Who legitimises the AI algorithm? Leadership, volatility and the governance of algorithmic authority Open Access

Artificial intelligence (AI) has become a decision infrastructure: a form of algorithmic authority that shapes who is seen, trusted, served, excluded, and who can contest outcomes (Pasquale, 2015; Crawford, 2021; Anning-Dorson, 2026). Credit scoring, fraud detection, hiring filters, welfare targeting, and clinical decision support allocate life chances through computational judgments at scale. This represents a fundamental shift in organizational power: algorithmic systems create new regimes of visibility, classification, and exclusion requiring active governance and leadership accountability (Eubanks, 2018; Noble, 2018). Ethical AI governance cannot be treated as a compliance appendix to digital transformation. It has emerged as a core strategic leadership challenge about how organizations exercise, justify, and constrain algorithmic authority in volatile, uncertain, complex, and ambiguous (VUCA) environments (Bennett & Lemoine, 2014; Uhl-Bien & Arena, 2018).

This urgency reflects the dual forces shaping contemporary leadership: innovation as a pull factor and disruption as a push factor. Innovation pulls leaders toward AI adoption through promises of efficiency and competitive advantage. Simultaneously, disruption pushes leaders to adapt as external shocks: regulatory volatility, infrastructural fragility, and legitimacy crises, expose organizations to governance failures triggering reputational collapse and regulatory sanctions (Anning-Dorson, 2026; Dwivedi, Kshetri, Hughes, & Wright, 2023). In VUCA environments, these dynamics intersect: leaders must implement AI systems to stay competitive while managing institutional uncertainty, technological fragility, and contested social consent. Ethical AI governance thus becomes the capability determining whether innovation remains sustainable or self-destructive.

Despite rapid maturation in AI ethics scholarship, existing frameworks inadequately address this volatility-governance nexus. Responsible AI frameworks specify what governance should achieve: fairness, accountability, transparency, but assume stable infrastructure, coherent regulatory institutions, and baseline organizational legitimacy (Floridi, Cowls, Beltrametti, & Vayena, 2018; Jobin, Ienca, & Vayena, 2019). AI assurance frameworks specify how to verify governance claims through documentation, auditing, and monitoring, but presuppose consistent data pipelines, enforceable standards, and accessible recourse (Raji et al., 2020; National Institute of Standards & Technology (NIST), 2023). Regulatory frameworks such as the EU AI Act demonstrate significant progress, yet debates over implementation confirm that institutional environments remain unpredictable (European Commission, 2024; Reuters, 2025). Where stability conditions hold, ethical AI governance can be framed as policy alignment plus technical controls. Where they fail, as they frequently do across much of the global South and increasingly elsewhere, governance frameworks lose their operational footing (Hällgren, Rouleau, & de Rond, 2018). Under such conditions, ethical AI governance shifts from a technical compliance issue to a leadership challenge of legitimacy production (Suchman, 1995; Deephouse, Bundy, Tost, & Suchman, 2017).

Leadership scholarship offers powerful accounts of digital transformation and strategic agility: how leaders orchestrate resources and reconfigure capabilities under uncertainty (Teece, Peteraf, & Leih, 2016; Schoemaker, Heaton, & Teece, 2018). Yet, leadership accounts of AI adoption consistently underplay the distinctiveness of algorithmic authority: leaders are portrayed as innovation sponsors rather than as institutional agents who must actively build legitimacy infrastructures rendering AI systems contestable and socially tolerable when institutions are unstable (Zietsma & Lawrence, 2010). This is a consequential gap. Algorithmic systems produce harms experienced as perceived injustices: exclusion without explanation, profiling without consent, decisions without a face (Selbst, Boyd, Friedler, Venkatasubramanian, & Vertesi, 2019). When volatility is high, these harms amplify; when legitimacy is weak, they trigger backlash, regulatory intervention, and strategic crisis (Martin & Waldman, 2023).

This paper argues that ethical AI governance under volatility is fundamentally a leadership problem of legitimacy production, not a technical problem of compliance. The central claim is that in volatile environments, ethical AI governance functions as legitimacy infrastructure, a leadership-designed capability system enabling organizations to deploy algorithmic authority while sustaining public consent, procedural justice, and institutional trust. Where stability is limited, ethics is not a peripheral constraint on strategy; it becomes a necessary precondition for strategy to be executable. Leaders who treat ethical AI as a delegated technical matter often discover the ethics problem returning as strategic crisis: adoption collapses, trust erodes, and social actors challenge the organization’s right to decide (Mittelstadt, 2019; Martin & Waldman, 2023).

