Trustmarque’s AI Governance Index 2025 found more than half of UK companies admit they have either minimal governance or none at all. Just four per cent even consider their technology infrastructure fully AI-ready, while fewer than one in four bother to test for bias or explainability in their models.
The research surveyed 507 IT decision makers and revealed that most organisations are still relying on outdated development processes. These have not been updated to handle AI-specific risks like model bias or interpretability gaps. Only 28 per cent apply bias detection during testing and an even smaller 22 per cent check whether their models can be explained.
Accountability for AI oversight is shambolic, with 19 per cent of respondents admitting there is no clear owner for governance activity. Only nine per cent see alignment between IT leadership and governance efforts, leaving AI oversight fragmented and largely ignored. Executive engagement remains anaemic, with governance usually pushed down to departmental levels rather than treated as a strategic priority.
Just four per cent of organisations claim their data and systems are ready to scale AI. Registries, audit trails and model versioning are either handled manually or missing entirely. Unsurprisingly, only 18 per cent of firms measure the effectiveness of their governance through proper monitoring and KPIs.
Trustmarque AI head Seb Burrell said: “AI adoption is outpacing governance. 93 per cent of organisations are using AI but only seven per cent have fully embedded governance frameworks.”
Burrell pointed out that systems and processes have not caught up with the speed of AI innovation. Development teams lack proper tools and infrastructure, and the problem is worsened by weak management buy-in for building robust governance.
“Governance is also often seen as a constraint, but our findings suggest otherwise. Organisations that have adopted AI governance are seeing real, tangible benefits with faster deployments, stronger accountability, and reduced manual review cycles. It’s a vital support function to enable responsible, scalable AI.”
Trustmarque AI specialist and principal test consultant James McKeown said what stood out in the research was how many firms are running headfirst into AI without understanding the risks.
“We see projects moving fast, but often without the checks, controls, or delivery oversight needed to support them. That’s where governance makes the difference. Without it, you’re not just risking compliance gaps, you’re risking poor outcomes, rising costs, and wasted time. Governance isn’t about slowing things down. It’s what helps organisations scale AI safely and effectively,” McKeown said.
You can read the report here.
