The AI Imperative: What Every Business Leader Needs to Know Right Now

We've Been Here Before

I started my career when desktop computers were making their way into corporate offices, and I watched something remarkable happen: the machines arrived before the culture changed. I was not new to computers at the time. I had one at home. I was a hobbyist and a programmer, had built my own Apple clone, and had previously been building and selling computers while at university. I understood what these machines could do. What I was about to witness was how long it takes an organization's culture to catch up.

Executives and managers received their new desktop computers, and they were set up for them on their desks right in the middle of their ink blotter. They were status symbols as much as tools. But for a significant period, many of those executives did not know how to type. The typing pool still existed. The secretaries were still at their typewriters. And what unfolded was one of the most peculiar hybrid cultures I've ever witnessed in a workplace.

Managers would receive emails on their screens. They would call their secretaries to print those emails. They would then read the printout, handwrite a response in the margin or on a separate sheet, and hand it back to the secretary, who would type the reply and send it electronically. The irony was total: digital technology being mediated through paper and manual labor, not because the technology was insufficient, but because the organizational culture, the habits, and the skill sets had not yet moved.

There were interim technologies that kept this hybrid state alive longer than it should have been. Dedicated word-processing machines, which were not quite typewriters and not quite personal computers, gave organizations a way to appear modern while avoiding the full discomfort of the transition. Eventually, the typing pool shrank. Then it disappeared. Managers learned to type. Email became something they did themselves. The transition took years, caused real organizational pain, and produced clear winners and losers. The organizations that adapted fastest built advantage. The ones that waited until they were forced often found themselves playing catch-up on skills that their competitors had already embedded.

That story is not historical trivia. It is the pattern.

Technology disruption follows a recognizable arc, and we have lived through it multiple times. Mainframe computers gave way to desktop PCs, which gave way to networked desktop applications and client-server architecture. Pagers gave way to mobile phones, which gave way to smartphones that carry more computing power than the early computers that filled entire floors. Web 1.0 gave us static websites and digital brochures. Web 2.0 gave us social platforms, interactive content, and user-generated media. The proposed Web 3.0 pointed toward decentralized, semantic systems.

And now: large language models and the ChatGPT era have given way to generative AI broadly, which is already giving way to agentic AI, where systems do not just produce outputs but take autonomous action across systems, without a human in the approval loop.

It is worth noting that AI did not arrive suddenly in 2023. There were early, limited machine learning applications running in businesses long before the LLM era. Interactive Voice Response systems, IVR, used early call routing algorithms that could detect spoken digits or simple keywords. These were not intelligent in any meaningful sense, but they represented the first deployment of machine-driven decision logic in customer-facing operations. Basic voice agents followed, clearly identifiable as machines, operating within tightly defined scripts, frustrating to anyone who has ever shouted "agent" at an automated telephone menu. Siri launched in 2011. Amazon Alexa arrived in 2014. Google Assistant followed. These systems familiarized millions of consumers and employees with the concept of interacting conversationally with a machine, even if the underlying capabilities were narrow and the interactions often clumsy. Organizations embedded these tools into customer service, IT helpdesks, and internal operations without treating them as a significant governance challenge. They were point solutions with defined scope and predictable behavior. The breakthrough that Google's research teams laid groundwork for, and that OpenAI leveraged into public consciousness with ChatGPT in late 2022, was something categorically different: a system that could generate novel, coherent, contextually appropriate outputs across essentially unlimited domains. The transition from those early IVR systems to today's agentic AI is not a linear upgrade. It is a series of step changes, and the most consequential one is still in progress.

The question worth pausing on is whether this is simply a faster version of the same disruption cycle we have navigated before, or whether it is categorically different.

My view, after more than two decades working with leaders through major business and technology transitions, is that the honest answer is: both. The pattern is familiar. The speed and scope are not.

AI, and particularly agentic AI, is not just another wave. It is a platform shift with compressing timelines that is challenging every existing model of governance, delivery, and leadership simultaneously. The organizations that treat it as just another technology upgrade will find themselves in the same position as the executives who had their secretaries print out emails. Functional, for a time. Increasingly disadvantaged. And then suddenly behind in ways that are very difficult to reverse.

The Speed Divide: Go Fast or Go Slow?

Every organization right now is wrestling with some version of the same question: should we move fast on AI or take a measured approach? The answer is not simple, and anyone who tells you it is has probably not looked carefully at both sides.

The case for moving fast is real and grounded in data. First-mover advantage in AI is playing out in measurable ways: in productivity, in talent leverage, in cost structures, and in customer experience. Deloitte's 2026 State of AI in the Enterprise report found that worker access to AI rose by 50% in 2025, and that the number of companies with 40% or more of their AI projects in production is set to double within six months. That is not an incremental trend. That is a market reshaping at pace.

