AI Governance takes center stage under the European AI Act: Experts highlight the need for responsibility , ethical oversight

THE HAGUE--Now that the European AI Act has introduced strict requirements for the development and use of artificial intelligence (AI), along with enforcement mechanisms and potential fines, the need for strong AI Governance within both public and private organizations has become more urgent than ever.

In an article published by iBestuur.nl, Rein Mertens and Edwin van Unen, AI Governance Advisors at SAS, emphasize that organizations must move beyond compliance checklists and build a culture of accountability, transparency, and ethical awareness around AI use.

Mertens, who leads the Customer Advisory team at SAS Netherlands, recently completed the Certified AI Compliance Officer (CAICO®) training at ICTRecht. “Many participants in the program had simply ‘added’ AI compliance responsibilities to existing roles such as Chief Information Security Officer or Data Protection Officer,” he said. “That illustrates the lack of clear accountability. A Highberg survey of 70 organizations earlier this year found that in 57% of cases, it was unclear who was responsible for AI compliance. That is disturbing.”

Van Unen explained that the assignment of responsibility varies widely across sectors. “In the banking sector, predictive AI models have been used for decades, so governance structures are well established. But when it comes to new technologies like generative AI or large language models in customer service, it’s often unclear who is responsible,” he said.

At SAS, AI Governance refers to a structured system of processes, rules, and procedures that ensure AI is developed and used responsibly, ethically, and securely. Mertens advocates for embedding this responsibility in a clearly defined function, even if shared among multiple roles.

“Depending on the organization’s size, it doesn’t have to be one person, but accountability must clearly rest somewhere,” Mertens explained.

𝐂𝐨𝐫𝐞 𝐑𝐞𝐬𝐩𝐨𝐧𝐬𝐢𝐛𝐢𝐥𝐢𝐭𝐢𝐞𝐬 𝐨𝐟 𝐀𝐈 𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞

According to SAS, an AI Governance or AI Compliance Officer should:

• Advise on legal and ethical issues surrounding AI.

• Ensure compliance with the AI Act and related regulations such as the GDPR.

• Collaborate with privacy and security experts to align frameworks.

• Promote AI literacy within the organization.

• Map all AI applications and provide clarity about governance processes.

𝐌𝐚𝐩𝐩𝐢𝐧𝐠 𝐀𝐈 𝐌𝐚𝐭𝐮𝐫𝐢𝐭𝐲

SAS has developed a free self-assessment tool, the AI Governance Map, which helps organizations measure their AI maturity across four dimensions:

• Supervision and Control – clarity on oversight and accountability.

• Compliance – adherence to internal and external standards.

• Operation – integration of governance into daily processes.

• Culture – awareness and behavior toward responsible AI use.

“With this tool, organizations can identify their current position and next steps toward responsible AI maturity,” said Mertens. “The design of AI Governance depends on your goals and your type of organization.”

𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞 𝐚𝐬 𝐂𝐮𝐥𝐭𝐮𝐫𝐞

Van Unen stressed that AI Governance must go beyond policies and become part of an organization’s culture. “Guidelines define what you must comply with, but ultimately, values determine how you act. AI should be used in a way that is fair, transparent, and explainable. Technology supports that, but people make it real.”

Mertens added that governance is not a one-off task. “It’s not something you assign and forget. You have to keep monitoring whether systems behave as intended. Through Model Management, organizations can automatically track deviations and act before problems escalate — something that is still rare in practice.”

𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞 𝐚𝐬 𝐚 𝐃𝐫𝐢𝐯𝐞𝐫 𝐨𝐟 𝐈𝐧𝐧𝐨𝐯𝐚𝐭𝐢𝐨𝐧

Both advisors argue that proper AI Governance does not stifle innovation but strengthens it. “We learned from data privacy that once you have the right technical and organizational safeguards, innovation flourishes,” said Mertens. “The same applies to the AI Act. When you have control over AI, you can truly innovate.”

Van Unen concluded: “Our AI Governance systems are designed not to block development but to help organizations build AI faster, more securely, and more reliably.”

𝘈𝘶𝘵𝘩𝘰𝘳𝘴:

𝘙𝘦𝘪𝘯 𝘔𝘦𝘳𝘵𝘦𝘯𝘴 𝘢𝘯𝘥 𝘌𝘥𝘸𝘪𝘯 𝘷𝘢𝘯 𝘜𝘯𝘦𝘯, 𝘈𝘐 𝘎𝘰𝘷𝘦𝘳𝘯𝘢𝘯𝘤𝘦 𝘈𝘥𝘷𝘪𝘴𝘰𝘳𝘴 𝘢𝘵 𝘚𝘈𝘚

𝘖𝘳𝘪𝘨𝘪𝘯𝘢𝘭 𝘱𝘶𝘣𝘭𝘪𝘤𝘢𝘵𝘪𝘰𝘯: 𝘪𝘉𝘦𝘴𝘵𝘶𝘶𝘳.𝘯𝘭

‍