- If you can’t say which AI tools your company uses, the problem isn’t the tool: it’s that you have no governance.
- Shadow AI is involved in 1 in 5 data breaches and drives costs up by roughly $670,000.
- The law defines legal risk; you classify operational risk yourself, with repeatable criteria.
- For an SME, three sheets and four rules are enough: inventory, classification, policy.
- A 30-day plan, one week at a time, takes you from confusion to control.
Three questions you can’t answer
Try to answer, right now, three questions about your company. First: which AI tools are you using? Second: who uses them, and how? Third: what impact do they have on your data and your business? If you hesitate on any of these, you’re not an exception: it’s the norm.
Nearly every company has employees using AI without oversight. 98% have at least one; about half of all workers openly admit it.[3] And they don’t just ask questions: 77% of people who use AI at work paste data into chatbots, and 82% of those do it from personal accounts, outside any control.[2]
If you can’t say which AI tools your company uses, the problem isn’t the tool. It’s that you have no governance.
“It’s just a tool”
This is the phrase that sets off the problem. People aren’t acting in bad faith: they use AI because it saves time and, often, because the company never gave them an official alternative. With no vision and no approved tools, everyone makes do on their own.
But “just a tool” is a dangerous illusion. On that tool, someone is uploading company documentation, contracts, customer lists, call recordings. Your data and your customers’ data. The problem isn’t AI: it’s that no one decided what’s allowed and what isn’t.
The four ways you hurt yourself
This isn’t theory. They’re four concrete risks, each with an example that’s probably already happening somewhere in your company.
Data leak
The customer file pasted into a GPT on a personal account: it leaves your control and can end up in the model’s training data.
Business account with training turned off; ban uploads from personal accounts.
GDPR violation
Personal data uploaded without a legal basis. Even if the vendor is “compliant,” you remain the data controller.
Legal basis, DPA signed with the vendor, pseudonymization of the data.
Exposed production data
An LLM connected to the production database, with no anonymization: one wrong query and real data is in the prompt.
Separate environments, anonymized test data, least-privilege access.
Untracked decisions
The agent decides and no one knows why. When something goes wrong, there’s no log to reconstruct what happened.
Logging of inputs, outputs, and decisions; one accountable person per system.
On GDPR, a real example is worth it. At the end of 2024 the Italian data protection authority fined OpenAI 15 million euros over how ChatGPT users’ data was being processed.[4] Since then the Court of Rome has overturned that fine,[5] but the principle that matters to you still stands: even when you use a service that’s “by the book,” you, not the vendor, are the data controller.[6] Uploading personal data is your responsibility, not theirs.
Who classifies the risk?
This is where most managers freeze. “High, medium, low risk: do I decide that? Is there a law that sets it? Do I need a certified consultant?” The confusion comes from mixing two different planes. Separating them clears the block.
There are two kinds of risk, and they’re classified in different ways.
The law says so, not you
In Europe, the EU AI Act sets the categories. It’s not negotiable: either your system falls into a category, or it doesn’t.
You classify it, with a method
How much it can hurt you in practice, beyond the law. Here you decide, but with repeatable criteria, not by gut feeling.
Legal risk: the four EU AI Act categories
European law divides every AI system into four levels.[7] Most SME uses fall into the two lowest ones.
The practical rule: if your AI makes or influences decisions about people (who to hire, who to grant credit, who to admit to a service), treat the “high risk” scenario as real and get support. For everything else, you’re in the two low levels and you can handle it on your own.
Operational risk: classify it yourself, in two minutes
For the vast majority of tools you don’t need a consultant: you need a repeatable criterion. Four dimensions decide almost everything, what data it touches, how much autonomy it has, how serious an error is, and whether it affects people. Try it here with a tool you actually use.
What risk does this AI tool carry?
Four questions about the dimensions that matter. The tier is a guide, not a legal verdict.
1. What data does it touch?
2. How much autonomy does it have?
3. How big is the damage if it gets it wrong?
4. Does it affect decisions about people?
You don’t need a consultant to know that a customer sheet on a personal account is a high risk. You need the discipline to write it down.
The practical minimum: three sheets and four rules
For an SME, governance isn’t a hundred-thousand-euro project. It’s a set of simple artifacts you can start this week. The first, and the most important, is the inventory.
1. The AI tools inventory
A table: what you use, who uses it, who’s responsible for it, what data it touches, on which account, at what risk (the one you just classified). It sounds obvious, but almost no one has it: 63% of companies hit by an AI-related breach had no policy at all.[1] Here’s what it looks like.
| Tool | Who uses it | Owner | Data touched | Account | Risk |
|---|---|---|---|---|---|
| ChatGPT (Plus) | Marketing | to assign | Drafts, customer list | Personal | high |
| Claude (Team) | Product | R. Bianchi | Internal documents | Company | medium |
| Copilot | Engineering | L. Verdi | Code | Company | medium |
| Otter.ai | Sales | to assign | Customer call recordings | Personal | high |
| Gemini (Workspace) | Operations | M. Neri | Email, calendar | Company | low |
2, 3, and 4. Policy, owner, channel
- A one-page policy: who can use what, with which data, on which accounts.
- An owner for every tool that touches sensitive data.
- Company accounts with a DPA for everything that’s high or medium risk.
- An official channel to ask “can I use this?,” so usage comes out of the shadows.
