X. Design Week 2026
admin_panel_settings Organiser DTTT
Step 1 of 8
verified Organiser · The Advisory Clinic

AI Governance & Strategy

calendar_today Tuesday 2 June · Afternoon
schedule 40 minutes
groups Two facilitators
James Arnold
James Arnold
Digital Trends Analyst
Digital Tourism Think Tank
Fábio Caldeira
Fábio Caldeira
Digital Trends Analyst
Digital Tourism Think Tank
1 / 8
insights What they told us

Patterns across the submissions

A snapshot of the priorities surfaced in the pre-event Typeform, drawn from eight respondents. The Clinic will focus on the highest ranked themes.

PRIORITY 01
policy
75%
Aligning AI strategy
The top ranked priority, deciding what AI is for before writing any policy.
PRIORITY 02
shield
38%
Data privacy
Keeping AI use within data protection and regulatory limits.
PRIORITY 03
rule
25%
Internal policies
Clear rules on approved tools, data handling and disclosure.
PRIORITY 04
campaign
25%
Communicating strategy
Bringing leadership and the wider organisation along on the journey.
PRIORITY 05
verified_user
13%
Accountability
A named person responsible for every AI-assisted output.
PRIORITY 06
gavel
13%
Regulatory landscape
EU AI Act, sector regulation and what enforcement means in practice.
Personal AI maturity (3.1 / 5)
62%
Organisational AI maturity (2.1 / 5)
43%
Maturity gap between individual and organisation
20%
2 / 8
checklist AI Governance & Strategy

Easy steps to help them implement this

STEP 01
Decide what AI is for in the organisation before writing any policy. Without a clear strategic position, governance becomes a list of restrictions without a purpose.
STEP 02
Document which decisions stay human. Be explicit about where AI assists and where the final judgment must rest with a person.
STEP 03
Draft a one-page AI policy covering approved tools, accountability for outputs, data handling and disclosure. Keep it short enough that people read it.
STEP 04
Use the EU AI Act enforcement date of August 2026 as a forcing function. It moves governance from theoretical to scheduled.

Tools worth knowing

Microsoft Copilot Admin
Built-in governance for any Microsoft organisation. Set data retention, access controls and audit trails before staff use Copilot at scale.
ChatGPT Enterprise
Admin controls, data residency, no training on inputs and audit logs that meet most compliance requirements.
OneTrust
AI governance platform with formal documentation, risk registers and EU AI Act readiness assessments built in.
Credo AI
Governance platform that turns policies into measurable controls and tracks compliance across AI use cases.
DTTT AI Transparency Framework
Open framework for recording AI use covering disclosure, productivity, environmental impact and content integrity.
3 / 8
01
Challenge One
Preventing shadow AI while keeping the door open

Shadow AI creates data and accountability gaps that are hard to manage after the fact, while a punitive response pushes useful adoption out of sight as fast as it curbs the risky kind.

7:30
7 min 30 sec per challenge
Diagnose
What is the specific governance gap in your organisation?
  • Shadow AI creates data handling risks and accountability gaps that are hard to manage after the fact.
  • A governance response that feels punitive pushes useful adoption out of sight as fast as it curbs the risky kind.
  • A clear, low-friction path for approved AI use gives staff a reason to work within the framework instead of around it.
Diagnose
What has been tried and where did it stall?
  • Have you mapped which AI tools are currently in use across the organisation?
  • Has any guidance been issued and how was it received?
  • Where has uncontrolled AI use already caused a problem?
Stakeholders
Who in the organisation needs to be part of the solution?
  • Is the challenge technical, cultural or structural? A policy people do not read solves nothing.
  • Is there leadership appetite to draw a clear line, or is the organisation still hoping the question resolves itself?
Next move
What is the most urgent single thing to put in place?
  • Ask your team directly what AI tools they use and for what. The answer will tell you more than any audit process.
  • Draft a short approved tools list with a simple rationale for each decision and share it informally before making it official.
4 / 8
02
Challenge Two
Making governance simple enough that people actually use it

Governance that lives only in documents changes no behaviour, so the test is whether a simple model people use beats a thorough one nobody consults.

