Ideas Made to Matter

Artificial Intelligence

Balance AI innovation and risk with ‘minimum viable governance’

By

Kristin Burnham
3 minute read

What you’ll learn: As organizations scale generative AI, traditional governance models prove to be too rigid or too loose. Minimum viable governance puts in place just enough oversight, calibrated to risk and embedded into workflows, to enable responsible innovation without slowing progress.

As organizations move from piloting generative artificial intelligence tools to deploying solutions across the enterprise, governance is becoming a bottleneck. Leaders want to accelerate adoption, but concerns about risk, compliance, and unintended consequences are slowing progress.

Many organizations respond by overcorrecting — either locking down generative AI with strict controls or allowing experimentation to run ahead without sufficient oversight. 

According to new research from Jennifer Jewer, and Nadège Levallet at the MIT Center for Information Systems Research, there is an alternative: minimum viable governance, which they define as “the least amount of governance required to manage risk effectively while enabling the organization to sense and seize opportunities.” Instead of treating governance as a static framework, minimum viable governance focuses on putting just enough structure in place to manage risk while allowing innovation to continue.

Minimum viable governance extends an earlier MIT CISR concept, minimum viable policy, which asserts that foundational principles can reduce the need for comprehensive policies. Organizations with well-developed minimum viable policy practices cut the average amount of time to make complex decisions in half and identified new opportunities at three times the rate of peers without such practices. 

Yesterday’s governance models can’t keep up with AI 

Governance models built for earlier technologies are struggling to keep pace with generative and agentic AI, the researchers found. Traditional approaches, which are structured around principles, policies, people, processes, and platforms, assume that the technology is relatively stable, risks are predictable, and demand is manageable. Generative AI breaks these assumptions: It is adopted faster than any central review can keep up with, its risk space changes faster than leaders can anticipate, and the technology itself transforms on a timescale of months.  

The result is a growing gap between governance and execution. When governance becomes too restrictive, it slows decision-making and limits innovation. When it’s too loose, it increases an organization’s exposure to risk. MIT CISR researchers describe this as a zone bounded by a governance “ceiling” and “floor.”

Above the ceiling, governance creates bottlenecks and drives workarounds, including the rise of “shadow generative AI” — the unauthorized use of AI tools and solutions. Below the floor, organizations face mounting risks, from compliance gaps to a lack of accountability for AI-driven decisions. Organizations need a way to operate between those extremes, maintaining control without stalling progress.

Most governance models can’t hold that balance. Minimum viable governance is designed to shift governance from a gatekeeping function to an enabling one.

A lightbulb with the abbreviation "Ai" on it seems to be flying like a rocket ship

AI Executive Academy

In person at MIT Sloan

Register Now

Designing governance that moves at AI speed

Minimum viable governance starts with a simple premise: Governance should be proportional to risk and embedded into how work gets done.

Instead of trying to anticipate every possible scenario up front, minimum viable governance creates a flexible foundation that can evolve alongside AI adoption. It puts mechanisms in place across all five governance domains (principles, policies, people, processes, and platforms) that support responsible use without slowing teams down.

The research highlights four design characteristics that distinguish minimum viable governance from traditional governance approaches, offering a way for leaders to assess whether their current mechanisms can keep pace with generative AI.

1. Structurally agile: Minimum viable governance requires structures that can be introduced, adjusted, or retired quickly as AI use cases shift. Rather than relying on fixed, centralized decision-making, organizations need flexible governance models that can shift roles, responsibilities, and oversight mechanisms as necessary. This allows governance to adjust as risks, technologies, and business needs evolve. 

2. Trustworthy by design: Oversight must be built into the platforms that deliver generative AI, not applied through approvals after the fact. Secure, ready-to-use platforms can automatically log every prompt and output, mask sensitive data, screen for hallucinations, and filter policy violations. When platforms enforce controls and flag anomalies, review shifts from gatekeeping before action to monitoring as needed, resting on an auditable trail of prompts, outputs, and human decisions.  

3. Integrated end-to-end: Effective governance spans AI activities, from design and development through deployment and use. It connects decision-making across governance functions (such as risk, compliance, legal, and procurement) rather than leaving each to apply its own. This prevents governance from fragmenting as initiatives move between functions. 

4. Opportunity-sensitive: Minimum viable governance treats moving too slowly as a risk in its own right. Governance should help organizations sense and seize high-value opportunities and support those efforts accordingly. By aligning oversight with business priorities, organizations can move quickly on high-value opportunities while applying appropriate safeguards. 

Read the research briefing: “Minimum Viable Governance for Generative AI” 

Nick van der Meulen is a research scientist at the MIT Center for Information Systems Research. He conducts academic research that targets the challenges of senior-level executives, with a specific interest in how companies need to organize themselves differently in the face of continuous technological change. He is one of the faculty members who teaches the MIT Sloan Executive Education course Global Executive Academy

Jennifer Jewer is an associate professor at Memorial University and a research collaborator at MIT CISR. Her research interests include IT governance, digital transformation, and health informatics. 

Nadège Levallet is an associate professor at the University of Maine and a research collaborator at MIT CISR. Her research lies at the intersection of digital technologies, strategy, and innovation in small and medium-sized organizations. 

For more info Sara Brown Senior News Editor and Writer

Related Articles

Two robots do work across from each other; one wears a heart and the other wears a queen chess piece Ideas Made to Matter The surprising power of warmth in AI negotiations A person holds a magnifying glass up to AI imagery Ideas Made to Matter Seeing real value from AI depends on being able to verify its outputs A person and various colorful symbols (lightbulb, fire, puzzle pieces, etc.) fall into a dark hole in a circuit board vortex Ideas Made to Matter ‘AI gravity’ is pulling you toward dependency. Here’s how to push back