“AI strategy” is the wrong artifact. The operating model is the artifact.

Your CEO is going to ask for an AI strategy this quarter. A deck, a vision, three horizons, a slide that says “AI-first.” It will be approved, circulated, and obsolete by the next board cycle, because a strategy describes a destination and the thing that actually moves the company is the operating model that gets it there.

The reason the strategy ages out is structural. AI capability changes faster than any planning horizon a deck assumes. A strategy written around today's model is wrong the moment the next one ships. An operating model — how decisions get made, who owns the model layer, what controls apply, how a deployment goes from pilot to production — does not age the same way, because it governs change rather than predicting it.

This is the same shift every function has already lived through. Information security stopped being a strategy and became a management system — an ISMS, with owners, controls, and an audit chain. The companies that treated security as a deck kept getting breached; the ones that treated it as a system stopped. AI is repeating the pattern, and ISO 42001 is the name the pattern now has.

So when the request for an AI strategy lands, deliver something better than the slide. Deliver the operating model: the seat that owns it, the controls that govern it, the P&L that funds it, the audit chain that proves it. The strategy slide will be rewritten next quarter. The operating model is the artifact that is still true when it is.