Early adopters are not just saving money. They are restructuring what their organizations can do. They are changing the economics of customer service, software development, content production, and data analysis in ways that their slower competitors are only beginning to understand. By the time a cautious organization completes its governance framework and issues its first AI policy, its faster competitor may have already rebuilt three core business processes around AI and passed the productivity gains on to customers in the form of lower prices or faster service.

The risk of moving fast without governance is also real. Organizations that deploy AI without clear data standards, accountability structures, or human oversight protocols create technical debt that compounds. They expose themselves to liability when AI systems produce errors at scale. They can erode trust with employees and customers in ways that damage the organization well beyond the immediate AI project.

The case for a measured pace draws on history. In 1999 and 2000, investor euphoria drove technology valuations to levels completely disconnected from business fundamentals. Companies were burning cash at spectacular rates on the promise of future internet profits. Pets.com raised $82.5 million in an IPO and was liquidated nine months later. Webvan raised $375 million and collapsed without ever achieving profitability. When the correction came, it was brutal. Hundreds of billions in market cap evaporated. Companies that had over-invested in unproven technology without operational discipline were wiped out.

The critical difference between then and now, however, is that today's AI investment is increasingly backed by real earnings, real productivity gains, and measurable margin expansion. The S&P 500 Technology sector today contributes roughly 20% of total index profits, compared to the dot-com era where multiple expansion far outpaced earnings growth. The underlying business case for AI is materially more sound than the underlying business case for most dot-com era investments.

But warning signs are present. CNBC reported in May 2026 that AI chip valuations, as measured by the SOX semiconductor index, are now 62% above their 200-day moving average, a spread that surpasses even the Nasdaq's 55% margin before the dot-com bubble burst in 2000. By one measure, according to Bank of America strategist Michael Hartnett, AI chip concentration now approaches the 73% spread seen in French stocks before the collapse of the Mississippi Bubble in 1720. These are not comfortable comparisons for long-term investors.

The risk of going slow is also real, and it is underappreciated by leaders who default to caution. Waiting for certainty in a market that is restructuring quickly is not a neutral position. The typing pool did not get a second chance once word processors went mainstream. The travel agent industry did not get a recovery after Expedia and Booking.com changed the economics of leisure travel permanently.

There is also the problem of what I call the frozen middle: a dynamic where executives signal urgency and publicly commit to AI transformation, practitioners on the ground wait for policy guidance and approved tools, and the organization effectively moves at the speed of its most cautious participant. The result is a gap between stated ambition and actual capability that competitors are happy to exploit.

The balanced view is this: disciplined speed is not the same as recklessness. The organizations winning right now are implementing AI in contained, well-governed experiments, learning from those experiments, and scaling what works. They are not betting the entire organization on wholesale transformation with no guardrails. And they are not waiting for perfect governance before starting. The companies that survived and thrived after the dot-com correction, including Amazon and Google, were the ones building real infrastructure to solve real customer problems, not chasing the hype cycle. That distinction matters as much now as it did then.

What Makes AI Genuinely Different

Previous technology disruptions augmented human work. Spreadsheets made accountants faster. CRM systems made salespeople more organized. ERP systems made operations more visible. The human was still in the loop, still making the judgment calls, still accountable for the outcome. The technology was a tool that a person wielded.

AI agents are something qualitatively different. They can replace decision-making loops entirely. They can take sequences of actions autonomously, across multiple systems, without a human approving each step. That is a different category of technology, and it demands a different category of governance response.

Several characteristics make this transition genuinely unlike the ones that came before.

Compressing timelines. PC rollouts took years. Organizations had time to train, adapt, and build institutional knowledge about the technology before the next version arrived. AI capabilities are shifting quarter by quarter. A deployment built around a specific model's capabilities in Q1 may behave differently by Q3 if the underlying model has been updated by the vendor. The pace of change is outrunning most organizations' ability to absorb it.

The black box problem. Unlike an ERP or CRM system, where you can trace exactly why a system produced a specific output, many AI systems cannot be fully audited. When an AI produces a recommendation or takes an action, the reasoning path is often opaque. This creates a new category of governance challenge: how do you maintain accountability for outputs you cannot fully explain?

Data dependency at scale. AI systems are only as good as the data they are trained on and the data they operate against. Unlike prior technology rollouts, where data quality was an IT concern that could be addressed incrementally, AI governance requires data lineage, provenance standards, and quality controls that span the entire organization before meaningful deployment. The garbage-in-garbage-out principle has never been more consequential.

Multi-system entanglement. AI does not land in one department and stay there. It cuts across HR, finance, operations, legal, and customer service simultaneously. An AI agent handling customer inquiries may be making decisions that have legal, financial, and reputational implications all at once. Implementation failures are therefore cross-functional failures, and recovery from them is correspondingly complex.

