Maybe your organisation is rolling out an AI tools strategy which HR has to implement without knowing whether your people actually know how to direct what they've been given or whether they're just using it and hoping. Tech is progressing far faster than policy can keep up with it, and that's the tip of the iceberg.

Many people are already using AI on personal accounts, with client data, on infrastructure that is not neutral. Consumer accounts feed model training by default. Your prompts, your client context, your internal thinking, potentially cycling back into the model that answers someone else's question tomorrow. Enterprise licensing changes that picture, but only if that is what your people are actually using. 47% of employees access AI through personal, unmanaged accounts, bypassing enterprise controls entirely [1]. The enterprise agreement your procurement team signed does not cover the account your senior manager opened on their phone at 11pm.

Tools without a human operating layer don't compound. They just get used until something goes awry and 79% of C-suite leaders say it already is [2].

The answer is not another training programme. Every programme in the market teaches your people to use AI better. contAIn™ teaches your organisation to direct it. That is not the same thing. The contAIn™ layer is the human operating system for the AI era, the methodology that sits between your people and the tools so that every platform, application, agent or system works toward the outcomes you've defined, and reflects who you are. You take driving lessons so you can control a car. You apply contAIn™ to your organisation so you can control AI across it.

When it is in place, a key person leaving does not take the standard with them. The methodology is owned by the organisation. The AI reflects the institution, not just the individual. What they built compounds, it doesn't reset, and when the board asks what you have done to govern your AI, you have an answer not a policy document, not a completion certificate, a living evidenced framework, and this can be used to front load the incoming legislative requirements.

The EU Artificial Intelligence Act literacy obligation has been in force since February 2025. A uniform sixty-minute module does not meet it [3]. That is worth knowing, but it also is not the reason to call, because despite what you may understand it is not the deciding factor for UK AI literacy. See the article for more details, or drop me a line on [email protected].

Download the UK AI Governance Framework (PDF) →

When AI makes a decision, accountability does not disappear, it just becomes harder to locate. UK regulators are moving from asking whether you have a policy to asking whether it works in practice. The contAIn™ governance framework names the seven things you need to be able to prove about your AI use, mapped to ICO, FCA and the UK's five AI principle requirements.

C · Constraint. The limits a human sets on what AI is allowed to produce, before it starts.

O · Oversight. A human directing the AI and staying above its output, not rubber-stamping it.

N · Necessity. The decision about which tasks AI should be used for, and which it shouldn't.

T · Transparency. A record of what the AI did, who was responsible, and why.

A · Authority. A named person who directs the AI and answers for what it produces.

I · Intent. The outcome the AI is working toward, set by the responsible person before work begins.

N · Not Negotiable. The hard limits AI output can never breach, and the records that prove it.

Can your organisation prove them?

The contAIn™ CRASH diagnostic is where the engagement begins. It usually takes around half a day, and is designed to surface what is actually happening with AI across your organisation and measure it against the standard above. The Trustmarque AI Governance Index 2025 found 93% of UK organisations are running AI and only 7% have the governance to support it. CRASH tells you which side of that line you are on.

C · Consult. The real picture of how AI is being used across your organisation, the conversations with your people that surface the gaps they see.

R · Review. What your organisation knows about its AI use, and what the gaps in that answer reveal.

A · Assess. What is working, what is exposed, where the risk sits and what needs fixing.

S · Strategy. A clear, board-ready plan for what your organisation does next and who is responsible for monitoring it.

H · Human. Accountability you own, because methodology works when a real person with authority is above the loop.

CRASH is the first stage of a four-stage engagement: DIAGNOSE, ALIGN, DELIVER, SUSTAIN. Diagnose surfaces the current state, align agrees the standard and who owns it, deliver builds the methodology layer into how your people work, and sustain keeps it running while producing the evidence trail that proves it.

The seven principles are the standard. CRASH is how you find out where you stand against it.

contAIn™ is a UK registered trademark and the methodology is built on documented research: the Feed Loop preprint, DOI 10.5281/zenodo.20474271.

The reason to call is that Shadow AI is actually a thing, your people are already using AI, the question is whether it is working for your organisation or whether it is working despite it, or actively against it.

The contAIn™ CRASH diagnostic maps what is actually in your building: what tools are in use, what they have been told, and where the gap is between your AI investment and your business results. Give me a call, drop me a mail for more details. All the best. Sam

Download the contAIn™ CRASH one-pager → Request a contAIn™ CRASH diagnostic →

[1] Netskope 2026 Cloud and Threat Report: 47% of GenAI users access tools through unmanaged personal accounts. netskope.com

[2] WRITER Enterprise AI Adoption 2026: 79% of organisations face challenges adopting AI; 54% of C-suite executives say it is tearing their company apart. writer.com

[3] EU AI Act Article 4: AI literacy obligations in force 2 February 2025. Not deferred by the AI Act Omnibus proposal, May 2026. eur-lex.europa.eu