7:30
7 min 30 sec per challenge
Diagnose
What is the specific governance gap in your organisation?
  • Governance that exists only in documents does not change behaviour.
  • A simple model that covers most situations and gets used consistently outperforms a comprehensive one nobody consults.
  • What matters in a governance framework is whether it changes what people do.
Diagnose
What has been tried and where did it stall?
  • Have you tested any simplified governance tools or models with your team?
  • What is the most common AI-related decision your staff face day to day?
  • Where does complexity tend to creep in and make people disengage?
Stakeholders
Who in the organisation needs to be part of the solution?
  • Is the challenge that the underlying governance questions are complex, or that they have been made to feel more complex than they need to be?
  • Is there a tendency to keep adding rules for every edge case when a simple model would handle the vast majority of situations?
Next move
What is the most urgent single thing to put in place?
  • Write down the three most common AI decisions your team makes and test whether a simple yes, check or no framework resolves them without further guidance.
  • Share a draft with two or three colleagues and ask whether they could apply it without any explanation from you.
5 / 8
03
Challenge Three
Aligning AI strategy with organisational goals before writing policy

Policy written before strategy reflects anxiety more than intent, so answering what AI is for first lets the leadership conversation connect to goals they already own.

7:30
7 min 30 sec per challenge
Diagnose
What is the specific governance gap in your organisation?
  • Policy written before strategy constrains more than it enables, so the rules end up reflecting anxiety more than intent.
  • Communicating AI to leadership is easier when the strategy connects directly to goals they are already accountable for.
  • Destinations that answer the strategic question first move from policy as restriction to policy as confidence.
Diagnose
What has been tried and where did it stall?
  • Have you mapped where AI is already contributing to organisational goals, even informally?
  • Has leadership been asked directly what they want AI to do for the organisation?
  • Is there an existing strategic plan that an AI strategy could sit inside instead of alongside?
Stakeholders
Who in the organisation needs to be part of the solution?
  • Is the challenge that leadership does not yet have a view, that views are inconsistent across the organisation, or that the strategy team is waiting for more certainty before committing?
  • Is AI being treated as a separate workstream instead of something that runs through existing priorities?
Next move
What is the most urgent single thing to put in place?
  • Take one organisational goal you are already measured against and write one paragraph on what AI could contribute to it.
  • Test that paragraph with one senior colleague before building anything larger around it.
6 / 8
04
Challenge Four
Establishing accountability for AI-generated outputs without slowing teams down

Accountability gaps form quickly when teams use AI without a clear owner for outputs. The risk is not the technology, it is the absence of a named person and a clear process when something goes wrong.

7:30
7 min 30 sec per challenge
Diagnose
What is the specific accountability gap in your organisation?
  • When something AI-generated is published, who reviews it before it goes out and who is named as responsible if it is wrong?
  • Where in the workflow does human sign-off currently sit and where is it missing?
  • Has anything AI-generated already gone out without proper review and what was the consequence?
Diagnose
Where has the line between AI-assisted and AI-authored blurred?
  • Is your team disclosing which work is AI-assisted internally and externally?
  • Does the brief distinguish between using AI as a starting point and accepting the final output?
  • Has there been a case where the answer to who wrote this was unclear?
Stakeholders
Who owns AI output review and what authority do they need?
  • Does the reviewer need editorial authority, legal authority, or both?
  • Should accountability sit with the originator, the reviewer, or both?
  • How would you structure this across marketing, content and customer-facing teams?
Next move
What is the smallest accountability change with the biggest effect?
  • Add a single line to your existing approval workflow: was AI involved in producing this and who reviewed it?
  • Name one person per team who owns the AI disclosure conversation and equip them to lead it.
7 / 8
favorite The Advisory Clinic

Thank you.

lightbulb
Key pattern

The one theme that surfaced across all four challenges.

arrow_forward
First move

The smallest action you can take back to your organisation this week.

block
Common trap

The mistake most organisations make with this topic.

8 / 8