Workforce psychology. The emotional weight of AI displacement fear is qualitatively different from "we're upgrading the software." People facing prior technology transitions were worried about learning a new tool. People facing AI transitions are worried about whether their role will exist. That is a fundamentally different conversation, and it requires fundamentally different change management approaches.

Agentic accountability. When an autonomous AI agent takes an action that causes harm: sending the wrong communication to a customer, making an incorrect financial adjustment, taking a compliance-affecting action without review, current legal and corporate liability frameworks do not cleanly assign responsibility. This is a governance gap with no clean precedent in business technology.

In over two decades of advising delivery leaders through major technology changes, I have not seen a technology that simultaneously touches every layer of an organization's risk profile at once: financial, legal, operational, ethical, and reputational. That combination is new. It demands that leaders engage with AI as a governance and strategy question, not just a technology procurement question.

The Real-World Reckoning: Companies Already Acting

The transition is not theoretical. The numbers are in, and they tell a complex story that deserves honest analysis.

IBM offers one of the most instructive examples of what managed AI-driven workforce transition looks like. In May 2023, CEO Arvind Krishna stated that 30% of back-office roles, roughly 7,800 positions, could be replaced by AI over five years. By January 2026, IBM confirmed it had replaced hundreds of HR employees with AI systems. Their AskHR system now automates 94% of routine HR tasks, handling more than 11.5 million interactions annually. Critically, IBM's total employment has increased. The company redirected investment into software development, sales, and marketing roles that require complex problem-solving and interpersonal skills. This is the managed transition model: AI substitutes for specific task categories, and organizations redirect investment rather than simply cut headcount.

Salesforce took a more direct approach. The company cut approximately 4,000 customer support roles, with CEO Marc Benioff stating that AI handles 50% of the company's customer service work. The nuance worth noting: Salesforce simultaneously hired in sales roles supporting the same AI platform. The company reduced headcount in one function while growing it in another, reflecting a restructuring rather than a simple contraction.

Klarna is the most instructive cautionary case in enterprise AI right now, and it deserves careful attention from any leader considering full AI replacement of customer-facing roles. In 2024, Klarna announced that its AI had replaced the equivalent of 700 customer service agents (later updated to 800 or more). CEO Sebastian Siemiatkowski publicly declared this a success. By 2025 and into 2026, Klarna was quietly reversing course. Customer satisfaction scores had deteriorated on complex interactions. Rehiring costs exceeded original savings projections. By early 2026, Klarna had shifted to a hybrid model where AI handles routine, high-volume queries and human agents handle escalations and complex cases. Siemiatkowski admitted publicly: "As cost unfortunately seems to have been a too predominant evaluation factor when organizing this, what you end up having is lower quality." The Klarna case is now the canonical enterprise cautionary tale for 2026. It illustrates precisely why full AI replacement strategies in customer-facing roles tend to fail, and why hybrid human-AI models consistently outperform either pure automation or purely manual approaches.

Amazon announced in October 2025 the elimination of approximately 14,000 corporate roles, explicitly framed as a reallocation of resources toward AI investment while reducing costs in other areas. Microsoft cut more than 15,000 roles in 2025 while simultaneously accelerating its AI investment, including an $80 billion commitment to AI infrastructure.

Chegg cut 45% of its workforce (388 employees) in October 2025, explicitly attributing the action to "the new realities of AI" and AI-driven decline in its core traffic. Duolingo cut 10% of its contractor workforce in early 2024, citing AI's ability to perform content creation and translation work that contractors had previously done. Workday cut 1,750 jobs while announcing redirected investment into AI capabilities.

The broader picture requires some important context. Challenger, Gray and Christmas tracked approximately 55,000 AI-cited job cuts in 2025. That is less than 5% of the 1.17 million total US layoffs that year. Market conditions, restructuring, and contract loss were all cited more frequently as layoff causes than AI.

A January 2026 Harvard Business Review analysis found that AI is behind at least some layoffs, but that these are almost completely in anticipation of AI's impact rather than because AI is actually performing the displaced work. Researchers and analysts have begun calling this "AI redundancy washing": attributing layoffs to AI because it sends a positive signal to investors and frames cost-cutting as strategic transformation rather than expense reduction.

Stanford University's analysis of ADP payroll records found something more specific and more concerning: workers aged 22 to 25 in AI-exposed occupations have experienced a 13% relative decline in employment since late 2022. Employment for software developers aged 22 to 25 declined nearly 20% compared to its peak. Customer service workers in the same age cohort saw similar patterns. Experienced workers in the same occupations saw stable or growing employment. AI is, at this point, suppressing entry-level hiring more than it is eliminating experienced roles.

BCG projects that 10% to 15% of US jobs could be eliminated in the next four to five years due to AI substitution, while 50% to 55% of jobs will be meaningfully reshaped. These are not small numbers. They represent tens of millions of working people navigating a transition that is moving faster than any comparable technology shift in the past century.

