Skip navigation EPAM
Dark Mode
Light Mode

AI Governance: The Key to Trust, Value & Competitive Advantage

EPAM Experts Discuss the State of AI Governance Right Now

INTRODUCTION

The Governance Gap in AI

Artificial intelligence (AI) is evolving at warp speed, and governance can’t keep up. Every day brings new technology breakthroughs — and new risks. But as even the boldest companies go all-in on AI adoption, with a particular focus on agentic AI, we’re seeing a lack of foundational work. Far too often, governance is, at best, an afterthought. This leaves companies exposed to risks that could derail innovation and trust.

“The elephant in the room is that Fortune 500 companies are not ready for governance at scale for the agentic era,” says Nir Kaldero, EPAM’s Vice President, AI Strategy. “And we see it across industries with many governance incidents and data leakage events.” 

Research highlights the same disconnect. According to Gartner®, only 26% of Data & Analytics/AI leaders report “fully integrated AI governance structures and policies that are aligned with their data governance, and provide strong oversight and accountability.”1

Governance as Best Practice

“Governance is not just ‘good’ for you, it’s strategic for you,” says Kaldero. “It’s not if you can or if you should. It’s part of the core.”

63%

of organizations experiencing a breach did not have a formal AI governance policy in place

4x

More likely to report AI-driven revenue growth with fully integrated AI governance

The risks of sidelining governance are well documented. 63% of organizations experiencing AI-related breaches lacked formal governance policies, underscoring the direct link between governance gaps and risk exposure. 

But now we’re also seeing that governance, done well, can be a value driver, giving companies a competitive edge. Organizations with fully integrated AI governance are nearly four times more likely to report AI-driven revenue growth (58%) compared to those still piloting AI (15%). And those that have fully integrated governance into AI operations see accelerated innovation (59%), higher-quality outputs (64%) and increased efficiency (81%) compared to those without governance frameworks.

“The most successful clients that we work with, who've had the best ROI and value from AI, have actually taken governance really seriously right at the beginning,” says Stephen Moody, Senior Director, Data & Analytics Consulting. 

One reason for that, he posits, is because companies benefit from knowing exactly what they have. One of the key requirements in the EU AI Act is registering all AI/ML systems — and, as it turns out, that’s good practice. 

“So, you have a register, you know what everyone's building, you know how they overlap, you know what the risks are,” says Moody. “My view is you get a better result because of that coherent view of what's happening in a very large, complicated organization.”

Governance as a Strategic Advantage

“Do it holistically,” Moody continues. “Try and have a group that looks at value, cost, tech choices and risk in a holistic way.”

To complicate the already complex: The definition of governance is changing, becoming broader, says Moody.

“What started off as probably responsible AI, security, legal and compliance as part of governance is now much bigger,” he says. “It's more about managing your technology, managing the value of it, managing the cost. So, it's risk management effectively, but it's also value management.”

Value management requires business-led strategy. It’s not AI for the sake of AI. Value management is the part of governance that aligns AI priorities with measurable ROI, ensuring that AI systems are scalable, adaptable and aligned with evolving business needs and regulatory landscapes.

Silos have never been more problematic because governance underpins everything. Done right, governance can connect the dots in a way that gives everyone a high-definition picture of what’s going on. With good governance, business and strategy lead the way to value in constant collaboration with the tech side of the company. The foundations of a robust governance program — efficiency, transparency and collaboration — have always been good business. A solid governance program can reduce bottlenecks and light the way to value.    

Good Governance is About Trust, at Scale

Pavel Daineko, Director, Data Privacy, who owns EPAM’s internal AI compliance program, says he sees AI governance as more of an enabler than a blocker.

“Good governance gives companies the confidence to move faster because they know what the system is allowed to do and who is responsible for it, and what happens if something goes wrong,” he says. “Without that, AI becomes hard to trust at scale.”

Good governance can build customer trust and regulatory confidence, enabling companies to scale AI responsibly.

“And then good governance is when we’re not only assessing the risk — legal, regulatory, security and privacy — but we are also continuously monitoring how these risks are being mitigated,” adds Daineko.

But like Kaldero, Daineko says good governance is rare.

“We often see that the real problem is that adoption is moving much faster than control,” he says. “In many organizations, teams are rolling out AI, testing new tools, trying to get value from them quickly, but governance, accountability and guardrails often come later, if they come at all.”

The New Frontier of Agentic AI

With agentic AI proliferating, the stakes have only become higher. 

“Because now we aren’t just talking about systems that generate content or recommendations. We’re talking about systems that can actually do things, trigger workflows, access data, call tools and take actions on behalf of people, even without human supervision,” says Daineko. “So, the question is no longer just ‘did the model give the right answer?’ It is, ‘was it actually allowed to act or not?’”

"An AI agent is often like a contractor you’ve hired — you’ve given them access, tools and a company credit card, and then left them unsupervised with a very fuzzy job description.”   

Pavel Daineko
Director, Data Privacy

Agentic AI has upped the cybersecurity ante because of its ability to act without human oversight. Recent incidents have highlighted the importance of human oversight and stricter controls to prevent unauthorized actions.

