  3. Chawla, C.; Chatterjee, S.; Gadadinni, S.S.; Verma, P.; Banerjee, S. Agentic AI: The building blocks of sophisticated AI business applications. J. AI Robot. Workplace Autom. 2024, 3, 196–210. [Google Scholar] [CrossRef]
  4. Elgendy, I.A.; Helal, M.Y.; Al-Sharafi, M.A.; Albashrawi, M.A.; Al-Ahmadi, M.S.; Jeon, I.; Dwivedi, Y.K. Agentic systems as catalysts for innovation in FinTech: Exploring opportunities, challenges and a research agenda. Inf. Discov. Deliv. 2025; in press. [CrossRef]
  5. Rasheed, Z.; Waseem, M.; Sami, M.A.; Kemell, K.K.; Ahmad, A.; Duc, A.N.; Systä, K.; Abrahamsson, P. Autonomous agents in software development: A vision paper. In Agile Processes in Software Engineering and Extreme Programming—Workshops; International Conference on Agile Software Development; Springer Nature: Cham, Switzerland, 2024; pp. 15–23. [Google Scholar]
  6. Tiwari, A. Conceptualising the emergence of Agentic Urban AI: From automation to agency. Urban Inform. 2025, 4, 13. [Google Scholar] [CrossRef]
  7. Mukherjee, A.; Chang, H.H. Agentic AI: Autonomy, Accountability, and the Algorithmic Society. arXiv 2025, arXiv:2502.00289. [Google Scholar]
  8. Sapkota, R.; Roumeliotis, K.I.; Karkee, M. Ai agents vs. agentic ai: A conceptual taxonomy, applications and challenges. arXiv 2025, arXiv:2505.10468. [Google Scholar] [CrossRef]
  9. Borghoff, U.M.; Bottoni, P.; Pareschi, R. An organizational theory for multi-agent interactions integrating human agents, LLMs, and specialized AI. Discov. Comput. 2025, 28, 138. [Google Scholar] [CrossRef]
  10. Mosqueira-Rey, E.; Hernández-Pereira, E.; Alonso-Ríos, D.; Bobes-Bascarán, J.; Fernández-Leal, Á. Human-in-the-loop machine learning: A state of the art. Artif. Intell. Rev. 2023, 56, 3005–3054. [Google Scholar] [CrossRef]
  11. Chen, W.; Chen, L. Generative AI for Business: Frameworks, Techniques, and Governance; GenAI Flows Publishing: Stamford, CT, USA, 2025; ISBN 9798999716118. [Google Scholar]
  12. Dafoe, A. AI Governance: A Research Agenda; Governance of AI Program: London, UK; Future of Humanity Institute: Oxford, UK; University of Oxford: Oxford, UK, 2018; pp. 1442–1443. [Google Scholar]
  13. Bengio, Y.; Hinton, G.; Yao, A.; Song, D.; Abbeel, P.; Darrell, T.; Harari, Y.N.; Zhang, Y.-Q.; Xue, L.; Shalev-Shwartz, S.; et al. Managing AI risks in an era of rapid progress. arXiv 2023, arXiv:2310.17688. [Google Scholar] [CrossRef]
  14. Hendrycks, D.; Mazeika, M.; Woodside, T. An overview of catastrophic AI risks. arXiv 2023, arXiv:2306.12001. [Google Scholar] [CrossRef]
  15. Rane, N.; Choudhary, S.; Rane, J. Artificial intelligence for enhancing resilience. J. Appl. Artif. Intell. 2024, 5, 1–33. [Google Scholar] [CrossRef]
  16. Sadeghi, K.; Ojha, D.; Kaur, P.; Mahto, R.V.; Dhir, A. Explainable artificial intelligence and agile decision-making in supply chain cyber resilience. Decis. Support Syst. 2024, 180, 114194. [Google Scholar] [CrossRef]
  17. Zhang, R.; Chen, X.; Lu, J.; Wen, S.; Nepal, S.; Xiang, Y. Using AI to hack IA: A new stealthy spyware against voice assistance functions in smart phones. arXiv 2018, arXiv:1805.06187. [Google Scholar] [CrossRef]
  18. Renaud, K.; Warkentin, M.; Westerman, G. From ChatGPT to HackGPT: Meeting the Cybersecurity Threat of Generative AI; MIT Sloan Management Review: Cambridge, MA, USA, 2023; p. 64428. [Google Scholar]
  19. Wirtz, B.W.; Weyerer, J.C.; Sturm, B.J. The dark sides of artificial intelligence: An integrated AI governance framework for public administration. Int. J. Public Adm. 2020, 43, 818–829. [Google Scholar] [CrossRef]
  20. Papagiannidis, E.; Enholm, I.M.; Dremel, C.; Mikalef, P.; Krogstie, J. Toward AI governance: Identifying best practices and potential barriers and outcomes. Inf. Syst. Front. 2023, 25, 123–141. [Google Scholar] [CrossRef] [PubMed]
  21. Tortorella, G.L.; Powell, D.; Hines, P.; Mac Cawley Vergara, A.; Tlapa-Mendoza, D.; Vassolo, R. How does artificial intelligence impact employees’ engagement in lean organisations? Int. J. Prod. Res. 2025, 63, 1011–1027. [Google Scholar] [CrossRef]
  22. Goos, M.; Savona, M. The governance of artificial intelligence: Harnessing opportunities and mitigating challenges. Res. Policy 2024, 53, 104928. [Google Scholar] [CrossRef]
  23. Forrester. Forrester Global Tech-Spend to Surpass 4.9 Trillion in 2025. 12 February 2025. Available online: https://www.forrester.com/press-newsroom/forrester-global-tech-spend-to-surpass-4-9-trillion-in-2025/ (accessed on 1 June 2025).
