AI Governance in NZ:
What It Actually Means for Your Organisation
Most NZ organisations have now started using AI in some capacity. Many are discovering that the harder question isn't how to use AI — it's how to govern it.
AI governance is one of those terms that sounds important but often stays abstract. Here's a practical take on what it actually means and why it matters.
What AI Governance Actually Is
At its core, AI governance is the set of policies, processes, and accountability structures that determine how AI is used in your organisation — and who's responsible when something goes wrong.
It answers questions like:
- Which AI tools are approved for use, and which aren't?
- What data can staff put into AI systems?
- Who reviews AI-generated outputs before they're acted on?
- How do we handle errors or biased outputs from AI?
- Are we compliant with the NZ Privacy Act when using AI on client data?
Why a Policy Document Isn't Enough
Many organisations respond to AI governance concerns by writing a policy. That's a start, but governance that only exists on paper tends to fail in practice. People don't read policies under deadline pressure. Edge cases aren't covered. The policy gets outdated as AI tools evolve faster than review cycles.
Effective AI governance is embedded in workflows, not just documented in handbooks. It means the decision about whether to use AI — and how — is built into the process itself, not left to individual judgement in the moment.
The Three Governance Failures We See Most
1. Shadow AI adoption
Staff using personal ChatGPT accounts, consumer tools, or browser extensions without organisational knowledge — often putting client data into systems that weren't approved and may not be compliant.
2. No accountability structure
When AI makes a mistake — a wrong summary, a biased recommendation, a hallucinated fact — it's unclear who's responsible for catching it, correcting it, and ensuring it doesn't happen again.
3. Governance as friction
Governance designed primarily to restrict AI use tends to be bypassed. The goal should be enabling responsible adoption — making it easy to do the right thing, not just hard to do the wrong thing.
A Starting Framework for NZ Organisations
You don't need a 40-page governance framework to start. Three foundations get most organisations most of the way:
- Approved tools list — a clear, maintained list of which AI tools staff can use and for what purposes. Updated quarterly as the landscape changes.
- Data classification rules — which data types can go into which AI systems. Client information, commercially sensitive data, and personal data should have explicit rules.
- Review requirements — for which categories of AI output require human review before action. Not everything needs review; being specific about what does keeps governance practical.
Go Deeper at Our May Meetup
At our May 4 meetup, Todd Bowman will present practical best practices for AI governance implementation — drawn from real organisational deployments. Alongside that, Dr Elsamari Botha will challenge the narrow definition of AI literacy and present a multi-dimensional framework for what it genuinely means to be AI-capable in 2026.
Whether you're starting from scratch on AI governance or trying to improve what you already have, this is the event to attend.
The AI Tension — Implementation vs Existential Risk
Monday 4 May 2026 — 5:30 PM, EPIC Innovation Centre
Dr Elsamari Botha + Hazel Shanks — Free to attend
Event Details & RSVP →