Only 26% of enterprises say AI governance keeps pace with deployment, Smarsh study finds
A study by Smarsh, conducted in collaboration with FTI Consulting, reveals that while 55% of enterprises are deploying artificial intelligence, only 26% have governance frameworks that can keep pace with their AI deployments. This highlights a significant gap in effective AI governance among businesses leveraging AI technologies.
This story was produced through MarketScale. See how Software & Technology teams put it to work with Executive Thought Leadership.
Key facts, context, and what it means, in one minute.
Key takeaways
55% of enterprises are deploying artificial intelligence.
Only 26% of enterprises have AI governance that keeps pace with deployment.
There is a significant gap in AI governance despite widespread AI adoption.
More than half of enterprises are running AI in production, but fewer than one in three can say their governance keeps up. That is the headline finding from the 2026 Enterprise AI Trends Study, released July 7 by Smarsh and conducted by FTI Consulting, which surveyed enterprise organizations across regulated industries.
A 29-point gap between deployment and governance
The study's most operational finding is the spread between adoption and readiness. While 55% of enterprises are actively deploying AI, only 26% report governance frameworks that are fully aligned with that pace of implementation. That gap is not theoretical; it translates directly into compliance exposure, especially in sectors where communications records carry regulatory weight.
Shadow AI widens the problem. Only 30% of organizations have comprehensive capabilities to detect and manage AI tools employees are using outside approved workflows. For legal, compliance, and records-management teams, those unmanaged interactions represent a supervision and recordkeeping blind spot that regulators are increasingly focused on.
Communications data moves from archive to asset
One of the study's sharper findings is a shift in how enterprises are thinking about communications data. Historically treated as a compliance liability to be preserved and produced on demand, it is being repositioned as a foundation for AI workloads, internal investigations, and business intelligence. The implication for IT and compliance leaders is direct: the quality of that data and the governance around it now shapes what AI can and cannot safely do.
Goutam Nadella, Chief Strategy Officer at Smarsh, noted in the report that organizations able to govern, protect, and activate their communications data will be better positioned to innovate responsibly and manage risk proactively. James Condon, Managing Director and Americas Head of Insights at FTI Consulting Strategic Communications, described the challenge as fundamentally a data governance problem, citing barriers around visibility, integration, data quality, and oversight as the gaps enterprises need to close before they can scale AI with confidence.
Investment signals where enterprises are focusing
The study found enterprises are already moving budget in response. Among those surveyed, 62% are investing in AI and machine learning capabilities, 53% are directing resources toward data quality and enrichment, and 51% are modernizing their archives. That three-way pattern suggests organizations understand that raw deployment is not enough without the underlying data infrastructure to support it.
Governance needs to span ecosystems, not endpoints
The report's other central argument is about scope. Enterprise AI is no longer a single-tool deployment. AI agents, collaboration platforms, APIs, and third-party applications are increasingly interconnected, and governance models built around isolated endpoints will miss the risk traveling through data flows between those systems. The study recommends governance frameworks that provide visibility across entire data ecosystems.
The study also identifies a function-level shift: compliance leaders are moving into AI strategy decisions, influencing technology investments and third-party risk assessments rather than reviewing outcomes after the fact. For procurement and operations teams evaluating AI platforms and vendors, that means compliance input at the selection stage, not just during audit.
What this means for your team
- Audit shadow AI exposure now: if fewer than a third of enterprises can detect unauthorized AI use, your organization may have the same gap. Map which collaboration tools, API connections, and third-party applications are outside your approved stack and whether those interactions are being captured.
- Treat communications data quality as an AI prerequisite: before expanding AI workloads, assess whether the underlying data is clean, enriched, and governed well enough to support the use cases you are planning. Poor-quality archives create model risk, not just compliance risk.
- Pull compliance into vendor evaluations: the study's finding that compliance is becoming a strategic function means these leaders need a seat at the table when new AI platforms or third-party applications are being assessed, not just when a regulatory exam is underway.
- Evaluate governance coverage across your AI ecosystem: governance frameworks scoped to individual tools will miss risk in the connections between AI agents, platforms, and legacy systems. Ask vendors specifically how their governance extends across interconnected workflows.
Sources
Featured companies
About the author
The MarketScale Newsroom reports on the companies, technologies, and trends shaping 16 B2B industries. It turns primary sources and expert commentary into clear, useful coverage for the people doing the work.