A five-level Helixar maturity model for boards, CISOs, risk teams, and compliance leaders assessing enterprise AI governance readiness.
Executive summary
- AI governance maturity helps leaders understand whether governance is ad hoc, policy-led, risk-managed, operationalised, or continuously governed.
- Maturity should be assessed across ownership, policy, inventory, risk management, technical controls, monitoring, auditability, third-party AI, and incident response.
- The goal is not to reach the highest level everywhere. The goal is to match governance maturity to AI risk and business impact.
- Boards should use maturity to prioritise investment and hold owners accountable for measurable improvement.
Why AI governance maturity matters
AI governance maturity matters because many enterprises have moved faster on AI adoption than on AI control. Employees use AI assistants, vendors embed AI into SaaS tools, engineering teams build retrieval systems, and business units explore agents that can call tools or automate workflows. Leadership may know that AI use is growing, but not whether governance is keeping pace. A maturity model gives the organisation a way to assess that gap without pretending every capability must be perfect immediately.
A useful maturity model is not a badge. It is a management tool. It helps boards, executives, risk teams, CISOs, compliance leaders, product owners, and internal audit understand whether the current governance capability is appropriate for the AI exposure the enterprise is taking. A low level of maturity may be acceptable for a small number of low-risk internal experiments. The same maturity level is unacceptable if AI is influencing customers, citizens, patients, regulated decisions, security response, financial workflows, or critical operations.
The model in this paper is grounded in the direction of NIST AI RMF, ISO/IEC 42001, the EU AI Act (Regulation (EU) 2024/1689, in force since 1 August 2024), OECD principles, and Australian responsible AI guidance. Those sources emphasise governance, risk management, accountability, transparency, oversight, and continuous improvement. Helixar’s maturity model translates those expectations into an enterprise assessment structure: what can the organisation see, decide, control, evidence, monitor, and improve?
What the maturity model measures
The maturity model measures governance capability, not AI sophistication. An organisation can have advanced models and immature governance. It can also have modest AI adoption and strong governance discipline. The key question is whether the organisation can consistently identify AI use, assign ownership, classify risk, apply controls, retain evidence, respond to incidents, manage vendors, and improve over time. Capability is demonstrated through evidence, not through narrative confidence.
The model should be applied to the enterprise and to material use cases. Enterprise-level maturity tells leadership whether the overall governance system is working. Use-case maturity tells owners whether a specific workflow has the controls it needs. The distinction matters. An enterprise may have mature policies and committees, but a high-impact use case may still have weak evidence or poor human oversight. Conversely, one team may have strong controls while the enterprise lacks consistent inventory or reporting.
The model should also measure proportionality. Maturity does not mean forcing every AI use case through the heaviest possible process. It means the organisation can apply the right level of governance to the right use. Low-risk summarisation should be governed differently from high-impact decision support or autonomous tool use. Mature governance is risk-sensitive, not merely strict.
Helixar AI governance maturity levels
The maturity model describes how an enterprise moves from unmanaged AI use to continuously governed AI operations with live evidence and measurable improvement.
Level 1: Ad hoc
At level 1, AI use is real but not reliably governed. Some teams may use public AI tools through personal accounts. Others may use AI features embedded in SaaS products without a formal review. Internal prototypes may exist without clear ownership or lifecycle control. The organisation may have no complete inventory, no consistent risk classification, no approved-tool list, no exception process, and no reliable evidence of which AI uses are material.
The level 1 organisation often has pockets of good practice. A security team may have guidance for sensitive data. A data science team may validate models. A legal team may review a few vendor contracts. But these practices are not connected. The enterprise cannot answer basic questions consistently: where is AI used, who owns it, what data does it process, what decisions can it influence, and what evidence proves controls operated?
The main risk at level 1 is unmanaged exposure. AI adoption grows through convenience rather than governance. Sensitive data can move into unapproved systems. Vendors can enable AI features without review. Human oversight is assumed rather than designed. Incidents are difficult to investigate because evidence was not retained. Level 1 is not a moral failure; it is a common starting point. But it should not be the steady state for any organisation with material AI use.
Level 2: Policy-led
At level 2, the organisation has recognised AI risk and published rules. There may be an AI acceptable-use policy, approved-tool guidance, a review form, training material, and a committee or working group. This is an important step because it creates language and expectations. Teams can no longer claim that AI use is invisible or outside governance. However, level 2 is still fragile because the policy may not be consistently connected to technical controls, evidence capture, monitoring, or decision rights.
