I’ve seen about fifteen different versions of AI governance structures in the last year. Most of them don’t work. The ones that do share three common characteristics that I’ll get to in a moment.

The problem starts with how organisations think about governance. They treat it like compliance — a box-ticking exercise to keep Legal happy. But effective AI governance is actually about making faster, better decisions about technology that changes monthly.

The Wrong Way to Structure It

The typical approach: create a steering committee with representation from every department, meet quarterly, review proposals in 45-minute slots, send everything back for more documentation.

This approach guarantees three outcomes. First, nothing moves quickly enough to matter. Second, the governance body becomes disconnected from actual implementation. Third, people start routing around the process.

I watched this exact scenario play out at a financial services firm last year. Their AI Governance Board had seventeen members. It took six weeks to schedule a meeting. By the time proposals reached them, the business context had changed. Teams stopped asking for permission and started asking for forgiveness.

What Actually Works

The organisations getting this right have governance boards with five to seven members maximum. They meet fortnightly for an hour. They make decisions in the room, not after “further consideration.”

Here’s the composition that works. You need one senior technical leader who actually builds things — not someone three levels removed from code. You need one operational leader from a business unit deploying AI. You need someone who understands risk and compliance but isn’t paralysed by it. You need one person with budget authority who can commit money. And you need an executive sponsor who can break ties and clear roadblocks.

Notice who’s not mandatory: Legal doesn’t need a permanent seat if your risk person understands regulatory requirements. HR doesn’t need to attend every meeting if your operational leader represents workforce impacts. Marketing doesn’t need a vote if you’re focused on internal applications.

The Three Characteristics That Matter

First characteristic: decision rights are explicit. Everyone knows what the board approves, what it advises on, and what teams can do without asking. This clarity eliminates 80% of the “do we need governance approval” questions.

One enterprise retailer I worked with defined three tiers. Tier one: anything customer-facing, anything processing sensitive data, anything with regulatory implications — board approval required. Tier two: internal tools, process automation, productivity applications — board informed, not approval. Tier three: experimentation with synthetic data, individual productivity tools, proof of concepts — no board involvement.

Second characteristic: the board includes builders, not just overseers. When Team400 helped a healthcare organisation restructure their governance, we insisted their head of data science join the board. Not as a presenter, as a voting member. This changed everything. Technical feasibility discussions went from “we’ll investigate and report back” to “yes, we can do that, here’s how long it’ll take.”

Third characteristic: there’s a fast path for time-sensitive decisions. Most governance processes assume everything can wait until the next scheduled meeting. But when your competitor launches an AI feature, when a vendor offers a limited-time pilot, when a regulatory change creates new requirements — you need a mechanism for urgent decisions.

The fast path doesn’t mean no governance. It means two board members can make decisions in 48 hours for defined categories of proposals. Then the full board reviews the decision at the next meeting. This isn’t rubber-stamping, it’s acknowledging that governance serves the business, not the other way around.

What the Board Actually Does

Effective AI governance boards spend most of their time on three activities. They review and update risk frameworks as technology evolves. They resolve conflicts between competing priorities or resource requests. And they identify systemic issues that need process changes.

They don’t spend time on technical implementation details. They don’t review vendor contracts word by word. They don’t debate whether to use model A versus model B. Those decisions belong elsewhere.

The board at a professional services firm I advised spends the first twenty minutes of every meeting reviewing metrics: number of AI projects in flight, average time to production, incidents and near-misses, adoption rates. This grounds discussions in reality rather than abstractions.

They spend thirty minutes on decision items that need approval. And they spend ten minutes on forward-looking topics: emerging risks, technology trends, regulatory changes.

The Documentation That Matters

Most governance processes drown in documentation. Teams spend weeks preparing thirty-page proposals that board members skim five minutes before the meeting.

Useful governance documentation fits on two pages. Page one: what you want to do, what problem it solves, what could go wrong, and what mitigations you’ve considered. Page two: budget, timeline, success metrics, and dependencies on other teams or systems.

That’s it. If board members need more detail, they ask questions. But frontloading every possible question leads to analysis paralysis.

One manufacturing company I worked with introduced a one-page template for AI proposals. Adoption of the governance process increased by 40% in three months because teams stopped seeing it as an obstacle.

Making It Work Long-Term

The challenge with governance structures is they ossify. What works today becomes a bottleneck next year when you’re running fifty AI projects instead of five.

Build in a review mechanism. Every six months, the board assesses its own effectiveness. What decisions took too long? What issues fell through the cracks? What changed in the business or technology landscape that requires governance changes?

And pay attention to routing around behaviour. If teams consistently skip the governance process, that’s a signal the process isn’t serving them. Don’t respond with stricter enforcement. Respond by understanding why the process isn’t working and fixing it.

The point of AI governance isn’t control for its own sake. It’s enabling the organisation to move fast while managing risk appropriately. If your governance structure doesn’t make that easier, it’s not governance — it’s bureaucracy.