Foreward

New Challenges, Current Skills

As we look forward to 2026, Ethisphere remains steadfast in our mission to advance business integrity. Artificial intelligence (AI) is no longer a future reality. It's a business imperative for ethics and compliance teams globally as they work to advance business integrity within their organization, and by extension, across the business itself.

At many companies, Ethics & Compliance (E&C) teams became early stakeholders in organization-wide AI as they created the governance around the use of this technology. As they did that, E&C got an unobstructed view of how transformative—and disruptive—AI can be. As the regulatory environment continues to evolve through legislation and litigation, teams will need to stay engaged with the changing expectations, just as they have for other risk areas.

Fortunately, no one is better positioned than E&C to do exactly that.

With so many E&C teams asked to deliver an impact beyond what their departmental budgets would suggest, the case for E&C’s own use of AI has never been clearer. You are ideally situated to use this technology in a way that radically advances how much your team can actually do on behalf of your organization. This report will offer clear instruction and examples of how, as well as ideas of where we see the risks and opportunities evolving.

ERICA

SALMON BYRNE

Chief Strategy Officer, Ethisphere

Executive Summary

E&C leaders are done debating whether or how to use AI. We’re executing. 77% of E&C teams now hold a significant or coordinating role in AI governance, and 57% have employees trained in AI. Crucially, governance is the unlock for outcomes. When guardrails are codified into approvals, contracts, and monitoring, compliance can safely reap the rewards and implement AI with defensible oversight.

These things alone don’t sufficiently manage AI risk, however. Most AI enters the organization via vendors, and while 84% of E&C teams own third-party risk, only 15% include AI provisions in third-party codes and just 14% have audited even half of their vendors.

This report closes that gap with insights into the AI regulatory landscape and governance framework examples, plus RACIs, model inventories, impact reviews, and HITL triggers. And since E&C leaders want less theory and more proof, we are also sharing peer stories from Ethisphere's BELA companies Verisk, Cargill, and Palo Alto Networks to showcase their literacy-first adoption and RAG-enabled workflows that shift time from drafting to judgment.

THE MANDATE IS CLEAR:

move from policy to proof, extend governance downstream to third parties, and convert compliance’s seat at the table into measurable program performance.

Tim

Morss

Chief Executive Officer, SpeakUp