In my experience, AI competence has rarely arrived through formal channels. It has been assembled, piece by piece, in response to real and pressing questions. The Board needing a clear explanation of what large language models mean for enterprise risk. The CEO needing an honest assessment of vendor claims versus vendor delivery. The CFO asking whether existing insurance arrangements adequately cover AI-assisted work product. A regulator publishing guidance that needs translating into operational reality before the next board meeting.
These questions land, almost without exception, on the General Counsel’s desk, not because they have been formally designated the organisation’s AI expert, but because they are best placed to understand why the question matters, and most likely to be accountable if the answer is wrong. This combination of intellectual range and personal accountability has produced something valuable: a genuinely sophisticated, practically grounded understanding of what AI governance actually requires, built from the inside out rather than imposed from a framework downward.
We see this consistently in our own client conversations. General Counsel are not asking theoretical questions about AI. They are asking precise, operationally grounded questions — about liability allocation, about vendor due diligence, about how existing professional obligations apply to AI-assisted outputs. That level of specificity reflects real engagement, built over time, often without anyone formally recognising the expertise being developed.
“The General Counsel has, in effect, become the de facto AI conscience of the modern enterprise — often without the dedicated resource or specialist support that this scope of responsibility would typically warrant elsewhere in the business.”
We have also had the privilege of hearing General Counsel speak publicly about their AI governance journeys at industry conferences, and the calibre of that thinking deserves wider circulation.
There is a genuine opportunity here for mutual exchange. General Counsel have, by necessity, developed practical governance frameworks tested against real operational pressure. Private practice, meanwhile, often holds deep technical and regulatory expertise built through advising across many organisations and sectors. Neither perspective is complete without the other. The firms and advisers who actively seek out the in-house perspective, who treat General Counsel as genuine partners in shaping AI governance rather than simply as clients receiving advice, will build stronger, more resilient frameworks as a result. We would like to see more of that exchange happen, and we are keen to help facilitate it.
What is sometimes missed in conversations celebrating the General Counsel’s rising influence is the corresponding burden. Being the first point of contact for every AI-related question, from inside the organisation and from external vendors, regulators, and advisers, is not simply a mark of growing authority. It is a significant and often unacknowledged weight.
Consider what a single week can look like in practice: evaluating a vendor’s claims about a new AI contract review platform, including its security architecture and liability provisions, before a business unit signs an agreement it has not fully scrutinised. Preparing a board paper on AI risk exposure across the enterprise. Reviewing revised outside counsel guidelines containing new AI indemnity clauses that raise genuinely novel questions. Advising a junior team member on whether and how generative AI tools may appropriately be used for legal research. Interpreting newly published regulatory guidance and translating it into practical guidance for the business, often within days.
None of this typically arrives as a dedicated governance workstream with its own resourcing. It arrives folded into an already demanding practice. The General Counsel does not get to triage this work — they absorb it, alongside everything else.
At Grant Thornton, we recognise this dynamic clearly because it mirrors much of what we see across the organisations we work with. The General Counsel has, in effect, become the de facto AI conscience of the modern enterprise, expected to lead governance conversations at board level, scrutinise vendor claims with appropriate rigour, interpret regulatory change, and manage enterprise AI risk, frequently without the dedicated resource or specialist support that this scope of responsibility would typically warrant elsewhere in the business.
Our Legal Data Intelligence practice can work alongside General Counsel and their teams to build structured, defensible AI governance frameworks. We translate the kind of practical, hard-won competence many General Counsels have already developed informally into formal, board-ready governance structures, risk assessment methodologies, and AI literacy programmes that can be embedded sustainably across the organisation.
Our approach is collaborative rather than prescriptive. We start from the recognition that many General Counsel already understand their organisation’s risk landscape better than any external framework could on its own. Our role is to help formalise, strengthen, and scale that understanding, while bringing external perspective on regulatory developments, market practice, and emerging risk.
If this resonates with challenges your organisation is currently navigating, please reach out to Melina Efstathiou, Managing Director of Legal Data Intelligence and AI Governance Expert at Grant Thornton, to arrange a conversation.
Explore further insights for General Counsel and In-house Lawyers on our dedicated General Counsel Hub.
We explore the role of modern GCs as strategic leaders, ethical compasses and crisis navigators – essential to an organisation’s resilience and success.
Explore detailed insights into the latest integrity concerns and risk mitigation strategies, learn from industry leaders on how to manage and prevent fraud, bribery, and corruption, and discover actionable steps to implement ‘reasonable procedures’ and ensure compliance with regulatory standards.