  24. Gartner. Gartner Forecasts Worldwide GenAI Spending to Reach $644 Billion in 2025. 31 March 2025. Available online: https://www.gartner.com/en/newsroom/press-releases/2025-03-31-gartner-forecasts-worldwide-genai-spending-to-reach-644-billion-in-2025 (accessed on 1 June 2025).
  25. Brock, J.K.U.; Von Wangenheim, F. Demystifying AI: What digital transformation leaders can teach you about realistic artificial intelligence. Calif. Manag. Rev. 2019, 61, 110–134. [Google Scholar] [CrossRef]
  26. Beulen, E. Digital Maturity: A Survey in the Netherlands. In Digital Technologies for Global Sourcing of Services; Global Sourcing 2019; Lecture Notes in Business Information Processing; Oshri, I., Kotlarsky, J., Willcocks, L.P., Eds.; Springer: Cham, Switzerland, 2020; Volume 410. [Google Scholar]
  27. Papagiannidis, E.; Mikalef, P.; Conboy, K. Responsible artificial intelligence governance: A review and research framework. J. Strateg. Inf. Syst. 2025, 34, 101885. [Google Scholar] [CrossRef]
  28. Townsend, D.M.; Hunt, R.A.; Rady, J.; Manocha, P.; Jin, J.H. Are the Futures Computable? Knightian Uncertainty and Artificial Intelligence. Acad. Manag. Rev. 2025, 50, 415–440. [Google Scholar] [CrossRef]
  29. Hosseini, S.; Seilani, H. The role of agentic ai in shaping a smart future: A systematic review. Array 2025, 26, 100399. [Google Scholar] [CrossRef]
  30. Hughes, L.; Dwivedi, Y.K.; Li, K.; Appanderanda, M.; Al-Bashrawi, M.A.; Chae, I. AI Agents and Agentic Systems: Redefining Global it Management. J. Glob. Inf. Technol. Manag. 2025, 28, 175–185. [Google Scholar] [CrossRef]
  31. Butcher, J.; Beridze, I. What is the state of artificial intelligence governance globally? RUSI J. 2019, 164, 88–96. [Google Scholar] [CrossRef]
  32. Schiff, D.; Rakova, B.; Ayesh, A.; Fanti, A.; Lennon, M. Explaining the principles to practices gap in AI. IEEE Technol. Soc. Mag. 2021, 40, 81–94. [Google Scholar] [CrossRef]
  33. Almeida, V.; Mendes, L.S.; Doneda, D. On the development of AI governance frameworks. IEEE Internet Comput. 2023, 27, 70–74. [Google Scholar] [CrossRef]
  34. Ghosh, A.; Saini, A.; Barad, H. Artificial intelligence in governance: Recent trends, risks, challenges, innovative frameworks and future directions. AI Soc. 2025, 40, 5685–5707. [Google Scholar] [CrossRef]
  35. Meske, C.; Bunde, E.; Schneider, J.; Gersch, M. Explainable artificial intelligence: Objectives, stakeholders, and future research opportunities. Inf. Syst. Manag. 2022, 39, 53–63. [Google Scholar] [CrossRef]
  36. Batool, A.; Zowghi, D.; Bano, M. AI governance: A systematic literature review. AI Ethics 2025, 5, 3265–3279. [Google Scholar] [CrossRef]
  37. Beulen, E.; Plugge, A.; van Hillegersberg, J. Formal and relational governance of artificial intelligence outsourcing. Inf. Syst. e-Bus. Manag. 2022, 20, 719–748. [Google Scholar] [CrossRef]
  38. Hussein, R.; Zink, A.; Ramadan, B.; Howard, F.M.; Hightower, M.; Shah, S.; Beaulieu-Jones, B.K. Advancing Healthcare AI Governance: A Comprehensive Maturity Model Based on Systematic Review. medRxiv 2024. [Google Scholar] [CrossRef]
  39. Robles, P.; Mallinson, D.J. Advancing AI governance with a unified theoretical framework: A systematic review. Perspect. Public Manag. Gov. 2025, 8, 213–227. [Google Scholar] [CrossRef]
