Home / Blog / AI Governance Workshop Recap from Salon Connexion d'affaires de Gatineau
Culture & Team

AI Governance Workshop Recap from Salon Connexion d'affaires de Gatineau

Nicholas Joanisse |

In Quebec, despite $1.2 billion in public AI investments, only 12.7% of businesses actually use it in production. This disparity reveals a fundamental problem: the issue isn't technology. It's the absence of a framework. At the February 19 conference in Gatineau, Rosecape presented a structured four-pillar approach to governing AI in SMEs.

The Quebec paradox

Quebec has a world-renowned AI research ecosystem, with over $1.5 billion in dedicated private venture capital. Yet 73% of Quebec businesses perceive no concrete operational need, and 20% cite uncertainty about return on investment as the main barrier.

This gap is not a technological failure, but rather an absence of appropriate governance.

Governing AI: a clear definition

Contrary to popular belief, AI governance doesn't mean slowing innovation with committees or bureaucracy. Rather, it means establishing:

  • A clear integration strategy
  • Simple rules understood by everyone
  • Visibility over data usage

This structure makes the difference between the 5% of successful projects and the 95% that fail.

Pillar 1: Strategy

Key question: What business problem am I solving?

According to the data presented, 95% of generative AI pilot projects fail due to lack of measurable financial impact. The most frequent reason remains the absence of a clearly defined business problem at the outset.

Winning approach

  • Target a specific business pain point
  • Run a four-week pilot with measurable indicators
  • Involve teams from day one
  • Start with the need, never with the technology

Concrete use cases

  • Internal assistant querying your private documents
  • Automated invoice approval process
  • Augmented dashboards generating their own reports
  • Custom tools adapted to specific challenges

Pillar 2: Data

Key question: Is my data ready?

A crucial concept: AI amplifies what it finds. If your data is in disarray, AI produces disarray faster.

Four fundamental questions

  1. Where is my data and how many silos exist?
  2. Is it reliable, usable and free of duplicates?
  3. Do I have the right to use it and is it protected?
  4. Who decides, who accesses and who uses it?

The SME reality

In a typical SME, customer data lives in a CRM, finances in accounting software, and operations in scattered Excel files. No system communicates with the others.

Rosecape's proposed solution: connect data without risk, clean it, contextualize it, then activate intelligence.

Pillar 3: Security

Key question: How do I innovate without exposure?

The employee paradox

While you're reading this, employees are probably sharing internal data with generative AI without authorization. According to Kaspersky, 67% of employees regularly share internal data with generative AI without authorization. Furthermore, 83% of organizations have no automated controls to prevent sensitive data from being shared.

Concrete risk examples

  • Accountants pasting financial statements into ChatGPT
  • Sales directors using free AI agents to score leads
  • Employees connecting AI assistants to their professional email accounts

Recommended approach

Prohibition doesn't work -- employees will circumvent restrictions. The right approach is to govern usage:

  • Make usage visible
  • Establish clear rules
  • Limit access to what's strictly necessary

Concrete threats

  • Samsung employees who leaked industrial secrets via ChatGPT
  • Malware targeting secrets stored in AI tools detected in early 2026
  • Prompt injection remains an open security challenge for agents, according to OpenAI

Pillar 4: Compliance

Key question: How do I innovate while staying compliant?

While security protects your data, compliance protects your business.

Legal framework

Law 25 provides for penalties of up to $25 million or 4% of global revenue.

Five essential dimensions

  1. Purpose: Know why you're collecting before you start
  2. Consent: Obtain informed agreement on automated decisions
  3. Transparency: Communicate AI usage to stakeholders
  4. Fairness: Prevent bias and disproportionate surveillance
  5. Intellectual property: Control rights over generated content

A critical question often overlooked

Who owns the content generated by your AI tools? Is your data being used to train the provider's model? If your proprietary data trains a model accessible to your competitors, you have a structural problem.

Concrete actions to take this week

  1. Find a concrete business pain point to anchor your strategy
  2. Assess the state of your data and source systems
  3. Ask your teams which AI tools they're already using
  4. Review available grant and funding programs
  5. Prioritize sovereign Canadian providers to avoid legal risks

Conclusion

AI won't replace your business. But a business that governs its AI well could replace yours.

Other articles

Sovereignty & Trust |

LiteLLM Supply-Chain Attack Analysis

What happened, how we responded, and what SMEs should take away from it.

Read article
Back to blog