From vision to value

An opportunity—and a risk—like no other

Generative AI (GenAI) has rapidly risen to the top of the strategic agenda for businesses seeking a competitive edge. Its potential to transform operations and drive innovation is undeniable. However, scaling GenAI is not as simple as applying traditional transformation playbooks. Its pervasive and unstructured nature presents unique challenges, particularly in navigating the complex and constantly shifting legal and regulatory landscape.

While many organizations are eager to capitalize on GenAI's benefits, moving from pilot projects to full-scale deployment requires careful consideration. This report explores the critical balance between rapid adoption and risk mitigation, providing insights into how organizations can confidently unlock the power of GenAI while safeguarding their brand, reputation, and stakeholder trust.

How to operate to move at pace

From a strategic perspective, C-suite leaders will need to think differently about:

Governance

In the age of GenAI, C-suite leaders must balance legal compliance with innovation agility. Legal teams, well-versed in the evolving regulatory landscape of GenAI, play a crucial role in advising the C-suite on a pragmatic and commercial approach to risk and compliance. This involves developing robust frameworks to assess and mitigate risks related to data privacy, IP, and ethical considerations. Effective regulations should encourage safe and responsible innovation, rather than stifle experimentation.

Leadership

C-suite leaders require an understanding of GenAI and its capabilities, risks, and the evolving regulatory landscape. This understanding is crucial for making informed decisions about investments, implementations, and responsible AI governance. However, a significant gap exists in AI literacy at the leadership level, with a recent Deloitte survey revealing that 75% of corporate board members report having little to no experience with AI. Therefore, legal departments play a vital role in providing education and guidance on AI regulation, ethical considerations, and risk mitigation strategies. This collaborative approach helps organizations to confidently navigate the complexities of GenAI while fostering a more knowledgeable and responsible ecosystem.

Technology infrastructure

Only 45% of organizations think their technology infrastructure is highly prepared for GenAI implementation, this is why it is critical that C-suite leaders think about prioritizing technology infrastructure. This involves rigorous risk assessments, vulnerability identification, and collaboration between legal, IT, risk, and cybersecurity teams to establish comprehensive security protocols. These protocols will help to keep sensitive data and AI models away from breaches, effectively managing compliance with cybersecurity regulations and standards, IP laws, and data protection regulations.

Talent management

The GenAI revolution highlights the importance of addressing the skills gap for C-suite leaders navigating this transformative technology. With only 34% of organizations stating that they have hired new talent to fill data-related skill gaps, it is essential to invest in vigorous training and development programs for the existing workforce. These programs should not only focus on technical skills but also on responsible AI usage, risks, and controls, empowering employees to confidently leverage GenAI's potential. By creating an environment that encourages experimentation and innovation while managing risks, organizations can unlock the full value of GenAI and accelerate its adoption.

Data management and protection

Any development and use of AI requires access to quality data that does not infringe on IP or privacy laws. Effective data management involves collaborating with legal departments to achieve accuracy, security, and compliance with global and regional regulations like GDPR. Thorough consideration must be given to customer and partner data access, particularly in third-party contracts, addressing how GenAI models are trained and data usage rights, including potential limitations on usage, sale, or licensing.

Ethics and compliance

The ethical and compliant deployment of GenAI requires careful consideration of potential biases inherent in human-generated data. By working collaboratively, organizations can assess all current and proposed uses of GenAI, including data sources, training models, and user access, and then establish controls that both assess and address bias.

Published: March 2025

Authors: Richard Punt, Melinda Upton, Sebastiaan ter Wee, Gregor Strojin