Perspectives | The governance gap

The missing institution.

For most of corporate history, business-critical technology arrived through procurement, legal, and a named owner. AI bypasses all three. The problem was never the contract. It is the missing institution around it.

For most of corporate history, business-critical technology arrived through an institution. Procurement bought it. Legal reviewed the contract. Someone signed off and owned it. The controls came attached, because the path it traveled had checkpoints built in.

AI broke that path. It arrives from an app store. A browser tab. A free tier. A tool someone found on a Tuesday. No procurement step, no contract review, no owner. The technology shows up without the institution that used to govern it.

So when people ask what to put in their AI vendor contracts, the honest answer is that the contract was rarely the problem. A competent legal team handles standard terms. The problem is that the decision to use the tool never reached legal in the first place.

That's the gap. Not the contract. The missing institution around it.

The fix isn't a better agreement. It's deciding, on purpose, what data is allowed into which tools and who signs off on a new use case before it's running. That used to happen on the way in. Now it only happens if someone decides to make it happen.

First shared on LinkedIn →
← All perspectives