Article
Artificial intelligence (AI) has moved from pilot projects into core decisions, customer journeys, risk scoring, content generation, workforce planning, and public service design. Many organizations now face a governance gap: AI enters operations faster than accountability, control evidence, human oversight, and audit practice mature. This article addresses this gap through a practice-oriented framework for AI governance aligned with the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 42001 artificial intelligence management system. The article uses a design-oriented action research approach. It draws on academic literature, the European Union (EU) Artificial Intelligence Act, the Organisation for Economic Co-operation and Development (OECD) AI Principles, the National Institute of Standards and Technology (NIST) AI Risk Management Framework, and ISO/IEC 42001. Its contribution is the Governance Architecture for Trustworthy Enterprise AI (GATE-AI), an original framework for organizations undergoing digital transformation. GATE-AI translates ethical principles into decision rights, risk tiers, lifecycle gates, documentation artefacts, human oversight, monitoring routines, and management review. The proposed intervention supports AI inventory creation, risk classification, impact assessment, control treatment, release approval, incident learning, and continual improvement. Expected outcomes include stronger regulatory readiness, less shadow AI, clearer ownership, more reliable audit trails, improved stakeholder trust, and better alignment between digital transformation strategy and responsible AI practice. The article concludes by arguing for AI governance as a management discipline, not a compliance appendix.
Scroll to read the preview. Download for the complete document.
Batool, A., Zowghi, D., & Bano, M. (2025). AI governance: A systematic literature review. AI and Ethics, 5, 3265-3279. https://doi.org/10.1007/s43681-024-00653-w
Berente, N., Gu, B., Recker, J., & Santhanam, R. (2021). Managing artificial intelligence. MIS Quarterly, 45(3), 1433-1450. https://doi.org/10.25300/MISQ/2021/16274
Coghlan, D., & Shani, A. B. (2019). Action research in business and management: A reflective review. Action Research, 17(3), 518-541. https://doi.org/10.1177/1476750319852147
European Commission. (2024). AI Act enters into force. https://commission.europa.eu/news-and-media/news/ai-act-enters-force-2024-08-01_en
European Commission. (2025). General-purpose AI obligations under the AI Act. https://digital-strategy.ec.europa.eu/en/factpages/general-purpose-ai-obligations-under-ai-act
European Parliament and Council of the European Union. (2024). Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence. Official Journal of the European Union. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
Gebru, T., Morgenstern, J., Vecchione, B., Vaughan, J. W., Wallach, H., Daume III, H., & Crawford, K. (2021). Datasheets for datasets. Communications of the ACM, 64(12), 86-92. https://doi.org/10.1145/3458723
High-Level Expert Group on Artificial Intelligence. (2019). Ethics guidelines for trustworthy AI. European Commission. https://digital-strategy.ec.europa.eu/en/library/ethics-guidelines-trustworthy-ai
International Organization for Standardization and International Electrotechnical Commission. (2023a). ISO/IEC 42001:2023, Artificial intelligence, Management system. ISO. https://www.iso.org/standard/42001
International Organization for Standardization and International Electrotechnical Commission. (2023b). ISO/IEC 23894:2023, Artificial intelligence, Guidance on risk management. ISO. https://www.iso.org/standard/77304.html
Mantymaki, M., Minkkinen, M., Birkstedt, T., & Viljanen, M. (2022). Defining organizational AI governance. AI and Ethics, 2, 603-609. https://doi.org/10.1007/s43681-022-00143-x
Mitchell, M., Wu, S., Zaldivar, A., Barnes, P., Vasserman, L., Hutchinson, B., Spitzer, E., Raji, I. D., & Gebru, T. (2019). Model cards for model reporting. Proceedings of the Conference on Fairness, Accountability, and Transparency, 220-229. https://doi.org/10.1145/3287560.3287596
National Institute of Standards and Technology. (2023). Artificial intelligence risk management framework (AI RMF 1.0) (NIST AI 100-1). U.S. Department of Commerce. https://doi.org/10.6028/NIST.AI.100-1
National Institute of Standards and Technology. (2024). Artificial intelligence risk management framework: Generative artificial intelligence profile (NIST AI 600-1). U.S. Department of Commerce. https://doi.org/10.6028/NIST.AI.600-1
Organisation for Economic Co-operation and Development. (2024a). OECD AI Principles overview. https://oecd.ai/en/ai-principles
Organisation for Economic Co-operation and Development. (2024b). OECD updates AI Principles to stay abreast of rapid technological developments. https://www.oecd.org/en/about/news/press-releases/2024/05/oecd-updates-ai-principles-to-stay-abreast-of-rapid-technological-developments.html
Papagiannidis, E., Mikalef, P., & Conboy, K. (2025). Responsible artificial intelligence governance: A review and research framework. Journal of Strategic Information Systems, 34(2), 101885. https://doi.org/10.1016/j.jsis.2024.101885
Raji, I. D., Smart, A., White, R. N., Mitchell, M., Gebru, T., Hutchinson, B., Smith-Loud, J., Theron, D., & Barnes, P. (2020). Closing the AI accountability gap: Defining an end-to-end framework for internal algorithmic auditing. Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency, 33-44. https://doi.org/10.1145/3351095.3372873
Selbst, A. D., Boyd, D., Friedler, S. A., Venkatasubramanian, S., & Vertesi, J. (2019). Fairness and abstraction in socio-technical systems. Proceedings of the Conference on Fairness, Accountability, and Transparency, 59-68. https://doi.org/10.1145/3287560.3287598
UNESCO. (2021). Recommendation on the ethics of artificial intelligence. https://unesdoc.unesco.org/ark:/48223/pf0000381137
Vial, G. (2019). Understanding digital transformation: A review and a research agenda. Journal of Strategic Information Systems, 28(2), 118-144. https://doi.org/10.1016/j.jsis.2019.01.003
Metrics are updated in real time as the article is accessed and downloaded.
Comments
Leave a Comment