CEO Insider: The living policy – why AI guidelines are never finished

This is the second of seven lessons from Ladina that we will publish each day leading up to our World News Media Congress. Her first one covered: “Building products is trivial. Running them isn’t.”

By Ladina Heimgartner
President of WAN-IFRA and CEO Ringier Media Switzerland

In Part 1, I argued that real AI transformation comes not from dazzling showcases but from the small, unassuming automations that quietly free teams from repetitive work. But those automations only scale if the ground beneath them is stable, and in the age of generative AI, that ground has a peculiar property: it must be built while it keeps moving.

I remember the moment clearly. ChatGPT launched in November 2022, and by mid-January 2023 the Ringier team sat down to draft our first internal guidelines, certain it would be a two-week exercise.

Six months later, we shipped version one – not because we were slow, but because the question changed every week. New tools appeared, legal frameworks were still taking shape, and use cases surfaced in every team meeting that we hadn’t imagined seven days earlier. We were writing rules for a city still being built around us.

The ground has firmed up since then. The EU AI Act now provides a risk-based skeleton, and Switzerland is ratifying the Council of Europe’s AI Convention, adding another layer of orientation. These frameworks set the outer fence, but the real work happens inside the company, where abstract principles meet a manager who needs to summarise a confidential brief by Friday afternoon.

This is where some organisations get it wrong. They treat AI policy as a document – drafted, approved, filed, forgotten – but a static policy in a dynamic field is worse than no policy, because it pushes users into shadow tools.

See Also  ‘For You’ – The Irish Times goes audience-centric, surfs data overload and gets insights from employees

A guideline that breathes earns trust

Our Version 2.0, issued in November 2025, exists precisely because Version 1.0 was no longer enough, and that cadence is the point.

Three principles have held throughout:

  • First, separate the layers: timeless principles belong in the policy, while fast-moving tool lists belong in a separate register (but it needs that list too!) that can be updated without reopening the whole document.
  • Second, enable rather than only forbid – build a walled garden of enterprise-licensed tools where sensitive data may flow, with clear rules for what flows where.
  • Third, listen to shadow usage, because if teams reach for an unsanctioned tool, the list is usually wrong before the people are.

A guideline that breathes earns the trust a frozen one cannot. But the most thoughtful policy in the world is only as useful as the engagement behind it, and engagement cannot be mandated into existence. That is where Part 3 begins…

WAN-IFRA is working on a report about how publishers are responding to the impact of AI Search and bot traffic. We would be thrilled to have your perspective. TAKE OUR SURVEY: in English, German, French, Spanish.

 

Source link

Similar Posts