Innovation Risk Management

Let skepticism shape your innovation, not stall you. Most rooms I’m in are brimming with Al-assisted development demos and genuine optimism about how quickly software teams can now move. That energy is real and valuable. AI is no longer just helping developers write a few lines of code faster. It increasingly helps teams refactor across files and repos, produce tests, explain unfamiliar code, and advance work through the SDLC workflows. Yet, I sometimes notice the quiet pauses before the tough questions. People worry about sounding negative, or slowing momentum, or being the only one who is uneasy. Those instincts are not only okay, but they are also just as valuable. The skepticism matters more now, not less, because the question is no longer whether AI can generate code. For me, bringing the hard questions supports progress: • What business or engineering outcome is this improving, beyond developer velocity? • Where can this fail: logic, resiliency, security, privacy, or maintainability? • What is the smallest production-relevant test that proves value? • What review, monitoring, and rollback mechanisms need to exist before we scale it? • How do we preserve human judgment where it matters most? I invite challenges to my ideas because that is how we build better ones. A few principles I’ve found useful, especially in the context of mission-critical platforms: • Challenge constructively. Do not just identify the risk and admire the problem, help design the safer path forward. • Trade “no” with “how.” If this approach is not ready, what is the fastest responsible way to learn? • Pair excitement with evidence. Instrument outcomes, test rigorously, and keep a clean rollback path. • Treat trust as a deliverable. In AI-assisted development, control is not friction. It makes speed sustainable. Our best outcomes happen when excitement fuels ambition while skepticism sharpens it. Because in this new environment, skepticism is not the enemy of innovation but is part of the engineering discipline that keeps innovation real and production worthy.

Embedding GenAI into business amplifies risk in automating decision-making with AI agents. Leaders responsible for AI must govern automated decisions to mitigate risk from algorithmic bias, unforeseen agentic actions and liability while ensuring trust-based outcomes through decision intelligence. Three key questions my latest publication seeks to address are: 1️⃣ How do we reduce the risk of using generative AI in decision making? 2️⃣ How do organizations establish decision intelligence using practices, frameworks and platforms? 3️⃣ How can organizations combat "decision amnesia" and systematically track outcomes? 📒 Innovation Insight: Decision Governance Mitigates Risks of Generative AI Agents 🔗 https://lnkd.in/eDpvrjhk (Gartner client can login to get this today) By David Pidsley and Lauren Kornutick, (published 25 September 2025) ℹ️ DECISION GOVERNANCE applies governance principles to DI, advancing decision making with an accountability framework for ethical, transparent, repeatable and outcome-aligned decisions. It governs decisions-as-assets - models, logic, metadata - by policies, standards, metrics and stewardship. Incorporating adaptive, connected and AI governance practices, it ensures decision quality, compliance and trust in human and AI decision making while improving outcomes through learning. #DecisionGovernance: This is the central theme in my latest work with clients. It provides the accountability framework needed for ethical, transparent, and outcome-aligned decisions, particularly when using GenAI agents. #GenAI: The deployment of Generative AI agents is the technology creating the critical inflection point and amplifying risk in automated decision-making addressed by my work here. #AIRisk: The core objective of a decision governance framework is to mitigate risk from algorithmic bias, unforeseen #agentic actions, and liability associated with AI-driven decisions. #DecisionIntelligence: Decision governance is an umbrella term for aspects of decision intelligence (DI), the practical discipline that advances decision making by explicitly understanding and engineering how decisions are made and how outcomes are evaluated, managed and improved via feedback. An important aspect of this is answering, "Who owns that decision?" #DecisionAmnesia: I want to highlight this major risk factor: the lack of systematic tracking of past decision outcomes within enterprises, which decision governance seeks to combat through systematic decision quality and outcome measurement.

You wouldn’t drive a car without brakes. Why would you deploy AI without governance? I’ve deployed AI across financial services, healthcare, and CPG, navigating GDPR, CCPA, and COPPA regulations. And here’s the biggest misconception I still hear from executives: “Governance slows innovation down.” That belief is backwards. Governance isn’t the barrier. It’s the brakes on your vehicle, the steering wheel, and the gears. Think about it. You wouldn’t drive a car without brakes. You wouldn’t drive without a steering wheel. Because once the engine is on, you need control mechanisms to navigate, stop, and adjust speed. That’s exactly what governance does for AI. When governance is done right: → It isn’t an afterthought → It doesn’t slow progress → It becomes the operating system for innovation Because it gives you control over direction, speed, risk, and impact. Without governance, AI moves fast. But in what direction? At what cost? With what unintended consequences? With governance, you move deliberately. You navigate obstacles, pause when necessary, and accelerate when it’s safe. That isn’t slow. That’s strategic. The companies I’ve seen successfully scale AI all did one thing early. They built governance into the foundation from day one. The ones stuck in perpetual pilots treated governance as something to “deal with later.” Innovation without governance isn’t bold. It’s reckless. What’s been your experience balancing innovation and governance in AI deployments?