The secretarial and typing pool parallel is not historical trivia. It is the pattern. The question for leaders is not whether AI will reshape roles in their organizations. It is whether they are being honest with their people about that reality, and whether they have a workforce transition plan or are simply cutting headcount and hoping the math works.

The Governance Imperative: Frameworks in the Age of AI

The governance landscape for AI is simultaneously robust in theory and underdeveloped in practice. Multiple frameworks exist. None of them fully address what AI actually introduces into an organization's risk profile. Here is an honest survey of where things stand, what the gaps are, and what smart leaders are doing about it.

PMI and Project Management

The Project Management Institute has begun integrating AI into its competency frameworks, and this is meaningful progress. But standards still lag implementation reality significantly. AI projects challenge the fundamental assumptions of traditional stage-gate delivery models. Iterative, non-deterministic outputs, where each run of a model may produce a different result even with identical inputs, do not fit waterfall governance cleanly. They do not fit standard Agile approaches cleanly either.

Delivery leaders need new project typologies for AI work: experimentation sprints with clear success criteria, model validation gates, and bias review checkpoints built into delivery cadences. The current PMBOK does not yet contain a complete AI delivery standard. Leaders are largely operating on emerging guidance, internal adaptation, and the lived experience of early implementations. That is not a criticism of PMI; it is an acknowledgment of how fast the space is moving relative to any standards body's ability to respond.

ITIL and IT Service Management

ITIL 4 provides a useful starting point through its service value chain, but AI introduces failure modes that the framework was not designed to address. The ITIL AI governance framework organizes AI governance across four critical perspectives: Risk and Authority (who owns decisions made by AI systems), Ethics and Responsible AI (embedding fairness and accountability into the AI lifecycle), Data and Performance (governing the quality of data feeding models), and Compliance and Operations (adapting existing ITIL processes to monitor and audit AI systems dynamically).

AI changes incident management fundamentally. In traditional IT, an incident is typically localized: a server goes down, an application throws an error, a service becomes unavailable. When an AI agent makes a bad decision at scale, the incident may have already propagated thousands of times before detection. The blast radius of an AI incident is potentially orders of magnitude larger than a traditional IT incident, and the detection window is often longer because the errors may be subtle rather than catastrophic.

New ITIL requirements are emerging around AI-specific concerns: model versioning (treating each model update as a controlled change), prompt versioning (treating prompt changes with the same rigor as code changes), and training data lineage as a configuration management item. Organizations that are already managing software versioning and change control are reasonably positioned to extend those disciplines to AI, but the extension is not automatic. It requires deliberate design.

COBIT

COBIT's governance objectives map well to AI: accountability definition, risk assessment, compliance monitoring, and continuous improvement. The framework's emphasis on strategic alignment, risk management, and performance measurement translates directly into AI governance requirements. Key COBIT AI priorities include accuracy of AI-generated information, clear accountability for AI outputs, and appropriate human oversight particularly in high-risk contexts.

COBIT is a particularly strong fit for regulated industries including financial services, healthcare, and government, where the governance expectations are already structured around formal accountability frameworks and audit trails. Organizations in these sectors that have already invested in COBIT compliance are better positioned to extend their existing governance structures to cover AI than organizations that are starting from scratch.

Sarbanes-Oxley

SOX requires CEO and CFO personal certification of internal controls over financial reporting. When AI is embedded in financial analysis, forecasting, or reporting systems, this creates significant new audit complexity that most finance teams are only beginning to grapple with.

AI governance controls are now treated as a SOX compliance necessity: transparency in how AI systems produce financial outputs, auditability of the logic behind AI-generated analyses, and bias minimization in financial AI systems. The central emerging question for any public company with AI in its financial stack is: when an AI system produces a financial analysis or recommendation that is incorporated into a disclosure, who certifies the control? Who is legally accountable if it is wrong? The CEO and CFO certify the financial statements. Can they certify the integrity of an AI system whose decision logic they cannot fully audit?

SOX obligations follow the data wherever it lives, including cloud-hosted AI systems operated by third-party vendors. This means that vendor selection and vendor risk management are now directly relevant to SOX compliance in ways they were not before.

EU AI Act

The European Union has produced the world's first comprehensive AI legal framework, and its reach extends well beyond EU borders. The EU AI Act entered into force in August 2024 and operates on a risk-tiered model: prohibited systems (certain biometric surveillance and social scoring applications), high-risk systems subject to strict obligations (AI in employment, critical infrastructure, education, healthcare), and general-purpose AI models with transparency requirements.

The practical compliance timeline for most organizations is now: prohibited practices have been in effect since February 2025; transparency rules for AI-generated content apply from August 2026. Any organization with EU operations or EU customers needs a compliance posture established now, not at the point when regulatory enforcement begins. Building governance retroactively onto running systems is both more expensive and less effective than building it in from the beginning.

