Key points:
- AI governance is not a single function
- AI as a scaffold for learning: From access to judgment
- Beyond compliance: Governing higher ed in the age of intelligent systems
- For more news on AI in higher ed, visit eCN’s AI in Education hub
Higher education continues to treat AI as just another technology to be deployed, managed, and governed. That assumption is increasingly inadequate. While AI bears some similarities to previous technologies, such as enabling automation and enhancing efficiency of processes, it is different in that it creates a continuously available capability for reasoning, synthesis, recommendation, interaction, and even collaboration.
It does not merely execute instructions, but participates in developing workflows, influencing decisions, and contributing to the creation of knowledge itself. This distinction matters because AI increasingly functions as an operational capability that changes how work, knowledge, and decisions are produced, and it must be considered in that vein.
Institutions using AI are introducing systems that increasingly become part of how work is performed, how decisions are made, how expertise is developed, and how value is created. The fact that outcomes are no longer produced solely by people, or by systems, but increasingly emerge from continuous interaction between human judgment and machine capability raises profound implications of governance.
Frameworks developed previously for technologies that execute instructions are poorly suited to systems that participate in the generation of recommendations and decisions, and even knowledge. Questions of ownership, authority, boundaries, accountability, and oversight become more complex when outcomes are increasingly co-produced through ongoing interactions between people and intelligent systems. Yet many institutions continue to approach AI governance as if it were primarily a technology management challenge. Terms such as governance, ethics, compliance, and security are frequently used interchangeably. In some organizations they are combined under a single committee, assigned to a single office, or simply treated as labels for the same function.
Purpose, ethics, visibility, assurance, and compliance address fundamentally different questions. The challenge is that organizations often believe that they have AI governance when what has been implemented are compliance processes, assurance controls, ethical principles, and reporting structures, or some combination of these. Each is essential, but none alone constitutes governance. This confusion becomes particularly dangerous because AI systems can be compliant, ethically reviewed, technically sound, and formally governed on paper but the institution might still lack the governance needed to manage future AI risks and/or may be evolving at odds with mission and purpose.
What is the AI platform/tool designed to do, what is it actually doing, and what impact is it having?
This question sits at the center of effective AI stewardship. Assurance helps establish trust in systems, models, data, and operations through security, reliability, validation, and oversight. Compliance helps demonstrate adherence to laws, regulations, policies, and reporting requirements. Ethics provides a framework for evaluating fairness, transparency, human impact, and responsible use. Governance establishes authority, accountability, ownership, and institutional direction. Each serves a distinct purpose, answers a different question, and requires different expertise. However, all depend on something that is often overlooked: visibility.
Rather than being treated as simple monitoring of system activity, visibility must encompass understanding how intelligent systems are influencing decisions, shaping behaviors and incentives, and affecting outcomes across an organization. Visibility is the difference between knowing what a system was intended to do and understanding what it is actually doing in practice. Without visibility, assurance becomes trust without understanding, compliance becomes documentation without insight, ethics become aspirations without evidence, and governance essentially reduces to administration without accountability.
Viewed through that lens, institutions of higher education seeking to use AI must answer five distinct questions:
- Why are we doing this?
- Should we do this?
- What is AI actually doing?
- Can we trust it?
- Can we demonstrate appropriate use?
The answers to these fundamental questions form the foundation not only of AI governance, but of institutional stewardship in environments increasingly shaped by intelligent systems. This has special significance to higher education, which has a history of approaching edtech, and technology in general, as a panacea for all challenges and ills, notwithstanding the reluctance to change basic processes that may have been designed for environments no longer in operation.
Why are we doing this?
This first question is often the least discussed, but also the most fundamental. It is not a question of technology, compliance, or ethics. Rather, it is a question of institutional purpose, direction, ownership, and accountability, because it asks what objectives the organization is pursuing, how success would be defined, and who is ultimately responsible for ensuring that outcomes remain aligned with mission. This basic query is critical of leadership because AI systems do not merely execute tasks, or provide support in the achievement of objectives, but can gradually redefine the priorities of the objectives themselves. That is why purpose sits at the center of governance.
A system can be ethical, visible, assured, and compliant and still be optimizing for the wrong objectives.
An institution might state that access, student success, and workforce readiness are central to its mission. Yet, an AI enabled admissions process may optimize primarily for enrollment yield rather than support regional or local workforce needs. AI assisted learning systems, designed around completion-metrics, may unintentionally privilege pathways that are easier to complete over those that are more demanding, or more essential to regional workforce needs. These risks are not unique to AI. Institutions have long allowed metrics and incentives to result in drift from mission. AI makes that drift faster, less visible, and more difficult to reverse.
Organizations do not fail because they lack objectives, but rather because the systems that have been deployed gradually optimize for objectives that differ from those they claim to value. Governance exists to address this. Its role is not simply to approve technologies, nor to just establish policies, or to monitor compliance. It is to ensure that institutional purpose remains visible, intentional, and accountable as intelligent systems increasingly influence organizational behavior. Governance exists to assure relevance and value, focus on purpose and mission, and to, above all, answer the “why.”
Should we do this?
