← Back to all blogs

Louise Cermak | 03 July 2026

AI readiness assessment. 6 questions every UK technology leader should ask

AI readiness

An AI readiness assessment is not a test of AI enthusiasm. It is a risk-control exercise that tests whether your strategy, data, systems, governance, delivery capability and operating model are ready to support AI safely and effectively.

If one of those foundations is weak, the right decision may be to fix, narrow or pause the initiative before funding tools, pilots or consultancy. Moving faster does not reduce AI risk. It usually hides problems until budget, technical debt and organisational complexity have already accumulated.

The goal of an AI readiness assessment is not to accelerate AI adoption at all costs. It is to improve the quality of decisions before spend becomes difficult to unwind.

Download the AI Readiness Playbook

What is an AI readiness assessment?

An AI readiness assessment is a structured review of whether an organisation is ready to adopt, govern and operationalise AI in a controlled way. It tests whether there is:

  • A clear business problem to solve
  • Trusted and accessible data
  • Systems that can support AI in real workflows
  • Governance and ownership
  • Delivery capability
  • Conditions for safe adoption

The objective is not to produce a maturity score. It is to give senior leaders a clear view of where the organisation is ready, where it is exposed and what needs to be fixed before AI investment becomes expensive experimentation.

In practice, an AI readiness assessment should test whether the organisation has the business case, data foundations, technical estate, governance and adoption conditions needed to operationalise AI successfully.

Why AI readiness matters before you fund AI

The hard part of AI is no longer access to tools. The challenge is making AI useful, safe and repeatable inside complex organisations.

McKinsey’s 2025 State of AI survey found that 88% of organisations regularly use AI in at least one business function, but only around one-third have begun scaling AI initiatives. Just 39% reported any enterprise-level EBIT impact from AI.

That is the readiness gap. AI activity is increasing faster than operational capability.

The gap creates several commercial risks:

  • Money spent on tools before the business case is clear
  • Pilots that prove technical feasibility but never become production services
  • Poor data creating unreliable outputs
  • Compliance or security teams blocking deployment late in the process
  • Duplicated AI activity across departments
  • Low adoption because people do not trust or understand the output

UK technology and transformation leaders do not need more AI enthusiasm. They need a sharper filter before budget, delivery capacity and programme attention are committed.

This is also why a successful pilot does not mean the organisation is ready to scale. A pilot tests technical feasibility in controlled conditions. Production AI exposes systems to real users, live data, legacy platforms, governance requirements and real-world complexity.

The purpose of an AI readiness assessment is not to prove that AI should proceed. It is to improve the quality of decisions before spend, complexity and technical debt become difficult to unwind.

The 6 AI readiness questions UK technology leaders should ask

These six questions give CIOs, CTOs, Digital Directors and Transformation Programme Directors a practical way to assess AI readiness before spend accelerates.

Question What it tests Red flag Commercial risk
What business problem should AI solve? Strategy and value ‘We need AI’ without a specific outcome Investment without measurable value
Is your data ready enough to trust? Data quality, access and governance Conflicting data, unclear ownership, manual extracts Unreliable outputs and poor decisions
Can your systems support AI in real workflows? Integration and technical estate Isolated tools, brittle processes, spreadsheet workarounds Delivery delays and operational complexity
Who owns AI governance, risk and accountability? Control, approval and oversight Governance in PDFs only Late-stage blockers and unmanaged risk
Can you operationalise AI? Delivery capability Pilot-only capability, no monitoring, no support model Failure to scale beyond experimentation
Will people use AI safely and consistently? Adoption and behaviour Shadow AI, low trust, unclear usage rules Low adoption and limited business impact

They are not a scoring system. They are a pressure test designed to improve decision quality. If any answer is vague, the organisation is probably not ready to increase investment.

Weak answers do not necessarily mean AI should stop. They do mean that leaders should understand the constraint before committing more budget, delivery capacity or organisational attention.

The objective is not to accelerate AI adoption at all costs. It is to make better decisions about where to proceed, where to narrow ambition and where to strengthen the foundations first.

Download the AI Readiness Playbook

Each question explores a different foundation of AI readiness.

1. What business problem should AI solve?

The first readiness question is not ‘which model should we use?’ It is ‘what business outcome are we trying to improve?’

