Trust in AI now depends on governance, says Jeff Hoyle, EVP and UK and North America Managing Director at Expleo, an engineering, technology and consulting services provider.
Expleo’s AI Pulse sentiment tracker shows that confidence in organisationsโ ability to use AI successfully is slipping, even as adoption keeps climbing. That gap confirms that the easy phase of AI is over. Building or procuring a tool is one task. Governing it once it starts shaping live operational decisions is a far harder one. Pilots and trials still have their place. The tougher work begins when AI starts shaping live decisions. At that point, the question is no longer technical performance, but one of control, visibility and trust.
From adoption to oversight
Most organisations are still treating AI as an innovation programme, even though its role has shifted firmly into operations. That mismatch is the problem. A tool can perform flawlessly in testing and still surface uncomfortable questions the moment it touches live work – about where it is being used, what part it is playing in a process, and who owns the outcome when something goes wrong.
That is why the UK Governmentโs AI Management Essentials guidance puts its emphasis on the organisational processes around AI rather than the product itself. The harder phase of adoption begins when organisations realise capability isnโt the issue, itโs governance.
That is also where confidence starts to dip. Early enthusiasm celebrates what AI can do. Operational use asks something harder. Who owns the decision when an AI system shapes an action? How is that judgement reviewed? What happens when an output looks plausible but the reasoning behind it isnโt?
Confidence depends on visibility
All of those questions come back to a single point: transparency. You cannot govern what you cannot see. That doesnโt mean reducing every model to a textbook explanation, but teams need enough visibility to act with confidence in what the system is doing and why.
The ICOโs guidance on explaining decisions made with AI puts it plainly: explanation is a practical requirement, not a nice-to-have. In a security context, where trust is the currency, that distinction is everything. People affected by an output โ whether colleagues, customers or regulators โ need to understand how it is being used and what safeguards sit around it.
Operational context matters more than the testing environment. AI systems donโt sit in isolation, but instead ride on data flows and user behaviour that are often already inconsistent and poorly documented. A model can perform well in a narrow test and still prove difficult to govern once it meets the messier reality of live use. That is where confidence quietly drains away.
Governance has to stay close to deployment
This is where governance frameworks earn their keep. The UK Governmentโs Introduction to AI assurance frames the task simply: assurance is about building justified trust through measurement, evaluation and communication. For security leaders, that translates directly. Trust isnโt something you declare, itโs something you evidence.
The same principle runs through ISO/IEC 42001, which sets out a formal management system for AI. Good governance does three things: it defines ownership and use boundaries, builds a route for review when issues emerge, and stays close to deployment, because that is where the pressure actually lands. Policies written at a distance will not hold if operational teams are left to interpret risk on the fly. Further detail on scaling AI governance is set out in Expleo’s adoption report.
None of this stops at go-live. Conditions shift, data sources change, patterns of use evolve, and the risk picture moves with them. Post-deployment monitoring is part of the governance task, not an optional add-on. The NCSCโs guidelines for secure AI system development make the same point, treating secure deployment, operation and maintenance as equal in weight to design and development.
Seen in that light, the dip in confidence isnโt a retreat, but rather the moment trust in AI stops being declared and starts being earned. AI is moving from innovation programme to operational reality. The organisations that handle that shift well will be the ones whose AI still holds up when conditions get harder. And in security, more than anywhere else, that is what governance will be measured on.
