"Bring Your Own AI to Work" Is Here. Can Organisations Earn Employees’ Trust?
With 78% of AI users in the workplace relying on their own tools, trust becomes more important than control
From policy to practice: Why AI trust now matters more than approval
There was a time when bringing something personal into the workplace was limited to symbolic gestures like “Bring Your Children to Work Day”. Today, employees are bringing something far more consequential: their own AI tools. They do so because these tools feel more familiar, responsive, and private than the company-provided equivalents.
McKinsey reported in 2024 that 65% of surveyed organisations were already regularly using generative AI in at least one business function. Microsoft’s 2024 Work Trend Index then made the workforce reality even harder to ignore: 75% of knowledge workers surveyed said they use AI at work, and among AI users, 78% were bringing their own AI tools into the workplace. For enterprise L&D, that should end one comforting illusion.
Organisations are no longer introducing AI into learning at their own pace. In many cases, the workforce got there first.
Whether employees will use AI while they learn, search, summarise, and solve problems at work is no longer the issue. The real question is whether they trust the organisation’s version of AI enough to use it inside the systems that are supposed to be safer, more transparent, and more accountable.
This is where digital learning platforms now face their most serious test. If the official environment feels opaque, overly controlled, weakly useful, or unable to explain itself, employees will look elsewhere. That is how shadow AI learning grows as knowledge use becomes more inconsistent, and how governance starts losing out to convenience. In that sense, trust is no longer a soft cultural issue in enterprise learning, but the difference between an AI strategy that is governed and one that merely looks good on paper.
The timing of the EU AI Act makes this tension even harder to ignore. The regulation does not ask organisations to be enthusiastic about AI; it asks whether they can govern it, explain it, and remain accountable for what it does in practice. In the previous articles of this series, we moved from understanding rather than blindly agreeing (article one), to treating AI literacy as a learning challenge rather than an IT one (article two), then from minimum compliance toward trust (article three), and finally into the technical architecture of governance through MCP (article four). This next step is more practical and perhaps more uncomfortable: What does a trustworthy digital learning platform actually look like when employees are already using AI anyway, and when formal approval no longer guarantees real adoption?
Compliance gets you permission. Trust gets you participation
There is a recurring mistake in enterprise AI programmes, and it usually sounds sensible at first. If a platform is compliant, secure, and legally approved, surely trust will follow. In practice, it rarely does.
Compliance creates the conditions for use. Trust creates the willingness to engage.
That distinction matters more in learning than in many other business functions: Employees can comply with a finance system because they have no choice, or use a travel platform because the task is transactional, but learning is different. It requires engagement, honesty, effort, and a degree of psychological safety. If people feel watched, misread, or quietly profiled, they may still complete what is mandatory, but they will not engage constructively with the system. Often it receives only the minimum required attention before people start to look elsewhere.
The risk is no longer theoretical. Public reporting already shows that employees are not waiting for enterprise governance to catch up: Microsoft’s 2024 Work Trend Index described the rise of “BYOAI” (Bring your own artificial intelligence), with 78% of AI users bringing their own AI tools to work. In other words, when official systems feel slow, unclear, or limiting, people don't stop using AI…they simply use it outside their employer's sanctioned environment.
For L&D, that should be a strategic warning. If the organisation’s official learning experience is less transparent and less useful than external tools, then trust takes a backseat to shadow learning, inconsistent practice, and unmanaged risk.
Why digital learning platforms carry a special burden of trust
Trust in AI-driven corporate learning is not just about system performance. It is about what the system sees and recommends, and what it might influence later.
Learning platforms often contain sensitive employee information, including progress data, assessment results, mandatory training records, skills profiles, interests, and behavioural patterns. Even when each individual data point feels harmless, the combined picture can become highly revealing. Once AI is used to generate recommendations, adapt pathways, flag gaps, or infer readiness, the platform begins to shape how employees understand their own development and how they believe the organisation sees them.
This is where trust becomes inseparable from governance since the closer a learning platform moves toward decisions that affect role-readiness, eligibility, progression, or evaluation, the more carefully organisations need to examine the line between support and influence. Under the EU AI Act’s risk-based approach, AI systems used in employment, worker management, and access to self-employment can fall into much more serious governance territory depending on their purpose and use. Even where a learning feature itself is not classified as high-risk, the moment its outputs feed employment-related decisions, the trust burden rises sharply.
That is why a trust framework for digital learning platforms cannot be reduced to tone of voice, launch messaging, or a polished FAQ. Trust is not another communication layer placed on top of the system after implementation, but a discipline that aligns with design, governance, and increasingly, AI risk management in corporate learning.
