HCLTech’s recently released 2026 Enterprise AI Research Report, The AI Impact Imperatives, 2026, argues that AI is now widespread across the enterprise, but impact is still lagging adoption. Among the clearest reasons is governance. The report finds that 76% say Responsible AI concerns have already delayed deployments, while 89% say operations teams need stronger guardrails around AI tools. Those numbers suggest the problem is no longer whether organizations care about Responsible AI. It is whether they are building it into enterprise AI early enough to make scale possible.

In a recent interview on the report’s findings, Heather Domin, Vice President and Head of Office of Responsible AI and Governance at HCLTech, made the case that Responsible AI works best when it is designed in, not layered on later. This view highlights a broader operating-model shift: governance is most effective when it is part of architecture, workflows and lifecycle management from day one, rather than just a final checkpoint once models are ready to go live.

Why governance still arrives too late

Governance often arrives too late because AI initiatives start in silos, delivery pressure prioritizes speed over control design and governance is still treated as a manual checkpoint rather than part of the system itself.

“They’re doing this basically at the end instead of during the design phase,” said Domin. That is when governance shifts from enabling scale to creating rework and friction.

Domin pointed to a manufacturing case study in HCLTech’s Responsible AI Transparency report where governance gaps had already slowed deployment. The answer was not simply to add more reviews, but to introduce a risk-based approach for ongoing management and build governance in from the start.

She also emphasized that some of this can be automated. “It doesn’t all need to be manual, some of it can actually happen at runtime.”

That is an important leadership point. Governance often arrives late because organizations still assume it has to be added through process after the fact, when in reality parts of it can be designed directly into systems and operations.

“When you introduce it late it can add friction,” said Domin. By contrast, “early governance really helps to remove that blocker” and “speeds things up.” The better framing, then, is not that governance slows AI down. It is that late governance does.

Security and Responsible AI face the same scaling problem

The research also points to security as a leading technical barrier, and Domin’s perspective was that security and Responsible AI shouldn’t be treated as separate workstreams. “They’re very tied,” she said. “One of the core components of a responsibly deployed system is that it has security built in.”

That is a useful way to think about enterprise scale. In practice, security failures and Responsible AI failures often appear in the same places: weak controls, poor traceability, unmanaged risk and limited trust in live environments.

“If you don’t address security, you can’t claim that you’re deploying responsibly,” said Domin.

She also noted that security has become more central as newer AI capabilities introduce fresh concerns, even while AI itself can help strengthen controls by identifying vulnerabilities and supporting remediation.

She used a banking example to show how this convergence works in practice, describing a European bank where “this sort of security and responsibility aspect was a core concern.” In that case, stronger governance and technical control did not come at the expense of speed. Instead, the organization saw “improvement in the speed of handling time of requests that come in,” said Domin. The broader point is that security and Responsible AI are not trade-offs. When designed jointly, they support both trust and performance.

Trust becomes repeatable when it is engineered in

A similar pattern shows up around explainability, auditability and accountability. Once these are embedded into design, they stop being manual exercises and start becoming system behaviors.

“It does enable a lot of the automation that’s possible,” said Domin, because the controls are already part of how the system is built and how workflows operate.

She pointed to a financial institution where HCLTech helped build “a tested set of prompts, like a prompt library,” and “over 150 original compliant and safe prompts” designed to protect against fairness, transparency and security issues. The outcome, she said, was that “this really improved reliability and relevance of the AI outputs.”

That is a useful example because it shifts the governance conversation away from abstract principle and toward repeatability. When guardrails are engineered into prompts, workflows and runtime behaviors, trust becomes easier to apply consistently. It no longer depends on exceptional review effort each time a model is used.

Guardrails are a maturity signal

The report’s finding that 89% of operations teams need stronger guardrails around AI tools suggests that many organizations are still carrying the burden of scale manually. Domin’s interpretation was that this is less about resistance to AI and more about a maturity gap in governance. “There is a gap,” she said, adding that there is “a significant burden on operations teams with scaling AI with consistent controls.”

She also made the point that this should not be seen as a permanent condition. “This maturity gap is potentially a temporary thing,” she said, if organizations take the right steps to redesign processes and enable controls more effectively over time. That makes guardrails an important maturity signal. They are not evidence that an organization is moving too slowly. They are evidence that it is becoming enterprise-ready.

Governance becomes an enabler when it is operational

Many organizations may still see governance as a brake to innovation, but this is a misperception. The deeper issue is culture, maturity and operating design.

Governance starts to feel like a brake when it is manual, fragmented and inconsistent. It becomes an enabler when it is operational.

Domin pointed to HCLTech’s work with a Dubai-based bank as a strong example. The bank had struggled with “manual governance workflows” and extended approval cycles. HCLTech helped define “decision rights, the governance forums and lifecycle checkpoints across different stakeholders, like the business teams, the risk team, IT and data functions.”  helped define “decision rights, the governance forums and lifecycle checkpoints across different stakeholders, like the business teams, the risk team, IT and data functions.”

The result was a more structured and scalable approach that helped the client take a consolidated view of “275 plus enterprise AI use cases” aligned to both business priorities and regulatory expectations. The broader lesson is that governance enables scale when it is built into the operating model, not added on top of it.

Domin was optimistic about what comes next. While she said it is “not surprising” that many organizations are still struggling with maturity, she also believes that “many organizations are taking the right steps” and that the next few years should bring “a much greater degree of maturity and a different experience.” What underpins that optimism is not only observing stronger implementation and training programs within many organizations, but also the fact that more capabilities are now being built directly into tools and platforms. That is an encouraging signal of a meaningful industry shift toward Responsible AI being built in by design rather than added on later.