Once purpose has been established, the question of whether something should be done emerges. This is the domain of ethics. Ethics and governance are often discussed together, but they are not the same because governance establishes direction while ethics establishes boundaries. An organization, for example, may have a legitimate purpose for using AI in admissions, advising, assessment, financial aid, or student support. Ethics should ask whether the manner in which that purpose is pursued aligns with institutional values and broader societal responsibilities. Questions of fairness, equity, transparency, bias, human impact, and responsible use belong here. Ethics challenges organizations to consider not only what is possible but whether that action is appropriate, relevant, and consistent with institutional and societal responsibilities. Importantly, ethics often becomes most valuable when it creates productive tension. It may constrain efficiency in favor of fairness. It may slow deployment in favor of accountability, and it may demand human oversight where automation appears attractive. In this sense, ethics serves as a counterbalance to optimization.
As AI systems become increasingly capable, institutions of higher education will face growing pressure to pursue efficiency, personalization, scale, and automation. Ethics ensures that these capabilities remain anchored to institutional purpose and values rather than simply to what technology makes possible.
What is it actually doing?
This is, perhaps, the most overlooked question in AI stewardship and is also one of the simplest. Many organizations know what they intended an AI system to do but few understand how it can influence behavior, decisions, incentives, and outcomes. An AI-based advising platform may be implemented to improve student success but could well steer students away from more challenging academic pathways. An AI-learning platform may be designed to personalize instruction, but it is essential to continuously check to ensure that it causes students to engage with complexity, uncertainty, and independent problem solving. These are not questions of intent. They are questions of impact. Visibility is therefore much more than monitoring activity or reviewing dashboards. It is the ability to understand how intelligent systems affect people, processes, decisions, and outcomes over time.
The distinction between intended and observed outcomes is increasingly important because AI systems operate within complex environments. Their effects are often indirect, cumulative, and difficult to detect through traditional monitoring and reporting mechanisms. Without visibility, institutions risk governing assumptions rather than realities. Without visibility, governance becomes administration, ethics becomes aspiration, compliance becomes mere documentation, and assurance becomes trust without understanding. One cannot govern that which one cannot see.
Can we trust it?
If visibility helps us understand what the system is doing, assurance helps determine whether that system itself can be trusted. Security is an important part of this conversation, but it is only one aspect. Assurance encompasses security, reliability, validation, robustness, and operational integrity. It asks whether systems perform consistently, whether outputs can be relied upon, whether controls are functioning as intended, and whether organizations can have confidence in the systems they deploy. This distinction matters because organizations often equate security with trustworthiness.
A secure system can still be unreliable, and a compliant system can still be inaccurate, while a technically sophisticated system can still be poorly validated or unable to perform reliably under unexpected conditions. Trust requires more than protection. It requires confidence that systems behave consistently and predictably over the full range of expected, and unexpected, conditions. As AI becomes increasingly integrated into critical institutional functions, assurance becomes a prerequisite for effective stewardship. Institutions of higher education must be able to trust not only that systems are protected, but that they are reliable, resilient, and operating as intended.
Can we demonstrate appropriate use?
The fifth question is one with which most organizations are already familiar since this is the domain of compliance. Compliance focuses on laws, regulations, policies, reporting requirements, auditability, and documentation. It provides evidence that the organization meets established obligations and adheres to required standards. Compliance is essential, but compliance is not governance. This distinction is often overlooked because compliance is visible, measurable, and familiar. Organizations can document compliance activities, complete audits, generate reports, and demonstrate adherence to requirements. Governance outcomes are often more difficult to measure because they involve judgment, accountability, and institutional direction. As a result, institutions sometimes mistake compliance for governance, overcorrecting toward documentation, and formal compliance when uncertainty is high, even when the more consequential question is whether the system is aligned with mission and purpose.
A system can be fully compliant and still produce outcomes that conflict with institutional purpose. Compliance demonstrates adherence to requirements but does not determine whether those requirements are sufficient, whether objectives are appropriate, whether the outcomes align with mission, or even whether the action is correct beyond its face value in documentation. Compliance merely answers that obligations have been met. Governance asks whether institutions remain accountable for what they are becoming, or if the perceived obligations are the ones that match, or conflict with, purpose.
The real leadership challenge
The leadership challenge is not in answering each of these questions independently, but in assuring that all five are answered coherently. While purpose establishes direction, and ethics establishes boundaries, it is visibility that creates understanding. Similarly, while assurance generates trust, and compliance provides verification, considering them interchangeably or even able to stand individually weakens all of them. The challenge is not that organizations lack governance structure but that they frequently conflate governance, ethics, visibility, assurance, and compliance and ask them to answer questions that they were never designed to answer. AI governance is not a single function. It is the disciplined integration of purpose, ethics, visibility, assurance, and compliance so that institutions can act with both capability and accountability. That integration is ultimately a leadership responsibility. It requires more than policies, committees, controls, or reporting structures. It requires institutions to understand how AI is changing decisions, behaviors, incentives, and outcomes in practice, and to retain the authority to intervene when those changes begin to move the institution away from its mission.
In the age of AI, governance is not simply about determining whether a system can be used. It is about ensuring that institutions remain capable of directing what intelligent systems are helping them become.
