Insights

The Shadow AI Crisis: Why Enterprise Governance Is Failing & How to Fix It

Almost half of all GenAI use now occurs through personal accounts like ChatGPT, Claude, Perplexity, and others, entirely outside corporate oversight or control. This isn’t about a few rogue users acting in secret. We’re seeing widespread bypassing of approved tools across entire organizations, with the average company experiencing 223 shadow AI incidents each month, twice as many as just a year ago.

Two Years After the Digital Services Act, Brussels Is Testing Its Power

When the Digital Services Act entered into force two years ago, it was framed as a reset for the online economy. The rhetoric focused on safer digital spaces, stronger protections for fundamental rights, and curbing manipulative or harmful platform behavior.

When Speed Outruns Stewardship: AI’s Governance Reckoning Has Begun

There is a particular moment in every technological transformation when enthusiasm gives way to recognition. It is not the moment when innovation falters, nor when critics grow louder. It is the moment when institutions begin to understand that what has been built is now too consequential to remain loosely governed.

Why Governance Is the New Empathy

Let’s be honest: governance doesn’t usually make hearts race. The word alone can drain the excitement out of a meeting faster than a surprise PowerPoint. For years, governance has been typecast as the corporate hall monitor—clipboard in hand, ready to say, “No, you can’t do that.” But in the age of AI, that old stereotype doesn’t work anymore. Governance has gone through its own transformation, like a quiet glow-up. Today, it’s not about slowing innovation down; it’s about keeping it human. In fact, governance has become the new empathy.

Risk & Decision-Making

In this article, Norman Marks reflects on a recent exchange sparked by Alex Sidorenko’s thinking on risk and decision-making, exploring where they strongly align and where a critical distinction emerges around the concept of uncertainty. While agreeing that risk management should move beyond static risk lists and toward enabling better decisions, Marks challenges how the term “uncertainty” is often understood and applied in practice. The result is a pragmatic reframing of risk conversations—one grounded in real managerial decision-making rather than abstract definitions or theoretical precision.

Risk Was Never Meant to Be a Compliance Exercise

In my earlier piece, Risk Management Is Not a SOX Coloring Book: A Call for Risk Management as a Strategic Discipline, I argued that decades of Sarbanes-Oxley gravity have quietly reshaped how organizations understand risk—narrowing it into a compliance exercise defined by documentation, evidence trails, and audit satisfaction. That article challenged the idea that shaded boxes and completed control matrices equate to managing uncertainty. This follow-up goes a step further. It explores what risk management looks like once we finally put the coloring book down.

You Can’t Outsource ESG Risk, Even If You Outsource the Work

For a long time, ESG risk in the supply chain was treated as something adjacent to the business rather than integral to it. A matter of policy statements, supplier codes of conduct, and questionnaires circulated once a year, often completed quickly and filed away quietly. The appearance of diligence was usually sufficient. Oversight, such as it was, could be delegated.