Ivana Bartoletti occupies a rare position in the technology space. She sits, as she puts it, “at the intersection of business, AI, law and society” – and has spent her career arguing that those four things belong together.

As Vice President and Global Chief Privacy & AI Governance Officer at Wipro, the multinational technology services and consulting giant, Ivana is responsible for ensuring AI is built and deployed with accountability embedded from the outset.

Her remit covers both Wipro’s internal operations and its work for clients. It is a role that demands equal fluency in engineering, ethics, law and policy.

Wipro has moved decisively in recent years from treating AI as a collection of discrete projects to embedding it across the full enterprise transformation lifecycle – the end-to-end process of redesigning how a business operates. The company’s Wipro Intelligence suite brings together AI-powered platforms, solutions and delivery capabilities under a single architecture.

What distinguishes Wipro’s approach is its consulting-led model. 

Ivana explains: “The question we answer for clients is not simply how to use AI, but how to govern it, how to make it trustworthy and how to ensure it delivers measurable value rather than staying in pilot purgatory. That is exactly the space where my work sits.”

Alongside her corporate work, Ivana advises the Council of Europe on AI and gender rights and founded Women Leading in AI, a network promoting female leadership in the field. For her, the boardroom and the public square are inseparable.

“Those two tracks inform each other greatly,” she says. “You cannot do serious governance work without understanding the policy environment, and you cannot do serious policy work without understanding how organisations actually function.”

From human rights to high tech

Ivana’s path into technology was not a conventional one. Her background is in law and political science, and it was an interest in power – who holds it, how it is exercised – and whose interests it serves — that led her to the field.

“Data and AI turned out to be the most consequential expressions of those questions in our time”" she reflects. 

What drew her specifically to the consulting and technology world was the ability to work at scale.

“You can write about these issues, advise governments, speak at conferences – and all of that matters,” Ivana continues. “But if you want to change how AI is actually built and deployed, you have to work inside the organisations that are building and deploying it. That is where the real decisions are made. I wanted to be in that room.”

Ivana’s role has three core dimensions. The first is internal: working with engineering, legal, product and client teams to ensure privacy and AI governance principles translate into operational realities, rather than theoretical commitments.

The second is external: representing Wipro in international forums, contributing to regulatory consultations and engaging with policymakers and standards bodies on how governance frameworks being written in Brussels, Washington and London will work in practice.

The third dimension involves “keeping the organisation at the forefront of where the real risks are”. 

She adds: “Not just the risks that are already regulated, but the ones that are coming: agentic AI; emotional AI; the governance questions that do not yet have answers but will within 18 months. 

“Part of my job is making sure we are thinking about those questions before they become urgent.”

The regulatory gap

Agentic AI is exposing serious weaknesses in existing regulation. Current frameworks were designed for a simpler model of human-AI interaction.

Ivana notes: “When autonomous agents are making sequences of decisions, initiating actions, interacting with other agents and operating across organisational boundaries – often faster than any human can track – the question of where responsibility sits becomes genuinely difficult.”

She identifies a second critical gap around explainability – the ability to account for why a system reached a particular outcome. 

“Agentic AI produces outcomes through chains of micro-decisions that are not individually explainable in any meaningful sense,” says Ivana. “What we need are governance frameworks that assess systems at the level of their behaviour over time.”

Trust by design

For Ivana, compliance with regulation is merely a starting point. The more demanding standard is what she calls “trust by design” – building AI systems that a fully informed person would consider genuinely trustworthy.

For agentic AI, this means building systems that are legible and auditable, incorporating meaningful human oversight and designing for failure. In other words, assuming agents will make mistakes and ensuring the consequences can be recovered from.

“The organisations that treat governance as a constraint will build systems that are compliant but not trusted,” Ivana contends. “The organisations that treat governance as a design principle will build systems that earn trust. That is a competitive advantage, not just a regulatory obligation.”

The accountability question

When autonomous agents cause harm, determining who is responsible is one of the most pressing unsolved questions in AI governance. 

Ivana is direct about the limits of current legal frameworks. Her position is that accountability must attach to humans and organisations, not to the systems themselves. 

The challenge lies in tracing the causal chain from a problem or mistake to a decision, which can be complex or obscured in agentic systems.

“What is needed is a principle of non-delegable responsibility,” Ivana asserts. “When an organisation deploys an autonomous agent, it cannot transfer accountability for that agent’s actions to the agent itself, to another organisation in the supply chain or to the user who triggered the activity. 

“The organisation that put the system into the world retains responsibility for its foreseeable consequences.”

Are we making AI too human?

One of the most overlooked risks in AI, Ivana argues, is anthropomorphism – the tendency to design AI systems with human names, voices and emotional cues in ways that lead users to attribute human qualities to them.

The practice creates what she describes as a “misalignment” between a user’s mental model of a system and its actual capabilities. This is particularly acute in consumer applications and for children, but it also poses risks in enterprise settings.

Ivana warns: “When employees trust an AI agent the way they would trust a knowledgeable colleague, they may override their own judgement in ways they would not if the system presented itself as a tool.”

Design, she argues, is part of the solution: “Systems should be transparent about their nature – not through a disclaimer buried in terms and conditions, but through the interaction itself. 

“They should not simulate emotions they do not have, claim understanding they cannot possess or present relationships that cannot be reciprocal.”

Building a ‘trust stack’

For organisations looking to implement a “trust stack” – a layered framework of governance controls – Ivana’s advice is grounded. Before deciding what controls are needed, organisations must first understand what they actually have.

Most, she says, lack a clear picture of what AI systems they are running, who owns them, what decisions those systems are influencing and what data they are using. 

The starting point is a genuine AI systems audit.

“The boring answer is always the right answer in governance,” Ivana concludes. “Know what you have, understand what it does and then decide how to govern it. In that order.”