  40. Gasser, U.; Almeida, V.A. A layered model for AI governance. IEEE Internet Comput. 2017, 21, 58–62. [Google Scholar] [CrossRef]
  41. Cihon, P.; Maas, M.M.; Kemp, L. Fragmentation and the future: Investigating architectures for international AI governance. Glob. Policy 2020, 11, 545–556. [Google Scholar] [CrossRef]
  42. Radu, R. Steering the governance of artificial intelligence: National strategies in perspective. Policy Soc. 2021, 40, 178–193. [Google Scholar] [CrossRef]
  43. Sigfrids, A.; Leikas, J.; Salo-Pöntinen, H.; Koskimies, E. Human-centricity in AI governance: A systemic approach. Front. Artif. Intell. 2023, 6, 976887. [Google Scholar] [CrossRef] [PubMed]
  44. Thierer, A.; Castillo O’Sullivan, R.; Mitchell, A.; O’Keeffe, M. Artificial Intelligence and Public Policy; Mercatus Research; Mercatus Center at George Mason University: Arlington, VA, USA, 2017. [Google Scholar]
  45. Baum, K.; Bryson, J.; Dignum, F.; Dignum, V.; Grobelnik, M.; Hoos, H.; Irgens, M.; Lukowicz, P.; Muller, C.; Rossi, F.; et al. From fear to action: AI governance and opportunities for all. Front. Comput. Sci. 2023, 5, 1210421. [Google Scholar] [CrossRef]
  46. Taeihagh, A. Governance of artificial intelligence. Policy Soc. 2021, 40, 137–157. [Google Scholar] [CrossRef]
  47. Birkstedt, T.; Minkkinen, M.; Tandon, A.; Mäntymäki, M. AI governance: Themes, knowledge gaps and future agendas. Internet Res. 2023, 33, 133–167. [Google Scholar] [CrossRef]
  48. ISO/IEC 42001:2023; Information Technology—Artificial Intelligence—Management System. International Organization for Standardization/International Electrotechnical Commission: Geneva, Switzerland, 2023.
  49. ISO/IEC 23053:2022; Framework for Artificial Intelligence (AI) Systems Using Machine Learning (ML). International Organization for Standardization/International Electrotechnical Commission: Geneva, Switzerland, 2022.
  50. IEEE 7000-2021; IEEE Standard Model Process for Addressing Ethical Concerns During System Design. Institute of Electrical and Electronics Engineers: Piscataway, NJ, USA, 2021.
  51. IEEE P2247.2; Interoperability Standards for Adaptive Instructional Systems (AISs). Institute of Electrical and Electronics Engineers: Piscataway, NJ, USA, (in Development). Available online: https://standards.ieee.org/ieee/2247.2/12085/ (accessed on 19 March 2026).
  52. IEEE P3474; Standard for Human Intentions and Artificial Intelligence Alignment in Autonomous Driving Agent. Institute of Electrical and Electronics Engineers: Piscataway, NJ, USA, (in Development). Available online: https://standards.ieee.org/ieee/3474/11639/ (accessed on 19 March 2026).
  53. IEEE 7003-2024; IEEE Standard for Algorithmic Bias Considerations. Institute of Electrical and Electronics Engineers: Piscataway, NJ, USA, 2024.
  54. IEEE P7008; Standard for Ethically Driven Nudging for Robotic, Intelligent and Autonomous Systems. Institute of Electrical and Electronics Engineers: Piscataway, NJ, USA. (in Development)
  55. IEEE 7009-2024; IEEE Standard for Fail-Safe Design of Autonomous and Semi-Autonomous Systems. Institute of Electrical and Electronics Engineers: Piscataway, NJ, USA, 2024.