A trust framework is not abstract. It has visible working parts
If trust is to survive audits, workforce scrutiny, and everyday use, it requires structure. Fortunately, that structure doesn't have to be guesswork. Public frameworks can already provide a nudge in the right direction. The NIST AI Risk Management Framework describes trustworthy AI in terms such as validity, reliability, safety, security, accountability, transparency, explainability, privacy enhancement, and fairness. The OECD AI Principles similarly emphasise transparency, robustness, accountability, and human-centred values.
For enterprise L&D, these principles only become meaningful when translated into platform behaviour. That translation usually depends on six areas.
A trust framework for digital learning platforms usually depends on six practical conditions:
First, employees need clear data boundaries in plain language. They should be able to understand what learning data is collected, what is inferred, what is shared, what is retained, and whether any of it flows into performance or management contexts. If those boundaries are unclear, legal compliance may still exist on paper, but perceived safety does not.
Second, explanations must be useful in the moment. Employees do not need model theory. They need to know why a recommendation appeared, why a pathway changed, and what source, rule, or policy shaped the result. As the UK Information Commissioner’s Office has noted, meaningful explanations are about rationale, data, fairness, and impact, not just technical detail.
Third, human oversight must be real where AI affects assessments, compliance paths, role-readiness, or other decisions with consequences. The important question is not whether human review exists in theory, but what happens when the system gets something wrong. Who reviews it, how quickly, and through which escalation path?
Fourth, learners need some degree of agency. That includes being able to see what data shapes their experience, understand how their role or region influences recommendations, and where feasible adjust preferences or opt out of selected automated features. Trust rises when people feel they are participants, not subjects.
Fifth, feedback must lead to visible change. A button to flag errors means little unless someone reviews the issue, responds to it, and improves the system. Otherwise, feedback becomes decorative evidence of listening rather than actual governance.
Finally, ownership has to be explicit. Trust cannot sit vaguely across L&D, HR, IT, compliance, legal, and security. Someone must own content quality, escalation, audit evidence, and communication with employees. This is why the NIST AI Risk Management Framework is so useful. It treats governance as an operating function, not an abstract principle.
Measure trust like an operating condition, not a campaign
One of the clearest signs that trust is not yet being managed properly is the way it is measured, if it is measured at all.
Most L&D teams can report adoption, completion rates, active users, time spent, and satisfaction scores. While useful, these are not trust metrics. A platform can be widely used because it is mandatory and a system can achieve high completion rates while still being quietly distrusted.
If trust is to become operational, it needs indicators that reveal confidence, challenge, clarity, and control. That may include how often employees view source citations, how frequently recommendations are overridden, how many AI-supported decisions are challenged, how quickly feedback is resolved, how often high-risk queries are escalated to humans, and whether usage of unsanctioned external tools decreases as the official experience improves.
This is where the conversation around AI governance for HR and L&D becomes more mature. Governance is not only about preventing worst-case scenarios. It is about creating enough evidence to know whether the system is being trusted for the right reasons.
A useful test is simple: if employee confidence in the platform dropped tomorrow, would you know before it became a shadow AI problem? If the answer is no, then your trust framework is still incomplete.
From performative trust to trust architecture
By now, enterprise audiences have heard every version of “responsible AI” messaging imaginable. The market is full of confident promises, most of them smoother than the systems they describe and employees have become fluent in this gap. They can usually tell when an organisation is presenting trust as a narrative rather than building it as a condition of use.
That is why operationalising trust matters so much in enterprise L&D. Learning systems live close to development, performance, compliance, and identity. People are more sensitive in these spaces, and rightly so. When recommendations feel arbitrary, they notice, as they do when data boundaries are unclear, or when there is no obvious human path once the machine gets something wrong.
A trust framework for digital learning platforms is therefore not an optional layer added for reassurance. Rather, it is the structure that connects compliance-ready learning systems, AI risk management in corporate learning, and everyday learner experience into one coherent model.
The organisations that get this right may not always have the loudest AI story. But their employees will be able to answer three simple questions with confidence: What is this system doing, why is it doing it, and what can I do if it gets something wrong?
That is where trust begins. Not in the claim, but in the design.
Whitepaper: AI in L&D
Discover how AI can revolutionise the provision of corporate training programs, enhancing efficiency, individualisation, and speed of learning.
The Model Context Protocol (MCP) in Enterprise L&D
Learn why it's important for enterprise AI to have a governed context layer