Canadian Regulatory Landscape

Canada's path to comprehensive AI regulation has been interrupted. The proposed Artificial Intelligence and Data Act (AIDA), part of Bill C-27, died on the parliamentary order paper in January 2025 when Parliament was prorogued following Prime Minister Trudeau's resignation. Canada currently has no comprehensive federal AI law.

What fills the gap is a patchwork of sector-specific obligations: Ontario's Bill 194 covering public sector AI obligations including hospitals and educational institutions; OSFI guidance for financial institutions; draft responsible AI principles from British Columbia; and Quebec's Ministère de la Cybersécurité principles. Prime Minister Mark Carney's Liberal government, which won the April 2025 federal election and secured a majority through subsequent by-elections in 2026, has signaled an innovation-first approach to AI governance. Carney's background as a central banker and his emphasis on building Canadian economic competitiveness suggest the federal approach will favor targeted intervention in high-risk cases over a comprehensive cross-sectoral regulatory framework, though no formal AI policy has been tabled to date.

For Canadian business leaders: OSFI guidance and provincial obligations represent the near-term compliance reality. Any Canadian organization with EU customer exposure must also be EU AI Act compliant regardless of the domestic federal gap. That is a significant compliance obligation that does not disappear simply because AIDA did.

ISO 42001

ISO 42001 is the emerging international standard for AI management systems, published in late 2023. It is still early in adoption, but it is increasingly referenced in procurement requirements and vendor risk assessments, particularly in sectors where buyers want assurance about AI governance maturity. Organizations building AI governance frameworks from scratch are increasingly using ISO 42001 as a structural reference, and the standard's inclusion in procurement criteria is likely to accelerate as enterprise AI deployments mature.

The Pattern Across All Frameworks

The pattern across every framework is the same. Standards bodies are adapting governance structures built for deterministic systems to govern non-deterministic AI. That gap between where the standards are and where the technology already is remains real and current. Smart delivery leaders are not waiting for the standards to catch up. They are building internal governance structures now, learning from early implementations, and treating the gap as a competitive opportunity rather than a compliance problem to defer.

What Delivery Leaders Actually Need to Do

This is the practical core of everything I have said above. If you are a delivery leader, a CIO, a program director, or a C-suite executive who is accountable for AI outcomes in your organization, here is what the evidence suggests you need to do.

Stand up an AI governance structure before you scale the portfolio, not after. Governance retrofitted onto running AI systems is far harder and far more expensive than governance built in from the start. This is not a compliance checkbox. It is an operational and financial risk management decision. Define who owns AI decisions, who is accountable when an AI system produces an incorrect or harmful output, and what the escalation path is. Do this before your first production deployment.

Define your organization's AI risk appetite explicitly, and treat it as a board-level conversation. AI risk appetite is not an IT question. It touches on liability, workforce strategy, customer trust, regulatory exposure, and brand reputation. Conflating AI risk governance with IT governance is one of the most common and costly mistakes I observe. The board needs to be engaged on this question, not briefed after the fact.

Implement human-in-the-loop review gates, especially for agentic AI deployments. The Klarna case makes the cost of skipping this step concrete and measurable. Autonomous AI systems taking actions at scale need human oversight checkpoints, particularly in the early stages of deployment. Build those checkpoints into the design, not as an afterthought.

Treat AI model versions like software releases. Version control, change management protocols, regression testing, and communication to affected business users when a model is updated. Many organizations have not yet internalized that when an AI vendor updates their model, the behavior of that system in your environment may change without any action on your part and without any notification. A model that behaved consistently last quarter may not behave the same way this quarter. That is a new category of operational risk that traditional software change management does not address.

This problem is not entirely new. Software vendors have been managing this tension for more than 50 years. The enterprise software industry eventually moved toward structured release management, giving corporate customers defined upgrade windows, advance notification of changes, and meaningful migration periods. On-premise enterprise software gave organizations full control over when to deploy a new version. The discipline was hard-won, the product of decades of enterprise procurement pressure and painful experience with forced changes.

The SaaS era eroded much of that. Cloud vendors began declaring release dates with varying degrees of notice, effectively requiring corporate clients to absorb change on the vendor's schedule rather than their own. Some gave meaningful warning. Others pushed updates silently. Enterprise procurement teams pushed back, and the better vendors built customer-controlled staging environments, release delay options, and change communication practices into their enterprise contracts.

AI vendors are now navigating this same evolution, but the stakes are higher because model behavior changes are non-deterministic and harder to test than feature changes in traditional software. Microsoft Azure OpenAI has established a structured lifecycle policy for enterprise customers: GA models are supported for 18 months, customers receive advance notice before deprecation, and a replacement model is made available 90 to 120 days before retirement. Provisioned deployments are not auto-upgraded, giving enterprise customers a manual migration window. OpenAI's API deprecation policy commits to customer notification by email and documentation for all deprecations. These are meaningful steps. But behavior changes within a model version, not just model retirements, remain a less-governed area. An update to model weights can alter output tone, accuracy on specific tasks, or reasoning patterns without triggering a formal change notification.