If the answer is vague, the initiative is already at risk. ‘Improve productivity’ is not enough. ‘Use AI in customer service’ is not enough. ‘Adopt Copilot’ is not enough.

A credible AI use case should be linked to a measurable outcome, such as reducing manual review time, improving decision quality, increasing compliance confidence, accelerating service response or removing operational bottlenecks.

Good practice include a named business owner, a specific process or decision to improve, a measurable outcome, clear users, known constraints and a realistic delivery path.

Red flags include duplicate pilots, vendor-led ideas, unclear ownership and weak business cases.

For Transformation Programme Directors, the key question is whether there is a named senior owner prepared to be accountable for the programme across its full lifecycle, not just the pilot phase.

McKinsey’s 2025 research found that AI high performers are three times more likely than their peers to report strong senior-leader ownership and commitment to AI initiatives.

Without clear ownership and measurable outcomes, organisations often end up funding technology before they have defined the value they expect it to create.

2. Is your data ready enough to trust?

AI readiness depends on data readiness, but the two are not the same thing.

Your data does not need to be perfect. It does need to be fit for the intended use case. Leaders need to understand what data exists, who owns it, whether it can be accessed, whether it is accurate enough and whether it can safely be used for the intended AI purpose.

This matters. The Information Commissioner’s Office (ICO) provides guidance on applying UK GDPR principles to AI systems and offers an AI and data protection risk toolkit for assessing risks to individual rights and freedoms.

Data readiness should test:

  • Quality. Is the data accurate and complete enough?
  • Ownership. Who is accountable for the dataset?
  • Access. Can the right systems and people use it?
  • Provenance. Where did the data come from and how has it changed?
  • Permissions. Can it be used for this AI purpose?
  • Interoperability. Can it connect with the systems and processes that depend on it?

Red flags include conflicting metrics, manual data extracts, poor metadata, unclear ownership and datasets trapped in systems that cannot easily connect to anything else.

The objective is not to make every dataset perfect. It is to establish whether the data is trusted, accessible and usable enough to support the business outcome the AI initiative is intended to deliver.

3. Can your systems support AI in real workflows?

AI that works in a demo can still fail in a real operating environment.

The reason is simple. Success depends on more than the model. AI relies on access to data, integration with existing systems, secure deployment paths, monitoring, support and workflows that users can actually follow.

Legacy systems are not always a blocker, but they often create hidden friction. Data may be locked behind old interfaces. Processes may depend on spreadsheets and manual exports. Business logic may sit in people’s heads rather than documented workflows. None of this makes AI impossible. It does mean though, that readiness needs to be tested before build begins.

The NCSC‘s secure AI system development guidance states that AI systems should be designed, developed, deployed and operated securely, with security treated as a requirement throughout the system lifecycle.

Red flags include manual workarounds, undocumented systems, fragile integrations, no clear route to production, no support model, no monitoring plan and unclear ownership after launch.

The question is not whether AI can work. It is whether the surrounding systems, processes and operating model can support it reliably, once real users and real workloads are involved.

4. Who owns AI governance, risk and accountability?

AI governance is not a committee pack. It is the operating control that determines what AI can be used for, who owns the risk, what data can be accessed, how outputs are checked and where human oversight is required.

This is where many organisations over-estimate their readiness.

They may have acceptable-use policies, risk teams and an AI working group. But when a real use case appears, they cannot quickly answer who approves it, what data it can access, who is accountable for the output, how decisions are audited, where human review is required or who monitors performance over time.

For UK organisations, important reference points include ICO AI and data protection guidance, NCSC secure AI development guidance and the UK Government’s pro-innovation approach to AI regulation.

The purpose of governance is not to slow delivery. It is to stop risk appearing late in the process, after time, money and delivery capacity have already been committed.

Red flags include governance that exists only in PDFs, risk and legal teams brought in after the pilot, no named owner for AI risk, no audit trail, unclear human oversight, no process for reviewing outputs after launch and no visibility or control over AI usage costs.

Governance works best when it operates inside delivery processes rather than depending on documents, committees and end-stage approvals. Without clear ownership and controls, AI programmes often discover risk too late, when the cost of change is highest.

5. Can you operationalise AI?

A pilot proves that something can work. It does not prove that the organisation can run it.

