By Chuck Gallagher | Business Ethics Keynote Speaker | AI Speaker and Author
TL;DR – Let me give you the short version up front. There’s a Harvard Business Review essay out there saying what I’ve seen with my own eyes: the usual way we try to do Responsible AI—writing up values, policies, and risk boards—just can’t keep up with how fast AI is moving. I’ve said it before and I’ll say it again: starting with lofty values is like looking through the wrong end of the telescope. The real question for leaders isn’t whether you’ve got a policy on paper, but whether you’ve stared your worst nightmares in the face and built the muscle to keep them from coming true.
Picture this: a Fortune 500 company spends nearly a year crafting an AI policy. The board finally stamps it in May 2024. Not even half a year later, OpenAI drops a new kind of AI, and suddenly that shiny policy is yesterday’s news. Reid Blackman shared that story in Harvard Business Review, but I’ll tell you, I hear versions of it all the time when I sit down with executives. The tech keeps sprinting ahead, while the rulebook is still tying its shoes. Folks inside these companies are left clutching a policy that doesn’t even cover the real risks they’re facing right now.
Blackman’s been in the trenches with big companies for almost ten years, helping them wrestle with AI risk. He doesn’t mince words: the way we’re doing Responsible AI right now is broken. It takes too long, nobody agrees on what success even means, and the language is so thick most folks can’t use it in real life. I’ve said on my own site that ethics falls flat when it’s just a document instead of a daily habit. Blackman’s saying the same thing, just with a little more bite.
Why Do AI Policies Keep Arriving Too Late?
Let’s talk about timing. Most big companies need at least a year to go from the first meeting to a board-approved AI policy. Meanwhile, the tech itself is changing three or four times in that same stretch. I’ve watched executives nod seriously when someone says ‘governance,’ but the real action is happening downstairs, where employees are running AI tools on their laptops and compliance hasn’t even peeked at what’s going on. The gap between what’s on paper and what’s happening in practice isn’t just a crack—it’s a canyon, and it gets wider every few months.
Here’s the real rub: most companies start with values. Words like fairness, transparency, accountability, privacy, safety. All good things, don’t get me wrong. But they’re not where you should begin. Values are like clouds—nice to look at, but hard to grab hold of when you need to make a decision. Ask a roomful of executives what fairness means in a hiring algorithm, and you’ll get more answers than people in the room, and none of them you can measure. Blackman calls this out plain and simple: it’s a definition problem pretending to be a strategy. If you can’t say what success looks like, you won’t spot failure until it’s splashed across the headlines.
Name the Nightmares Before They Happen
Blackman’s got a new way of thinking he calls the Ethical Nightmare Challenge. It starts with a question that’ll make any executive shift in their seat: what’s the absolute worst that could happen with AI in your company? Not the high-minded values you hope for, but the disasters you just can’t let happen. Things like discrimination running wild, AI making up facts in a client report, or tricking customers into buying things they don’t want. These are real, concrete problems. No matter what department you’re in—data science, marketing, HR, or the boardroom—you know these nightmares when you see them, even if you argue about everything else.
This is where my own experience lines up with his. For over twenty years, I’ve taught that every choice carries a consequence, and most ethical disasters don’t show up as one big, obvious mistake. They sneak in as a string of little decisions, each one easy to justify, but together they lead you somewhere you never meant to go. Calling out the nightmare before it happens is the best shot I’ve seen at stopping that pattern. It brings the conversation back to what really matters—the consequences—before those small choices start piling up.
Blackman doesn’t just talk the talk—he’s got the track record to back it up. He’s spent close to a decade working with Fortune 500 companies in everything from healthcare to entertainment, and he’s advised some of the biggest consulting firms out there. What’s more, his clients are now rolling out these nightmare-driven teams in just six to ten weeks, and they’re cutting risk while the pilot is still running, not waiting for a two-year planning cycle. Stack that up against the old twelve-month policy grind, and it’s no wonder the old way is buckling under its own weight.
