Anyone with a pulse on privacy news — and news in general — is aware of the boom AI has seen in the past year. While regulations and legislation are proliferating nearly as fast as the technology is developing, AI governance as a practice has yet to be established, professionalized and matured to meet its demands. Many organizations are developing and deploying AI internally but lack suitably formed AI governance functions, partly due to the newness of the technology and partly due to a lack of information sharing between organizations.

The 2024 IAPP Governance Survey seeks to gather more data to highlight the extent to which the AI governance profession has evolved in the last year. We need your insights so we can gather this data and arm you with the industry takeaways you need to establish and mature AI organizational governance.

The AI space is developing rapidly

AI development and deployment are well underway in nearly all industries. Since last year, we have seen a significant increase in regulatory action on AI governance. Significantly, this year, the EU is set to have the world's first comprehensive AI law enter into force with the EU AI Act, while the U.S. saw the granting of the Executive Order on the Safe, Secure and Trustworthy Development of AI, and many other countries are proposing and implementing new laws and policies.

This surge in regulation is only set to increase as the industry continues to evolve exponentially. Data from last year's governance survey shows the AI market size has doubled since 2021 and is predicted to increase from around USD2 billion in 2023 to USD2 trillion in 2030.

Generally, the larger a company's revenue, the more likely it is to implement AI. According to the IAPP-EY Professionalizing Organizational AI Governance Report, as of 2023, 74% of organizations with more than USD60 billion in annual revenue were using AI, while 88% of large multinational organizations with operations in 60 countries used AI or intended to do so within the 12 months following the survey. The increase in AI implementation within organizations has created a need for more developed AI governance functions.

AI governance as a strategic priority

In response to the evolution of AI technology, regulation and implementation, organizations are focusing on AI governance as a strategic priority. In last year's governance survey, we asked organizations about their top five strategic priorities. Responses showed AI governance averaged as the second priority for organizations in 2023, up from the ninth most important strategic goal in 2022.

The results indicated organizations recognize the need for committed AI governance functions in line with emerging AI policies and laws. Last year, 52% of respondents from organizations with USD60 billion in annual revenue reported having established AI governance functions. In contrast, 60% of organizations with USD1 billion in annual revenue reported having developed or planned to develop AI governance functions within 12 months after the survey.

Despite the development of governance functions within organizations, teams responsible for AI governance remain relatively small. The average number of people with AI governance responsibilities in an organization last year was around nine, and 17% of respondents in organizations with governance functions reported only one person was tasked with AI governance duties. The majority of organizations with AI governance teams reported the privacy function was responsible for AI governance, followed by legal and compliance, and security, respectively.

Organizations that reported having AI governance functions noted which frameworks, if any, they used to benchmark and develop their programs. Though frameworks are still emerging and lacking maturity in the AI space, organizations are making considerable efforts to leverage them in their practices. Of respondents at organizations implementing AI, 42% reported using the U.S. National Institute of Standards and Technology's AI Risk Management Framework, while 28% reported using internally developed frameworks. This data represents a trend of using privacy governance programs to leverage AI governance in its nascent stage.

Despite increasing developments in building AI governance programs, challenges to implementation exist within organizations. Of respondents to the 2023 survey, 56% believed their organizations did not fully understand the benefits and risks to AI deployment. Additionally, 39% of respondents noted a lack of standardization was a leading challenge.

All in all, last year's survey provided an important snapshot of the current AI governance landscape within organizations of various sizes and annual revenues.

IAPP governance reports as tools for our members

Organizations that have yet to establish internal AI governance functions can benefit in various ways from the results of our survey. Its results will allow organizations to benchmark against similarly sized and situated entities, report to their boards with data and statistics, and use data to support funding and resourcing discussions to benefit internal governance teams. This data can clearly illuminate the benefits of established AI governance functions and the pitfalls of inaction for organizations. Notably, 65% of respondents to last year's survey from organizations without AI governance functions reported a lack of confidence in their privacy compliance. Conversely, only 12% of respondents with such functions reported not having confidence in their privacy-compliance abilities. These confidence measures demonstrate the importance of building out governance and can be used to garner support and funding from the C-suite level.

2024 governance survey

This year's survey aims not only to collect more data on compliance but also on incidents. We hope to gain more information on the extent to which certain practices lead to lower confidence and the increased likelihood that an organization experiences more incidents. We are also collecting privacy operations-related metrics to help privacy teams further benchmark themselves against other organizations from the report. We can only do this with your participation. Please help us by completing our anonymous survey, so we can help you by shining a light on industry trends and practices.