Most AI governance frameworks I have seen are compliance documents dressed up as operational frameworks. They describe what should happen in ideal conditions, they get approved by leadership, they get distributed to employees, and then they sit in a shared drive while the actual decisions about AI usage get made informally based on whatever feels reasonable to whoever is making the decision that day.

The reason this happens is not that people do not care about governance. It is that most governance frameworks are designed to be complete rather than to be used. They cover every possible scenario, include exhaustive policy language, and require the reader to hold a mental map of the whole document to understand how it applies to any specific situation. Nobody has time for that when they are deciding whether to paste a client email into an AI tool to get a draft response.

The governance framework that people actually follow looks different. It is designed around the decisions employees actually face, not the scenarios the governance team imagined they would face. It is short enough to remember. And it provides clear enough guidance that employees can apply it without consulting anyone else for common situations.