7 Min. Reading Time

87 percent of companies are increasing their AI (Artificial Intelligence) budgets. Yet only 14 percent have defined at the executive level who is accountable for the results. That is the figure missing from every strategy paper. The Logicalis CIO Report 2026 reveals what many boards remain unwilling to acknowledge: The largest AI investment wave in corporate history is colliding with a governance foundation that barely exists.

Key Takeaways

The Governance Vacuum

AI investments are rising faster than any other IT category. Gartner forecasts that AI-related spending will account for 20 to 25 percent of total IT budgets in 2026, up from 5 to 8 percent two years ago. Globally, according to Gartner, $6,150 billion flows into IT spending, an increase of 9.8 percent. The GenAI share is growing by 80.8 percent.

The investments are in place. The governance is not. According to the Logicalis CIO Report 2026, only 14 percent of companies have clearly defined at the leadership level who is responsible for AI governance. This means: In 86 percent of companies, departments, project managers, or individuals decide on AI deployments without an overarching structure controlling risks, outcomes, and compliance requirements.

78 percent of employees are already using AI tools without IT approval. Shadow AI is the blind spot that no governance structure closes if it only kicks in after procurement. The reality in most companies: Departments procure AI tools independently, test them in pilot projects, and scale them before IT even finds out. By the time the governance question is raised, the facts are already established.

This is not a failure of individual companies. It is a systemic problem. AI was introduced in most organizations as a technology topic and assigned to the CIO or the CDO. But AI governance is not a technology question. It is an organizational issue that touches compliance, ethics, liability, and business strategy simultaneously. No single C-level member covers all these dimensions.

The result: Projects start without clear responsibility. When they fail, no one looks for the cause in the governance model. Instead, the model is changed, the project reset, the budget redistributed. 48 percent of AI projects miss their business goals. Not because the technology fails, but because the decision-making structure is missing. Who decides which data trains the model? Who defines what result is “good enough”? Who pulls the emergency brake when the system discriminates? These questions end up on no desk if no desk is provided for them.

The Logicalis Report puts it succinctly: Boards expect a “Unified Narrative” from CIOs encompassing governance, economics, and ethics. But only 12 percent of companies describe their AI governance processes as mature. The rest operate in a grey zone between compliance hope and organizational improvisation.

Three Models, One Problem

Companies that have actually organized AI governance typically use one of three models. Each carries a specific trade-off that is rarely discussed openly.

Model 1: CIO-centric. The CIO assumes overall responsibility for AI, including governance. This works in companies where the CIO reports directly to the CEO and has budget autonomy. In practice, 42 percent of CIOs report to the CFO. This turns AI governance into a subcategory of cost control. Innovation under cost pressure is a contradiction that manifests in every budget meeting.

Model 2: Decentralized in Business Units. Each business unit operates its own AI governance. This delivers speed because decisions are made close to the business. It simultaneously creates sprawl. If three business units operate three different AI platforms with three different compliance approaches, the company has no AI strategy. It has three. And the Cyber Insurance assesses this accordingly.

Model 3: Chief AI Officer (CAIO). A dedicated role bundling AI strategy and governance. On paper, the cleanest model. In practice, it frequently fails due to competency overlaps with the CIO, CDO, and the business units. A CAIO without budget authority is a consultant with a title. A CAIO with budget authority creates conflicts with the CIO.

None of these models is inherently right or wrong. But the choice depends on variables that are not transparently discussed in most companies: reporting lines, budget authority, and the question of whether AI is understood as infrastructure or as business transformation.

What happens in practice: Companies choose the model that generates the least resistance, not the one that fits best. The CIO gets the governance because he already owns IT. The business units retain their autonomy because the CEO doesn’t want competence disputes. The CAIO is hired because the board advisor recommended it. Each of these decisions has an organizational consequence that only becomes visible when the first major AI project fails or the first compliance audit arrives.

The recommendation that no consultant likes to give: The governance model must fit the company’s power structure, not the org chart. Whoever makes the budget decisions must also carry the governance responsibility. Anything else creates a gap between decision and liability.

