Name what you're deliberately not doing
When a governance or strategy artefact diverges from a published benchmark, name the divergences explicitly with reasoning rather than implying full alignment — the explicit version is more defensible than the implied one.
A governance or strategy artefact that adopts most of a published benchmark but quietly omits parts of it puts itself in a weak position. A reader who knows the benchmark notices the omissions and assumes either oversight or evasion. Neither reading is repairable after the fact. The artefact becomes harder to defend the more closely it is read.
The heuristic is to name the divergences explicitly. A short section — labelled honestly, “what we are deliberately not doing” or equivalent — listing each non-adopted expectation and the reasoning for not adopting it. The reasoning matters: scale, risk profile, capacity, sequencing, judgement that the expectation does not apply in this context. Once stated, the divergence shifts from gap to choice, and the artefact’s overall credibility goes up rather than down.
This applies most cleanly when the substance of the benchmark is being met through different instruments. A standalone risk-appetite statement may be replaced by a one-page policy appendix; a dedicated AI committee may be replaced by AI agenda items in existing governance bodies; an independent external maturity review may be replaced by an internal annual self-assessment with an explicit revisit clause. The artefact still meets the substance; what it explicitly declines is the ceremony. See Calibrate AI governance ceremony to organisational scale for why the ceremony decision is often the right one.
The rule generalises beyond AI governance. Any artefact that benchmarks against a published standard — security frameworks, accessibility guidelines, professional-services methodologies — gains defensibility from naming what it has chosen not to adopt and why. The implicit version invites the question; the explicit version answers it.
The reason is straightforward enough that it can sit in the artefact itself: naming non-adoption explicitly is more defensible than implying intent to adopt and then not delivering. Documents that overpromise and underdeliver are common; documents that set their own honest scope are not. The latter accumulate trust; the former corrode it.