What the first 90 days of AI Governance looks like

Conduct full AI tool inventory across all departments — surfacing sanctioned and unsanctioned usage simultaneously

Run stakeholder interviews at three levels: C-suite (strategic risk appetite), team leads (delivery reality), individual contributors (actual usage patterns)

Score the organisation's DCI profile across active delivery workstreams — establishing where human judgment is genuinely irreplaceable vs where AI can execute safely

Identify the three highest-priority Shadow AI risk areas

Assess existing policies (if any) against actual usage patterns — the gap is always larger than leadership expects

Deploy Precision Backlog Refinement into active delivery teams — introducing Functional-Technical AC Taxonomy and DCI scoring

Launch Increment Delivery Charter across all active Increments — sanctioned tools, data classification, output accountability

Introduce DataRetro as replacement for existing sprint retrospectives — beginning the shift from opinion-based to evidence-based improvement

Establish Feature Clearance gates — Gate 1 (technical completion + AI Output Validator sign-off) and Gate 2 (governance log, max 10 minutes)

Build first version of AI Governance Dashboard — board-ready, one page, showing risk exposure and mitigation status

Extend AEVA governance framework to all delivery teams — not just pilot workstreams

Produce first board-level AI Governance Report: risk exposure, mitigation actions taken, DCI calibration data, Shadow AI incident rate, governance compliance rate

Address Identity Crisis signals surfaced in Days 31-60 — senior practitioners showing resistance patterns get the New Crown reframe proactively

Connect AI tool usage data to regulatory requirements as applicable (DPDP for India, GDPR for EU/UK, EU AI Act for European operations)

Define ongoing governance cadence — monthly AI Governance Dashboard, quarterly DCI calibration review, annual policy refresh