To analyze this leadership problem, the paper introduces a three-dimensional volatility typology. Infrastructural volatility concerns instability in the foundational elements AI systems rely on: connectivity, power, data pipelines, identity systems, producing exclusion-by-fragility: those least represented in data become the easiest to exclude (Graham, 2011). Institutional volatility involves changing rules, fragmented oversight, and inconsistent enforcement, generating compliance theater: governance that signals responsibility without operational integration (Edelman, 2016; MacLean & Behnam, 2010). Socio-political volatility is associated with fluctuating trust, contested legitimacy, and politicized perceptions of fairness, amplifying legitimacy shocks when decisions are opaque and unchallengeable (Taeihagh, 2021). Each dimension produces a distinctive failure mode that principles alone cannot resolve, and that requires specific leadership intervention.

Building on this typology, the paper develops the Sensing–Stabilizing–Legitimizing (SSL) leadership capability model. Sensing describes anticipatory sensemaking: institutionalizing routines that surface emerging harms: data drift, exclusion patterns, silent failures, before they become crises (Weick, 1995; Maitlis & Christianson, 2014). Stabilizing characterizes orchestration under constraints: establishing minimum viable safeguards that remain operational despite infrastructural and institutional instability (Teece et al., 2016). Legitimizing depicts institutional and moral work: designing contestability and procedural justice into algorithmic decisions so that recourse, explanation, and visible oversight are genuine rather than performative (Zietsma & Lawrence, 2010). Together, these capabilities constitute legitimacy infrastructure, not ethics as public relations, but ethics as the operational foundation of governable algorithmic authority.

Africa provides the theory-generating vantage point for this argument, not because it is exceptional, but because it serves as an extreme context that reveals the hidden assumptions embedded in dominant governance models (Hällgren et al., 2018). Many African innovation ecosystems exhibit persistent infrastructural fragility, institutional fluidity, and contested state-society relationships: precisely the conditions that expose the stability bias in mainstream AI governance frameworks. As global volatility intensifies through geopolitical disruption, climate shocks, and institutional polarization, insights from high-volatility contexts become anticipatory rather than marginal.

This paper makes an integrative-conceptual contribution at the intersection of ethical AI governance, legitimacy theory, and leadership scholarship. Three advances are offered. First, a three-dimensional volatility typology that specifies how each dimension of instability produces a distinctive governance failure mode, going beyond treating volatility as undifferentiated turbulence. Second, reframe ethical AI governance as legitimacy infrastructure, setting it apart from responsible AI compliance, AI assurance, and regulatory alignment by focusing on legitimacy production rather than technical verification. Third, the SSL capability model, which specifies the leadership work that makes existing governance instruments: documentation, auditing, risk frameworks, durable under volatility rather than merely aspirational. The contribution is integrative rather than solely empirical: it claims theoretical precision, specifying mechanisms, boundary conditions, and falsifiable propositions for comparative research, not empirical generalization from cases.

The remainder proceeds as follows. Section 2 synthesizes ethical AI and governance literature through a legitimacy lens. Section 3 develops the three-dimensional volatility typology. Section 4 articulates the conceptual model and leadership framework. Section 5 explains research design using illustrative vignettes. Section 6 presents three stylized vignettes demonstrating leadership governance under different volatility configurations. Section 7 offers a leadership-centered playbook. Section 8 discusses theoretical contributions and research agenda. Section 9 concludes by synthesizing implications for leadership scholarship and practice.

Ethical AI governance has rapidly consolidated around widely accepted principles; fairness, accountability, transparency, privacy, safety, and human oversight, now embedded in corporate frameworks, industry standards, and government guidelines (Floridi et al., 2018; Jobin et al., 2019). Yet this visible convergence conceals a structural problem. High-level principles rarely translate into operational practice without organizational authority, accountability systems, and embedded routines (Mittelstadt, 2019). Normative consensus masks deep disagreements about what fairness means, which values take priority, and who bears responsibility when systems fail (Selbst et al., 2019). The result is a persistent gap between espoused commitments and governance reality: organizations document ethical intentions but lack the decision-making structures to enforce them under real-world constraints (Raji et al., 2020).

