Week 21 · July 2026

Responsible AI Governance: A Review and Research Framework

July 2, 2026 · by Satish K C 8 min read
AI Governance Ethics Responsible AI Organizational AI
Built by the Author Kravhal - autonomous agents that run your business workflows end-to-end. Pay per outcome.
Get Early Access

The Paper

"Responsible Artificial Intelligence Governance: A Review and Research Framework" is authored by Emmanouil Papagiannidis, Patrick Mikalef, and Kieran Conboy, affiliated with the Norwegian University of Science and Technology, SINTEF Digital, and the National University of Ireland Galway. Published in the Journal of Strategic Information Systems (Volume 34, 2025, Article 101885), the paper conducts a scoping review of 48 peer-reviewed studies to synthesize what responsible AI governance actually means in organizational practice. Its central claim is that the field has produced a proliferation of high-level principles - accountability, fairness, transparency, privacy, robustness, human oversight, societal well-being - but has largely failed to translate these into concrete, deployable governance practices that operate across the full AI lifecycle.

The Problem Before This Paper

Most prior work on responsible AI stopped at the principles layer. Institutions including the European Commission, the Singapore Government, and a Harvard survey of 38 corporate frameworks each produced overlapping lists of ethical requirements, but the research on how to operationalize those requirements in real organizations was sparse and fragmented. A key symptom: the literature used terms like "trustworthy AI," "principled AI," and "responsible AI" interchangeably, which reflected not just terminological messiness but a genuine conceptual gap in understanding. Organizations attempting to implement responsible AI faced no systematic model explaining what governance practices to adopt, in what structural form, and how those practices connected back to the principles they claimed to uphold. The result was that responsible AI remained, for most organizations, an aspirational positioning statement rather than an operational reality.

What They Built

The authors synthesize 48 papers through a structured concept matrix to produce a three-layer governance framework. The first layer is antecedents: societal norms and regulations, organizational values, and the responsible AI principles that organizations choose to prioritize. The second layer is the governance practices themselves, divided into three types. Structural practices define decision-making roles, oversight committees, and rights and responsibilities across organizational levels. Procedural practices cover the operational processes for data management, model lifecycle management, compliance monitoring, and incident response. Relational practices govern collaboration within and across organizational boundaries, including stakeholder involvement, responsible AI literacy development, and cross-departmental coordination. The third layer is effects: how these practices shape AI-based services and products, and how those products in turn influence social evaluation, which feeds back to reshape the norms organizations must respond to.

Framework structure:
  Antecedents: [Societal Norms] --influence--> [Org Values] --frame--> [Responsible AI Principles]
  Governance: Principles --guide--> [Structural | Procedural | Relational Practices]
  Effects: Practices --shape--> [AI Products/Services] --affect--> [Social Evaluation]
  Feedback: Social Evaluation --reshape--> Antecedents (continuous loop)

The seven core principles identified across the 48 studies are: accountability (auditability + responsibility allocation), diversity, non-discrimination and fairness (accessibility + bias prevention), human agency and oversight (human review + human well-being), privacy and data governance (data quality + data privacy + access rights), technical robustness and safety (accuracy + reliability + resilience), transparency (explainability + traceability + communication rights), and social and environmental well-being. Each principle maps to sub-dimensions that provide actionable governance targets rather than abstract ideals.

Key Findings

Results

The scoping review screened 1,080 documents, retained 48 after title, abstract, and full-text filtering. The resulting concept matrix extracted 15 values per article across categories including AI types and capabilities, responsible principles sub-dimensions, governance capabilities, organizational outcomes, and business value effects. The framework identifies 14 distinct research themes organized across the three framework layers, each paired with specific research questions. For the antecedents layer, open questions center on how organizations sense evolving societal norms, how organizational path dependencies limit governance adaptability, and how cultural variation affects principle operationalization. For governance practices, the key gaps are multilevel structural coordination, inter-organizational governance for AI coopetition, strategic planning alignment, and mitigating unintended AI effects at the procedural level. For effects, the open questions concern how responsible governance translates into ESG business value and how social assessment of AI products drives regulatory evolution.

Why This Matters for AI and Automation

My Take

The framework is valuable primarily because it gives organizations a structural vocabulary for evaluating what their governance programs are actually missing - not just whether they have a principles document, but whether those principles are embedded in decision-making processes (structural), operational workflows (procedural), and human capability development (relational). The research agenda the paper produces is one of the more practically useful research agendas I have seen in this space, because the questions are specific enough to be actionable. That said, the paper's scope is explicitly limited to Europe and the US institutional context, and the authors acknowledge this. The seven principles it identifies are drawn from EU Commission and Singapore Government frameworks - both of which reflect a specific set of liberal democratic assumptions about individual rights, transparency, and accountability that do not map cleanly onto governance environments in Southeast Asia, the Middle East, or large parts of Africa. The feedback loop between AI products and societal norms is the framework component most likely to become critical over the next two years. The GenAI era has compressed the cycle between product release, social backlash, and regulatory response to a matter of months. Any governance framework that treats societal norms as a slow-moving background variable is already out of sync with how fast the environment is actually changing.

Discussion Question

The framework shows that most organizations invest in structural governance practices (committees, role definitions) while neglecting relational practices like AI literacy development and cross-functional stakeholder coordination. If you were building a responsible AI governance program from scratch today, which of the three practice types - structural, procedural, or relational - would you prioritize first, and why?

Read the Paper (DOI) →
← Back to all articles
Share