AI CAPABILITY • FOUNDATION
The Foundation
Strategy, data, sustainability, and the adoption landscape
Seven practical foundation areas that help AI work in the real world: direction, data, economics, privacy, sustainability, adoption, and risk.
On the map: the Foundation tier. What it maps here informs the operating model's data foundation and its trust & governance capstone: strategy, governance, data readiness, privacy, economics, adoption and risk. See the full stack →
Cross-pillar bridge: AI Foundation (here) · Markets and Compliance (Capability pillar) →
AT A GLANCE
The whole foundation in one view
Seven sections, grouped by where they sit in your AI thinking. Click any card to open the detail below.
Strategy & Governance
2 sectionsData & Readiness
3 sectionsResponsible AI
2 sectionsThe decisions your organisation needs to make — AI strategy, governance frameworks, vendor selection, and policy.
FOUNDATION LENS FOR SMALL TEAMS
For a solo operator, micro-business, or small practice, foundation does not mean building an enterprise AI office. It means making a few explicit choices: which tools are approved, what stays private, who owns the working method, how much experimentation is affordable, and where human judgement must stay in the loop.
In 30 Seconds
AI Strategy answers: Where are we going with AI, and why? AI Governance answers: How do we get there safely and responsibly?
Most organisations need both – but many have one without the other. A strategy without governance creates risk. Governance without strategy creates bureaucracy.
Where we help: Connecting strategy to execution. Many organisations have AI strategies that never translate into capability. We bridge that gap through practical implementation – making decisions actionable while keeping governance embedded in workflows.
Two Distinct Disciplines
AI Strategy
“What are we trying to achieve with AI?”
- • Vision: How AI fits your business direction
- • Priorities: Which use cases matter most
- • Investment: Where to allocate resources
- • Roadmap: Sequencing and dependencies
- • Measurement: How you'll know it's working
- • Efficiency vs Opportunity: Are you using AI to cut costs or to expand capacity? Jensen Huang: “companies with imagination will do more with more.” Organisations using AI to expand what's possible outperform those focused purely on headcount reduction.
AI Governance
“How do we use AI safely and responsibly?”
- • Policy: What's allowed, what's not
- • Risk: Identifying and managing AI-specific risks
- • Compliance: Regulatory requirements (EU AI Act, etc.)
- • Accountability: Who decides what, and who's responsible
- • Controls: Technical and procedural safeguards
What Organisations Need to Implement
Effective AI strategy and governance requires concrete components – not just documents.
Strategy Components
AI Vision Statement
Clear articulation of how AI supports business objectives – shared across leadership.
Use Case Portfolio
Prioritised list of AI applications with business cases and success criteria.
Investment Framework
Budget allocation, build vs buy decisions, and ROI measurement approach.
Capability Roadmap
Sequenced plan for building AI capability – technology, people, and process.
Governance Components
AI Policy
Clear expectations for AI use – what's permitted, what requires approval, what's prohibited.
Roles & Responsibilities
Who owns AI decisions across legal, tech, data, risk, and business functions.
Risk Framework
AI-specific risk assessment – layered by use case risk level (internal vs customer-facing).
Technical Controls
Approved tools, data classification, access controls, and monitoring.
Decision Trace Logging
Record exceptions, approvals, and rationale so decisions are explainable and auditable.
Canonical Truth Contracts
Clear ownership of which systems are authoritative for critical metrics and records.
The Connecting Tissue
Working Groups
Cross-functional forums connecting strategy direction with governance requirements.
Leadership Fluency
Board and executive capability to set direction and govern effectively.
Governance as Enabler
The most effective organisations treat governance as a way to move faster, not slower.
| Blocking Governance | Enabling Governance |
|---|---|
| Rules without clarity | Clear expectations everyone understands |
| Block external tools | Provide approved alternatives |
| Fear-based compliance | Education-based empowerment |
| Policies on shelves | Governance embedded in tools and workflows |
When governance is done well, employees know exactly what's expected. They have approved tools that work. They feel safe to experiment within clear boundaries. Auditability comes from decision traces, not just policy documents. The result: more innovation, not less.
In 30 Seconds
If your practice handles legally protected client information — solicitors, doctors, therapists, counsellors, accountants with privileged client communications — the architecture you need has a name now: a Public/Private wall.
The principle is straightforward. You separate AI use into two zones, with different tools in each, and the wall is enforced by which tool you have open rather than by your own discipline at the end of a long day.
The wall is a tool architecture, not a discipline. Discipline at the end of a long day fails. The choice of which tool you've opened decides which zone you're in.
The Two Zones
Public side
Marketing copy, blog posts, general writing, admin templates, brand work, internal training material. Anything that doesn't involve a specific client by identifiable detail.
Tools that work fine here:
- • Claude Pro (with training opt-out enabled)
- • ChatGPT
- • Gemini
Productivity is the goal. Sensitivity is low.
Private side
Anything client-identifying: case notes, draft letters with client names, financial documents, medical or therapeutic notes, contracts, planning correspondence about specific sites or projects.
Privacy-first tools:
- • Lumo (from Proton, end-to-end encrypted)
- • Mistral Le Chat Pro
- • Maple (on-device)
- • On-device models for the most sensitive material
Plus sector-specific tools: clinical scribing, legal drafting, accounting workflow.
A Defensible Stack
A defensible Public/Private stack for a small regulated practice runs about £40–70 per month. The point of the wall isn't perfection. It's that the tool you've opened decides which zone you're in, and you're not asking yourself the question fresh each time.
For now: pick the two tools you'll use on each side, set them up, decide explicitly which one you'll open by default, and keep client-confidential information off any tool whose recent security history you haven't reviewed. We'll publish a fuller standalone guide in the coming weeks — per-profession variants, on-device options, audit and indemnity considerations.
Explore Other Tiers
The Foundation connects to every other layer of the AI capability framework.
Building on Solid Foundations
Strategy, data, sustainability, adoption, and the right tools – these foundations determine whether your AI investments deliver. If any of these feel uncertain, we can help you get them right.