This gap becomes a governance crisis when we recognize that algorithmic systems function as decision-making infrastructures: allocating access, classifying risk, shaping visibility, and distributing life chances at scale (Crawford, 2021; Pasquale, 2015). Three dominant approaches address this crisis, but each carries a critical limitation under volatility. Responsible AI frameworks specify normative goals but assume that espousing principles produces practice; they do not explain how governance operates when infrastructure is unstable, or institutions are fragmented (Floridi et al., 2018; Jobin et al., 2019). AI assurance frameworks: model cards, datasheets, algorithmic auditing, risk management standards, specify verification mechanisms but presuppose traceable data provenance, consistent monitoring uptime, and predictable institutional enforcement (Mitchell et al., 2019; Gebru et al., 2021; Raji et al., 2020; National Institute of Standards & Technology (NIST), 2023). Regulatory compliance models provide enforceable standards but, as the EU AI Act’s implementation debates confirm, produce governance ambiguity precisely when institutional environments are most dynamic (European Commission, 2024; Reuters, 2025). None of these approaches theorizes volatility as a condition that reshapes what governance must achieve; they treat it as background noise rather than a causal governance variable.

The missing analytical lens is legitimacy theory. Legitimacy is the generalized perception that an organization’s actions are appropriate within socially constructed systems of norms, values, and beliefs (Suchman, 1995). It stabilizes compliance, minimizes contestation, and allows decisions to travel without constant opposition (Bitektine, 2011; Deephouse et al., 2017). Suchman (1995) distinguishes three forms directly relevant to algorithmic systems: pragmatic legitimacy, grounded in audience self-interest, which algorithmic systems undermine when they create exclusion and friction that harm livelihoods; moral legitimacy, grounded in normative approval, which erodes when systems are perceived as discriminatory or unaccountable; and cognitive legitimacy, grounded in comprehensibility, which collapses when decisions appear arbitrary or opaque. When any of these forms erodes, even technically robust models provoke backlash, regulatory action, and strategic crisis. Ethical AI governance is therefore not peripheral to strategy; it is the capability determining whether algorithmic authority remains socially acceptable and organizationally sustainable (Martin & Waldman, 2023). This dynamic is visible not only in technological contexts but also across governance domains, where leadership structures shape whether accountability reaches marginalized groups at all (Amosh, forthcoming).

In stable environments, legitimacy can be restored after failure through apology, adjustment, and compliance signaling. In volatile settings, legitimacy is more fragile: trust reserves are lower, recourse options are weaker, and failures spread faster. This is the condition that existing frameworks are not designed for. Governance toolkits: documentation, auditing, and risk management remain necessary, but they function as legitimacy infrastructure only when leaders design and maintain the organizational capabilities that keep them operational under instability (Martin & Waldman, 2023). Without that leadership layer, they become compliance artifacts: present on paper, absent in practice.

Three theoretical gaps follow from this analysis. The first is the leadership-governance gap. Leadership scholarship provides compelling accounts of digital transformation and strategic agility: scanning environments, orchestrating resources, reconfiguring capabilities under turbulence (Teece et al., 2016; Uhl-Bien & Arena, 2018; Schoemaker et al., 2018; Pesqueira, Sousa, & Pereira, 2025). Adaptive leadership frameworks emphasize sensemaking and managing tensions in evolving contexts (Heifetz, Grashow, & Linsky, 2009). Yet, AI governance scholarship consistently underplays algorithmic authority as a leadership challenge. Leaders are depicted as innovation sponsors or principal stewards rather than as institutional agents who must actively construct legitimacy infrastructures that render automated decisions contestable when institutions falter (Zietsma & Lawrence, 2010; Lawrence, Suddaby, & Leca, 2011). The governance challenge is not merely managing technological change; it is creating and maintaining legitimacy for a new form of organizational power operating at scale, at speed, and often beyond direct human oversight.

