Episode Details

Get featured on the show by leaving us a Voice Mail: https://bit.ly/MIPVM 

John Rood shares how organisations can unlock real value from AI by balancing innovation, governance, and compliance. Learn why robust frameworks, practical training, and a bottom-up approach are key to sustainable AI adoption and risk management. 

👉 Full Show Notes
https://www.microsoftinnovationpodcast.com/792 

🎙️ What you’ll learn  

• How to implement effective AI governance without stifling innovation 
• Practical steps for building an AI management system 
• The role of ISO 42001 and the EU AI Act in compliance 
• Strategies to drive AI adoption and avoid shadow AI 
• How to design ongoing AI literacy programmes for all staff 

 ✅ Highlights 

• “A poorly designed policy, I think, does stifle innovation. I think a well-conceived policy manages that trade-off.” 
• “Shadow AI happens because organisations go buy an AI product and then lock it down.” 
• “Our first recommendation… is that you’ve got to have someone to champion AI initiatives.” 
• “Most organisations will start either from ISO 42001, or… the NIST AI risk management framework.” 
• “The idea is we’re not just trying to put together a set of policies… What we’re trying to create is a living process.” 
• “A great AI management system defines who has to get trained in what, and then make sure that actually happens on a regular basis.” 
• “If your customers knew how you treat their data, they might not be your customers anymore.” 
• “The top-down programmes tend to go poorly, whereas the… bottom-up programmes tend to do much better.” 
• “When we are able to empower more people… we start to build the organisation’s muscle.” 
• “The first step… is always regulatory.” 
• “EU AI Act is written… to be extraordinarily broad.” 
• “At the top of the pyramid, there’s a certain set of fairly robust training or literacy requirements that should be for whoever’s actually making the AI.” 

🧰 Mentioned 

• ISO 42001: https://www.iso.org/standard/42001  
• EU AI Act: https://artificialintelligenceact.eu/the-act/  
• NIST AI risk management framework: https://www.nist.gov/itl/ai-risk-management-framework  
• GDPR: https://gdpr.eu/ 

✅Keywords 
ai governance, iso 42001, eu ai act, compliance, shadow ai, risk management, ai management system, ai literacy, bottom-up adoption, regulatory, data privacy, nist framework 

Microsoft 365 Copilot Adoption is a Microsoft Press book for leaders and consultants. It shows how to identify high-value use cases, set guardrails, enable champions, and measure impact, so Copilot sticks. Practical frameworks, checklists, and metrics you can use this month. Get the book: https://bit.ly/CopilotAdoption

Support the show

If you want to get in touch with me, you can message me here on Linkedin.

Thanks for listening 🚀 - Mark Smith