Production AI requires a different level of readiness. It needs deployment processes, monitoring, security, ownership, cost control, incident response and lifecycle management. NCSC guidance includes deployment, incident management, logging, monitoring, update management and secure operation as part of the AI system lifecycle.

This is where many AI programmes stall. The model works. The demo is impressive. The business is interested. But nobody has answered how the system will be monitored, supported, updated and controlled once real users depend on it.

Red flags include pilots that live in notebooks, manual deployment, no monitoring, no support model, no owner after launch, unclear cost management, no incident process and no integration with existing service management.

A successful pilot proves technical feasibility. It does not prove operational readiness. The real challenge is not getting AI into production. It is ensuring the organisation can support, govern and evolve it once it becomes part of day-to-day operations.

6. Will people use AI safely and consistently?

AI value depends on behaviour. If people do not trust the system, understand the rules or see how it fits their work, they will ignore it, misuse it or route around it.

Readiness therefore includes adoption. Not as a change-management after-thought, but as a core condition of success.

McKinsey’s 2025 research found that AI high performers are nearly three times as likely as others to say they have fundamentally redesigned individual workflows. The research links workflow redesign with meaningful business impact from AI.

AI rarely fails because people reject the technology. More often, organisations expect people to change behaviour without changing the underlying workflow. Adoption improves when AI becomes part of existing processes rather than an additional task.

Good practice include clear usage guidance, role-specific training, visible leadership support, practical examples of approved use, communities of practice and AI embedded into existing workflows.

Red flags include shadow AI, unclear rules, inconsistent usage, low confidence, low adoption and employees experimenting with sensitive information because nobody has explained what is allowed.

This is especially important in public sector environments, where AI may touch citizen services, statutory duties, legacy processes or high-scrutiny decisions. The issue is not simply whether the technology works. It is whether people can use it safely and consistently within the operating model.

Without trust and workflow integration, even technically successful AI initiatives struggle to deliver sustained business value.

Download the AI Readiness Playbook

AI readiness framework. How it differs from data readiness and AI maturity

These terms are often used interchangeably. They should not be.

Term What it means Common mistake
AI readiness Whether the organisation can adopt, govern and operationalise AI successfully today Treating it as a technology checklist
Data readiness Whether the data is fit for a specific AI use case Assuming clean data alone means AI is safe to deploy
AI maturity How advanced and embedded AI capabilities become over time Treating maturity as permission to move faster

A company can be data-rich but AI-unready. It may have large volumes of information but weak ownership, poor governance, brittle systems or low trust.

A company can also be AI-active but not AI-ready. It may have tools in use and pilots underway, but still lack the foundations needed to operationalise AI successfully.

Understanding the difference matters because the wrong diagnosis leads to the wrong investment. If the issue is data access, another AI tool will not solve it. If the issue is governance, another pilot may only increase risk. If the issue is adoption, a better model may still fail to change behaviour.

Understanding readiness is useful only if it leads to action. The value of an assessment comes from the decisions it enables, not the score it produces.

What should an AI readiness assessment produce?

A useful AI readiness assessment should produce decisions, not just observations.

At a minimum, it should help leaders understand:

  • Which AI use cases are worth pursuing
  • Which datasets are ready and which are exposed
  • Where systems and integrations will constrain delivery
  • What governance controls are missing
  • Whether delivery teams can support production AI
  • Where adoption risk is highest
  • What must happen before budget is committed

The output should not be a vague maturity score. Scores can be useful, but only if they lead to action.

A better outcome is a prioritised view of what to do next.

In practice, readiness assessments should produce decisions rather than maturity scores.

Readiness result Meaning Sensible next step
Go Foundations are strong enough for controlled delivery Prioritise use cases and start delivery
Fix One or more foundations need work first Address the limiting constraint
Narrow The ambition is too broad for current readiness Reduce scope and run a bounded initiative
Pause Risk is too high or value is unclear Do not fund delivery yet

The purpose of the assessment is not to prove that AI should proceed. It is to improve the quality of investment decisions. In some cases, the right answer will be to accelerate. In others, it may be to fix, narrow or pause before complexity and cost begin to accumulate.

Who should own an AI readiness assessment?

AI readiness is rarely owned by one team.

It should typically involve:

  • CIOs and CTOs
  • Digital and Transformation Directors
  • Enterprise Architecture teams
  • Data leaders
  • Security and governance stakeholders
  • Business owners responsible for the process being improved

Most AI failures are operating model failures rather than model failures. That is why AI readiness should be a cross-functional exercise rather than a technology-only initiative.

