A new Gallup survey finds that 40% of US employees now use AI at least a few times a year at work, nearly double the level of two years ago. Yet only 22% say their employer has a clear plan for how AI should be used. The gap between adoption and strategy is widening, and that should worry leadership teams more than the adoption number itself.
What the numbers mean
The 40% figure captures a broad definition — anyone using AI a few times a year. It includes people experimenting with ChatGPT, running prompts in Copilot, using AI features in email or CRM and building lightweight automations. It is not the same as 40% of work being AI-driven. But it does mean AI has moved from a niche productivity tool to a routine part of many jobs.
The more important number is the 22%. If fewer than one in four employees see a clear organisational plan, then most AI use is happening without guidance on:
- what tools are approved;
- what data can be shared with AI systems;
- how outputs should be checked;
- which tasks should not be delegated;
- who is accountable when something goes wrong.
That is a governance gap, not just a communication gap.
Why strategy lags adoption
AI tools are easy to access and hard to block. Employees can sign up for a consumer chatbot, install a browser extension or enable AI features in software already on their machine. By the time IT or leadership notices, the tool is embedded in someone’s workflow.
Organisations then face a choice: ban, ignore or govern. Banning rarely works and often drives use underground. Ignoring works until a mistake happens. Governing requires effort that many leadership teams have not yet prioritised.
The result is a pattern we see repeatedly: widespread low-level adoption, pockets of genuinely useful experimentation, and almost no systematic way to scale what works or stop what does not.
What a clear plan actually looks like
A plan does not need to be a 100-page strategy document. It needs to answer a short list of practical questions:
What is approved? A simple list of permitted tools, with approved use cases and any restrictions. Employees should not have to guess.
What is off-limits? Be explicit about tasks AI should not perform: finalising client advice, handling regulated data, making financial commitments, hiring decisions and so on.
How do we check outputs? Define the minimum standard for human review. Not every output needs checking, but the ones that matter do.
How do we share learnings? Create a channel for people to report what works and what fails. Without this, the organisation learns only from incidents.
Who owns the policy? Assign responsibility. If everyone owns AI strategy, no one does.
The risk of waiting
Gallup’s data suggests the default path is more adoption without more governance. That path leads to inconsistent customer experiences, data leakage, compliance exposure and a growing divide between employees who use AI effectively and those who use it carelessly.
The firms that close the gap will not be the ones that slow adoption. They will be the ones that give employees a clear frame within which to adopt. Strategy does not need to be perfect. It needs to be present.