An AI readiness assessment is a structured diagnostic that tells an organisation where it stands across the dimensions that determine whether AI adoption will succeed or stall. It examines what is already happening with AI inside the business, identifies gaps in governance, data, skills, and process, and produces a prioritised action plan built around what is actually found. For most Irish SMEs, it is the right first step before any AI training, tool deployment, or broader programme begins.
Why does an Irish business need an AI readiness assessment before going further?
Most businesses already have AI activity happening inside them that nobody has formally mapped or governed. According to the 2025 AI Economy in Ireland research from Trinity Business School and Microsoft Ireland, 80 percent of Irish managers report that free AI tools are actively being used in their organisations. [1] Among organisations that explicitly prohibit such tools, 61 percent of managers still report that employees use them anyway. In most businesses, the gap between what is happening and what is governed is wider than anyone has formally acknowledged.
An AI readiness assessment answers the underlying question with evidence rather than opinion. It tells you what is actually happening across your business, where the real risks sit, and what your first moves should be in order of priority. Without it, most businesses either do nothing and fall further behind, or jump to tools and training before the foundations are in place to make either work.
The discomfort most leaders feel right now is well placed. Things are moving fast. The question underneath all of it is almost always the same, even if it is not being asked out loud: where do I actually begin? An AI readiness assessment answers that question specifically, not generically. And for businesses where AI is already in active use, there is an additional dimension to that discomfort: the EU AI Act has already placed binding obligations on organisations that deploy AI in a professional context, including requirements that came into force in February 2025. Knowing where you stand on readiness and knowing where you stand on compliance have become the same question.
In summary
In most Irish businesses, staff are already using AI tools without formal sanction. An AI readiness assessment tells you what is actually happening, where the risks sit, and what your first moves should be in order of priority.
For a full picture of the EU AI Act obligations now in force for Irish businesses, see what the August 2026 EU AI Act deadline means for Irish SMEs.
What does an AI readiness assessment examine?
A rigorous AI readiness assessment covers six dimensions. Each is practical and operational. Together they give a complete picture of where a business stands before any AI investment is made. Get these right and everything that follows, the tools, the workflows, the more ambitious applications, has something solid to build on.
Shadow AI: what your people are already using. Before anything else, an AI readiness assessment establishes which AI tools are being used across the business, by whom, and for what. In most businesses this surfaces more than leadership expects. Where your people have already reached for AI tools, that is where the friction in your business is. This informal activity is not just a governance gap to close: it is a map of where the first official AI projects should be.
The assessment also looks at whether your business has actually decided which AI tools are approved and under what conditions, and whether your existing systems can support the AI use cases you are considering. That means checking whether data can be pulled out of your systems in a format that is actually usable, whether your systems can connect to each other where they need to, and whether the cloud services you are already using have been checked for data residency and security. A clear approved tool list removes the guesswork from your team. The diagnostic questions for this dimension: if someone asked you right now which AI tools your people are using and what they are using them for, could you answer? And do you know whether your systems can support your first AI use case?
Strategic readiness and leadership ownership. The most common reason AI adoption fails is not a technology problem: it is a strategy problem. Businesses that reach for AI because competitors are using it, or because it comes up at board level, rarely produce more than a collection of disconnected experiments that go nowhere. An AI strategy has to connect to what the business is actually trying to achieve: specific outcomes, a realistic timeframe, and a direct link to the things already at the top of the leadership agenda. Without that grounding, AI investment tends to dissipate rather than compound.
An AI readiness assessment also examines whether there is a named person whose role genuinely includes keeping AI direction current, maintaining whatever policy exists, and being the person others can ask when they are unsure. A policy with no owner is a document that will drift out of date. The diagnostic question: if someone in your team had a question about whether they could use an AI tool for a particular task, who would they ask?
AI literacy and workforce skills readiness. Most employees in Irish businesses are not starting from zero. They have already experimented with these tools and built an intuition about what AI can and cannot do. The assessment examines what that existing literacy level actually is and where the critical gaps sit.
The gaps that matter most are not simply whether someone knows how to use a particular tool. They are:
- Does this person understand where their data goes when it enters an AI tool?
- Do they know why AI outputs require verification rather than blind trust?
- Do they know who to ask if they are unsure whether a task is appropriate for AI?
There is also a legal angle. Under Article 4 of the EU AI Act, which has been in force since February 2025, businesses using AI systems are required to make sure their staff have sufficient AI literacy for the tools they are using. [3] Broader obligations for deployers of high-risk AI systems apply separately under Article 26. [4] [5]
The diagnostic question: if you asked three people in different parts of your business what happens to data when it is entered into an AI tool, would they know?