The second is the volatility-blindness gap. Mainstream governance frameworks do not identify volatility as a cause of distinct failure modes. Infrastructural volatility: instability in connectivity, power, data pipelines, and identity systems, undermines monitoring assumptions and produces exclusion-by-fragility: those least visible in data are the easiest to harm (Graham, 2011; Graham & Thrift, 2007). Institutional volatility: shifting rules, fragmented oversight, inconsistent enforcement, generates compliance theater: governance that signals responsibility without operational integration (Edelman, 2016; MacLean & Behnam, 2010). Socio-political volatility: fluctuating trust, legitimacy disputes, and politicized fairness perceptions, means technical correctness is insufficient; decisions must be explainable, contestable, and visibly accountable, or they will not be accepted as legitimate (Taeihagh, 2021; Moon & Travaglino, 2025). Each volatility dimension produces specific ethical failures that require leadership intervention beyond the adoption of principles.

The third is the context-theorization gap. Much governance scholarship treats non-Western contexts as sites of application rather than sources of theory generation (George, Corbishley, Khayesi, Haas, & Tihanyi, 2016; Hällgren et al., 2018). Extreme contexts: high volatility, institutional multiplicity, contested authority, surface mechanisms hidden in stable settings and expose assumptions embedded in dominant frameworks (Bamberger & Pratt, 2010; Mair, Martí, & Ventresca, 2012). African innovation ecosystems, characterized by persistent infrastructural fragility and institutional fluidity, reveal the stability bias in mainstream AI governance with particular clarity. As global volatility grows, these are not peripheral conditions, they are anticipatory signals.

This paper addresses all three gaps by positioning ethical AI governance as a legitimacy infrastructure, a leadership-designed capability system enabling responsible algorithmic authority under volatility. The framework integrates legitimacy theory, leadership scholarship, and AI governance by treating volatility as a specific governance condition rather than ambient turbulence. It redefines ethical AI governance as a strategic leadership capability and positions Africa as a theory-generating vantage point from which transferable mechanisms about governance under instability become visible.

Volatility is frequently treated as an atmospheric background, a label for turbulence demanding organizational adaptation. This paper treats volatility differently: as a causal governance condition that reshapes what ethical AI governance must achieve and how leaders must implement it. Not all volatility is equivalent, and different types produce distinct governance challenges. Building on research on extreme contexts demonstrating that turbulent settings reveal hidden assumptions in theory (Hällgren et al., 2018), this paper identifies three interacting dimensions of volatility that are consequential for ethical AI governance. Each dimension generates a specific failure mode; together they explain why governance frameworks calibrated for stable environments systematically break down under instability.

Infrastructural volatility refers to instability in the socio-technical foundations on which AI systems rely: power reliability, connectivity, device access, identity systems, data storage, secure transmission, and organizational digitization. It matters because governance routines assume stable informational flows. Documentation practices presume traceable data provenance. Monitoring relies on continuous model observation. Recourse depends on decisions being logged, reviewed, and reversible. When infrastructure is uneven, these assumptions collapse. Systems drift undetected, harms become invisible, and exclusion-by-fragility becomes structurally embedded; those least represented in data are the easiest to exclude (Graham, 2011; Graham & Thrift, 2007). Intermittent connectivity forces algorithmic decisions to operate on outdated data. Fragmented identity systems render verification unreliable. Uncertain uptime creates gaps in monitoring that no governance document can close. Infrastructural volatility thus causes harm not through malicious intent but through system brittleness under operational constraints; a failure mode invisible to governance frameworks that assume clean data pipelines and consistent uptime.

Institutional volatility refers to instability in formal governance arrangements: shifting regulation, fragmented oversight, uneven enforcement, and contested jurisdictional boundaries. It creates governance ambiguity (Scott, 2014): organizations navigate overlapping or incomplete rules, uncertain enforcement, or rapid policy changes. Under such conditions, ethical AI governance risks becoming performative, compliance theater where policies signal responsibility without operational integration (Edelman, 2016; MacLean & Behnam, 2010). The EU AI Act’s 2024 entry into force demonstrates regulatory innovation at scale, but subsequent implementation debates confirm that institutional environments remain dynamic and unpredictable (European Commission, 2024; Reuters, 2025). For leaders, the challenge is not merely compliance but building governance structures resilient to institutional change. When institutions are volatile, yesterday’s acceptable documentation becomes inadequate today, and compliance becomes an interpretive exercise rather than a stable standard, generating a gap between governance as documented and governance as practised.

