Is the era of “moving fast and breaking things” in AI officially over? Definitely not: We’re still in a period of vast experimentation. Companies are examining their operations and workflows to see where AI can streamline processes, accelerate innovation and increase productivity. 

However, you’d have to be living under the proverbial rock not to know the machinations of both sides of the regulatory debate. Especially in Europe, the EU AI Act establishes new guardrails or, as others see it, imposes a wall of red tape. The fear for many, however, is less the regulation itself and more the rapid timeline of its implementation. Yes, industry calls for a delay in the EU AI Act’s implementation have been strong, with stakeholders arguing that the original schedule didn’t give them enough time to comply. However, even these advocates of a reprieve do not deny the value of regulation. 

A 2025 open letter signed by 40 European CEOs — across countries, industry and company sizes —called for “a more proportionate, innovation-friendly regulatory approach.” The request entailed a “stop the clock” measure to postpone implementation and a prioritization of “regulatory quality over speed.” The proposed efforts to streamline and simplify overlapping regulation “should benefit SMEs, startups, scale-ups and large established companies alike, who will all contribute to driving innovation if they can take advantage of clear and predictable rules.” These leaders recognize that rules can offer advantages, a sentiment shared by Snowflake customers for whom regulatory requirements have accelerated innovation.

Although the new timeline for implementation has yet to be published, with the EU missing a deadline for guidance earlier this month, there is no need to delay getting ready. The true driver of AI and data governance is already in place. Customers require it. Implementing data security and privacy controls and governing the use of AI are as much a matter of reputation as regulatory requirements. Violate those requirements and you risk customer trust, and potentially your entire business. That’s a lot bigger than a fine for regulatory noncompliance. 

Here are four essential steps you can take immediately to protect your reputation and support compliance: 

• Build a solid foundation: AI is only as powerful as the foundation it’s built on: the data. Ensure access to all relevant data, whatever form it is in or wherever it resides across your organization or even outside of it. The Snowflake AI Data Cloud offers capabilities to promote data quality, diversity, freshness, governance and discovery. That’s AI-ready data, and it’s not a nice-to-have. If you want effective and efficient AI, it has to be well trained. Check out the Snowflake blog post Is Your Data AI Ready? Are You?

• Govern AI by bringing it to governed data: Governance controls are only effective when they span the entire value chain — protecting data not just at rest but in use. To reduce risk, we’ve eliminated the need to move sensitive data to external tools; instead, AI runs within the same security and governance perimeter as the data itself. This means that existing role-based access controls, data masking and policy enforcement apply automatically to AI workloads. If an employee is restricted from accessing certain data, they are inherently restricted from using models that rely on it. 

• Prepare your workforce: The foundation doesn’t stop with the technology. Adoption and appropriate use requires an informed and responsible workforce — and one that trusts the new tools. Include domain experts in the design and development of new assistants and agents. It’s like having a team train a new colleague. When they know the newbie can be trusted to perform the required tasks, they’ll ask for assistance or offload more of the work. That’s part of the ongoing management. Read our blog post Agentic Management Requires More Than Vibes for steps you can take to set up successful “hiring” and “onboarding” of new AI colleagues.

• Keep an eye on your AI: An agentic workforce requires real management. Just as employees need to trust their new agentic colleagues, managers need to ensure that they are working effectively and delivering appropriately. Snowflake has invested heavily in evaluation, monitoring and observability tools so that customers can test, measure and document how their AI systems behave over time. Check out our post What’s Your Agent’s GPA? A Framework for Evaluating AI Agent Reliability. The steps laid out in the blog post for evaluating agent goals, plans and actions must be embedded into daily workflow. And the outcomes must be explicitly measured to justify continued investment, prioritize its applications and balance its future benefits against potential risks. Learn more from the post Mind the Value Measurement Gap: Measure the Business Impact of AI Investments.

Bottom line: Don’t wait for the regulators to tell you how to behave — your customers are already doing so. Robust AI governance isn’t just about avoiding a fine; it’s about maintaining the trust that keeps your business alive.

AI governance is a business capability, a competitive advantage. When you have high-quality data inputs, a clear registry of your models and a workforce trained to use them effectively and ethically, you’re not just following the law — you’re building a more reliable (and more viable) engine for growth.