Trust in AI Does Not Build Itself

Enza, your research covers privacy, trust, and AI governance. How do these topics connect?

Enza Iannopollo: Privacy is my original area of research. It is not only about regulation, but also about how organisations can use technology to comply with legal requirements.

Since 2021, I have also worked on our research into trust. We examine why customers trust a brand or employees trust their employer, and which factors shape that relationship.

The third area is AI governance: how organisations can use AI in an ethical and trustworthy way.

You argue that distrust is increasingly becoming the default. What has changed?

Generative AI has now been directly accessible to consumers for several years. That gives us a clearer view of how it affects their perception and behaviour. We already knew that trust depends heavily on context. Country, culture, and industry all play an important role. With AI, however, risk perception has moved much more clearly to the forefront.

Highly regulated industries remain among the most trusted. But when we ask whether companies can manage AI effectively and control the related risks, trust drops by roughly half. AI therefore changes consumer expectations significantly.

At the same time, many people use AI every day. Is that a contradiction?

Trust depends strongly on the use case. A movie recommendation is low risk, so many people are willing to rely on AI. The situation is different with financial decisions, healthcare, or other sensitive contexts. In those cases, the key question is which organisations people trust to use AI responsibly.

Only a small share of European consumers trust information provided by AI. At the same time, many people cannot tell when they are interacting with AI. That is precisely why transparency matters.

Do companies underestimate how quickly poorly implemented AI can damage trust?

Yes, although the technology itself is not necessarily the problem. The issue is usually the wrong use case, poor technical implementation, or inadequate risk management. AI is not well suited to situations that require a high degree of empathy and a deep understanding of a person’s emotional state. A system can imitate emotions, but that is not the same as genuine empathy. A weak data foundation also increases the risk of inaccurate or misleading results. Companies must not ignore risks simply because assessing them is difficult or inconvenient. Unmanaged risks can cause significant damage.

What happens when companies lose customer trust?

Customers change their relationship with the brand. They buy less or stop buying altogether, no longer advocate for the company, and share less data. Many also ask for their data to be deleted. They do not want a company they distrust to continue creating value from their information. This is particularly important as organisations increasingly rely on first-party data. To receive that data, they must explain clearly how it will be used, protect it, and honour the commitments they have made.

Trust therefore becomes a prerequisite for personalisation.

When customers trust a company, they are more likely to share data and allow personalised experiences. But that requires a genuine relationship. The company must state a clear purpose, keep the data secure, and avoid sharing it without the customer’s knowledge. Ideally, customers should also see how they benefit from the use of their data.

What should companies do to close the AI trust gap?

Responsible AI is non-negotiable. Organisations need robust governance if they want to move AI from pilots into production at scale. AI must also work in the customer’s best interest. Many chatbots are optimised primarily to trigger a purchase. That does not necessarily serve the customer. Companies can pursue their own goals, but they must also consider how AI helps customers achieve theirs.

Which principles define responsible AI?

Privacy and data security come first. Companies must protect customer data, use it ethically, and respect the promises made when it was collected. Human oversight is another essential element. A person should remain involved in high-risk use cases and in situations that require genuine empathy. Fairness also matters. Companies must prevent discrimination and bias. AI needs to be safe and robust and behave within clearly defined boundaries, including in exceptional situations. Decisions must be explainable and transparent. Finally, accountability must be clear. When AI acts on behalf of a company, the company remains responsible.

Who carries that responsibility within the organisation?

Responsibility is shared. Business units are accountable for the applications they use. The CISO remains involved in security matters, the Chief Privacy Officer in privacy issues, and the legal team in questions of compliance and liability. HR is also a critical stakeholder when AI affects employees or applicants.

There is therefore no single person responsible for everything. Accountability depends on the specific risk. What matters is defining clearly who owns the issue, who makes decisions, and who must be involved.

How can companies build effective AI governance?

They do not necessarily need to start from scratch. Organisations with strong data governance can build on it. The same applies to established programmes for privacy, information security, or ethical data use.

Another approach is to create a complete inventory of AI use cases. Companies can then assess which data is involved, which groups are affected, and which decisions the system makes. That makes it possible to distinguish between high-, medium-, and low-risk use cases and define the necessary controls.

What should companies do now?

They should not postpone responsible AI and governance. It may seem less exciting than deploying the latest model, but it is essential for scaling. Companies must also improve data quality and prepare now for agentic AI. Once systems make decisions independently and interact with external systems, transparency, visibility, and control cannot be added later. The key is to act now while also anticipating what comes next.

You ended your keynote with «Act and Lead». What does that mean for companies?

Act means building governance, assessing risks, and using AI responsibly. Lead means not simply following what everyone else appears to be doing. In governance, we see many followers but relatively few genuine leaders.

The organisations that took responsibility early are often also the ones leading in successful AI implementation today. Companies that want to differentiate themselves and grow with AI must be bold enough to lead.