How do you react when you see something new and unexpected? It says a lot about you. We all have a world view embedded in us. It comes from a combination of our upbringing, our cultures, our experiences, our friends and colleagues and the environment around us. Being aware of our intrinsic world view is key to making better decisions. Take technology for example. There are many people on LinkedIn that write posts starting with “THIS CHANGES EVERYTHING”. They tend to mention a new technology and extrapolate to upending entire industries in no time at all. Then there are the posts and comments that want to do the opposite: downplay a technology’s relevance, highlight its shortcomings, and dismiss it as a fad. Neither approach is useful if you are making business decisions (or life decisions for that matter). You need a healthy dose of skepticism but also an equal dose of optimism to make better decisions. Knowing whether you are the excited optimist or the naysayer is important. Next time you find yourself overly excited or overly dismissive of a new idea, take a step back. Consider your natural tendency. If your optimism is taking over, force a critical review of the new idea to identify gaps and weaknesses. If your tendency to dismiss is taking over, think objectively (or ask others you trust to do so if you really can’t) about its potential benefits as it develops. Only then can you take an informed decision. Most importantly, allow yourself to not be uniform in your reactions to new ideas. Some you may love outright and be enthusiastic about. Others you may dismiss. In both cases, step back, evaluate (with the help of others if needed), and then decide. #change #disruption #technology

The Overlooked Risk of AI-Driven Dialing in Europe With the EU AI Act moving closer to enforcement, many outbound teams relying on AI-driven systems will need to rethink their approach. The Act introduces stricter classifications for AI systems that automate key decisions like lead prioritization, call routing, and contact management. If flagged as “high-risk,” these systems face regulatory obligations such as mandatory audits, algorithmic accountability, and potential restrictions. One of the key triggers for high-risk classification is automated decision-making without meaningful human oversight. This can include AI systems that autonomously prioritize or engage prospects without human validation. Under the Act, businesses using these technologies may encounter: • Increased scrutiny over whether AI-driven decisions are fair, accurate, and free from bias. • Heavier documentation requirements to track and explain the outcomes of automated processes. • Compliance costs stemming from mandatory audits and potential system modifications. There’s a way to balance AI-driven efficiency with regulatory safety. Systems that integrate human-managed or hybrid approaches—where AI optimizes processes but human agents validate decisions and interactions—are more likely to remain outside high-risk classifications. For companies operating in Europe or planning to expand there, now is the time to assess whether AI is supporting your outbound strategy or inadvertently exposing it to legal risks. The difference could determine whether growth scales smoothly or hits regulatory barriers. PipelineHeroes stay within the boundaries.

For risk managers: How to integrate adaptation into your planning: 5 important considerations. As climate disasters mount and consensus on adaptation needs builds, I’m frequently asked by risk managers, how do we think about both physical and transition risks together? I try to guide them to an effective framework for translating both types of risks into financial impacts as a starting point. However, we need to go farther than that and actively consider how future strategies are influenced by the need for adaptation. In a recent workshop for risk managers, I took the new report from the NGFS about integrating adaptation into transition plans and showed how the 5 pillar framework of the ISSB and TPT can be leveraged to ensure adaptation is well considered. Here’s what that looks like for each pillar: 1. Governance- Existing governance mechanisms used for climate mitigation should also oversee adaptation objectives and monitor progress against adaptation targets once they are set. 2. Foundations- Institutions should set clear adaptation objectives focused on managing exposure to physical climate risks and, where appropriate, identifying business opportunities that enhance resilience. 3. Implementation Strategy- Based on physical risk and opportunity assessments, institutions should determine their risk and investment appetite and embed responses (e.g. avoid, accept, reduce, transfer, or invest) into business strategy and operations. 4. Engagement Strategy- Build on existing mitigation-related engagement to support a cohesive approach while fostering an internal and external environment conducive to increased climate resilience. 5. Metrics and Targets- Develop metrics starting with data stocktakes and baseline measures, then advancing to output-based metrics that assess the effectiveness of adaptation in managing physical risk. Drop me a message or comment to learn how we are helping risk managers tackle both adaptation and transition challenges! #climaterisk #adaptation #transitionplans #climateregulation #risk