Data readiness for AI. Data readiness is the most frequently underestimated dimension and the one that causes the most serious problems when it is not properly examined. It has four components that must each be assessed independently.
The first is data asset inventory: does the organisation know what data it holds, where it lives, and in what form? Most Irish SMEs hold more relevant data than they realise, across operational systems, document repositories, and informal spreadsheets maintained by individual team members. The first step is establishing what exists and whether it can be accessed.
The second is data quality. Six things are checked for any dataset the AI use case will rely on: whether the data actually reflects reality; whether the key fields are consistently filled in; whether the same customer or transaction is described the same way across different systems; whether the data is current enough to be useful; whether it is in consistent formats and follows consistent rules; and whether there are duplicate records. For most first AI projects, the practical minimum is that your data is at least 80 percent complete on the fields that matter, accessible in a consistent format, and can be matched across systems on a shared reference like a customer ID or transaction number.
The third is data accessibility and silos. Data silos, where data exists but cannot actually be reached and used, are the most significant data problem in Irish SMEs, often more significant than data quality. They come from a few common places: different parts of the business running their own systems that have never been connected; access restrictions that were set up for GDPR reasons without anyone thinking about AI use cases; old files and records locked in scanned PDFs or formats that cannot be read automatically; and data that lives in someone's personal spreadsheet or email attachments rather than anywhere the business can properly access it. For each AI use case, the assessment maps the required data sources and checks whether access is realistically achievable within a sensible timeframe.
The fourth is data governance: who owns which data, a practical way of classifying what is sensitive and what is not, a clear policy on how long data is kept, and a framework for which data can be used with which AI tools. GDPR is one part of this: specifically, assessing any AI system that handles personal data, confirming you have a lawful basis for using it that way, and understanding where Article 22 applies if the system is making automated decisions about people. But data governance for AI is broader than GDPR, and organisations that treat them as the same thing consistently discover gaps when they attempt to deploy.
The diagnostic questions for this dimension: do you know what data you hold and whether it is accessible for AI use? Is the data your business would need for its first AI use case complete, accurate, and consistent? And is that data fragmented across systems that cannot easily share it?
Incident response and monitoring. An AI readiness assessment examines whether the organisation has any process for identifying, escalating, and logging AI-related incidents or failures. Without it, there is no reliable way to learn from AI mistakes, no clear path for what to do when a system produces something wrong or harmful, and no record of how problems were dealt with. For businesses with EU AI Act obligations, not having an incident process is also a compliance gap, not just an operational one. The diagnostic question for this dimension: if an AI tool produced an output that appeared incorrect or caused a problem, does anyone in your business know what to do next?
Policy and compliance readiness. An AI readiness assessment examines whether the organisation has a usable AI policy and whether it meets regulatory obligations. A usable policy answers the questions your team actually has: can I put client information into this tool? What do I do if an AI output seems wrong? Who do I ask if I am not sure? The diagnostic question: if an employee wanted to know the rules around AI use in this business, where would they look?
In summary
The six dimensions of an AI readiness assessment cover shadow AI and technology governance, governance policy and accountability, workforce AI literacy, data readiness, incident response, and policy and compliance. Each is practical and operational, not theoretical.
How does an AI readiness assessment establish where your business sits?
Alongside the six dimensions, an AI readiness assessment establishes a maturity baseline. The five-level scale used in CGS assessments is informed by the principles of the NIST AI Risk Management Framework (NIST AI 100-1) [2] and calibrated for organisations without dedicated AI or data teams. The scale is a CGS interpretive construct; the NIST AI RMF itself is organised around four core functions (Govern, Map, Measure, and Manage) rather than a numbered maturity progression.
| Level | Label | What it means in practice |
|---|---|---|
| 1 | Ad Hoc | No structured AI activity. Shadow AI use likely. No governance, policy, or oversight. |
| 2 | Developing | Isolated experiments underway. Some leadership awareness. No consistent governance or policy framework. Data is fragmented and poorly documented. |
| 3 | Defined | AI strategy connected to business objectives. Governance structures in place. Acceptable use policy documented. |
| 4 | Managed | AI portfolio actively managed. Performance measured. Governance reviewed regularly. Skills development systematic. Data quality monitored and maintained. |
| 5 | Optimised | AI embedded in core processes. Continuous improvement operating. Governance mature and self-correcting. |
Most Irish SMEs engaging for an AI readiness assessment for the first time are at Level 1 or Level 2. This is not a deficiency. It reflects the current state of AI governance across Irish businesses in this size range. The assessment gives you an honest baseline and a clear path forward. What gets addressed first is wherever you are weakest, not wherever you happen to be strongest.
