CMMI launches AI maturity model for governance teams
Thu, 16th Jul 2026 (Today)
CMMI Institute has launched an AI Maturity Model for organisations managing artificial intelligence, aimed at governance, risk, compliance and security teams.
Known as CMMI AIM, the framework is intended to give companies a structured way to assess the maturity of their AI governance as regulatory scrutiny of the technology increases. It extends the organisation's existing performance improvement framework with guidance tailored to AI use, oversight and adoption.
Organisations adopting AI face growing pressure to show that systems are governed responsibly, used securely and aligned with new rules. The model is designed to replace fragmented or ad hoc controls with a more consistent approach that organisations can benchmark and improve over time.
That pitch comes as European businesses work through a widening set of digital regulations, including the EU AI Act, NIS2 and the Digital Operational Resilience Act. The model is positioned as a way for organisations to map governance obligations across those frameworks while building internal processes around AI.
Assessment Path
The launch includes more than a reference framework. CMMI Institute has attached an assessment and certification path to the model, including appraisals, practitioner and Lead Appraiser certifications, and training courses for teams that need to demonstrate progress formally.
Supporting assets include a model viewer containing the AI maturity model and crosswalks, as well as courses titled Building Artificial Intelligence Maturity and Appraising Artificial Intelligence Maturity. The approach points to a push beyond policy guidance towards a regime in which organisations can be assessed against defined practices.
According to the organisation, CMMI AIM applies AI-related guidance across all 31 CMMI practice areas, with nearly half containing additions specific to AI. It also introduces a benchmark view built around eight domains: data, development, people, safety, security, services, suppliers and virtual collaboration.
Those domains cover issues ranging from data lineage and quality to workforce preparation, service delivery and partner ecosystems. They also address the safe use of AI, the secure deployment of platforms and tools, and the infrastructure needed for distributed teams working on AI systems.
Governance Focus
The model is designed to provide visibility into AI maturity across teams and functions, help companies prioritise investment, standardise practices and track progress over time. It also aims to help organisations show evidence of AI governance and organisational discipline as rules evolve.
Ron Lear, Vice President of Global CMMI Strategies, framed the issue as one of management discipline rather than simple adoption.
"For almost every organisation, AI is a priority, but far fewer show that they are managing it with real discipline, let alone consistent performance innovation. Closing that gap is where the real return on AI investment is unlocked," said Lear.
He added: "That is the gap CMMI AIM is designed to help organisations close. CMMI AIM provides a structured, evidence-based approach that enables organisations to measure, improve and continuously strengthen their AI capability and maturity - all while enabling sustainable innovation, and balancing governance and risk."
Industry Input
The AI-related content was developed by a working group of more than 25 industry experts, including executives, practitioners, instructors, Lead Appraisers and subject matter specialists across multiple sectors. IBM Consulting sponsored the group, while 100 companies contributed input through structured reviews during development.
Several organisations took part in a pilot programme tied to the model. IBM Consulting, Infosys and Government Technical Services Corporation were evaluated as part of that process, while representatives from Benchmarked, CommandTec and KPMG Assurance and Consulting Services also contributed through pilot appraisals, training and technical input.
The launch also reflects broader efforts by ISACA, the parent organisation of CMMI Institute, to build tools around AI governance, cyber security, workforce development and digital trust. In Europe, those topics have become more closely linked as regulators press companies to show that innovation is matched by internal controls and operational resilience.
Chris Dimitriadis, Chief Global Strategy Officer at ISACA, said the European market was reaching a turning point in its approach to AI adoption and governance.
"Europe is at an inflection point with AI, building AI factories, supporting startups and investing towards enabling the European economy," said Dimitriadis. "CMMI AIM provides a practical framework to help organisations operationalise sustainable innovation through AI, planning, implementing and continuously measuring maturity towards maximizing return on investment and ensuring stakeholder trust"