When should you run an AI readiness assessment?

Run an AI readiness assessment before the spend becomes difficult to unwind.

The best moments are:

  • Before buying AI tools or platforms
  • Before funding an AI pilot
  • Before scaling a successful pilot
  • Before using sensitive customer, employee or citizen data
  • Before embedding AI into regulated workflows
  • Before appointing an AI consultancy or implementation partner
  • When multiple teams are experimenting without shared governance
  • When leadership wants AI progress but the business case is still unclear

Start with a focused assessment if needed. The first useful outcome is often simple clarity – what can move now, what needs fixing and what should not be funded yet.

The mistake is to treat readiness as something to check after the pilot. By then, organisations have often already built around the wrong assumptions. Readiness works best as a front-end discipline, helping leaders make better decisions before complexity, cost and technical debt begin to accumulate.

What to do after the assessment

The purpose of an AI readiness assessment is not to produce a document. It is to make better decisions.

If readiness is strong, move into controlled delivery. Prioritise a small number of use cases, define ownership and make governance part of the delivery process from the start.

If readiness is mixed, fix the weakest foundation first. That might mean improving data access, clarifying governance, simplifying integration, strengthening delivery capability or improving adoption support.

If readiness is weak, narrow or pause the initiative. That is not failure. It is often a better commercial decision than funding AI activity the organisation is not ready to support.

The right AI partner should start with the problem, not the technology. Before committing to a build, leaders should ask whether the approach is grounded in business outcomes, whether readiness is assessed before recommendations are made and whether the provider understands complex systems and regulated operating environments.

To pressure-test your own organisation against the full framework, download the AI Readiness Playbook. It provides a practical framework for assessing strategy, data, governance, delivery capability and adoption before AI investment accelerates.

Download the AI Readiness Playbook

FAQs about AI readiness assessments

What is an AI readiness assessment?

An AI readiness assessment is a structured review of whether an organisation has the strategy, data, systems, governance, delivery capability and adoption conditions needed to use AI safely and effectively.

What should an AI readiness assessment include?

It should assess business value, data readiness, technical estate, governance, security, delivery capability and adoption. The objective is to expose constraints before the organisation commits budget to tools, pilots or implementation.

How is AI readiness different from AI maturity?

AI readiness asks whether the organisation is prepared to adopt or scale AI now. AI maturity describes how advanced and embedded AI capabilities become over time.

How is AI readiness different from data readiness?

Data readiness focuses on whether data is trusted, accessible and fit for a specific use case. AI readiness is broader, covering strategy, systems, governance, delivery capability and adoption.

When should UK technology leaders run an AI readiness assessment?

They should run one before buying AI platforms, funding pilots, scaling successful experiments, using sensitive data or appointing an implementation partner.

Who should own an AI readiness assessment?

AI readiness should be a cross-functional responsibility involving technology, data, security and business stakeholders. Most AI failures are operating model failures rather than model failures, so ownership should extend beyond IT alone.

Does an AI readiness assessment need to cover governance?

Yes. Governance defines ownership, acceptable use, data controls, approval routes, monitoring and human oversight. Without governance, AI risk often appears too late in the delivery process.

What are the signs an organisation is not ready for AI?

Common signs include vague use cases, poor data ownership, brittle legacy systems, unclear governance, pilot-only capability, no monitoring plan and low user trust.

Should we run an AI pilot before or after an AI readiness assessment?

Run at least a lightweight readiness assessment first. Otherwise, a pilot may prove technical feasibility without testing whether the organisation can support, govern and operationalise the solution.

Can legacy systems prevent AI adoption?

Not necessarily. Legacy systems often create integration and governance challenges, but they do not automatically prevent AI adoption. The important question is whether the surrounding systems, processes and operating model can support AI reliably.

Does data need to be perfect before using AI?

No. Data does not need to be perfect. It does need to be trusted, accessible and fit for the intended use case. AI readiness is about fitness for purpose rather than perfect datasets.

Is an AI readiness assessment only for large enterprises?

No. Any organisation investing in AI benefits from understanding its constraints before spending accelerates. The depth of the assessment should reflect the complexity and risk of the intended use case.