A small services firm, somewhere around 20 people, rolls out a handful of AI tools across the team. A junior account manager starts using ChatGPT to draft client proposals. Someone in ops uses an AI transcription tool for meeting notes. The owner upgrades to Copilot. Three months in, nobody is quite sure who approved what, client data has gone into tools nobody vetted, and the owner is fielding questions from a team that does not know what it is allowed to do.
The gap, in almost every case, comes before anyone opens a tool. Nobody was assigned ownership.
What does redesigning roles around AI actually mean?
Role redesign for AI means explicitly deciding who in your firm is responsible for approving AI tools, monitoring their outputs, maintaining compliance records, and supporting colleagues who use them day to day. It’s the difference between a team that drifts into using AI in ways that expose the business, and one that has clear, documented ownership of how AI fits into their work.
A 2023 Deloitte survey of UK finance leaders found 32% cited unclear ownership and governance as a key barrier to AI adoption. That figure is likely higher in smaller firms, where AI lands without any formal handover.
The UK’s Information Commissioner’s Office is explicit: if your firm uses AI to process personal data, someone has to be named as the responsible controller. The ICO recommends documenting these responsibilities in Data Protection Impact Assessments. The firm that does this has a clear answer when something goes wrong, and a defensible position if it is ever challenged.
Redesigning roles does not mean hiring an AI team or writing a hundred-page policy. It means taking existing people in your firm and making their AI responsibilities legible, so that everyone, including the owner, knows where decisions live.
Why does role clarity make or break your AI rollout?
The firms where AI sticks are rarely the ones with the best tools. They’re the ones where someone has a clear brief to make AI work, and colleagues know who to go to with questions. Without that clarity, AI investments stall, staff revert to their old processes, and the owner ends up fielding every query themselves, which is the last place it should land.
Harvard Business School research on AI and jobs found that AI has mainly reallocated tasks within existing roles rather than eliminating whole job categories. If AI is reshaping what each role does, then job descriptions that do not reflect the new task split leave people in a grey area. They do not know whether they are supposed to use AI, whether a colleague already is, or what to do when the output is wrong.
The McKinsey State of AI report found only 21% of organisations had established policies governing employee use of generative AI tools. The accountability gap this creates has real consequences. The ICO’s £7.5 million fine against Clearview AI in 2022 centred partly on the absence of clear ownership for AI data practices. The scale was different, but the underlying problem, absent accountability before something went wrong, is the same one that shows up across smaller firms every week.
Where does the absence of clear roles show up in practice?
The clearest signal is when a founder starts making decisions that should belong to someone else. Staff ask the owner which AI tools they can use. Clients raise concerns about data handling, and the owner has no documented answer. AI tools get abandoned after a few weeks because nobody was assigned to embed them. The cause, almost always, is that role ownership was never established before the tools arrived.
Three patterns repeat across services firms in the 5 to 50 staff range.
The first is the lone techie pattern. The most technically minded person on the team ends up as the de facto AI lead without anyone formally deciding that. The ICO and FCA are both clear that AI oversight is an organisational and senior management responsibility. Delegating it informally to the person who enjoys gadgets leaves accountability in the wrong place.
The second is shadow AI. Staff start using tools the firm has not approved because nobody told them what is and is not sanctioned. The NCSC’s guidance on secure AI development is direct: without role-based approvals and a register of AI tools in use, you cannot know where client data is going.
The third is the adoption cliff. A tool gets introduced, the team uses it for a few weeks, then reverts to their old methods. This happens when nobody is assigned to support colleagues through the change, answer questions, or refine the workflow as problems emerge.
When do you need to formalise AI roles, and when can you stay informal?
For a firm of five people, a quick conversation and a shared document may be enough. For a firm of twenty or more, especially one handling client personal data in finance, health, or legal services, informal arrangements become liabilities. The tipping point is usually the first time something goes wrong, which is not a good time to discover that nobody was formally in charge.
A practical structure for a firm of 10 to 50 people involves three roles, none of which need to be full-time.
An AI Sponsor, typically the owner or a director, owns the risk appetite, signs off on external AI services that process client data, and ensures the firm’s approach aligns with ICO guidance. The FCA has made clear in its guidance on algorithmic governance that deploying AI does not reduce senior management accountability.
An AI Facilitator, spending perhaps 20 to 50 per cent of their working time, maps workflows, coordinates testing of new tools, updates job descriptions, and maintains a central register of AI tools in use, the data they access, and who owns each one.
AI Stewards, one or two per team, act as first-line support for colleagues and as the escalation point when outputs seem inconsistent or raise concerns. This role sits naturally with a senior practitioner who has good judgement and is already trusted by the team.
The EU AI Act, applying from 2026 for high-risk systems, requires UK businesses that serve EU clients to designate responsible persons for risk management and human oversight. Firms that have already formalised these three roles will have little to retrofit when that obligation arrives.
Which governance obligations connect directly to AI role design?
Several legal obligations connect directly to how roles are designed around AI in a UK services firm. A task allocation exercise tells you what has genuinely moved to AI and what remains human. A lightweight AI use policy sets the approved tools and the rules. The GDPR requirement for Data Protection Impact Assessments when processing personal data with AI makes the role assignments legally significant, not just operationally useful.
The Design Sprint Academy’s AI Workflow Sprint approach suggests starting with a half-day session that maps one high-impact workflow, names who does what at each step, and identifies where AI can assist. The output is a one-page task allocation matrix. It is a practical way to make the conversation concrete before anyone touches a job description.
An AI use policy for a firm of this size does not need to be long. Four to six pages covers approved tools, prohibited uses, who can authorise new tools, and what to do when an output raises concerns. That document, combined with the role structure above, satisfies the ICO’s expectation that firms demonstrate accountability for AI processing.
UK GDPR Article 22 protects individuals against solely automated decisions with legal or similarly significant effects. If your firm uses AI in hiring, service allocation, or any decision that significantly affects a client or employee, a named human decision-maker is a legal requirement. That is a role design question before it is a legal one.
If you want help thinking through which roles to formalise first or how to frame this conversation with your team, Book a conversation.