The level 2 organisation often relies on manual attestation. Employees are told not to enter sensitive data into unapproved tools. Teams are asked to submit AI projects for review. Vendors are asked about responsible AI. Business owners are asked to confirm they understand the policy. These activities matter, but they do not prove that AI activity stayed inside approved boundaries. The gap between policy and operation is the defining weakness of level 2.
Level 2 is suitable for building awareness and reducing the most obvious misuse. It is not enough for high-impact AI. A policy cannot by itself detect prompt injection, enforce human approval, stop an agent from calling a risky tool, retain evidence designed for independent review, or identify a SaaS vendor that silently added AI features. The path out of level 2 is to connect policy to risk-tiered approval, implemented controls, and evidence.
Level 3: Risk-managed
At level 3, AI use cases are classified, owned, and tracked through risk processes. The organisation has an inventory that covers formal AI systems and material embedded AI. Use cases have business owners, technical owners, and risk owners. Risk tiers determine review depth. High-impact uses receive security, privacy, legal, compliance, procurement, and operational review where relevant. Exceptions are documented and time-bounded. Risk decisions are visible to accountable leaders.
Level 3 is where AI governance becomes enterprise risk management rather than policy awareness. The organisation can identify inherent risk, required controls, residual risk, and review cadence. It can connect AI risk to existing risk registers and committee reporting. It can distinguish low-risk productivity use from customer-impacting, safety-relevant, regulated, or autonomous workflows. It has enough structure to avoid treating every AI use case the same.
The weakness at level 3 is that controls may still be partly manual or inconsistently evidenced. A use case may have a good risk assessment but weak runtime visibility. An approval may require human review, but the review may not be captured. A vendor may be assessed at procurement, but not monitored after feature changes. Level 3 is a strong middle state, but organisations with significant AI exposure should keep moving toward operationalised control.
Level 4: Operationalised
At level 4, governance is embedded into AI delivery and operation. Inventory is maintained as part of normal workflows. Risk classification routes use cases automatically or semi-automatically. Approval conditions map to implemented controls. Sensitive-data rules, human-review gates, logging, monitoring, and exception handling operate where AI activity occurs. Evidence is captured by the system rather than reconstructed after the fact. Internal audit can test design and operating effectiveness using a coherent record.
Operationalised governance changes the experience for teams. Instead of asking where to send an AI use case for review, teams follow a known path. Instead of reading policy and guessing how to implement it, they use standard patterns. Instead of manually assembling evidence, they inherit evidence capture from the platform. This reduces friction and improves control quality. It also makes governance more scalable because the same rules can apply across providers, applications, and agents.
Level 4 does not mean all decisions are automated. Human judgement remains essential for risk acceptance, legal interpretation, privacy impact, customer outcomes, and operational trade-offs. The difference is that human judgement is supported by better context and better evidence. The system tells the reviewer what is being requested, what risk tier applies, what data and tools are involved, which controls are required, and what happened after approval.
Level 5: Continuously governed
At level 5, AI governance is continuously measured and improved. The organisation uses live evidence, metrics, incidents, audit results, exceptions, vendor changes, and adoption patterns to refine the control environment. It can detect when a use case drifts from its approved purpose. It can trigger reassessment when model, data, users, permissions, vendor terms, or regulatory context change. It can compare maturity across business units and prioritise investment based on risk exposure.
Continuously governed does not mean risk-free. It means the organisation has a feedback system. Incidents update policy. Audit findings update controls. Exceptions reveal missing capabilities. User behaviour reveals training gaps. Vendor changes trigger review. Board reporting shows not only the number of AI use cases, but whether the control environment is improving. The organisation can explain how it learns from AI risk rather than merely reacting to it.
Level 5 is most important for enterprises with high AI scale, high autonomy, regulated decisions, sensitive data, critical operations, or public trust obligations. It may be unnecessary for a small number of low-risk uses. The point is not to chase an abstract maturity trophy. The point is to build enough continuous governance to match the speed and impact of AI adoption.
Assessment dimensions
A maturity assessment should score dimensions separately because aggregate scores hide the truth. The core dimensions are strategy and risk appetite, inventory, ownership, policy, risk assessment, data governance, technical controls, human oversight, third-party AI, evidence, monitoring, incident response, assurance, and continuous improvement. Each dimension should have observable criteria. For example, inventory maturity should be assessed by coverage, owner assignment, data classification, vendor visibility, and update triggers.
Separate scoring makes asymmetry visible. An enterprise may have strong policy but weak evidence. It may have strong security controls but weak business ownership. It may have mature vendor review but poor reassessment after vendor changes. It may have excellent model validation but no governance over agent tool permissions. These asymmetries matter because attackers, incidents, and regulators do not respect maturity averages. A single weak dimension can create material exposure.