  56. Beulen, E.; Dans, M.A. Data Analytics and Digital Transformation; Routledge: London, UK, 2023. [Google Scholar]
  57. Larsson, S. On the governance of artificial intelligence through ethics guidelines. Asian J. Law Soc. 2020, 7, 437–451. [Google Scholar] [CrossRef]
  58. Beulen, E.; Plugge, A.; van Hillegersberg, J. Formal and relational outsourcing governance of artificial intelligence and algorithms. In Transformation in Global Outsourcing; Willcocks, L., Oshri, I., Kotlarsky, J., Eds.; Palgrave Macmillan: Cham, Switzerland, 2024; pp. 355–391. [Google Scholar]
  59. Ehrlinger, L.; Wöß, W. A survey of data quality measurement and monitoring tools. Front. Big Data 2022, 5, 850611. [Google Scholar] [CrossRef]
  60. Munappy, A.R.; Bosch, J.; Olsson, H.H.; Arpteg, A.; Brinne, B. Data management for production quality deep learning models: Challenges and solutions. J. Syst. Softw. 2022, 191, 111359. [Google Scholar] [CrossRef]
  61. Djotaroeno, M.; Beulen, E. Information security awareness in the insurance sector: Cognitive and internal factors and combined recommendations. Information 2024, 15, 505. [Google Scholar] [CrossRef]
  62. Ross, J.W.; Weill, P.; Robertson, D. Enterprise Architecture as Strategy: Creating a Foundation for Business Execution; Harvard Business Press: Brighton, MA, USA, 2006. [Google Scholar]
  63. Tsaih, R.H.; Chang, H.L.; Hsu, C.C.; Yen, D.C. The AI tech-stack model. Commun. ACM 2023, 66, 69–77. [Google Scholar] [CrossRef]
  64. Bogner, J.; Verdecchia, R.; Gerostathopoulos, I. Characterizing technical debt and antipatterns in AI-based systems: A systematic mapping study. In Proceedings of the 2021 IEEE/ACM International Conference on Technical Debt (TechDebt); IEEE: Washington, DC, USA, 2021; pp. 64–73. [Google Scholar]
  65. Petrozzino, C. Who pays for ethical debt in AI? AI Ethics 2021, 1, 205–208. [Google Scholar] [CrossRef]
  66. Beulen, E.; Bode, R. An information technology and innovation committee to guide digital transformations. Corp. Board Role Duties Compos. 2021, 17, 38–53. [Google Scholar] [CrossRef]
  67. Montagnani, M.L.; Passador, M.L. Toward an Enhanced Level of Corporate Governance: Tech Committees as a Game Changer for the Board of Directors. J. Bus. Entrep. Law 2022, 15, 1–80. [Google Scholar]
  68. Sundararajan, A. How Corporate Boards Must Approach AI Governance. SSRN 2024. [Google Scholar] [CrossRef]
  69. Hilb, M. Toward artificial governance? The role of artificial intelligence in shaping the future of corporate governance. J. Manag. Gov. 2020, 24, 851–870. [Google Scholar] [CrossRef]
  70. Cath, C. Governing artificial intelligence: Ethical, legal and technical opportunities and challenges. Philos. Trans. R. Soc. A Math. Phys. Eng. Sci. 2018, 376, 20180080. [Google Scholar] [CrossRef]
  71. Mohanty, P.; Mishra, S.; Stephen, T.K. AI Governance Maturity Matrix: A Roadmap for Smarter Boards; California Management Review (Insight), UC Berkeley Haas School of Business: Berkeley, CA, USA, 2025; Available online: https://cmr.berkeley.edu/2025/05/ai-governance-maturity-matrix-a-roadmap-for-smarter-boards/ (accessed on 1 June 2025).