Banning AI for your employees is the dumbest move: you only push it into the shadows. Governance isn’t about forbidding, it’s about channeling.
The first 30 days, one week at a time
Let’s put the artifacts in sequence. This is the path that takes you from today’s confusion to control, in a month, without stopping anyone’s work.
Map
Ask every team which AI tools they actually use, from which accounts, and on what data. An anonymous survey surfaces even the usage you don’t expect.
The completed inventory: the first real picture of shadow AI in the company.
Classify
For every tool in the inventory, assign a risk tier with repeatable criteria: data, autonomy, impact, decisions about people.
Every tool has an A / B / C tier and a one-line rationale.
Set the rules
Write the policy on one page: what’s allowed, with which data, on which accounts. For high risks, move everything to company accounts with a DPA.
A one-page policy that people read and understand.
Oversee
Assign an owner to every at-risk tool and open an official channel to ask “can I use this?” That way usage comes out of the shadows and stays under control.
Owners named and a single point of contact for AI requests.
By the end of the month you have a ten-second answer to the question we started with: which AI tools we use, who uses them, at what risk. It’s not a finish line, it’s the foundation on which everything else becomes manageable.
“Can I upload this data to an LLM?”
The most useful rule to give a team is a small decision tree. Try it with a real piece of data that someone, today, would want to paste into a chatbot.
Can I upload this data to an LLM?
Think about the data you’re about to paste or upload. Answer.
1. Does the data contain personal information (customers, employees) or company confidential data?
And when you grow: the formal frameworks
When the company scales, or enters a regulated industry, the practical minimum is no longer enough. That’s where the formal frameworks come in. Not as an opening scarecrow, but as the next step, once you already have the basics.[8]
NIST AI RMF
VoluntaryRisk management framework
For those who want a compass to organize risks, with no obligations.
ISO/IEC 42001
CertifiableAI management system standard
For those who want a certification that proves governance to customers.
EU AI Act
LawEuropean regulation
Anyone operating in the EU: binding on high-risk systems from August 2, 2026.
DORA
LawDigital resilience regulation
EU financial sector: obligations on ICT vendors, AI included.
A telling detail: none of these standards was born for agentic AI, agents that act on their own. If that’s where you want to go, start from the right foundations: we described them in the guide how to integrate AI agents into your company.
Want to know what your company actually uses?
On a call we build the first inventory and the risk classification together. It’s the fastest way out of the shadows.
The questions we get asked most
What is shadow AI?
It’s employees using artificial intelligence tools (ChatGPT, Claude, meeting transcribers, and the like) without the company’s approval or oversight. Often from personal accounts. According to IBM, shadow AI is involved in one in five data breaches and raises the average cost of an incident by roughly $670,000.
Who decides the risk level of an AI tool?
It depends on which risk. The law defines the legal one: the EU AI Act divides systems into four categories (unacceptable, high, limited, minimal) and high-risk systems carry specific obligations. Operational risk, on the other hand, you classify yourself, with repeatable criteria: what data it touches, how much autonomy it has, how serious an error is, and whether it affects decisions about people. For most uses in an SME you don’t need a consultant: you need a method.
My company is small: do I really need to worry about AI governance?
Yes, but in proportion. An SME doesn’t need a compliance department or frameworks hundreds of pages long: three things are enough, an inventory of the AI tools in use, a light risk classification, and a one-page policy. Risk doesn’t depend on your size, but on the data your team is already uploading into chatbots.
Does using ChatGPT with company data violate GDPR?
It depends. Uploading personal data without a legal basis, from an account that uses your inputs for training, is a problem. Even with a business plan and a “compliant” vendor, you remain the data controller: you need a legal basis, a data processing agreement (DPA) signed with the vendor and, where possible, anonymization of the data.
Should I ban AI tools for my employees?
No. It’s the most counterproductive move: you push usage into the shadows and lose all visibility. Governance isn’t there to forbid, it’s there to channel: give people approved tools, clear rules, and an official channel, so they stop making do with personal accounts.
I wrote this article myself. The analysis, the opinions, and the field experience are mine and Yempik’s. To put it together, I had Claude Opus 4.8 help with editing, clarity, and layout, because good content deserves to be readable too. The substance is mine; the tool is disclosed.
Sources
- [1]IBM, “Cost of a Data Breach 2025”: shadow AI in 1 in 5 breaches, +$670,000 per incident, 63% with no AI policy. www.ibm.com
- [2]LayerX, “Enterprise AI and SaaS Data Security Report 2025”: 77% paste data into chatbots, 82% from personal accounts. www.esecurityplanet.com
- [3]CIO / BlackFog: roughly half of employees use unsanctioned AI tools; 98% of companies have shadow AI. www.cio.com
- [4]Italian data protection authority (Garante): 15-million fine on OpenAI for ChatGPT, December 2024. www.garanteprivacy.it
- [5]Federprivacy: the Court of Rome overturns the Garante’s 15-million fine on OpenAI. www.federprivacy.org
- [6]Computer Weekly: when employees use ChatGPT at work, the company remains data controller under GDPR. www.computerweekly.com
- [7]EU Artificial Intelligence Act: the four risk categories (unacceptable, high, limited, minimal). artificialintelligenceact.eu
- [8]Trustible: comparison of NIST AI RMF, ISO/IEC 42001, and the EU AI Act. trustible.ai