The assessment should also distinguish design from operation. A process can exist on paper but not be used. A committee can have a charter but no decision record. A control can be designed but not applied to all systems. Evidence can be required but not retained. Mature assessments ask both questions: is the capability designed, and did it operate during the period under review?
Dimensions to score separately
A single maturity score hides weak spots. Enterprises should score each governance dimension separately and prioritise gaps that affect high-impact AI use.
How to run the assessment
A practical maturity assessment begins with scoping. Decide whether the assessment covers the whole enterprise, a business unit, a risk tier, or a specific use case. Identify the evidence expected for each dimension. Interview business owners, technology owners, risk, security, privacy, legal, compliance, procurement, data governance, and internal audit. Review policies, inventories, approval records, exceptions, incidents, vendor reviews, logs, and board reporting. The assessment should not rely only on self-rating.
Scoring should use evidence bands. Level 1 means capability is absent or informal. Level 2 means documented expectations exist. Level 3 means risk-based process exists and is used. Level 4 means controls are embedded and evidenced. Level 5 means continuous monitoring and improvement are in place. Assessors should require examples. If a team claims level 4 evidence, it should show the record. If a team claims continuous improvement, it should show how incidents, exceptions, or metrics changed the control environment.
The output should be actionable. A maturity assessment that ends with a score but no remediation path is incomplete. The report should identify current maturity, target maturity, priority gaps, accountable owners, remediation actions, timelines, investment needs, and residual risk. It should also identify where lower maturity is acceptable because the use case is low risk. The goal is better governance allocation, not universal gold plating.
Target maturity by risk tier
Target maturity should be based on risk tier. Low-risk internal productivity use may not need level 4 or level 5 maturity across every dimension. It should still have approved tools, basic data rules, user guidance, and incident reporting. Medium-risk use should have inventory, ownership, risk classification, approval records, and some monitoring. High-risk use should generally target level 4 in the most important dimensions: ownership, risk assessment, human oversight, technical controls, evidence, monitoring, incident response, and vendor assurance.
Autonomous agents and high-impact decision systems deserve special attention. A use case where AI can act through tools, influence external outcomes, process sensitive data, or affect regulated decisions, a class of risk OWASP catalogues as LLM06:2025 Excessive Agency, should not operate with policy-only governance. The maturity target should reflect the fact that the system can create harm at speed. For those use cases, operational controls and evidence are not advanced extras; they are core governance requirements.
Target maturity should also reflect organisational obligations. A public agency, insurer, healthcare provider, bank, or critical infrastructure operator may need stronger maturity than a lower-impact enterprise with the same technical use case. Context matters. The board and executive team should approve target maturity for material categories of AI use so that investment decisions align with risk appetite.
Metrics that matter
Maturity metrics should measure capability and risk reduction, not only activity. Useful metrics include inventory coverage, percentage of AI use cases with named owners, risk-tier distribution, high-risk use cases without complete controls, open exceptions, expired exceptions, overdue reassessments, vendor AI coverage, evidence completeness, incidents, audit findings, remediation ageing, and control-test results. These metrics help leaders understand whether governance is becoming stronger or merely busier.
Metrics should be interpreted carefully. A rising number of AI incidents may mean risk is increasing, but it may also mean detection is improving. A high number of exceptions may mean the policy is too strict, controls are underfunded, or teams are moving too fast. A long approval cycle may indicate careful review, but it may also drive shadow AI. Mature governance uses metrics as prompts for investigation and improvement, not as simplistic success or failure labels.
The best maturity dashboards connect metrics to decisions. If evidence completeness is low, fund evidence automation. If vendor AI coverage is weak, improve procurement controls. If high-risk use cases are stuck at level 2, prioritise operational controls. If business units have very different maturity, identify whether the difference reflects risk profile or inconsistent execution. Metrics should change governance behaviour.
Using maturity to guide investment
A maturity model becomes valuable when it changes investment decisions. Many organisations discover gaps and then treat them as documentation issues. That misses the point. A low score in operational control may require platform architecture. A low score in vendor oversight may require procurement clauses, legal support, and third-party risk capacity. A low score in evidence may require logging, retention, integrity controls, and export workflows. The maturity assessment should therefore feed a funded roadmap rather than a static report.
Investment should follow material risk. If the enterprise has one high-impact AI system with weak evidence and dozens of low-risk assistants with reasonable guardrails, the high-impact system should receive attention first. If a business unit is deploying agents with tool access while another uses AI only for drafting, the agentic workflows should drive the maturity investment. Boards should challenge management when maturity programs spend heavily on broad awareness but leave high-risk systems undercontrolled.
