AI is showing up everywhere. That visibility can create a false sense of progress. A team runs a few pilots, people use chat tools, and leadership assumes the organisation is "doing AI."

‍

The evidence is more sobering. In a February 2026 working paper, researchers reported that about 70% of surveyed firms actively use AI, yet over 80% reported no impact on productivity or employment over the prior three years (Yotzov et al., 2026). Separately, McKinsey reported that 72% of organisations used AI in at least one function in early 2024 (McKinsey & Company, 2024). Adoption is high. Measurable impact is harder.

‍

That gap is where "AI maturity" matters. It helps leaders answer a practical question: are we building a repeatable capability, or collecting disconnected experiments.

‍

What AI maturity means for leaders

‍

AI maturity is your organisation’s ability to repeatedly produce business outcomes with AI while managing risk in ways that customers, staff, and regulators can accept. It is less about which tools you own. It is more about whether you can run AI as an operating capability.

‍

Andrew Ng captured the scale of the moment: "I actually have a hard time thinking of an industry that I don’t think AI will transform in the next several years" (Lynch, 2017).

‍

If AI will transform your industry, maturity becomes a competitive differentiator. Measuring it stops you from guessing.

‍

Two lenses that keep the assessment non-technical

‍

You can measure maturity with two leadership lenses.

• First, value - Are we producing outcomes that matter, and can we repeat them.
• Second, trust - Are we controlling risk, and can we explain our decisions.

‍

For trust, use established guidance. The NIST AI Risk Management Framework frames risk management as four functions: Govern, Map, Measure, and Manage (Tabassi, 2023). For organisational governance, ISO/IEC 42001 sets requirements for an AI management system so AI work has accountability and continuous improvement, similar to how other management systems operate (International Organization for Standardization, 2023).

‍

For values and stewardship, the OECD AI principles emphasise fairness, transparency, robustness, and accountability (OECD, 2019). You do not need to implement every framework in full to assess maturity. You can use them as anchors for what "good" looks like.

‍

A maturity ladder you can use in an exec conversation

‍

MIT CISR describes four stages of enterprise AI maturity (Weill et al., 2024).

• Stage 1: Experiment and prepare.
• Stage 2: Build pilots and capabilities.
• Stage 3: Develop AI ways of working.
• Stage 4: Become AI future ready.

‍

This model is useful because it frames maturity as a shift in how the organisation works, not a measure of technical sophistication. MIT CISR reports that financial performance improved at each stage, and that organisations in stages 3 and 4 performed well above industry average in their dataset (Weill et al., 2024).

‍

A leadership scorecard to find gaps fast

‍

Score your organisation across six domains. Use a simple rating for each domain: Red (fragile), Amber (inconsistent), Green (repeatable). Then look for patterns.

‍

1. Strategy and value management

‍

Can you name the few business outcomes you want AI to move this year, with clear owners and targets?

‍

Green looks like a portfolio of use cases tied to measurable outcomes, with clear stop rules when value is not emerging.

‍

2. Data readiness and access

‍

Do teams spend more time finding and cleaning data than improving decisions?

‍

Stage 1 and stage 2 organisations often focus on making data accessible and shareable, so teams can build and validate use cases faster (Weill et al., 2024). If this stays Red, AI becomes slower and more expensive than leaders expect.

‍

3. People and ways of working

‍

Do leaders, managers, and frontline teams understand where AI helps, where it does not, and how to use it responsibly?

‍

MIT CISR highlights AI education and acceptable-use policies as early maturity capabilities (Weill et al., 2024). If training exists only for specialists, adoption tends to rise without consistent business impact, which aligns with the "use without impact" pattern seen in the NBER study (Yotzov et al., 2026).

‍

4. Operating model and delivery discipline

‍

Do you have a repeatable path from idea, to pilot, to scaled rollout?

‍

BCG reports that leaders have scaled more use cases, and that the average financial impact per use case is significantly higher among leading companies (Baltassis et al., 2024). It also warns that companies often set unrealistic maturity ambitions, which can frustrate executives and teams (Baltassis et al., 2024). A clear operating model is how you set realistic timelines and manage expectations.

‍

5. Governance, risk, and accountability

‍

Can you explain who approves AI use, what data is allowed, and how you monitor outcomes and harm?

‍

NIST’s "Govern" function focuses on roles, policies, and oversight (Tabassi, 2023). ISO/IEC 42001 reinforces that AI needs management-system discipline, with clear responsibilities and continuous improvement (International Organization for Standardization, 2023).

‍

6. Measurement and learning loops

‍

Can you show evidence of impact, and can you learn from failures without hiding them?

