AI CAPABILITY • FOUNDATION

The Foundation

Strategy, data, sustainability, and the adoption landscape

Seven practical foundation areas that help AI work in the real world: direction, data, economics, privacy, sustainability, adoption, and risk.

On the map: the Foundation tier. What it maps here informs the operating model's data foundation and its trust & governance capstone: strategy, governance, data readiness, privacy, economics, adoption and risk. See the full stack →

Cross-pillar bridge: AI Foundation (here) · Markets and Compliance (Capability pillar) →

AT A GLANCE

The whole foundation in one view

Seven sections, grouped by where they sit in your AI thinking. Click any card to open the detail below.

Strategy & Governance

2 sections

Data & Readiness

3 sections

Responsible AI

2 sections

The decisions your organisation needs to make — AI strategy, governance frameworks, vendor selection, and policy.

FOUNDATION LENS FOR SMALL TEAMS

For a solo operator, micro-business, or small practice, foundation does not mean building an enterprise AI office. It means making a few explicit choices: which tools are approved, what stays private, who owns the working method, how much experimentation is affordable, and where human judgement must stay in the loop.

In 30 Seconds

AI Strategy answers: Where are we going with AI, and why? AI Governance answers: How do we get there safely and responsibly?

Most organisations need both – but many have one without the other. A strategy without governance creates risk. Governance without strategy creates bureaucracy.

Where we help: Connecting strategy to execution. Many organisations have AI strategies that never translate into capability. We bridge that gap through practical implementation – making decisions actionable while keeping governance embedded in workflows.

Two Distinct Disciplines

AI Strategy

“What are we trying to achieve with AI?”

  • Vision: How AI fits your business direction
  • Priorities: Which use cases matter most
  • Investment: Where to allocate resources
  • Roadmap: Sequencing and dependencies
  • Measurement: How you'll know it's working
  • Efficiency vs Opportunity: Are you using AI to cut costs or to expand capacity? Jensen Huang: “companies with imagination will do more with more.” Organisations using AI to expand what's possible outperform those focused purely on headcount reduction.

AI Governance

“How do we use AI safely and responsibly?”

  • Policy: What's allowed, what's not
  • Risk: Identifying and managing AI-specific risks
  • Compliance: Regulatory requirements (EU AI Act, etc.)
  • Accountability: Who decides what, and who's responsible
  • Controls: Technical and procedural safeguards

What Organisations Need to Implement

Effective AI strategy and governance requires concrete components – not just documents.

Strategy Components

AI Vision Statement

Clear articulation of how AI supports business objectives – shared across leadership.

Use Case Portfolio

Prioritised list of AI applications with business cases and success criteria.

Investment Framework

Budget allocation, build vs buy decisions, and ROI measurement approach.

Capability Roadmap

Sequenced plan for building AI capability – technology, people, and process.

Governance Components

AI Policy

Clear expectations for AI use – what's permitted, what requires approval, what's prohibited.

Roles & Responsibilities

Who owns AI decisions across legal, tech, data, risk, and business functions.

Risk Framework

AI-specific risk assessment – layered by use case risk level (internal vs customer-facing).

Technical Controls

Approved tools, data classification, access controls, and monitoring.

Decision Trace Logging

Record exceptions, approvals, and rationale so decisions are explainable and auditable.

Canonical Truth Contracts

Clear ownership of which systems are authoritative for critical metrics and records.

The Connecting Tissue

Working Groups

Cross-functional forums connecting strategy direction with governance requirements.

Leadership Fluency

Board and executive capability to set direction and govern effectively.

Governance as Enabler

The most effective organisations treat governance as a way to move faster, not slower.

Blocking GovernanceEnabling Governance
Rules without clarityClear expectations everyone understands
Block external toolsProvide approved alternatives
Fear-based complianceEducation-based empowerment
Policies on shelvesGovernance embedded in tools and workflows

When governance is done well, employees know exactly what's expected. They have approved tools that work. They feel safe to experiment within clear boundaries. Auditability comes from decision traces, not just policy documents. The result: more innovation, not less.

In 30 Seconds

If your practice handles legally protected client information — solicitors, doctors, therapists, counsellors, accountants with privileged client communications — the architecture you need has a name now: a Public/Private wall.

The principle is straightforward. You separate AI use into two zones, with different tools in each, and the wall is enforced by which tool you have open rather than by your own discipline at the end of a long day.

The wall is a tool architecture, not a discipline. Discipline at the end of a long day fails. The choice of which tool you've opened decides which zone you're in.

The Two Zones

Public side

Marketing copy, blog posts, general writing, admin templates, brand work, internal training material. Anything that doesn't involve a specific client by identifiable detail.

Tools that work fine here:

  • • Claude Pro (with training opt-out enabled)
  • • ChatGPT
  • • Gemini

Productivity is the goal. Sensitivity is low.

Private side

Anything client-identifying: case notes, draft letters with client names, financial documents, medical or therapeutic notes, contracts, planning correspondence about specific sites or projects.

Privacy-first tools:

  • Lumo (from Proton, end-to-end encrypted)
  • Mistral Le Chat Pro
  • Maple (on-device)
  • • On-device models for the most sensitive material

Plus sector-specific tools: clinical scribing, legal drafting, accounting workflow.

A Defensible Stack

A defensible Public/Private stack for a small regulated practice runs about £40–70 per month. The point of the wall isn't perfection. It's that the tool you've opened decides which zone you're in, and you're not asking yourself the question fresh each time.

For now: pick the two tools you'll use on each side, set them up, decide explicitly which one you'll open by default, and keep client-confidential information off any tool whose recent security history you haven't reviewed. We'll publish a fuller standalone guide in the coming weeks — per-profession variants, on-device options, audit and indemnity considerations.

Building on Solid Foundations

Strategy, data, sustainability, adoption, and the right tools – these foundations determine whether your AI investments deliver. If any of these feel uncertain, we can help you get them right.