For delivery leaders, this means vendor contracts for AI systems should explicitly address notification obligations for model updates, behavioral testing requirements before updates are applied to production environments, and rollback rights. Procurement functions that have not yet built AI-specific language into their vendor agreements are carrying unquantified operational risk. The enterprise software industry learned this lesson through experience. Leaders who engage procurement and legal now, before an unannounced model update causes a production issue, will be better positioned than those who discover the gap after the fact.

Establish data lineage and provenance standards as a strategic priority. The quality of AI output is directly tied to the quality of the data that trains it and the data it operates against. Governing data quality is not an IT housekeeping function. It is a strategic AI risk issue that belongs in the same governance conversation as model selection and deployment architecture.

Build AI literacy across the organization at every level. Deloitte's 2026 State of AI in the Enterprise report identifies the AI skills gap as the single biggest barrier to integration. Education, not role redesign, was the number one way companies adjusted their talent strategies due to AI. Fifty-three percent of surveyed leaders cited educating the broader workforce to raise overall AI fluency as their top talent strategy response. That investment is not optional if you want your AI deployments to actually work.

Take change management seriously, and do not delegate it entirely to HR. Prosci's ADKAR framework and Kotter's change model both require AI-specific adaptation because the emotional stakes for workers facing AI implementation are higher than most prior change programs. People are not resisting a new software interface. Many believe their role is at risk of elimination. The change management approach for "we are implementing a new ERP" and "we are deploying AI agents that will handle tasks your team currently does" requires meaningfully different strategies, different timelines, and different leadership engagement.

Start with contained experiments and scale governance alongside capability. Organizations that try to govern AI deployment across the enterprise in a single initiative fail at the governance layer long before they fail at the technology layer. Start in one domain. Get the governance model working. Learn from the failures while the blast radius is small. Scale what works.

What I consistently see with clients who are succeeding with AI implementation is that the technology decision is actually the easy part. The governance, the culture, and the leadership alignment are where implementations succeed or fail. The executives who are winning are the ones who treat those three elements as equally important as the model selection.

The Human Factor: Jobs, Society, and the Long View

Every technology wave in history has generated fear of mass displacement. And every wave has ultimately created more net jobs than it eliminated. But the transitions were painful, uneven, and unkind to those without the resources, the skills, or the institutional support to adapt quickly.

The PC did not eliminate the office. The internet did not eliminate commerce. Smartphones did not eliminate human connection. But all three fundamentally restructured who did what, which roles carried value, and which skills were required to access that value. The transition produced winners and losers, and the losers were rarely the ones with the resources to adapt quickly.

AI is following this pattern, but with a critical difference: the speed of the transition is compressing dramatically. The typing pool transition took roughly a decade. Entire industries restructured over the course of a generation during the Industrial Revolution. AI capability shifts are happening quarter by quarter. That compression is the real risk. Not AI itself, but the speed at which roles are being reshaped faster than individuals and institutions can build the new skills those roles require.

For organizations, workforce planning now requires scenario modeling that incorporates AI capability curves, not just headcount projections and attrition rates. What will this role look like in 18 months? In three years? Which task categories within it are most exposed to AI substitution? Which require human judgment in ways that are currently irreplaceable? These are not HR questions. They are strategic planning questions that belong at the executive table.

The economic parallel to prior waves is instructive. The internet created entirely new industries that did not exist before it arrived: e-commerce, social media, the app economy, digital marketing, cloud services. These were not marginal additions to the existing economy. They restructured it. Agentic AI will create roles and industries that do not yet have names. That is both genuinely exciting and genuinely difficult to plan for.

The equity concern is real and deserves explicit attention. Historically, technology disruption disproportionately affects lower-income and lower-skilled workers first, before the economic benefits diffuse broadly. The BCG analysis projects that 12% of current jobs face full AI substitution in the roles most exposed to automation, with downward wage pressure for the positions that remain in those categories. The Stanford ADP payroll data already shows this pattern in motion: entry-level workers in AI-exposed occupations are bearing the early impact of AI substitution while experienced workers in the same fields are largely unaffected.

Leaders who treat AI purely as a technology optimization question will miss the workforce stewardship dimension that increasingly defines organizational culture, brand, and the ability to attract and retain talent.

The leaders I see handling this well are the ones who are having honest conversations with their people. Not promising that nothing will change. Not issuing corporate communications that say "AI will make your job better" without explaining what that means in practice. But committing to transparency about where the organization is going, being clear about what the transition looks like for the workforce, and building the training and reskilling infrastructure to support the people who will be most affected.

