The relationship between regulation, innovation, and AI governance

The AI landscape has shifted dramatically so far in 2025. With decades of experience in helping organizations with best practices in privacy, data protection, security, and compliance, I’ve noticed something fascinating — the regulatory pendulum for AI has swung in an unexpected direction.

In the new administration, technology companies who previously kept Washington at an arm’s length are actively engaging with policymakers, trying to shape a future where American AI faces less regulation. While the government is moving with unprecedented speed (rather than caution), this creates an exciting dynamic for companies. Momentum from previous years was toward wide-scale regulation, but the environment we see today gives technology companies considerably more freedom with fewer guardrails. This creates both huge opportunity and significant responsibility for organizations.

Why self-governance is more important than ever 

Without immediate pressure from far-reaching federal regulations, companies have more freedom — but this comes with the heightened responsibility to govern data effectively, and puts pressure on companies that need to get their security policies in order. 

Organizations implementing robust governance frameworks will be better positioned to:

• Build trust in increasingly powerful AI systems
• Adapt quickly when regulatory requirements inevitably change
• Work across global markets with different regulatory approaches
• Reduce risks that could damage reputation or create liability

The responsible approach is not to view this as a regulation-free zone, but as a chance to establish best practices balancing innovation with appropriate guardrails. In fact, according to our survey, fewer than half of organizations have an AI Acceptable Use Policy, despite widespread adoption of publicly available generative AI tools.

Navigating global compliance challenges

While United States regulations might be easing, globally, things remain complex. Many organizations must comply with strict frameworks like the EU AI Act, GDPR and various emerging regulations across Asia. This creates a fragmented compliance landscape where global businesses need to adapt their governance to match local requirements, while maintaining efficient operations. The ability to self-govern remains critical, regardless of any single country’s approach.

Organizations looking to succeed in this changing environment should focus on these key elements: 

• Flexible governance structures: Develop approaches that can adapt to changing requirements while supporting innovation.
• Transparency: Make AI processes explainable and documentable — this builds essential trust.
• Risk management tools: Leverage solutions providing visibility into data usage across AI systems to identify and remediate any potential issues early. 
• Data quality and security: AI governance builds on existing data policies and management — ensuring quality, security, and appropriate usage is fundamental.
• Empowered teams: Give your people the tools they need to implement governance policies consistently without slowing innovation. Not all of us are security pros, but we all have a responsibility to stay security aware. 

Now what? 

This moment gives organizations a chance to show that responsible innovation and effective self-governance can work together. It isn’t feasible to build a business based on the winds of political change, but by investing in data protection, risk intelligence, information lifecycle management, and data migration, organizations position themselves for success regardless of how requirements evolve. Those viewing compliance as a competitive advantage rather than a burden will be better equipped for whatever comes next.

In this time of increased freedom and responsibility, the ability to self-govern not only allows businesses to regulate their systems appropriately, but also to adapt quickly to changing requirements. With the right approach and tools, they can confidently embrace AI’s potential while managing risks — turning this regulatory shift into a strategic advantage.