AI is already everywhere in legal and business operations. The guardrails are not. According to the new AI Governance Gap report from LegalFly — 154 general counsel surveyed across the UK, France, and Germany — 90% of organisations use AI daily, but only 18% have a fully implemented AI policy. The function is moving faster than it can govern, and the gap is widening every quarter.
But “governance gap” understates the problem. The canonical reframe: this is a Defensibility gap — the function cannot yet produce, on request, the evidence that AI use is bounded, controlled, and accountable. Policies-on-paper do not close it. Defensibility Posture does.
The velocity-Defensibility paradox
AI adoption is exploding across departments — legal included. Oversight has not caught up. Most governance is fragmented, informal, or non-existent. Three risks compound:
- Shadow AI — tools used without approval. Risk Taxonomy 2026 Class 8.
- Sensitive data exposure — client or vendor data fed into unsecured systems. Class 7 (Client confidentiality breach) and Class 2 (Data leakage).
- Accountability dilution — no named owner of AI decisions. Class 9. When an incident occurs, the function discovers no one was the responsible authoriser.
This is no longer a compliance issue. It is a reputational, regulatory, and client-trust exposure that the board will see before the general counsel does.
The client-data signal: a Defensibility-floor breach
Two LegalFly findings deserve special attention. 34% of organisations use AI on sensitive client or vendor data. Nearly 30% of AI policies do not address data protection at all. The intersection — functions putting sensitive material into AI systems without a policy that contemplates it — is a Defensibility-floor breach by definition. The Defensibility Posture Statement cannot render activity the function did not control.
Six canonical practices to close the gap
Six practices, each mapped to the canonical Pillar 4 (Defensible AI Governance) and Pillar 6 (Vendor & Procurement). None are aspirational; all are operationally testable this quarter.
1. Surface Shadow AI — populate the AI BoM
Inventory every AI tool in use — sanctioned, embedded, and Shadow. The canonical AI BoM (AI Bill of Materials) is the artefact. Without it, every other practice on this list is theatre. With it, Shadow AI moves from invisible exposure to managed inventory.
2. Adopt a common framework — NIST AI RMF aligned to Defensible AI
Use the NIST AI Risk Management Framework as the shared language across legal, IT, compliance, and business. Adopt it as the operating spine of the Defensible AI Governance Framework (Module GOV-01) rather than building a bespoke vocabulary that nobody else uses.
3. Embed safeguards in workflows, not PDFs
Access controls and data-minimisation are infrastructure decisions, not policy statements. Build them into the systems users actually touch — enterprise GenAI gateways, intake forms, contract workflows. Governance that lives only in a PDF is the kind that never makes it into the Defensibility Posture Statement.
4. Anonymise by default
Strip sensitive data before it reaches any AI system. The 34% of organisations putting client data into AI deserve a structural fix, not a training session. Enterprise GenAI gateways with PII-redaction, contract intake pipelines with anonymisation steps, regulatory monitoring that operates on summaries rather than originals.
5. Treat model misuse as security threat
Prompt injection, data-poisoning, jailbreaks — these are not clever tricks. They are attack vectors that require detection and response inside the AI Incident Response Playbook (Module GOV-05). Treat them like any other security incident class: named on-call, escalation tree, regulator notification readiness.
6. Offer approved alternatives — enable more, ban less
Pure prohibition produces Shadow AI growth. Sanctioned, monitored alternatives that meet 80% of the user need produce adoption inside the BoM. Replace the unmanaged tool with a managed equivalent before banning the unmanaged tool. This is procurement working as Pillar 6, not policy working as enforcement.
Defensibility is the enabler, not the enemy
Too many teams still treat governance as red tape. In reality, it is the gate that lets the function deploy AI at scale without absorbing the downside risk individually. Defensibility frameworks that are simple, practical, and embedded into daily work separate teams that experiment from teams that operate. The functions closing the gap this quarter own next year's deployment authority. The functions that do not, will be remediating retrospectively at GDPR-precedent multiples.
Share this issue