Trust takes on an entirely new meaning with agentic AI because the tools aren’t just answering questions, they’re accessing data and acting on information autonomously to achieve the defined goal.

Risk is a funny thing with AI. It keeps shape-shifting.

“If the companies don’t take governance seriously, the risk is much bigger than just compliance: So, this is a regulatory risk, this is an operational risk, this is a security risk, this is ultimately reputational damage and a painful loss of trust,” says Daineko. “If an AI system behaves in a way nobody properly anticipated or controlled, that can create real business problems very quickly. And in my view, most AI governance failures are not model failures. They are management failures.”

Education as a Key Pillar of Governance

And one of the most important tasks for management is educating themselves, their boards and everyone who intersects with AI, which means all of us. 

You have to train everybody: ‘this is how we're doing it, this is where you can look up the register, these are the risks we manage,’” says Moody. “Because a lot of the risks, probably half or so, are about what individual users do with the software.”

But the flipside to that is that people who get the right education are empowered. The right AI education doesn’t just increase understanding — it increases trust: people with AI training are not only more likely to use AI, they’re more likely to trust it

“Then their capability level goes up,” says Moody.

Education is also a key defense against shadow AI, the proliferation of employees using large language models in their work without formal approval. By fostering a culture of accountability, organizations can mitigate these risks and ensure that AI is used responsibly. 

Navigating the Regulatory Landscape

EPAM’s Legal Team says the pressure for good AI governance is unlike any other regulatory change in technology because it is more pervasive.

“Historically, a lot of companies have thought, ‘Oh, strict governance requirements are only needed in heavily regulated industries: consumer-facing spaces, banks, healthcare providers.’ But this is changing; everyone is looking to integrate AI into their business and therefore everyone is going to have to consider their approach to governance,” says Debbie Griffiths, Managing Counsel at EPAM. 

Big data gave rise to a somewhat clearer regulatory environment. The EU’s General Data Protection Regulation (GDPR) largely became the gold standard, with countries around the world aligning to it. But that’s not the trend with the EU’s AI Act. Countries are making their own assessment of how to balance innovation and regulation, says Griffiths, with AI providers playing a key role in how this unfolds.

From a regulatory standpoint, there’s a fractured, Wild West feel to it all right now, says Eran Eisenberg, EPAM’s General Counsel, Commercial.

“There's this legislative race that's going on,” he says. “Every country is going to have to do something. Some of them are more liberal, some are more protective.”

Griffiths adds: “I think we're already seeing that tension with China. And I think it will increasingly emerge in markets like India, which is taking a more light‑touch, pro‑innovation approach while it works out how far regulation should go.”

One valid comparison point between AI and the data landscape, says Eisenberg, is around fines. Initially, the GDPR regulators were underfunded when enforcement began in 2018.

“We saw with GDPR that there was a slow build and then a step-change in enforcement. Fines became the signal that regulators were serious. I'd expect the same pattern with AI — it's just a question of when.”

Governance & Cybersecurity:
A Unified Front

No aspect of governance is more critical than security.

Adam Bishop, Senior Director, Technology Consulting, predicts that governance and cybersecurity will find shelter under the same umbrella.

“I mean, it's got to be integrated,” he says. “You can do the AI engineering perfectly and have really poor governance and you'll be in a lot of trouble.”

“I think the biggest risk with AI, and especially agentic AI, is with every order of magnitude that you increase the capability of the model, you lose control over more data,” Bishop continues. 

The risks go beyond data leaks, of course, and include classic injection prompts and model misuse, but in addition to malicious threats, there are non-malicious threats, he says, now that every employee has access to large language models. 

AI has transformed cybersecurity into an entirely new beast, and companies must accept that risk is the price of innovation. Mitigating that risk is a top priority.

“We're at the very, very early stages of it,” says Bishop. “There are companies rushing in, they're doing it wrong. You're hearing about it in the news.”

In our recent white paper, we outlined seven key security priorities for the AI era. Chief among them: security must be infused into every part of the AI lifecycle, supply chain and operational workflows. 

Kaldero agrees that governance and cybersecurity are tightly interwoven.

“Issues in governance lead to problems in cyber,” he says. “The root cause typically is poor governance.”

CONCLUSION

Governance as the Key to Trust & Innovation

If you think governance is just a bureaucratic speed bump, think again. The real competitive edge won’t come from the latest AI tool — it will grow from the discipline to govern before you build. 

“Fix governance first,” says Kaldero. “That requires understanding your strategy before choosing tools and technology. When done right, governance doesn’t slow you down; it gives you the confidence to move faster and innovate smarter. It’s not just about managing risk — it’s about creating the conditions for AI to thrive responsibly and at scale.”

 1 Gartner, Data Intelligence Monthly: Executive Insights on AI Governance, Lulu Wang, David Pidsley, Anurag Raj, February 11, 2026. GARTNER is a trademark of Gartner, Inc. and/or its affiliates.

GET IN TOUCH

Hi! We’d love to hear from you.

Want to talk to us about your business needs?