In summary
Most Irish SMEs entering the process for the first time are at Level 1 or 2. The maturity baseline tells you where to start, not how far behind you are.
Not sure where to start? Do a quick self-check first.
The free Irish SME AI Readiness Scorecard covers 22 questions across the six dimensions above. Ten minutes to complete. It tells you which area of your business carries the most immediate risk.
Get the ScorecardWhat does an AI readiness assessment produce at the end?
At the end of the process, the output is a written report containing four things.
A shadow AI findings summary: what tools are in active use across the business, where, and by whom. This section consistently surfaces more than leadership teams expected, and consistently points toward the first productive AI projects to formalise.
A maturity baseline score across each of the six dimensions: a clear picture of where the business is strongest and where the constraint sits.
A risk and opportunity summary: the governance gaps that carry real exposure, and the use cases where AI is already demonstrating value that can be extended.
A prioritised action plan: not a generic framework but a specific sequence of moves built around what was actually found. Most organisations leave with three to five concrete next steps they can begin immediately and a 90 to 180 day roadmap for the work that follows.
When the shadow AI findings are in, they almost always reveal a handful of tasks where people have been using AI consistently and getting real value. A team drafting communications faster. A manager summarising lengthy reports. A salesperson pulling together research that used to take hours. These are proof of concept. The first official AI project does not need to be ambitious: it needs to be the right size. Take one of those use cases, the one with the clearest value and the most straightforward data requirements, and formalise it. That is your starting point, and it is closer than most leaders think.
In summary
The output of an AI readiness assessment is a prioritised action plan built around what was actually found, not a generic checklist. Most organisations leave with three to five concrete next steps they can begin immediately.
Where does an AI readiness assessment fit in your broader AI journey?
For most Irish SMEs, an AI readiness assessment is Stage 1 of a five-stage journey.
- Stage 1 is Diagnose: understand current state across six dimensions. This is what the assessment delivers.
- Stage 2 is Prioritise: identify which AI opportunities deserve investment and in what order.
- Stage 3 is Govern: design the governance and policy structures that make deployment safe.
- Stage 4 is Select and Build: choose technology, evaluate tools, and make structured deployment decisions.
- Stage 5 is Embed and Sustain: implement, measure, manage change, and continuously improve.
The assessment gives you everything you need to begin Stage 2 with clarity rather than guesswork. For businesses that want to move quickly, the CGS AI Readiness Scan can be completed and reported within two to three weeks of the initial conversation.
A common question at this stage is where data readiness sits on the priority list. Data quality and data accessibility issues are real: in many Irish SMEs, data is more fragmented across systems than leadership realises, and this is a genuine constraint on which AI use cases are viable first. The value of a proper assessment is that it identifies which specific data gaps matter for the use cases worth pursuing first, rather than requiring everything to be resolved before starting. The goal is not perfect data. It is confirmed access to data that is good enough for the first, well-defined use case.
In summary
An AI readiness assessment is Stage 1 of a five-stage AI adoption journey. It takes weeks, not months, and produces a specific prioritised path rather than a general framework for what needs to happen.
For a full picture of the steps that follow the assessment, see how to introduce AI into your business: a practical guide for Irish SMEs.
Key takeaways
- An AI readiness assessment examines six dimensions: shadow AI and technology governance, governance policy and accountability, AI literacy, data readiness, incident response, and policy and compliance. Each is practical and operational.
- Most Irish SMEs using AI are doing so without formal policy or oversight. An assessment establishes what is actually happening, not what leadership assumes.
- The maturity baseline draws on the NIST AI Risk Management Framework, adapted for businesses without a dedicated AI or data team. Most Irish SMEs coming through the process for the first time are at Level 1 or Level 2.
- The output is a prioritised action plan specific to your business, built around what was actually found. It is not a generic checklist.
- For most Irish SMEs of 50 to 250 employees, the full process takes two to three weeks from initial conversation to final report.
- The CGS AI Readiness Scan starts from €2,500. The Enterprise Ireland Digital Discovery Grant covers up to 80 percent of assessment costs, to a maximum of €5,000, for eligible businesses, principally Enterprise Ireland client companies, and Irish manufacturers or internationally traded services businesses employing 10 or more staff. Eligibility should be confirmed directly with Enterprise Ireland.