Most AI programmes that fail in regulated energy do not fail on the technology. They fail on ownership. The pattern is depressingly consistent. The CIO is asked to lead, because AI looks like systems. A platform is selected, because IT runs platform decisions. Use cases are gathered from the business, because IT does not have its own. Delivery slips, because integration is harder than the slide said. By the time anything is in production, the business has lost interest, the regulator has questions IT cannot answer, and the assurance work nobody scoped is now urgent.
This is not a criticism of IT functions. They are doing exactly what they are organised to do. The criticism is of the operating model that put them in charge of something that is not theirs.
Why the IT-led pattern fails the regulator test.
Ofgem does not regulate platforms. It regulates outcomes for customers. When the regulator writes to ask why an AI system disadvantaged a vulnerable cohort, the right answer comes from the business owner of the journey that AI sits inside — collections, vulnerability identification, complaints, switching. An IT-led programme cannot answer that question, because the IT-led programme never owned the outcome. It owned the deployment.
The same is true under RECCo. The Retail Energy Code governs switching, registration, MHHS, theft and central data services. AI that sits inside any of those processes carries REC obligations. Those obligations sit with the licensed supplier, not with the IT function delivering the system. A regulator asking how a switching AI is being assured is asking the supplier, not its platform team.
The business-ownership gap.
In an IT-led AI programme, the business sponsor is usually a steering-committee member, not an owner. The use case has a delivery RAG, not an outcome RAG. The AIIA, if there is one, is written by the team building the system, not the team running the journey it changes. When the model misbehaves in production, the business escalates to IT, IT escalates to the vendor, and the customer escalates to the ombudsman. None of those routes produce evidence the regulator finds adequate.
The gap is structural. IT can deliver an AI capability. It cannot accept accountability for the customer outcome the capability changes. That accountability has to live with the executive who already owns the journey: the director of customer operations, the director of collections, the director of switching. If those names are not in the AI programme governance, the programme is misorganised.
Why vendors and consultancies quietly prefer IT-led.
IT-led programmes buy more software. They run longer. They scope more integration. They are easier to sell because the buyer is the same buyer the vendor sold the data platform to. None of this is sinister. It is just the path of least resistance for everyone involved except the customer and the regulator.
What good looks like.
Three roles, kept separate. The business owns the outcome — a named director, the same one who already owns the journey, accountable for the customer impact whether the system is AI or rules-based. IT delivers the capability — selection, integration, operations, security, change management — to a brief the business has signed. Assurance sits independent of both — the AIIA author, the DIAMC discipline, the Patrol oversight, reporting to risk or to the executive responsible for regulatory exposure, never to the function building or buying the system.
Done this way, the regulator's question routes correctly on its first attempt. The director of collections answers for the AI inside collections. IT answers for the system that runs it. Assurance answers for the evidence that the first two are doing what they say. The supplier does not need to be brilliant for this to work; it needs to be organised.
What to do on Monday.
Audit the current AI programme governance and ask one question: who, by name, is accountable for the customer outcome of each live or planned use case? If the answer is the CIO, the CTO or a steering committee, the operating model is wrong. Move ownership to the journey director and rescope IT's role to delivery. Keep assurance independent. Re-run the AIIA against the new owner. The work does not get harder. The accountability gets honest.