  72. Freeman, R.E. Strategic Management: A Stakeholder Approach; Pitman: Boston, MA, USA, 1984; ISBN 978-0-273-01913-8. [Google Scholar]
  73. Kinney, M.; Anastasiadou, M.; Naranjo-Zolotov, M.; Santos, V. Expectation management in AI: A framework for understanding stakeholder trust and acceptance of artificial intelligence systems. Heliyon 2024, 10, e28562. [Google Scholar] [CrossRef]
  74. Chong, T.; Yu, T.; Keeling, D.I.; de Ruyter, K.; Hilken, T. Stakeholder engagement with AI service interactions. J. Prod. Innov. Manag. 2026, 43, 31–56. [Google Scholar] [CrossRef]
  75. Ajmani, L.H.; Abdelkadir, N.A.; Chancellor, S. Secondary Stakeholders in AI: Fighting for, Brokering, and Navigating Agency. In Proceedings of the 2025 ACM Conference on Fairness, Accountability, and Transparency; Association for Computing Machinery: New York, NY, USA, 2025; pp. 1095–1107. [Google Scholar]
  76. Hollebeek, L.D.; Katsikeas, C.S.; Kopalle, P.K.; Viglia, G. Innovations Leveraging Artificial Intelligence, Stakeholder Engagement, and Innovation Value: An Investment Model Perspective. J. Prod. Innov. Manag. 2026, 43, 3–13. [Google Scholar] [CrossRef]
  77. Grote, G.; Parker, S.K.; Crowston, K. Taming artificial intelligence: A theory of control-accountability alignment among AI developers and users. Acad. Manag. Rev. 2024; in press. [CrossRef]
  78. Lämmermann, L.; Hofmann, P.; Urbach, N. Managing artificial intelligence applications in healthcare: Promoting information processing among stakeholders. Int. J. Inf. Manag. 2024, 75, 102728. [Google Scholar] [CrossRef]
  79. Chang, Y.L.; Ke, J. Socially responsible artificial intelligence empowered people analytics: A novel framework towards sustainability. Hum. Resour. Dev. Rev. 2024, 23, 88–120. [Google Scholar] [CrossRef]
  80. Hughes, L.; Dwivedi, Y.K.; Malik, T.; Shawosh, M.; Albashrawi, M.A.; Jeon, I.; Dutot, V.; Appanderanda, M.; Crick, T.; De’, R.; et al. AI agents and agentic systems: A multi-expert analysis. J. Comput. Inf. Syst. 2025, 65, 489–517. [Google Scholar] [CrossRef]
  81. Bohnsack, R.; de Wet, M. AI is the Strategy: From Agentic AI to Autonomous Business Models onto Strategy in the Age of AI. arXiv 2025, arXiv:2506.17339. [Google Scholar] [CrossRef]
  82. Bisoyi, A. Ownership, liability, patentability, and creativity issues in artificial intelligence. Inf. Secur. J. Glob. Perspect. 2022, 31, 377–386. [Google Scholar] [CrossRef]
  83. Schuster, W.M. Artificial intelligence and patent ownership. Wash. Lee Law Rev. 2018, 75, 1945. [Google Scholar]
  84. Margoni, T. Artificial Intelligence, Machine learning and EU copyright law: Who owns AI? Machine learning and EU copyright law: Who owns AI. SSRN 2018. [Google Scholar] [CrossRef]
  85. Van Rijmenam, M. The Organisation of Tomorrow: How AI, Blockchain and Analytics Turn Your Business into a Data Organization; Routledge: London, UK, 2019. [Google Scholar]
  86. Plotkin, D. Data Stewardship: An Actionable Guide to Effective Data Management and Data Governance; Academic Press: Cambridge, MA, USA, 2020. [Google Scholar]
  87. Lau, T. Ownership, Rights, and Governance. In Banking on (Artificial) Intelligence: Navigating the Realities of AI in Financial Services; Springer Nature: Cham, Switzerland, 2025; pp. 155–169. [Google Scholar]
  88. Mieczkowski, H.N. AI-Mediated Communication: Examining Agency, Ownership, Expertise, and Roles of AI Systems; Stanford University: Stanford, CA, USA, 2022. [Google Scholar]
  89. Rezaei, M.; Pironti, M.; Quaglia, R. AI in knowledge sharing, which ethical challenges are raised in decision-making processes for organisations? Manag. Decis. 2025, 63, 3369–3388. [Google Scholar] [CrossRef]
  90. Hadley, E.; Blatecky, A.; Comfort, M. Investigating algorithm review boards for organizational responsible artificial intelligence governance. AI Ethics 2025, 5, 2485–2495. [Google Scholar] [CrossRef]
  91. Khatri, V.; Brown, C.V. Designing data governance. Commun. ACM 2010, 53, 148–152. [Google Scholar] [CrossRef]
  92. Korhonen, J.J.; Melleri, I.; Hiekkanen, K.; Helenius, M. Designing Data Governance Structure: An Organizational Perspective. GSTF J. Comput. (JoC) 2013, 2, 11–17. [Google Scholar]