Most enterprises are rushing to adopt AI. But here’s the truth no one likes to say out loud: The tech isn’t the real risk. Governance is. A model that works in the lab may fail spectacularly in production. Without guardrails, AI can generate biased, non-compliant, or even harmful outcomes. Regulators are moving faster than many companies can adapt. The result? AI promises scale and efficiency — but can quietly create existential risks if not governed well. The lesson is simple → Stage 1: Companies deploy AI tools without clear policies. → Stage 2: Shadow AI creeps in — employees using unapproved tools. → Stage 3: One compliance breach costs more than the entire AI program delivered. True AI governance isn’t about slowing innovation. It’s about protecting the enterprise while allowing it to innovate boldly. That means: ▪️Defining ownership of AI-driven decisions. ▪️Embedding transparency into every model. ▪️Aligning outputs with ethics and regulation, not just efficiency. The harsh truth? AI can win you markets. But without governance, it can also take them away overnight. So ask yourself — is your enterprise leading AI adoption, or gambling with AI risk? P.S. Dropping impactful insights that matter in my weekly newsletter every Saturday, 10 AM EST. Don't miss it. Subscribe right here!  https://lnkd.in/gcqfGeK4

#AI Impact Assessments - the missing link between innovation and governance We’re building faster than we’re controlling. Across sectors, from fintech and health to manufacturing and public services, organisations are launching AI systems with bold ambition. Yet many still treat governance as a checklist, not a living practice. That gap is what I call the “innovation-governance divide”. And it’s real: •  What counts as “AI” keeps expanding, we need clarity. •  AI Impact Assessments (AIIAs) are mandated across different regimes (gen-AI, high-risk, public sector), but few teams have a practical toolkit they can apply today. •  When deployment outpaces oversight, everything from bias to model decay to accountability gets exposed, and fast. Here’s how you move from risk theatre to control that works •  Trigger assessments not once, but at key moments, pre-deploy, material change, new context or annual renewal. •  Align assessments to recognised frameworks, like National Institute of Standards and Technology (NIST) AI RMF + the GenAI Profile, the EU AI Act, and ISO/IEC 42001. •  Don’t just list risks, include mitigation workflows, vendor due-diligence, testing logs and deployment go/no-go gates. •  Make the AIIA visible. Share it with leadership, regulators, third-parties and anyone reliant on the system’s output. •  Treat the entire lifecycle as a loop: assess, deploy, monitor, adjust, re-assess, not a one-off tick-box. If you’re using AI, you must move your A-game on assessments. Because regulators, customers and boards will no longer accept “we did a checklist” as an answer. I’ll ask for just one thing. If this post gave you something to think about, please share it with your network or tap the like button. Your support helps me continue producing thoughtful, useful content on Responsible AI and governance that truly serves this community. #ResponsibleAI #AIGovernance #AISafety #AIImpactAssessment #ISO42001 #EUAIAct #GenAI #RiskManagement

It is always great to see something published that you have worked on for a considerable amount of time – but in this case, it feels really special. AI Act, GDPR, DSA, finance, medical devices, automotive regulation: so many things close to my (academic) heart, and I could combine them all in one study on the frictions, interdependencies, and ways forward through this regulatory jungle. Here are the key policy recommendations, structured by addressees, many more in the study, someone counted 25 :). Important: Almost all of them can be achieved without any diminished protection of fundamental rights.   European Legislators   1. Designate a "Lead Act": Assign a leading regulatory framework for each sector, such as the AI Act or sector-specific laws, to reduce conflicts and enhance coherence. If that Lead Act is complied with, compliance of the other designated acts should be presumed, unless some specific provisions are exempted from that rule. Example: Art. 17(4) AI Act, one of my favorite norms in the Act, a hidden gem ;)   2. Clarify AI Act-GDPR Alignment: Address contradictions, such as differing responsibilities for AI providers under the AI Act and data controllers under the GDPR, and rules for training AI on personal data.   3. Develop Safe Harbor Standards: Create technical standards that provide compliance with the AI Act AND related regulations.   4. Conduct Regular External Reviews: Periodically and EXTERNALLY evaluate the AI Act's implementation to address contradictions, regulatory gaps and new technological challenges.    European Commission (AI Office and Sectoral Authorities)   5. Enhance Risk Analysis for Hybrid Platforms: Develop integrated guidelines for platforms that incorporate generative AI, addressing systemic risks under both the AI Act and the DSA, and the mutual reinforcement of the specific platform and GenAI risks.   6. Expand Data Access for Research: Establish mechanisms for vetted researchers to access both platform AND AI system data, inspired by the DSA’s Article 40.   National Legislators and Authorities   7. Support SMEs: Introduce grant programs to help small and medium-sized enterprises comply with AI Act and sector-specific regulations. This could, for example, fund access to training programs.   8. Foster Oversight Synergies: Clearly institutionalize the necessary collaboration between national data protection, sectoral and AI Act oversight authorities for cohesive enforcement. Be agile and project-based in solving cases involving multiple Acts.   Standardization Bodies   9. Develop Unified Standards: Provide technical standards for the AI Act AND sectoral regulations.   Industry and Civil Society   10. Encourage Cross-Disciplinary Collaboration: Establish advisory groups combining industry, academic, and civil society expertise and liaising with the national AI authorities to address sector-specific challenges.   Many thanks to Bertelsmann Stiftung, Julia Gundlach and Asena Soydas for enabling this!