Socio-political volatility involves instability in legitimacy, trust, and social consent: fluctuating public confidence, heightened sensitivity to exclusion, the politicization of technology, and historical legacies that shape how communities interpret organizational decisions. This dimension is particularly consequential for algorithmic systems because automated decisions feel dehumanizing or predatory when opaque and unchallengeable. Even technically defensible systems can trigger legitimacy collapse if perceived as instruments of surveillance, extraction, or exclusion (Taeihagh, 2021; Green & Viljoen, 2020). Socio-political volatility also heightens contestability demands, the expectation that those affected can understand, challenge, and seek recourse for decisions. Without visible accountability and procedural justice, algorithmic authority meets resistance not only because outcomes are wrong, but because the exercise of that authority is not perceived as legitimate (Martin & Waldman, 2023; Suchman, 1995; Moon & Travaglino, 2025).

These three dimensions are theoretically distinct but practically interdependent in ways that matter for governance design. Infrastructural volatility worsens socio-political instability by concentrating exclusion harms among already marginalized populations and making those harms harder to detect or contest. Institutional volatility exacerbates socio-political instability by eroding trust in oversight and weakening recourse pathways. Socio-political volatility feeds back into institutional volatility by politicizing governance and accelerating policy change. Crucially, these interactions mean that addressing any single dimension in isolation is insufficient; governance responses calibrated for one dimension may be undermined by instability in another. This interdependence is what makes ethical AI governance under volatility a leadership challenge rather than a technical one, and what motivates the capability model developed in Section 4.

This section defines the core constructs, develops the leadership capability system, derives three theoretical propositions, and identifies leadership failure modes. The unifying argument is that ethical AI governance under volatility is not a technical assurance problem but a leadership challenge of legitimacy production. Leadership here is understood neither as individual heroism nor as positional authority, but as agency combined with institutional work, the deliberate design of organizational structures, routines, and accountability mechanisms that make algorithmic authority governable when external conditions are unstable (Zietsma & Lawrence, 2010; Lawrence et al., 2011). This positioning distinguishes the SSL model from responsible AI checklists, which specify what governance should achieve, and from AI assurance frameworks, which specify how to verify it, the SSL model specifies the leadership work that makes both durable under volatility.

The term “ethical AI” implies a moral overlay on technical systems, as if ethics are constraints applied from outside. The governance issue becomes analytically clearer when we shift focus to algorithmic authority: the capacity of automated systems to classify, rank, predict, recommend, and decide in ways that shape outcomes for individuals and communities (Pasquale, 2015; Crawford, 2021). Algorithmic authority reorganizes organizational power, distributing consequences such as approval or denial, inclusion or exclusion, trust or suspicion, through computational procedures that are difficult to scrutinize and harder to contest. This authority is not merely technical; it is institutional, embedded in organizational routines, vendor relationships, regulatory expectations, and public interpretations of fairness.

Governing algorithmic authority requires more than disclosure. Accountability depends on whether decisions can be audited against appropriate standards, whether logic can be assessed for fairness and legality, and whether affected parties can access meaningful recourse (Kroll et al., 2017). Fairness scholarship further establishes that AI systems are sociotechnical: abstractions embedded in modeling choices that are measured, overlooked, or proxied produce systematic harm when applied in complex social environments (Selbst et al., 2019). Under volatility, these sociotechnical tensions intensify because data are uneven, institutions shift, and legitimacy is continuously contested.

Legitimacy theory explains why ethical AI governance becomes strategically decisive under volatility. Suchman (1995) distinguishes pragmatic legitimacy (audience self-interest), moral legitimacy (normative approval), and cognitive legitimacy (comprehensibility). Algorithmic systems challenge all three simultaneously; undermining pragmatic legitimacy through exclusion and friction, weakening moral legitimacy when perceived as discriminatory or unaccountable, and eroding cognitive legitimacy when decisions appear arbitrary or incomprehensible (Bitektine, 2011; Deephouse et al., 2017).