‍

If you cannot measure outcomes, you cannot mature. Outcome measures are also the fastest way to separate meaningful progress from activity.

‍

Here is an example scorecard you can copy into a leadership pack.
‍

‍

If most domains are Green, you are in a good space. If several are Amber, focus on consistency and repeatability. If any of the foundation domains are Red (data, governance, measurement), address those first because they limit both scale and trust.

‍

How to interpret your results

‍

If you are mostly Green in stage 1 or stage 2 behaviours, you are in a good space if you can prove two things:

• You can point to specific outcomes that improved.
• You have clear guardrails that prevent unmanaged risk.

‍

If you are mostly Amber, the issue is often consistency. Many organisations have pilots and tools, but no repeatable ways of working. MIT CISR describes this shift as the move into stage 3, where scaling and reuse become normal (Weill et al., 2024).

‍

If you are Red in governance, data readiness, or measurement, treat those as priority work. Without them, scaling is either slow or unsafe.

‍

Turning the maturity score into a leadership playbook

‍

A maturity assessment only helps if it changes decisions. The hard part is moving from pilots to scaled ways of working. MIT CISR’s 2025 update reports that the greatest financial impact shows up when enterprises progress from stage 2 (pilots and capabilities) to stage 3 (scaled AI ways of working). It argues that this transition needs a united top leadership team, and it frames the work as four challenges: strategy, systems, synchronization, and stewardship (Woerner et al., 2025).

‍

You can use those four challenges as the "what we do next" for your scorecard.

1. Strategy: Turn "AI projects" into a small portfolio of outcomes. Name owners. Define the metric that proves value. Decide what you will stop. If you cannot stop anything, you are not managing a portfolio.
2. Systems: Remove the friction that keeps teams trapped in one-off solutions. Aim for shared data access, reusable components, and a clear path to reuse what works. This is how you make success repeatable.
3. Synchronization: Redesign work so people know where AI fits and where it does not. Clarify decision rights, review expectations, and training by role. Align incentives so teams optimise for outcomes, not activity.
4. Stewardship: Treat trust as a design constraint, not a policy document. Use a consistent risk management approach across the AI lifecycle. The NIST AI RMF Playbook offers practical, voluntary actions aligned to the AI RMF functions, and it is designed to be tailored rather than followed as a checklist (National Institute of Standards and Technology, 2025).

‍

A practical way to operationalise this is to run your maturity scorecard as a standing leadership agenda. Review it on a regular cadence, and commit to improving one Red domain at a time. That creates momentum, and it keeps maturity grounded in value and trust.

‍

Measuring AI maturity is not about judgement. It is about making progress visible, and turning AI from isolated activity into a capability the organisation can sustain.

‍

References

• Baltassis, E., Quarta, L., Khendek, Y., Fernández, M., Monedero Rubio, M., Duranton, S., Lukic, V., & Schuuring, M. (2024, September 16). Leaders in data and AI are racing away from the pack. Boston Consulting Group. https://www.bcg.com/publications/2024/leaders-in-data-ai-racing-away-from-pack
• International Organization for Standardization. (2023). ISO/IEC 42001:2023 Information technology. Artificial intelligence. Management system. https://www.iso.org/standard/42001
• Lynch, S. (2017, March 11). Andrew Ng: Why AI is the new electricity. Stanford Graduate School of Business. https://www.gsb.stanford.edu/insights/andrew-ng-why-ai-new-electricity
• McKinsey & Company. (2024, July 3). Gen AI casts a wider net. https://www.mckinsey.com/featured-insights/week-in-charts/gen-ai-casts-a-wider-net
• OECD. (2019). Scoping the OECD AI principles: Deliberations of the Expert Group on Artificial Intelligence at the OECD (AIGO) (OECD Digital Economy Papers No. 291). OECD Publishing. https://doi.org/10.1787/d62f618a-en
• Tabassi, E. (2023). Artificial intelligence risk management framework (AI RMF 1.0) (NIST AI 100-1). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.AI.100-1
• Weill, P., Woerner, S. L., & Sebastian, I. M. (2024, December 19). Building enterprise AI maturity. MIT Center for Information Systems Research. https://cisr.mit.edu/publication/2024_1201_EnterpriseAIMaturityModel_WeillWoernerSebastian
• Yotzov, I., Barrero, J. M., Bloom, N., Bunn, P., Davis, S. J., Foster, K. M., Jalca, A., Meyer, B. H., Mizen, P., Navarrete, M. A., Smietanka, P., Thwaites, G., & Wang, B. Z. (2026, February). Firm data on AI (Working Paper No. 34836). National Bureau of Economic Research. https://doi.org/10.3386/w34836