Against the backdrop of the fast advancement of artificial intelligence ( AI ) and complex geopolitical dynamics, the role of the Chief Information Officer ( CIO ) has evolved from that of a traditional technology manager into a core driver of corporate strategy, a guardian of risk control, and a bridge for cross-border technology collaboration.

During the recently concluded 2025 T-EDGE conference, Thomas Phelps, Senior Vice President of Corporate Strategy and CIO at Laserfiche; Howard Miller, CIO of the UCLA Anderson School of Management; Kevin Cai, CIO of the Hospital Authority of Hong Kong; and Ilana Blumenfeld, U.S. AI Partner at PwC, gathered for a discussion moderated by Jing He, Managing Partner at Gen Law Firm. The panel shared insights on topics ranging from the responsibilities of CIOs within enterprises to data governance and AI compliance.

PwC ’ s latest U.S. Responsible AI Survey shows that only 28% of respondents regard "responsible AI" as a top core business priority, and only 33% of companies have achieved clear, enterprise-wide implementation. These figures have sparked widespread reflection within the industry on the maturity of AI governance, while also indicating the difficult balance global enterprises face between AI innovation and risk management. McKinsey ’ s 2024 Global AI Survey reaffirms this challenge: approximately 60% of companies worldwide have launched AI-related initiatives, yet only 15% have established comprehensive AI governance frameworks, and the average return on AI investment is less than 30% of the expected.

A Shift in Responsible AI: From Risk Control to Value Creation

"Oftentimes when you hear the term responsible AI, we're talking a lot about risk mitigation,   risk management, controls … and it ’ s also about helping enterprises get more value from AI systems," said Blumenfeld when sharing the survey ’ s key findings. In her view, AI is not merely a compliance tool, but a value-generation engine.

Blumenfeld went on to explain that the low maturity of responsible AI practices stems primarily from an imbalance between the fast pace of technological iteration and the relatively slow development of governance frameworks. As AI agents become an industry focal point in 2026, enterprises are discovering that traditional application management models are no longer suitable for emerging AI technologies. Building forward-looking governance systems is even more challenging when AI use cases themselves are not yet clearly defined. "I think anybody who tells you they have a complete, fully baked, responsible AI, they've solved all of those issues,   I think they have misled themselves," she said. The rapid development of AI technologies and risk awareness requires governance practices to be highly agile and capable of continuous evolution.

During the discussion, regional differences in global AI regulation also became a major point of debate. Drawing on his experience attending Gartner forums, Cai offered a striking observation. Compared with Europe and the Middle East, the United States and China are lenient in AI regulation, and development in these two regions is moving much faster than elsewhere, he said.

There are two major approaches to AI regulation in the world: strict regulation in Europe and an innovation-first approach in the United States and China, said Cai. As the world ’ s first comprehensive AI regulatory framework, the EU AI Act categorizes AI systems into four risk levels — prohibited, high-risk, medium-risk, and low-risk — and imposes stringent compliance requirements across the entire lifecycle of high-risk AI systems. According to IDC, compliance costs for AI companies in the EU average 23% of total AI project investment, and the figure can exceed 40% in some high-risk sectors, which to some extent suppresses innovation among small and medium-sized enterprises.

Phelps added that for multinational enterprises, the core strategy for addressing regulatory divergence is "standards alignment."

The Undeniable Importance of Data

"Top quality data will generate top quality AI," Cai noted during the discussion. His statement was echoed by other panelists. Data governance was highlighted as the foundational pillar for implementing responsible AI. Blumenfeld stated that there is no "magic" in data governance — it is labor-intensive hard work. "You have to know what data you have. You have to make sure it's annotated properly and inventoried appropriately. You have to make sure you know what the permissions around that data are. It's provisioned appropriately. I mean, you can't have people accidentally accessing HR information if they're not supposed to have access to it," she said.

Phelps added that 80% – 90% of global data is unstructured. This data, scattered across content repositories such as SharePoint and Box, represents a critical source of AI value creation. By using AI to mine customers ’ unstructured data, Laserfiche has helped them identify new drug discovery directions and recognize market patterns, transforming data from mere storage into value creation. McKinsey ’ s 2024 Data Governance Report shows that companies with mature data governance frameworks have AI project success rates 2.8 times higher than those without, and data-driven organizations have profit margins that are on average 19% higher than industry peers.

The growing importance of data governance has further accelerated the evolution of the CIO role. CIOs today must combine entrepreneurial boldness with a strong sense of responsibility — pushing innovation while safeguarding data security and compliance boundaries, Blumenfeld stressed. Phelps described the CIO ’ s AI perspective as operating on three levels: driving productivity improvements through AI, achieving business differentiation with AI, and using AI to disrupt existing business models. "I think a CIO is a strategic business enabler.   We have access to enterprise-wide data and you need data for AI,"   said Phelps.

Where Is the CIO Headed?

As AI is increasingly applied within enterprises, the CIO role continues to evolve, with common patterns emerging across industries. As a healthcare CIO, Cai is focused on transforming care delivery and operations through AI, upgrading "smart hospitals" into "AI hospitals." Miller, as an education CIO, is reshaping teaching scenarios with AI to cultivate talent suited for the future. Phelps, meanwhile, concentrates on enterprise digital transformation, empowering global clients through AI. As the moderator, He aptly remarked: "CIO is the best job in the world right now. You command powerful technology, possess business insight, and are creating tremendous value."

Amid geopolitical uncertainty, the resilience of the technology supply chain has become a concern for global enterprises. Cai revealed that the Hospital Authority of Hong Kong has adopted a "dual-vendor strategy" to mitigate potential risks: core technologies remain primarily U.S.-based, while Chinese technologies are positioned as alternatives and contingency options. "99% of IT technologies once came from the United States, but that landscape is changing. In the future, a ‘ G2 ’ dual-power structure will emerge, with America more focused on innovation, China on manufacturing — each with its own strengths."

This strategy was also adopted by Miller. He explained that UCLA selects AI technologies based on one core criterion: solving business problems. Even AI systems from China, such as DeepSeek, are considered if they prove to be the best solution and pass legal and risk compliance reviews. A collaboration mechanism among CIOs from the world ’ s top 25 business schools has been established, with a focus on sharing best AI practices, Miller emphasized. Setting aside geopolitical factors and focusing on the intrinsic value of technology, he argued, is the proper way to approach technology.

Meanwhile, Phelps highlighted the importance of a "multi-AI model strategy." He noted that mainstream AI models — such as those from OpenAI, Anthropic, Google Gemini, DeepSeek, and Alibaba — have differing terms of service and usage restrictions, with some models explicitly prohibited in certain countries. For cross-border operations, enterprises must select appropriate AI models based on regional regulatory requirements and business needs. For example, customers in the Asia-Pacific region may prefer Alibaba ’ s AI models, while U.S.-based customers place greater emphasis on data residency compliance and therefore favor domestic models, he pointed out.

For CIOs, this is both the best of times and the most challenging of times. They must find direction amid rapid technological iteration, navigate divergent cross-border regulations, and build capabilities on the solid foundation of data governance. As Cai put it, a CIO is both a "Chief Innovation Officer" and someone who may face the risk of "Career Is Over." Yet it is precisely this coexistence of challenge and opportunity that makes CIOs a central force in driving the healthy global development of AI.

Looking ahead, as AI technologies continue to evolve and global collaboration mechanisms mature, responsible AI will shift from being the practice of a fraction of enterprises to an "industry standard." The AI ecosystems of China and the United States are likely to move toward collaboration amid competition. None of this will be possible without the strategic vision and pragmatic action of CIOs.