According to the Logicalis CIO Report 2026, 86 percent of surveyed companies have not defined a clear responsibility structure for AI decisions at board level.
– Digital Chiefs Editorial Team

Regulatory Pressure Exacerbates the Problem

Until now, AI (Artificial Intelligence) governance was a strategic decision. From August 2026, it is a regulatory obligation. The difference is not semantic, but liability-related.

The EU AI Act makes AI governance a statutory requirement for high-risk systems from August 2026. Companies using AI in HR decisions, lending, or critical infrastructure need a documented risk management system, technical documentation, and human oversight. Penalties for violations: up to 35 million Euro or 7 percent of annual turnover.

This changes the calculation fundamentally. Until now, AI governance was a matter of best practice. From August, it is a matter of liability. Board members who cannot prove a governance structure expose themselves to personal risk. This is the point where the 14-percent figure stops being a statistic. From then on, it becomes a compliance risk.

For financial service providers, DORA (Digital Operational Resilience Act) adds to this. For the healthcare sector, the electronic patient record (ePA) and European Health Data Space (EHDS) requirements apply. Every industry gets its own layer of AI regulation. Each layer requires someone to keep the overview. The question of who that is will be asked at the latest during the next audit.

What Boards Must Decide Now

Three critical decisions await that cannot be delegated.

First: Define the Governance Model. Not as a theoretical exercise, but as an organizational reality involving reporting lines, budget allocation, and escalation paths. The model must fit the corporate structure. A mid-sized manufacturer with a CIO does not require a CAIO. A diversified conglomerate with five business units likely needs one. The decision should fall in a board meeting, not an IT strategy workshop. AI governance is an organizational decision, not a technology decision.

Second: Create an AI Inventory. Which AI systems are in use? Which of these fall under high risk? In many companies, this overview is completely missing. The 78 percent Shadow AI usage rate indicates that the official IT inventory reflects only a fraction of the actual AI landscape. The inventory must extend beyond IT: Marketing uses AI tools, HR uses AI tools, sales uses AI tools. Consult each department individually. The IT Budget Discussion 2027 cannot be conducted cleanly without this foundation. No governance model works without an inventory.

Third: Personalize Responsibility. A named person at C-level who is accountable for AI governance. Not a committee, not a working group, not “the IT”. A person with budget authority and escalation rights. Whether this is the CIO, the CDO, a CAIO, or the CEO themselves depends on the organization. That someone must be responsible is beyond question. The alternative is collective diffusion of responsibility. It invariably ends the same way: nobody feels responsible until the auditor asks.

The pragmatic solution for most organizations: The CIO assumes governance responsibility, but with an explicit mandate from the board and a separate governance budget. This prevents the most common error: governance is treated as an additional task rather than an independent function. If the CIO must finance governance from the existing IT budget, it always loses in competition with infrastructure projects. Governance needs its own budget line. Not large, but visible. A separate item in the board report signals that AI governance is not a side matter, but a deliberate investment in regulatory security, strategic control, and operational resilience of the entire company.

The 87 percent investing more will turn into the 48 percent missing their goals if the governance question remains unanswered. This is not a forecast. This is the current data situation.

The timeline is clear: August 2026 for the EU AI Act, ongoing for DORA (Digital Operational Resilience Act), continuous for internal AI projects already in production. Those who wait until summer will find that building governance retrospectively is more expensive and slower than structuring it correctly from the start. The difference between the 14 percent and the rest is not budget or knowledge. It is the willingness to ask the responsibility question before the regulator asks it.

One final point for context: AI governance is not a project with a beginning and end. It is a permanent organizational function. AI systems change, regulation evolves, use cases grow. The governance structure must grow with them. Those who treat it as a one-off compliance project will face the same gap again in two years. The 14 percent who have mature governance today will be the only ones able to scale in 2028 without starting from scratch with every new regulation.

Frequently Asked Questions

Image Source: Pexels / Vlada Karpovich (px:7433820)