Leaders who wait for clarity on AI governance are already behind.

Last month, a Not-for-Profit CEO told us: “We’ll look into an AI policy once we start using AI more broadly.” When we asked what their staff were doing with AI today, their answer was telling: “I’m not really sure but we know some are using it.”

That conversation captured what we’re seeing across SMEs and not-for-profits alike: leaders delay governance because they want clarity on how they are using AI or because they picture it means a costly Copilot rollout. Meanwhile, their staff are already experimenting with free, consumer-grade AI tools — making daily decisions using their own judgement.

Here’s the truth: you don’t need perfect clarity to govern AI. Waiting for it means you’re already behind.

Staff Are Already Ahead of Leadership

McKinsey research shows leaders estimate only 4% of staff use AI heavily, while 13% of employees say they actually do. In the not-for-profit sector, Infoxchange’s 2024 report found 76% of staff use AI daily, but just 11% of organisations have any policy in place.

This gap is bigger than most leaders realise. Staff aren’t asking permission — they’re using AI to solve problems today.

Why This Matters Beyond NFPs

NFPs share the same constraints as most SMEs: tight budgets, reliance on consumer tech, and leadership blind spots. While NFPs have unique considerations around mission alignment, ethics and privacy — staff are still out in front with AI making decisions based on their own understanding or appreciation of the issues.

Without an AI policy or governance, every AI interaction carries exposure:

• Staff may share confidential data into public platforms.

• Generated content could conflict with your values.

• Compliance issues may surface months later.

Meanwhile, organisations that establish governance early gain more than risk protection. Clear boundaries create confidence. Staff can experiment without fear, and leadership can invest strategically, knowing the risks are managed.

What Good AI Policy and Governance Looks Like

It’s not about building more bureaucracy. It’s about grounding AI use in frameworks you already have.

• Acknowledge reality: Your people are already using AI — provide guidance instead of pretending otherwise.

• Build on what exists: Extend your current data, communication, and compliance policies to cover AI.

• Keep it simple: Define a vision for how AI will be used, with clear examples of acceptable and unacceptable use.

• Enable innovation: Boundaries give staff the safety to try new things responsibly.

Three Actions You Can Take This Week

1. Survey actual usage – Ask your staff what AI tools they’re already using. You’ll likely find adoption three times higher than you expected.

2. Draft basic guidelines – Extend your existing data and communication policies to cover AI. Refine later.

3. Designate oversight – Assign someone to monitor developments and update your guidance. This requires commitment, not deep technical skills.

The Bottom Line

The organisations thriving with AI aren’t the ones with the flashiest tech — they’re the ones with the clearest governance.

The policy you need isn’t perfect — it’s present. The question isn’t whether AI will transform your organisation, but whether you’ll shape that transformation or face its consequences after the fact.

Your staff are already on the AI journey. The only question is: will leadership catch up in time?