The maturity model also helps explain why AI governance needs infrastructure. Teams may understand the need for a policy, but not the need for runtime enforcement, evidence automation, or cross-provider monitoring. Maturity scoring makes that gap visible. It shows that an organisation can be policy-led yet still unable to prove controls operated. That is the investment case: to move from intention to evidence, and from manual review to scalable governance.
Evidence-led scoring discipline
Maturity scoring should be governed. If each team scores itself without evidence standards, the model will drift toward optimism. A score should require artefacts: inventory records, owner assignments, risk assessments, approval decisions, control evidence, exception logs, vendor reviews, incident records, training records, audit tests, and remediation closure. The assessor should record what evidence was reviewed and what was missing. This creates repeatability and makes future reassessment meaningful.
Evidence-led scoring also protects teams. A business unit should not be marked immature simply because it has fewer documents than another unit if its AI exposure is low and its controls are appropriate. Conversely, a team should not receive a high score because it has polished policy documents while material AI actions are poorly evidenced. The scoring conversation should ask what the risk requires and whether the evidence supports the claimed capability. That discipline keeps maturity connected to governance outcomes.
The organisation should define who can approve maturity scores and who can challenge them. For material use cases, risk, security, privacy, compliance, and internal audit may all need a view. Internal audit does not have to own the scoring process, but it should be able to test whether scores are reliable. Over time, this makes the maturity model more than a self-assessment tool. It becomes a shared language for governance assurance.
Review cadence and reassessment triggers
Maturity should be reviewed on a cadence and after material change. Annual assessment may be enough for a low-risk AI estate, but high-impact programs often need quarterly tracking of gaps, exceptions, incidents, and remediation. The cadence should be visible to the board or executive risk forum when AI exposure is material. Otherwise maturity becomes a snapshot that ages quickly while AI use continues to expand.
Reassessment triggers should be explicit. A new model provider, new data class, new user group, new geography, new vendor feature, new tool permission, incident, audit finding, regulatory change, or shift from assistive to autonomous behaviour can all change the maturity required for a use case. The maturity model should therefore connect to change management. A system should not keep its old maturity rating when the risk profile has materially changed.
Cadence and triggers also create accountability. Owners know when they must update evidence, risk teams know when to challenge stale scores, and executives know when to fund remediation. This turns maturity from a one-off consulting exercise into a governance rhythm. The organisation can then show not only where it stands, but how quickly it responds as AI capability and exposure change.
Common maturity assessment mistakes
The first mistake is scoring based on confidence rather than evidence. Teams often believe they are more mature than the record shows. The second is averaging away risk. A strong policy score can hide weak operational control. A mature inventory can hide poor incident response. The third is ignoring embedded AI. If the assessment covers only internally built models, it misses AI inside SaaS tools, vendor platforms, browser extensions, and employee workflows.
The fourth mistake is treating maturity as a one-off exercise. AI capability, usage, vendors, and regulation change quickly. A maturity assessment should have a cadence and reassessment triggers. The fifth is setting unrealistic target maturity. If every dimension is assigned level 5 as the target, leaders will not know where to invest first. The sixth is failing to link findings to owners and funding. A maturity gap without an owner is a known weakness, not a remediation plan.
The most subtle mistake is confusing maturity with restriction. Mature AI governance should not simply say no more often. It should enable the organisation to say yes with the right controls, no to unacceptable use, and not yet when remediation is required. The maturity model should help adoption become safer and more predictable, not merely slower.
Roadmap from current to target maturity
The roadmap starts with the basics: inventory, ownership, policy, risk tiers, and approval pathways. These create the minimum structure for governance. The next step is risk-managed operation: connect use cases to enterprise risk, define required controls, document exceptions, and report exposure. After that, the organisation should operationalise controls: integrate policy into AI workflows, capture evidence automatically, monitor usage, and test incident response. Finally, it should build continuous improvement through metrics, reassessment triggers, audit feedback, and control investment.
Prioritisation should follow risk. High-impact, sensitive-data, autonomous, regulated, and externally facing use cases should move first. Low-risk productivity use can mature more slowly as long as baseline guardrails exist. The roadmap should avoid spending all available energy perfecting low-risk governance while material systems remain undercontrolled. Boards and executives should ask whether the maturity roadmap reduces the most important exposure first.
A good roadmap also recognises dependencies. Runtime controls require architecture. Evidence requires logging and retention design. Vendor maturity requires procurement clauses. Human oversight requires workflow design and training. Continuous improvement requires metrics and ownership. The maturity model helps identify these dependencies so investment can be sequenced. The result should be a funded program, not a static scorecard.
