Only 13% of Nearly 3,000 Global Firms Follow a Formal AI Governance Framework, UNESCO Study Finds
What happened
UNESCO and the Thomson Reuters Foundation published research on November 1, 2025, analyzing 2,972 companies across 11 sectors globally, with findings available via UNESCO AI Governance Corporate Report. The study found that while 43.7% of surveyed companies communicated an AI strategy, only 13% publicly claimed adherence to a recognized AI governance framework. Operational controls were notably weak across the sample, with just 40% of companies reporting board-level oversight of AI. Only 12.4% of firms surveyed had policies in place to ensure human oversight of AI systems. The research concludes that possessing an AI strategy does not constitute governance readiness, and that accountability pathways, human oversight requirements, monitoring, and remediation processes represent the areas of greatest material exposure for most organizations.
Why it matters
- ·The finding that only 13% of firms adhere to a formal AI governance framework signals significant regulatory exposure, as jurisdictions including the EU are increasingly mandating structured governance documentation and accountability mechanisms that most organizations are currently unprepared to demonstrate.
- ·With only 12.4% of companies maintaining human oversight policies, organizations face substantial operational risk if regulators or auditors request evidence of meaningful human review processes, particularly for high-stakes or automated AI-driven decisions.
- ·Board-level AI oversight reported by only 40% of firms indicates a widespread organizational governance gap, meaning accountability for AI-related failures or harms may lack a clear chain of responsibility, increasing liability risk for leadership and compliance functions alike.
Governance controls affected
What to do now
- ☐Conduct a gap assessment comparing your organization's current AI practices against a recognized AI governance framework such as ISO 42001 or the NIST AI RMF, and document the findings for board review.
- ☐Verify that board-level oversight of AI is formally established, with defined responsibilities, reporting cadences, and escalation paths for material AI risks documented in governance policies.
- ☐Review and update human oversight policies to ensure they explicitly cover which AI systems require human approval, what constitutes meaningful review under HOC-004, and how overrides are logged and tracked.
- ☐Map all deployed AI systems against HOC-001 risk classification criteria to identify which systems lack assigned accountability owners or escalation paths.
- ☐Prepare an internal compliance readiness report summarizing your organization's adherence to each element cited in the UNESCO findings, including oversight, monitoring, and remediation processes, to support proactive regulatory engagement.
What to watch next
Compliance teams should monitor whether the UNESCO and Thomson Reuters Foundation research prompts regulatory bodies in the EU, UK, or other active jurisdictions to reference the 13% adoption statistic as justification for accelerating mandatory governance framework requirements. Teams should also track whether industry bodies or stock exchange listing authorities respond to the board oversight findings by proposing or finalizing disclosure requirements tied to AI governance maturity. Any follow-up guidance from UNESCO or Thomson Reuters Foundation providing sector-specific benchmarks or recommended frameworks should be reviewed promptly as it may inform enforcement expectations.