  93. Jelinek, T.; Wallach, W.; Kerimi, D. Policy brief: The creation of a G20 coordinating committee for the governance of artificial intelligence. AI Ethics 2021, 1, 141–150. [Google Scholar] [CrossRef]
  94. Reuel, A.; Undheim, T.A. Generative AI needs adaptive governance. arXiv 2024, arXiv:2406.04554. [Google Scholar] [CrossRef]
  95. Raza, S.; Sapkota, R.; Karkee, M.; Emmanouilidis, C. Trism for agentic AI: A review of trust, risk, and security management in llm-based agentic multi-agent systems. arXiv 2025, arXiv:2506.04133. [Google Scholar] [CrossRef]
  96. Sharma, R. AI Governance. In AI and the Boardroom: Insights into Governance, Strategy, and the Responsible Adoption of AI; Apress: Berkeley, CA, USA, 2024; pp. 5–26. [Google Scholar]
  97. Sayles, J. AI Governance and Oversight Model. In Principles of AI Governance and Model Risk Management: Master the Techniques for Ethical and Transparent AI Systems; Apress: Berkeley, CA, USA, 2024; pp. 183–208. [Google Scholar]
  98. Wood, J.M. AI governance check: Navigating compliance and essential queries for board discussions. Board Leadersh. 2024, 2024, 1–8. [Google Scholar] [CrossRef]
  99. Piridi, S.; Asundi, S. Rise of the AI Bureaucrats: Autonomous Agents Transforming Public Services. SSRN Work. Pap. 2025. [Google Scholar] [CrossRef]
  100. Batarseh, F.A.; Freeman, L.; Huang, C.H. A survey on artificial intelligence assurance. J. Big Data 2021, 8, 60. [Google Scholar] [CrossRef]
  101. Stettinger, G.; Weissensteiner, P.; Khastgir, S. Trustworthiness assurance assessment for high-risk ai-based systems. IEEE Access 2024, 12, 22718–22745. [Google Scholar] [CrossRef]
  102. Allam, H.; Dempere, J. Agentic AI for IT and Beyond: A Qualitative Analysis of Capabilities, Challenges, and Governance. Artif. Intell. Bus. Rev. 2025, 1, 1. [Google Scholar] [CrossRef]
  103. Beulen, E.; Ribbers, P. Control in outsourcing relationships: Governance in action. In Proceedings of the 2007 40th Annual Hawaii International Conference on System Sciences (HICSS’07); IEEE: Piscataway, NJ, USA, 2007; p. 236b. [Google Scholar]
  104. Thomas, C.; Roberts, H.; Mökander, J.; Tsamados, A.; Taddeo, M.; Floridi, L. The case for a broader approach to AI assurance: Addressing “hidden” harms in the development of artificial intelligence. AI Soc. 2025, 40, 1469–1484. [Google Scholar] [CrossRef]
  105. Mantelero, A. AI and Big Data: A blueprint for a human rights, social and ethical impact assessment. Comput. Law Secur. Rev. 2018, 34, 754–772. [Google Scholar] [CrossRef]
  106. Stahl, B.C.; Antoniou, J.; Bhalla, N.; Brooks, L.; Jansen, P.; Lindqvist, B.; Kirichenko, A.; Marchal, S.; Rodrigues, R.; Santiago, N.; et al. A systematic review of artificial intelligence impact assessments. Artif. Intell. Rev. 2023, 56, 12799–12831. [Google Scholar] [CrossRef] [PubMed]
  107. Moore, E.; Abbas, F. Agentic AI as Guardian: Preventing Financial Crimes and Elevating Cybersecurity Compliance. Preprint 2024. [Google Scholar] [CrossRef]
  108. Schreyer, M.; Gu, H.; Moffitt, K.; Vasarhelyi, M.A. Artificial Intelligence Agentic Auditing. SSRN 2024. [Google Scholar] [CrossRef]
  109. Murugesan, S. The rise of agentic AI: Implications, concerns, and the path forward. IEEE Intell. Syst. 2025, 40, 8–14. [Google Scholar] [CrossRef]
  110. Scantamburlo, T.; Cortés, A.; Foffano, F.; Barrué, C.; Distefano, V.; Pham, L.; Fabris, A. Artificial intelligence across Europe: A study on awareness, attitude and trust. IEEE Trans. Artif. Intell. 2024, 6, 477–490. [Google Scholar] [CrossRef]
  111. Ackerman, L. Perceptions of Agentic AI in Organizations: Implications for Responsible AI and ROI. arXiv 2025, arXiv:2504.11564. [Google Scholar] [CrossRef]
  112. Li, X.; Shi, H.; Xu, R.; Xu, W. Ai awareness. arXiv 2025, arXiv:2504.20084. [Google Scholar]
  113. Cardon, P.; Fleischmann, C.; Aritz, J.; Logemann, M.; Heidewald, J. The challenges and opportunities of AI-assisted writing: Developing AI literacy for the AI age. Bus. Prof. Commun. Q. 2023, 86, 257–295. [Google Scholar] [CrossRef]
