
When organisations ask “how do we control AI?” I think there is a framing fallacy. The intent of AI governance is noble, but the question is flawed. The more powerful question isn’t about control at all; it’s about calibration. That distinction may sound like semantics, but it runs far deeper. One the one hand, control positions governance like a brake, something you apply to slow things down or stop them. On the other, calibration positions it like infrastructure, something you build, refine and rely on. Only one of these compounds over time.
Gartner predicts that over 40% of agentic AI projects will be cancelled by the end of 2027. This is not because the technology doesn’t work, but because teams are deploying it without a clear strategy, without understanding the complexity, and without governance built for real-world use.
The anxiety is real. In the UK, a 2025 survey of over 1,000 IT decision-makers found that larger businesses report regulatory compliance (34%) and data security (31%) as their primary AI concerns. The numbers aren’t surprising, but they do reveal a gap. Organisations know what they’re worried about, and they’re still searching for a coherent framework to act upon.
What I see most often is governance turning into friction by default. Not a deliberate policy choice, but a slow accumulation of steps that quietly solidifies into something no one feels empowered to change. The problem isn’t that guardrails exist, it’s that they stop being questioned. From human review processes and guardrail settings to approvalworkflows, each one should be fit for purpose and regularly challenged. When this doesn’t happen, the governance layer ends up with more opinions than the AI it was supposed to oversee, and the transformation programme that was meant to improve customer experience becomes a machine for generating internal processes.
The bigger problem is that governance by friction doesn’t even reduce risk; it merely redistributes it. Over-automate the wrong interactions and you create compliance risks and erode trust. Over-restrict the right ones and you slow everything down and frustrate customers. Both are failures, even if they look different on a dashboard.
In the UK, regulation makes this even more important. The Information Commissioner’s Office is clear: human oversight must be meaningful, not symbolic. Under Article 22, simply rubber-stamping decisions isn’t enough. Humans need real discretion to assess decisions made by AI and understand when to intervene.
For global enterprises, this gets even more complex. Governance goes beyond simply having policies, to having genuine presence in systems and how they operate across markets.
A more useful frame is calibration. Not every customer interaction carries the same risk and governing them identically is a design error. A billing clarification and a compliance-sensitive financial response are not the same thing. The governance question worth asking is not “should AI handle this?” it’s “how much autonomy is appropriate here, given the risk and the cost of getting it wrong?“ Such a reframe has a practical shape. We call it the “Governance Frontier.”
This is an interaction-level risk classification that is dynamic rather than static, updated as the AI earns trust through demonstrated performance, not from the outset. In practice, it looks like applying context data for a specific decision or task, or a series of decisions or tasks. This also manifests by stress-testing agents against thousands of simulated interactions before deployment. It also means a central control layer where guardrails are adjustable, so the autonomy dial can be turned deliberately as risk tolerance evolves. All of this also means audit trails, not just for regulatory defensibility, but because the traces of how AI made decisions are themselves the raw material for making it better.
The teams getting this right aren’t automating everything and hoping for the best. They map their interaction landscape, classify risk, apply autonomy selectively, and buildthe monitoring to expand (or tighten) over time. Governance isn’t layered on; it shapes the system from the start.
This is where the false choices of speed or safety, autonomy or accountability, technology or trust, actually dissolve, and it does so not through compromise, but through precision. When you know, at the interaction level, exactly how much autonomy is appropriate, you can move fast where it is safe to do so and apply friction exactly where friction is warranted. 54% of UK firms are actively using AI in 2026, up from 35% in 2025, according to research from the British Chambers of Commerce. As this uptick in AI adoption continues accelerating, the question shifts from whether to use AI to whether governance is being built in, designed separately or deferred until later.
The organisations that will define enterprise CX over the next decade are not the ones that moved fastest or the ones that moved most carefully. They are the ones that built the infrastructure to know the difference, and treated precise, calibrated governance not as a constraint on their AI ambitions, but as the foundation those ambitions required.
In customer experience, precision, predictability, and trust aren’t optional. Investing in the right governance model not only provides all four, but supports businesses as they navigate local and global regulations.



