Blog

Artificial intelligence in the company: Focus on governance, risk and compliance

Security and integrity in an AI-driven corporate world

from Aldo Richner

Consultant

June 30, 2025

The rapid development of artificial intelligence (AI) offers companies a wide range of opportunities, but at the same time presents them with considerable challenges in the areas of governance, risk and compliance. As Chief Information Security Officer (CISO), it is crucial to carefully consider these aspects in order to ensure both the security and integrity of the company and its data.

Governance: Establishing clear framework conditions and guidelines

The use of AI in the company requires the establishment of clear, company-wide guidelines to ensure legal compliance, ethical conduct and thus the regulated use of AI technologies. A first and important step is the definition of principles for the use of AI. These can include transparency, accountability and data protection, but do not exclude principles such as information security, the rights of data subjects or risk management. Another important aspect for the company is the development of specific AI framework conditions and regulations. The principles as well as the framework conditions and regulations should be developed jointly in workshops with the various stakeholders and set out in the form of a directive for employees. The biggest challenge is often that responsibility is assigned to the CISO, although it is actually a company-wide issue in which several stakeholders must be involved. The identification of the relevant stakeholders and the scope and level of detail of such a directive are crucial. It makes sense to seek external support in order to design this process efficiently and comprehensively. This approach not only promotes compliance, but also awareness and responsibility in dealing with AI technologies.

Risk management: identification and assessment of hazards

The use of AI entails specific risks that need to be identified and assessed. Effective risk management in connection with AI should include the following minimum steps.

  1. Risk analysis: Identifying potential risks that may arise from the use of AI, such as data leaks or incorrect decisions due to algorithmic errors or biases.
  2. Risk assessment: Evaluating the identified risks in terms of their probability of occurrence and potential impact on the company.
  3. Action planning: Developing a plan to minimize risks, such as implementing additional control mechanisms or training employees in the use of AI systems.

Compliance: adherence to legal requirements

The legal requirements for the use of AI are diverse and subject to constant change. It is therefore essential to know and comply with the applicable laws and regulations, which is why the involvement of the legal and data protection department is very important. To help companies identify potential risks at an early stage, we recommend the use of targeted check questions. These serve as an effective tool for a preliminary investigation in order to quickly decide whether an in-depth compliance check is necessary. Our experience shows that compliance risks can often be identified and addressed at an early stage. We support companies in asking the right questions and offer practical assistance. Here are some key questions you should ask yourself:

  • Is personal data or confidential business information processed when using AI?
  • Is third-party intellectual property used for the training or use of the AI?
  • Is there a high risk for the people affected by the use of AI? For example, that AI decisions could have a significant impact on the safety or lives of individuals?  

A "yes" to any of these questions signals that a deeper compliance check may be necessary.

Training and sensitization of employees

Another decisive factor is the training of employees in dealing with AI. They should not only understand the benefits, but also the potential risks and ethical implications. The implementation of clear directives and guidelines helps to ensure the responsible and legally compliant use of AI in the company. The top challenges related to employees and the use of AI that we encounter time and again are

  • Transparency: Employees should disclose when AI-generated content is used.
  • Data use: Only approved data may be used for AI tools in order to ensure data protection and confidentiality.
  • Quality control: The output of AI systems must always be checked manually for accuracy in order to avoid errors.

Conclusion

The use of AI offers great opportunities, but requires a well thought-out approach in order to minimize risks and meet regulatory requirements. Governance, risk and compliance are not isolated information security issues, but affect the entire company. AI can only be used safely and responsibly if legal, ethical and operational issues are taken into account in addition to security aspects. It is therefore crucial that all relevant stakeholders - from the legal and data protection department to risk management and the specialist departments - work together to create a clear framework. This interdisciplinary approach is the only way to develop AI guidelines and directives that are not only compliant but also practicable and meet with acceptance within the company.

Please contact us

Blog and event series AI in the IT infrastructure

This blog is one of three blog articles that highlight the specific opportunities and applications of AI in IT operations, service management and from an IT security perspective.

A special highlight shortly after the summer vacations will be our virtual breakfast event reserved for end customers, where we will facilitate an exchange of experiences between the participants and atrete in an interactive online meeting. Here you will have the opportunity to learn from the experiences of others and contribute your own questions and ideas.

Never miss a blog as a follower of atrete!

Follow us on LinkedInso you don't miss any of our exciting blog articles.
We look forward to starting this fascinating journey with you and exploring the many possibilities of Artificial Intelligence in AI-powered IT transformation towards a smarter IT infrastructure. Stay tuned for more updates and inspiring insights into the world of AI.

Image for New expertise for AI and automation at atrete

New expertise in AI and automation at atrete
Image for Implementing AI through the right use cases

Implementing AI through the right use cases
Image for Automating business processes with Robotic Process Automation

Automation of business processes with robotic process automation
Image for Design Thinking & IaC Automation: Achieving impact faster with a clear focus

Design thinking & IaC automation: achieving impact faster with a clear focus
all news