  114. Ng, D.T.K.; Leung, J.K.L.; Chu, K.W.S.; Qiao, M.S. AI literacy: Definition, teaching, evaluation and ethical issues. Proc. Assoc. Inf. Sci. Technol. 2021, 58, 504–509. [Google Scholar] [CrossRef]
  115. Thalheim, B. The theory of conceptual models, the theory of conceptual modelling and foundations of conceptual modelling. In Handbook of Conceptual Modeling: Theory, Practice, and Research Challenges; Springer: Berlin/Heidelberg, Germany, 2011; pp. 543–577. [Google Scholar]
  116. Döringer, S. ‘The problem-centred expert interview’: Combining qualitative interviewing approaches for investigating implicit expert knowledge. Int. J. Soc. Res. Methodol. 2021, 24, 265–278. [Google Scholar] [CrossRef]
  117. Meuser, M.; Nagel, U. The expert interview and changes in knowledge production. In Interviewing Experts; Palgrave Macmillan: London, UK, 2009; pp. 17–42. [Google Scholar]
  118. Solarino, A.M.; Aguinis, H. Challenges and best-practice recommendations for designing and conducting interviews with elite informants. J. Manag. Stud. 2021, 58, 649–672. [Google Scholar] [CrossRef]
  119. Tukey, J.W. Exploratory Data Analysis; Addison-Wesley: Reading, MA, USA, 1977; Volume 2, pp. 131–160. [Google Scholar]
  120. Strauss, A.; Corbin, J. Basics of Qualitative Research; Sage: Newbury Park, CA, USA, 1990; Volume 15. [Google Scholar]
  121. Ørngreen, R.; Levinsen, K.T. Workshops as a research methodology. Electron. J. E-Learn. 2017, 15, 70–81. [Google Scholar]
  122. Allen, I.E.; Seaman, C.A. Likert scales and data analyses. Qual. Prog. 2007, 40, 64–65. [Google Scholar]
  123. Guerra, A.L.; Gidel, T.; Vezzetti, E. Toward a common procedure using likert and likert-type scales in small groups comparative design observations. In DS 84: Proceedings of the DESIGN 2016 14th International Design Conference; The Design Society: Glasgow, UK, 2016; pp. 23–32. [Google Scholar]
  124. Zysman, J.; Nitzberg, M. Governing AI: Understanding the Limits, Possibility, and Risks of AI in an Era of Intelligent Tools and Systems; Woodrow Wilson International Center for Scholars: Washington, DC, USA, 2020. [Google Scholar]
  125. Torrance, A.W.; Tomlinson, B. Governance of the AI, by the AI, and for the AI. Miss. Law J. 2023, 93, 107. [Google Scholar]
  126. Taherdoost, H. What is the best response scale for survey and questionnaire design; review of different lengths of rating scale/attitude scale/Likert scale. Int. J. Acad. Res. Manag. (IJARM) 2019, 8, 1–10. [Google Scholar]
  127. Hartley, R.I.; Sturm, P. Triangulation. Comput. Vis. Image Underst. 1997, 68, 146–157. [Google Scholar] [CrossRef]
  128. The University of Manchester. Code of Good Research Conduct, Version 2.1; The University of Manchester: Manchester, UK, 2022. Available online: https://documents.manchester.ac.uk/display.aspx?DocID=2804 (accessed on 11 September 2025).
  129. Lincoln, Y.S.; Guba, E.G. Naturalistic Inquiry; Sage: Singapore, 1985. [Google Scholar]
  130. Kashefi, P.; Kashefi, Y.; Ghafouri Mirsaraei, A. Shaping the future of AI: Balancing innovation and ethics in global regulation. Unif. Law Rev. 2024, 29, 524–548. [Google Scholar] [CrossRef]
  131. Zaidan, E.; Ibrahim, I.A. AI governance in a complex and rapidly changing regulatory landscape: A global perspective. Humanit. Soc. Sci. Commun. 2024, 11, 1121. [Google Scholar] [CrossRef]
  132. Sheikh, H. European digital sovereignty: A layered approach. Digit. Soc. 2022, 1, 25. [Google Scholar] [CrossRef]
  133. Williams, C.K.; Karahanna, E. Causal Explanation in the Coordinating Process: A Critical Realist Case Study of Federated IT Governance Structures. Mis Q. 2013, 37, 933–964. [Google Scholar] [CrossRef]
  134. Dolhopolov, A.; Castelltort, A.; Laurent, A. Implementing federated governance in data mesh architecture. Future Internet 2024, 16, 115. [Google Scholar] [CrossRef]
  135. Abbott, K.W.; Snidal, D. Hard and soft law in international governance. Int. Organ. 2000, 54, 421–456. [Google Scholar] [CrossRef]
  136. Hagemann, R.; Huddleston Skees, J.; Thierer, A. Soft law for hard problems: The governance of emerging technologies in an uncertain future. Colo. Technol. Law J. 2018, 17, 37. [Google Scholar]