A few examples stand out. Indeed launched a structured AI upskilling program that directly addressed employee anxiety, built role-specific training for developers and research teams, and communicated transparently about what was changing and why. Developers at Indeed now generate 33% of their code with AI assistance, up from 7% in a short period. The upskilling investment came before the productivity expectation, not after. PwC took a similarly proactive approach, publicly acknowledging that AI would automate many entry-level accounting tasks, redesigning training for new staff to emphasize higher-order skills such as critical thinking, negotiation, and oversight of AI systems, and committing that within three years, junior staff would take on responsibilities previously held by mid-level managers. Ford CEO Jim Farley went on record at the Aspen Ideas Festival stating that AI could replace half of all white-collar jobs, choosing directness over reassurance, and pairing that assessment with an explicit commitment to planning support for affected employees. These leaders did not avoid the hard conversation. They shaped it.

That honesty is hard. It is also, consistently, what separates organizations that navigate technology transitions well from those that damage their culture and their talent pipeline in the process.

Emerging Concerns That Standard Practice Has Not Caught Up To

Governance frameworks are adapting. Regulations are developing. But several risk categories are already present in enterprise AI deployments that neither the frameworks nor the regulations have fully addressed.

AI hallucination at enterprise scale. When an AI system produces a confident, authoritative, and completely incorrect output in a customer-facing, financial, or operational context, standard quality assurance processes are not designed to catch it systematically. AI hallucination is not an edge case. It is a regular occurrence with current generation systems. The challenge at enterprise scale is that an AI system may produce thousands of incorrect outputs before a pattern is detected. This is a new category of operational risk that requires new detection and monitoring capabilities specifically designed for non-deterministic systems.

Agentic accountability gaps. If an autonomous AI agent takes an action that causes harm, current legal and corporate liability frameworks do not cleanly assign responsibility. Is it the organization that deployed the agent? The vendor that built the model? The developer who designed the agent workflow? The person who approved the deployment? This question does not yet have a settled legal answer in most jurisdictions. Organizations deploying agentic AI are operating in a liability landscape that has not yet been defined by courts or regulators, which is a significant risk that many legal and compliance teams have not fully inventoried.

Vendor dependency and concentration risk. The enterprise AI stack is highly concentrated among a small number of providers. This is a new form of third-party risk that procurement and IT risk functions were not built to manage. When a single vendor updates their model, it can change the behavior of business-critical AI systems across the enterprise simultaneously, without notice. The equivalent in traditional software would be a software vendor pushing an update to your production systems without your approval. Organizations need to think about AI vendor concentration with the same rigor they apply to any other critical single-supplier dependency.

AI-enabled social engineering and fraud. Deepfake audio and video are operational threats to business processes right now, not future risks. Fraudsters are using AI-generated voice and video to impersonate executives, authorize fraudulent transactions, and manipulate employees in ways that traditional security awareness training does not address. Information security frameworks built for phishing and password attacks are not sufficient for an environment where a CFO can receive what appears to be a video call from the CEO requesting an emergency funds transfer. This threat is active and growing, and the controls for it are underdeveloped relative to the exposure.

Regulatory arbitrage risk. Some organizations are exploring locating AI operations in less-regulated jurisdictions to avoid EU AI Act compliance or similar emerging obligations. This is a short-term play with significant long-term risk. Regulatory convergence across jurisdictions is accelerating, not slowing down. Organizations that build AI operations designed to circumvent current regulation will face increasingly expensive retrofitting as the regulatory environment catches up, and they may face reputational and contractual consequences from customers and partners who require compliance.

Model drift. AI models updated by vendors can change behavior without notification and without any change in the organization's own code or configurations. This is a new category of operational risk with no clean equivalent in traditional software change management. An AI system that behaved consistently last quarter, producing outputs within expected parameters, may not behave the same way this quarter because the underlying model was updated. Organizations need monitoring systems specifically designed to detect behavioral drift in AI systems over time, separate from traditional application performance monitoring.

Shadow AI. The organizational equivalent of shadow IT. Employees are using personal AI tools on business data, in business workflows, without IT visibility, security review, or data governance. This is already widespread in most organizations and largely ungoverned. Data that enters a personal AI tool may be used to train future model versions, retained by the vendor, or exposed to security risks that enterprise procurement processes would have caught. Shadow AI is not a future concern. It is a current reality in virtually every organization that has not explicitly addressed it.

The Leader's Mandate

This is not the time to delegate AI entirely to the IT function, or to wait passively for a regulatory framework to define the boundaries of responsible action.

The leaders who will define the competitive landscape of the next decade are not necessarily those who moved the fastest. They are those who asked the right questions early: about governance, about accountability, about their workforce, and about what it means to deploy technology responsibly at this scale and speed. And they built the organizational capability to move with discipline rather than simply with speed.

