Gartner Says General Counsel Should Assert Strong AI Governance Leadership Without Hindering Innovation

With the rapid development of generative AI (GenAI) and agentic AI tools, General Counsel (GC) face a dual challenge: managing enterprise risks associated with AI without stifling innovation while preparing the legal departments to harness AI for more efficient legal support.

We spoke with Stuart Strome, Director at Gartner, who provided insight on what this means for GC and legal leaders, and how they should best navigate the opportunity and challenges.

Journalists who would like to speak with Stuart regarding this topic should contact heather.sabharwal@gartner.com. Members of the media can reference this material in articles with proper attribution to Gartner.

A: GC are ultimately accountable for legal risk events related to AI. However, in most instances, legal is not fully responsible for AI governance. Those responsibilities are shared across multiple functions. Therefore, legal’s role in governance depends on the existing efforts at the organization and the presence of strong AI governance leadership.

If there is a function taking the lead in establishing AI governance, legal needs to play its part by providing a more traditional oversight role: providing due diligence for third parties, assessing legal risks and providing legal guidance on development and use of AI at the organization.

The trick is to provide robust oversight without creating unnecessary friction for the business. Techniques like embedding triggers into existing risk assessments to flag high-risk AI projects and providing clear go/no-go criteria to guide when a use case requires additional legal review help achieve this. By concentrating their efforts on high-risk use cases and setting transparent criteria for the business to know when legal review is required, GC can protect the organization while supporting innovation.

On the other hand, if there are not pre-existing efforts, GC must be more proactive establishing strong AI governance structures throughout the organization – establishing an AI governance framework and defining roles, responsibilities and decision rights for governing and managing AI risks throughout the organization. This does not mean that legal must “own” AI governance in perpetuity. However, with AI being increasingly integrated into the business, the risks are growing, and GC must not take a wait and see approach. 

A: We find that so many GC find themselves on the backfoot, continuously reacting by updating policies, controls and compliance frameworks in response to new developments in AI regulation. However, new AI regulations often mirror or build upon existing frameworks.

Rather than reacting to every new regulation, legal departments should build their compliance framework around principles common across the jurisdictions they operate in to ensure policies and controls are broadly applicable yet resilient to change. This approach minimizes confusion, promotes consistency, and allows for minor policy tweaks rather than major overhauls as new laws and technologies emerge.

A: GC should prioritize GenAI applications that offer high value and easy adoption. The top use cases for legal departments include contract visibility, legal document summarization, meeting transcription, and legal research. These solutions are proven, reliable, and can be implemented quickly, delivering immediate business impact.

By automating highly repetitive, low-value tasks, legal teams can boost efficiency and redirect resources to more strategic work. Focusing on these practical use cases ensures that the department maximizes the benefits of AI while minimizing implementation challenges.

A: To fully capitalize on AI’s potential, GC must invest in the people, processes, and data that empower the technology, rather than focusing solely on the technology itself. Successful AI adoption requires standardized processes, robust data management, and upskilling legal teams.

Departments that prioritize digital readiness—by preparing their teams and workflows for AI integration—are nearly twice as likely to achieve successful implementation. Simply purchasing AI tools without adequate preparation leads to low adoption, resistance, or incorrect use, which can undermine efficiency. GC should promote digital readiness by instituting clear processes, ensuring high-quality data, and offering ongoing training to their teams.

Additional information and example principles each category noted above are available to Gartner clients in the report Top Insights on AI for GC.