Governing AI in healthcare: from liability risk to strategic advantage
August 2026 | SPOTLIGHT | SECTOR ANALYSIS
Financier Worldwide Magazine
Something is beginning to separate the leaders from the rest in healthcare artificial intelligence (AI). It is not the sophistication of the algorithms. It is not the scale of the investment. It is governance.
Organisations that have built robust AI governance frameworks are finding that the discipline translates directly into competitive advantage: faster regulatory approvals, stronger investor confidence and a resilience that becomes visible precisely when something goes wrong.
In an industry where AI is reshaping drug discovery, clinical operations, pharmacovigilance and patient engagement simultaneously, the ability to govern AI well is no longer a compliance requirement. It is a strategic differentiator.
Understanding why some organisations have built that capability, and others have not, starts with a governance question that more boards are beginning to ask: when an AI system produces an unexpected or harmful outcome, who in this organisation is accountable?
How organisations answer that question – and whether they have the structures to back it up – is increasingly what separates governance leaders from the rest.
Why accountability is the starting point
The accountability challenge in healthcare AI is structural – and worth understanding clearly, not to assign blame, but to identify where governance intervention delivers the most value.
When an AI system produces a consequential output, the chain of decisions that shaped it runs through multiple actors: the developer who designed the model, the organisation that deployed it, the business unit that integrated it into workflows and the professionals who relied on its outputs. Each actor made choices.
Each choice affected the outcome. In organisations without explicit governance design, that distributed chain means no single actor owns full accountability for what the system does once it is live.
This is not carelessness. It is the predictable consequence of deploying technology that has moved faster than the governance frameworks designed to oversee it. According to the World Economic Forum’s ‘Global Risks Report 2025’, AI-related governance failures rank among the top technology risks perceived by senior leaders globally.
Industry surveys consistently show that while awareness of AI governance challenges is high among healthcare executives, systematic organisational preparedness varies considerably.
Organisations that have closed this gap share a common approach: they have made accountability explicit, assigned it to named individuals and built it into their operating model before deployment, not after. That structural choice is the foundation of everything that follows.
Turning regulatory complexity into competitive positioning
Every major regulatory framework converging on AI in healthcare shares three core requirements: transparency, accountability and ongoing monitoring. Organisations that have built those three things into their operating model are not chasing regulation. They are already there.
The European Union’s AI Act, the US Food and Drug Administration’s evolving guidance on AI in medical devices and the UK Medicines and Healthcare products Regulatory Agency’s Software and AI as a Medical Device framework are each rigorous and each distinct.
They move at different speeds, use different definitions and distribute accountability differently across the deployment chain. For organisations operating across multiple markets, compliance is not a single framework but a matrix of overlapping requirements.
For organisations with built-in governance, that complexity becomes manageable. Rather than retrofitting compliance onto existing deployments each time a new framework emerges, they can demonstrate a consistent, principled approach to regulators across jurisdictions. That consistency accelerates approvals, reduces compliance costs and builds the kind of regulatory trust that is difficult to establish quickly and easy to lose.
For those still treating compliance as a layer applied after technology decisions, each new framework requires a new exercise. For organisations with governance by design, regulatory evolution is something they are structurally prepared to absorb.
Built-in compliance: the governance design that scales
The pharmaceutical industry has a well-established precedent. Quality by design demonstrated decades ago that product quality cannot be achieved by testing at the end of the manufacturing process.
It must be engineered in from the beginning. The same principle applies to AI governance – and with greater force, because AI systems are adaptive. They learn and evolve in ways that a fixed manufacturing process does not.
Consider an organisation that embeds an ethics and governance review into every AI procurement and deployment decision – the same way it embeds legal and regulatory review. The governance cost is minimal.
The visibility it creates is material: clear boundaries on what the system can and cannot do, defined accountability for its behaviour and a monitoring architecture designed alongside the system itself. That organisation does not discover its governance gaps under pressure. It already knows where they are.
The functions that make this work are not new. Ethics, risk, legal and compliance have always played a role in technology governance. What is different in leading organisations is when and how those functions are engaged: at the design stage, not the review stage.
Before the technology decision, not after. That shift in timing is the difference between governance that prevents problems and governance that documents them.
What boards and leadership teams should prioritise
For boards of directors in healthcare organisations, the AI governance opportunity is clear. Boards asking the right questions now are building governance maturity that will compound in value as AI deployment scales and regulatory expectations increase.
Effective board engagement starts with accountability clarity: who in the organisation owns AI governance and how does that ownership reach the board? From there, boards should have visibility into which AI systems have been subject to governance review, how the organisation is tracking regulatory developments across its markets, and how AI governance considerations are integrated into strategic and capital allocation decisions – not addressed retrospectively.
These are not technical questions that require board members to be AI experts. They are governance questions that apply the same discipline boards already exercise over financial risk, reputational risk and regulatory compliance.
The board that can answer those questions clearly is the board that is governing AI. The board that cannot is approving a strategy it does not yet own.
For investors, the maturity of an organisation’s AI governance framework is increasingly a signal about the quality of its risk culture more broadly. Organisations that demonstrate named accountability, continuous monitoring and genuine board-level oversight are signalling that their leadership understands the difference between deploying AI and governing it.
In a sector where that distinction carries direct implications for patient outcomes, regulatory standing and long-term value creation, the signal matters.
The strategic case for acting now
Organisations getting AI governance right in healthcare are not waiting for regulation to force the issue. They are recognising that governance maturity is a source of strategic advantage: in regulatory readiness, in investor confidence, in the ability to scale AI deployments across markets with speed and credibility.
The most advanced organisations have already demonstrated that built-in accountability is achievable. They have named owners for AI governance, continuous monitoring of AI behaviour, and board-level visibility into AI risk. They are not waiting to be asked who is responsible. They already know the answer.
This is not without upfront cost. Built-in governance asks an organisation to slow down at the design stage before it can move faster at scale. The leaders in this space are not the ones who avoided that cost. They are the ones who absorbed it early, before regulatory pressure made it mandatory and expensive.
Governance is not the price of playing in the AI era. It is the foundation for winning in it.
Barbara Badoino is global head of corporate ethics, risk & compliance at Novartis. She can be contacted by email: barbara.badoino@novartis.com.
© Financier Worldwide
BY
Barbara Badoino
Novartis