What happened
BCG's 2026 responsible AI survey (in partnership with MIT Sloan Management Review) of 1,221 respondents finds that while 85% of companies claim to have implemented a responsible AI (RAI) program—up from 52% in 2022—most are prioritizing surface-level RAI basics (policies, training) over building the deeper technical foundation for trustworthy AI. The research indicates companies are 'racing to deploy RAI basics' rather than establishing robust governance for risk mitigation, technical testing, and systemic organizational risk management. The gap suggests landmark regulations (EU AI Act, etc.) and agentic AI capabilities should be forcing a shift in RAI maturity, but organizational practice is lagging.
Why it matters
As agentic AI and frontier model capabilities accelerate, baseline RAI maturity becomes a critical competitive and compliance issue. The survey reveals that most companies are building RAI theater—meeting the appearance of compliance—rather than genuine capability. For CISOs, AI officers, and general counsel, this establishes the gap between compliance posture and operational safety.
Action needed
Conduct a candid audit of your RAI program's depth: are you limited to policies and training, or do you have technical evaluation, red-teaming, and model documentation practices in place? Use the report's maturity framework to identify specific governance gaps in your AI risk management infrastructure.