  137. Ofili, B.T.; Ezeadi, S.C.; Jegede, T.B. Securing US national interests with cloud innovation: Data sovereignty, threat intelligence and digital warfare preparedness. Int. J. Sci. Res. Arch. 2024, 12, 3160–3179. [Google Scholar] [CrossRef]
  138. Pasham, S.D. AI-Driven Cloud Cost Optimization for Small and Medium Enterprises (SMEs). Computertech 2017, 3, 1–24. [Google Scholar]
  139. Ismanov, I.; Qayumov, N.; Mukhamadjonova, D.; Akhmadaliyev, B. AI and cost management: Strategies for reducing expenses and improving profit margins in business. In Proceedings of the 2024 International Conference on Knowledge Engineering and Communication Systems (ICKECS); IEEE: Piscataway, NJ, USA, 2024; Volume 1, pp. 1–7. [Google Scholar]
  140. Usman, H.; Nawaz, B.; Naseer, S. The future of state sovereignty in the age of artificial intelligence. J. Law Soc. Stud. 2023, 5, 142–152. [Google Scholar] [CrossRef]
Information 17 00336 g001
Figure 1. AI governance framework—measures (1–6) and good practices (A–F).
Figure 1. AI governance framework—measures (1–6) and good practices (A–F).
Information 17 00336 g001
Table 2. Overview profiles of interviewed subject-matter experts.
Table 2. Overview profiles of interviewed subject-matter experts.
#SectorRegion
1GovernmentAmericas
2Consumer GoodsEurope
3FinTechEurope
4Financial ServicesAmericas
5ConsultingGlobal
6GovernmentEurope
7Financial ServicesAmericas
8Financial ServicesAmericas
9GovernmentAmericas
10FinTechAmericas
11Financial ServicesEurope
12UtilitiesEurope
13Financial ServicesEurope
14ManufacturingEurope
15InsuranceEurope
16Financial ServicesAmericas
17ConsultingGlobal
18GovernmentEurope
19ConsultingGlobal
20Financial ServicesAmericas
21Financial ServicesAmericas
22GovernmentAmericas
23Financial ServicesAmericas
Table 3. The mapping of the interview topics (AI governance) and round table topics (agentic AI governance).
Table 3. The mapping of the interview topics (AI governance) and round table topics (agentic AI governance).
Round table topics (agentic AI governance)
1. AI for AI governance2. Greater business involvement in AI governance to define and monitor key parameters3. Increased model & data stewardship effort4. Greater audit effort and more frequent assessments5. Increased AI awareness
Interview topics (AI governance)1. Artificial Intelligence Stakeholders Management X
2. Model and Data Ownership XX
3. Artificial Intelligence Steering Committee X
4. Audit and Impact Assessments X
5. Staff Training X
6. AI ToolingX
Table 4. Overview of AI governance good practices.
Table 4. Overview of AI governance good practices.
#Good AI Governance PracticeInterviewee Reference (Specific Context)
AData quality as a pre-condition for AI applicationsI2, I3, and I8 (training models); I4, I14, I15, and I17 (data flow and pipelines); I16 (data classification); and I23 (meta data and date linage)
BCertificationI6 and I12
CAI cost controlI9
DAssessing product responsibilities of AI vendorsI10
EArchitectural controlI11 (approved AI tools only)
FRegister algorithmsI18
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Beulen, E.; Dans, M. Artificial Intelligence Governance Mechanisms—The Chief Data Officer Perspective with a Focus on Agentic AI Governance. Information 2026, 17, 336. https://doi.org/10.3390/info17040336

AMA Style

Beulen E, Dans M. Artificial Intelligence Governance Mechanisms—The Chief Data Officer Perspective with a Focus on Agentic AI Governance. Information. 2026; 17(4):336. https://doi.org/10.3390/info17040336

Chicago/Turabian Style

Beulen, Erik, and Marla Dans. 2026. "Artificial Intelligence Governance Mechanisms—The Chief Data Officer Perspective with a Focus on Agentic AI Governance" Information 17, no. 4: 336. https://doi.org/10.3390/info17040336

APA Style

Beulen, E., & Dans, M. (2026). Artificial Intelligence Governance Mechanisms—The Chief Data Officer Perspective with a Focus on Agentic AI Governance. Information, 17(4), 336. https://doi.org/10.3390/info17040336

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop