77% of Manufacturers Use AI. Most Have No Governance Over It.

More than 77% of manufacturers have now implemented AI in some form. Production, inventory management, and customer service are the top use cases, and 93% of manufacturing leaders see AI as key to growth and innovation. 

Governance numbers tell a different story.

According to Grant Thornton’s 2026 AI Impact Survey of nearly 1,000 US senior business leaders: 

• 78% lack strong confidence that their organization could pass an independent AI governance audit within 90 days
• Three in four boards have approved major AI investments
• Only 52% have set clear AI governance expectations
• Just 54% have integrated AI risk into ongoing board or committee oversight 

Adoption keeps climbing, but governance hasn’t moved with it. 

For manufacturers, the gap is showing up in customer due diligence, insurance renewals, and EU AI Act exposure.

The inventory problem most operations leaders don’t see

Ask your CIO what AI the company is running and you’ll get a partial answer. The tools IT approved. The pilot the operations team launched last quarter. Maybe the machine vision system the integrator installed on the floor.

What you won’t get is the full picture, like:

• Microsoft Copilot embedded across Microsoft 365
• AI features your ERP vendor pushed in a platform update
• The scheduling tool that added predictive routing in January
• Engineers using generative AI for technical documentation
• HR software screening applicants with a model nobody assessed

None of those arrived through a governance decision. They came through existing vendor contracts, employee adoption, and feature releases nobody reviewed. 

Your organization faces real exposure. But you probably can’t see it.

A 2025 Pacific AI governance survey found that 75% of organizations have established AI usage policies, yet only 36% have adopted a formal governance framework. 

A policy only sets the rules. Governance enforces them. The inventory tells you whether those rules are actually being followed.

You can’t govern what you can’t see, and most manufacturers haven’t built the process to see all of it.

What your CFO should know about AI risk

AI governance isn’t an IT problem that occasionally surfaces at the executive floor. Organizations with fully integrated AI are nearly four times more likely to report revenue growth than those still piloting, 58% versus 15%. 

Grant Thornton attributes that difference to accountability, not the technology itself. 

The cost of no governance isn’t abstract. It shows up in a few predictable ways.

1. Customer contracts are changing. Enterprise buyers, defense contractors, and distributors are adding AI governance clauses to vendor agreements and due diligence questionnaires. If you can’t answer “how do you govern your AI use,” you’re losing deals to suppliers who can.
   
2. Insurance is moving. Carriers are adding AI-specific questions to renewal questionnaires. Organizations that can document control over their AI use cases are better positioned. Those that can’t are increasingly seen as unquantifiable risk.
   
3. Regulatory pressure is arriving. The EU AI Act entered into force in August 2024. On 7 May 2026, EU lawmakers reached provisional agreement on the Digital Omnibus on AI, deferring obligations for stand-alone high-risk AI systems (Annex III) from 2 August 2026 to 2 December 2027, and embedded high-risk AI in regulated products (Annex I) from 2 August 2027 to 2 August 2028. Formal adoption is expected before August 2026.

This deferral is not a holiday. It’s a 16-month runway for companies whose AI use touches employment decisions, worker monitoring, safety-critical operations, or supply European markets. The classification work, the documentation, and the conformity assessment all still have to happen. That assessment starts with an inventory. 

Why your COO needs AI governance too

Grant Thornton found that only 22% of operations leaders have a fully developed and implemented AI strategy. Half said they need a formal AI strategy or governance plan in place within the next six months to improve performance. 

The exposure looks different depending on who you ask. CIOs and CTOs are five times more likely than COOs to say their workforce is fully ready to adopt AI, 39% versus 7%. 

Overall, only 12% of leaders say their workforce is truly ready. They recognize that AI is changing risk.

The operations leader is often the one closest to the exposure. AI in production scheduling, quality inspection, predictive maintenance, and supply chain management is live in most mid-sized manufacturers. 

The controls around those systems – who owns them, what data they touch, what happens when they fail – are usually underdeveloped or undocumented.

Nearly three in four organizations are piloting, scaling, or running autonomous AI, yet only one in five has tested a response plan for AI failures. 

If you’re a manufacturer running AI in operations, that’s a missing procedure waiting for an incident. 

What governance actually requires

The pushback we hear most often is that governance will slow things down. The evidence points the other way. 

Grant Thornton’s 2026 survey found organizations with governance in place report stronger and more sustainable AI outcomes. Governance correlates with AI that performs. 

Governance for a mid-sized manufacturer starts with three things.

1. An inventory. Every AI system, embedded capability, vendor-supplied model, and employee tool should be documented and assessed. This is what makes the rest possible. It’s also the first thing a customer, an insurer, or a regulator will ask for.
   
2. Risk classification. Not every AI use case carries equal exposure. Predictive maintenance on non-critical equipment sits in a different tier than AI used in hiring decisions, worker monitoring, or safety systems. The classification determines the controls, and the controls determine what you can defend.
   
3. Accountability structures. Who owns the governance decision for each use case? Who reviews vendor AI assessments when a platform update adds new capabilities? Who escalates when something fails? These don’t need to be complicated. They need to exist, be documented, and be operational.

The organizations that run into trouble aren’t the ones that adopted AI fast. They’re the ones that adopted it without a record of what they decided, why they decided it, and who was responsible.

Your window to act is now

The EU AI Act timeline just shifted. With the May 2026 deferral, stand-alone high-risk AI obligations now apply from 2 December 2027 instead of 2 August 2026, subject to formal adoption. That’s 16 more months. 

It is not 16 months to wait. Harmonized standards are still being finalized, conformity assessment infrastructure is still being built out, and the companies that arrive at December 2027 with no inventory and no classification will be at the back of the line for testing, documentation, and third-party assessment.

Beyond regulation, the market is already sorting. 

Customers with governance documentation are better positioned in due diligence. Manufacturers who can answer “here’s our AI inventory, here’s how we classify risk, here’s who owns it” are winning deals that others are losing. 

The AI governance work is the same regardless of what forces it. The choice is whether you’re doing it on your schedule or in response to someone else’s.

Our AI Readiness workshop can help lay out the timeline for action on your terms to help protect your organization.

Because risk is constant. Ready is a choice. Are you ready?