Conclusion: Helixar perspective
Helixar’s view is that maturity improvement requires turning maturity gaps into operating controls. A maturity assessment may show that an organisation has policy but weak operational control, approval records but weak evidence, an inventory but poor change detection, or board reporting without control telemetry. This research frames observable AI activity, policy decisions, proportionate governance responses, and retained evidence as practical signals of improving maturity.
This is especially relevant to the transition from level 2 and level 3 maturity into level 4 and level 5. A policy requiring human approval for a high-impact agent action can become an approval gate. A sensitive-data rule can become a control decision at the point of use. A vendor or model change can become a reassessment trigger. An audit-evidence requirement can become a retained record rather than a manual reconstruction exercise. The result is not just a higher maturity score; it is a stronger control environment.
This research also emphasizes that maturity programs should avoid repetitive self-reporting. Runtime evidence can feed the maturity dashboard with policy violations, approval patterns, blocked actions, exception volumes, incident signals, reassessment triggers, and control changes. Risk, compliance, and audit teams can then test maturity claims against observed evidence. Executives can fund remediation based on where the governance system is actually weak, which is the point of a maturity model in the first place.
This helps keep the maturity model honest. A team can still choose a lower target for low-risk use, and a higher target for sensitive or autonomous use, but the target is tied to observable control behaviour rather than persuasive narrative alone.
Mechanically, this is where a maturity model stops being a scorecard and becomes an operating capability, because Helixar is an AI control plane that sits in front of or in place of an AI gateway and enforces policy at the moment of every AI or agent action across every model provider. At each action it verifies user and agent identity and context, evaluates the request against the applicable policy, and applies a graduated response of observe, alert, require approval, block, or contain, so the high-impact agent tool call, sensitive-data prompt, or silently enabled SaaS AI feature this paper flags meets a real control rather than an attestation. It enforces organisation-wide cost caps, is fail-closed by default, and records every decision in a tamper-evident, independently verifiable evidence trail, which is precisely what turns the level 4 and level 5 behaviours described above into evidence that the inventory, approval, runtime-control, and evidence dimensions can score. That trail becomes framework-aligned evidence packs, with SOC 2 and ISO 27001 available today and ISO 42001, EU DORA, PCI DSS v4, APRA CPS 234, RBNZ BS-11, and the NZ Privacy Act 2020 mapped and delivered at implementation, so a maturity claim can be tested against observed control behaviour rather than narrative confidence.
Leadership questions
Boards should ask whether current AI governance maturity matches the organisation’s AI exposure. Which high-impact use cases are below target maturity? What are the most material gaps? Which gaps are unfunded? Are exceptions increasing or decreasing? Can management show that controls operated? How does AI maturity compare across business units? What incidents or audit findings changed the maturity roadmap?
Executives should ask whether the maturity model is changing decisions. Are high-risk use cases receiving stronger controls? Are low-risk uses moving efficiently? Are vendors being assessed before AI features are enabled? Are teams avoiding governance because the process is too slow? Is evidence captured automatically where possible? Are remediation owners accountable? Is the operating model improving based on metrics?
Risk, compliance, security, privacy, and audit teams should ask whether maturity claims are testable. Can the team show inventory completeness? Can it show approval records? Can it show operational policy decisions? Can it show human review evidence? Can it show incident closure? Can it show vendor change review? If the answer is no, the maturity level should reflect that. Evidence is the discipline that keeps the model honest.
Enterprise checklist
- Score AI governance maturity by dimension, not only as one aggregate number.
- Set target maturity based on AI exposure and risk appetite.
- Prioritise high-impact use cases with low control maturity.
- Use maturity gaps to drive funded remediation plans.
- Track maturity changes through evidence, not narrative updates.
- Review maturity after major changes to AI strategy, vendors, models, or regulation.
Frequently asked questions
What is an AI governance maturity model?
What are the five levels of Helixar’s AI governance maturity model?
Does every organisation need level 5 AI governance maturity?
How should maturity be assessed?
How often should AI governance maturity be reviewed?
How does Helixar help improve maturity?
References
- NIST AI Risk Management Framework
- NIST AI RMF Core
- ISO/IEC 42001:2023, Artificial intelligence management system
- Regulation (EU) 2024/1689, Artificial Intelligence Act
- OECD Recommendation of the Council on Artificial Intelligence
- Australia's AI Ethics Principles
- NIST AI RMF Govern Playbook
- ISO/IEC 23894:2023, AI risk management guidance
- AICPA SOC Suite of Services
- Helixar research: Enterprise AI Risk Management