Let me add one more thing. A while back, I wrote that not having an AI policy is already costing you, and I still believe it. We need policies—they set the guardrails. But a policy is just the starting line, not the finish. It can’t be your whole game plan. Blackman’s right: you don’t have to toss out your current policies or risk boards. Instead, they become tools your smaller, quicker teams can use when they need them. The risk board isn’t the traffic jam anymore—it’s the backup, called in only when the team hits something they can’t handle on their own.
If you’re leading a team, here’s something you can do right now. Pull together five to eight folks—a data scientist, a marketer, someone from HR, legal, and someone who actually uses the AI tool every day. Sit down and ask three simple questions: What are our worst nightmares with this system? What are we building to keep them from happening? And how are we going to train people to use those tools? You don’t need a board meeting or a year-long planning session to get started. My best advice to executive teams is this: don’t judge your governance by whether you’ve got a policy on the shelf. Judge it by whether your people can say out loud what could go wrong.
Frequently Asked Questions
What is the Ethical Nightmare Challenge in AI governance?
The Ethical Nightmare Challenge is a framework introduced by Reid Blackman in Harvard Business Review that replaces values-first AI governance with outcome-first governance. It asks three questions: what are the ethical nightmares of the organization, what resources will be built to avoid them, and how will people be trained to use those resources. Blackman reports that his clients are piloting the approach in six to ten weeks, compared to the twelve months typically required to produce a board-approved AI policy.
Why is the standard Responsible AI approach failing?
According to Blackman, the standard approach fails on three counts: it is too slow for the pace of AI development, it does not produce measurable definitions of success, and it is written in language most employees cannot apply to their daily work. Chuck Gallagher, AI speaker and author, has argued at ChuckGallagher.com that ethics fails when it becomes a document rather than a habit, and the policy-first model treats governance as a deliverable rather than a continuous capability.
Should companies abandon their existing AI policies?
No. Blackman is explicit that existing Responsible AI programs, risk boards, and enterprise policies do not have to be thrown out under a nightmare-based approach. They become resources that smaller, cross-departmental teams draw on, with the risk board acting as an exception escalation point rather than the first line of defense. The point is to add a faster, more communicable layer on top of governance, not to dismantle what is already in place.
How big should a nightmare-avoidance team be?
Blackman recommends teams of five to eight people, cross-functional by design, with at least one technologist included. The composition is essential because a data scientist sees technical sources of disaster that a marketer cannot, and a marketer sees consumer-behavior risks that an engineer might miss. Teams can be formed at any level — board, division, department, or project — and pilot cycles run six to ten weeks.
What is the connection between AI governance and personal accountability?
AI systems amplify the choices of the people who build, deploy, and use them, which means accountability cannot be outsourced to the technology or to a policy document. Every AI deployment illustrates a series of human choices — what data to use, what guardrails to apply, what risks to accept — and each of those choices has a consequence. Naming the worst possible outcome in advance is the most reliable way to keep the choices that follow inside moral boundaries.
Join the Conversation
If your company has an AI policy, let me challenge you: do the folks building and using AI every day actually know what your worst-case scenarios are? If they can’t say them out loud, in plain English, that policy isn’t pulling its weight. I’d love to hear your thoughts—has your team named its AI nightmares, or are you still working off a list of values and principles? I read every comment and reply myself. The questions below are here to keep this conversation going, whether you’re reading solo or talking it through with your leadership team.
Five Questions for Further Thought and Examination
- If your organization deployed AI tomorrow and something went catastrophically wrong, what would the headline read, and who in your organization could have seen it coming?
- Where in your business has speed quietly replaced judgment, and what would it take to put judgment back in the loop without slowing the work to a crawl?
- Who in your organization speaks both technical and ethical language fluently, and what happens if that person leaves?
- What is the difference between a policy your employees comply with and a standard they actually believe in, and which one does your AI governance program produce?
- If you had to defend your AI decisions in front of a regulator, a journalist, and the family of someone harmed by your system, would you defend them the same way to each?
Related Articles:
Cyber Security Report 2026: AI Is Now an Ethics Problem
AI in Education 2026: Why Ethics, Not Apps, Will Decide Who Wins