Return to the story at the opening. The executives who struggled most in the PC transition were not the ones who lacked intelligence. They were the ones who treated the technology as someone else's problem until it was unavoidable. They waited until the cultural pressure was undeniable before learning to type, before redesigning how their teams worked, before engaging seriously with what the technology actually required of them as leaders. The ones who adapted successfully were the ones who leaned into the discomfort early, built the skills, and redesigned how their organizations worked before they were forced to.

The organizations I see succeeding with AI are the ones where the C-suite and the board are aligned on three things before they run the first production deployment: what problem they are actually solving, what governance structure protects the organization if something goes wrong, and what the honest commitment to their workforce looks like through the transition. That alignment has to be genuine, not performative. McKinsey's 2025 workplace AI research found that while employee readiness and familiarity with AI are high, the gap between stated leadership ambition and actual board-level governance engagement remains significant. The companies closing that gap fastest are the ones where the CEO and board have had an explicit conversation about AI risk appetite, not just AI opportunity, and where that conversation produced a written governance position rather than a verbal aspiration. That alignment is harder to build than any AI system. It is also the thing that makes everything else work.

We could not fully anticipate in 1995 what the internet would become or how completely it would restructure business and society. The organizations that built durable capability through that transition were the ones that treated it as a governance and strategy question from the beginning, not just a technology procurement decision. AI is the same test, running at a faster clock speed.

The question is not whether it will reshape your organization. It already is. The question is whether you are leading that change, or being led by it.

If You Haven't Started Yet: A Practical First-Steps Summary

If your organization has not yet taken meaningful action on AI, this section is for you. The good news is that starting now still puts you ahead of a significant portion of the market. The better news is that the path forward is not complicated. It is disciplined.

At the corporate level, take these steps in roughly this order:

1. Take inventory before you take action. Identify every place AI is already operating in your organization, including the shadow AI your employees are using without IT oversight. You cannot govern what you have not counted. Build an AI Bill of Materials.
2. Have the board conversation on risk appetite. This is the single most important step for organizations that have not started. Define explicitly what categories of AI use are acceptable, what require oversight, and what are off-limits. Write it down. This is a governance decision, not an IT decision.
3. Assign ownership. Someone at the executive level needs to be accountable for AI outcomes. That accountability cannot live only in IT. It needs to sit with the business.
4. Start one contained experiment. Choose a business problem where AI could add measurable value. Build a governance structure around it before you deploy. Learn from it. Scale what works.
5. Address your data quality now. AI amplifies the quality of your data. If your data is inconsistent, siloed, or poorly governed, your AI outputs will reflect that. This is foundational work that cannot be skipped.
6. Build AI literacy at every level. Executives who have not used AI personally cannot lead this conversation credibly. Training is not optional and should not wait for a strategy to be finalized.
7. Get vendor contracts right from the start. Any new AI vendor agreement should address model update notification, behavioral testing rights, and rollback provisions. This is much easier to negotiate before deployment than after.

At the personal level, start using AI yourself.

This may be the most important single action a leader can take right now, and it is free. Create an account with one of the major AI assistants and use it for a week on real work: drafting a communication, summarizing a long document, thinking through a business problem, preparing for a difficult conversation. Use it at home if that feels more comfortable. Ask it questions you would be embarrassed to ask a colleague. Push it until it fails.

The reason this matters is the same reason it mattered when the BlackBerry first arrived and changed how executives communicated around the clock, or when the iPhone made the internet personal and always present. Leaders who actually used those devices understood intuitively what their organizations were experiencing and what was possible. Leaders who remained at arm's length were perpetually behind the conversation. Your employees are already using AI. Many of them are using it daily. Some of them are building workflows around it that their managers do not know exist. You cannot have a credible conversation with your team about AI strategy, AI risk, or AI governance if you have not experienced firsthand what the pull is. The attraction is real. The productivity gain is tangible. The limitations and failure modes are also real, and they are only visible from the inside.

The leaders who will navigate this transition well are not necessarily the most technically sophisticated. They are the ones who stayed curious, stayed close to the technology, and led from a position of genuine understanding rather than delegated assumption.

Appendix: Framework Comparison Table

This table covers the primary governance frameworks, standards bodies, and national or intergovernmental regulatory regimes that delivery leaders and C-suite executives should be tracking. It is organized in three sections: delivery and IT governance frameworks, national and regional regulatory regimes, and intergovernmental and standards bodies.

Section A: Delivery and IT Governance Frameworks

Section B: National and Regional Regulatory Regimes

Section C: Intergovernmental and Standards Bodies

Nigel Thomas is an executive coach and leadership consultant at SimplifyMgmt, with more than 20 years advising leaders through complex technology change. He works with Leaders, and boards navigating governance, strategy, and organizational transformation.