Legitimacy infrastructure, as developed here, is a leadership-designed capability system that institutionalizes contestability, accountability, and procedural justice in ways that remain operational when infrastructure wobbles and institutions shift. This concept is distinct from three adjacent ideas. Responsible AI governance specifies normative goals but does not address how organizations sustain those goals when background stability conditions fail. AI assurance provides verification mechanisms: model cards, audits, datasheets, but treats them as technical artifacts rather than as elements of an active legitimacy-production system requiring leadership maintenance (Mitchell et al., 2019; Gebru et al., 2021; Raji et al., 2020). Organizational trust literature addresses stakeholder perceptions but does not specify the governance capabilities leaders must develop to sustain them when institutions are fragmented. Legitimacy infrastructure integrates these concerns under a single leadership-centered logic: governance tools matter only insofar as leaders design and protect the organizational capabilities that enable them to function amid volatility (Martin & Waldman, 2023; National Institute of Standards & Technology (NIST), 2023).

The SSL model proposes three interconnected governance functions leaders must perform: directly or through designated structures, to sustain accountable algorithmic authority under volatility. These are not leadership styles but capability types, each responding to specific volatility conditions.

Sensing is leadership as anticipatory sensemaking (Weick, 1995; Maitlis & Christianson, 2014). It builds organizational capacity to detect emerging harms before they become crises, institutionalizing harm visibility through routines that surface drift, exclusion patterns, proxy discrimination, and silent failures. Under infrastructural volatility, sensing must be designed for intermittency: governance cannot assume clean feedback loops or consistent monitoring. Leaders need redundancy in detection, multiple feedback channels, escalation triggers, and community-based reporting pathways, so organizations learn about harm before it becomes public controversy. During periods of institutional volatility, sensing extends to regulatory signals: dedicated capacity monitoring, policy shifts, and engaging consultations so governance adapts proactively. Under socio-political volatility, sensing must capture relational and reputational signals: complaint volumes, civil society scrutiny, community trust indicators, that internal dashboards systematically miss.

Stabilizing is leadership as orchestration under constraints (Teece et al., 2016; Amosh, 2026a; Pesqueira et al., 2025). It establishes minimum viable safeguards that remain effective despite infrastructural and institutional instability. Leaders assign decision rights, who can pause deployment, who owns risk acceptance, who can adjust implementation pace, and who can embed safeguards into operational processes rather than treating them as afterthoughts. Under infrastructural volatility, stabilizing requires designing for fragility: choosing architectures that support traceability even under intermittent connectivity, insisting on documentation as a deployment condition (Mitchell et al., 2019; Gebru et al., 2021). Under institutional volatility, stabilizing means treating governance documentation as adaptive instruments rather than static artifacts, regularly updated to reflect regulatory shifts rather than filed and forgotten. Under socio-political volatility, stabilizing requires prioritizing governability over speed: when legitimacy reserves are low, deployment failures are not recoverable through technical fixes alone (Schoemaker et al., 2018).

Legitimizing is leadership as institutional and moral work (Zietsma & Lawrence, 2010; Lawrence et al., 2011). It designs and maintains contestability and accountability as lived organizational practices rather than documented commitments. Under infrastructural volatility, legitimizing means ensuring recourse pathways are accessible even when digital systems fail − offline channels, community liaisons, field-based remediation. Under institutional volatility, legitimizing requires building governance credibility independently of regulatory enforcement: organizations cannot wait for institutions to stabilize before contesting algorithmic authority. Under socio-political volatility, legitimizing is the decisive capability; without procedural justice that makes decisions explainable, challengeable, and visibly acted upon, algorithmic authority becomes ungovernable regardless of technical accuracy (Kroll et al., 2017; Selbst et al., 2019).

Three propositions follow from this capability analysis:

Three predictable failure modes emerge when leaders treat ethical AI as a matter of technical compliance rather than as a legitimacy infrastructure. Technocratic abdication occurs when leaders delegate ethical AI entirely to data teams, vendors, or legal functions, assuming that responsible design is achievable through technical controls alone, resulting in governance drift, where safeguards exist on paper but are abandoned when trade-offs arise. Compliance theater occurs under institutional volatility when leaders adopt policies primarily for signaling, without developing operational capacity to enforce them: documentation becomes ritualistic, audits become formalities, and accountability becomes performative (Edelman, 2016; MacLean & Behnam, 2010). Speed-as-virtue bias occurs when leaders equate digital transformation with velocity and deploy systems before governance infrastructure matures. Under volatility, this bias amplifies harm because unstable infrastructure and contested legitimacy make recovery exponentially harder than in stable settings (Schoemaker et al., 2018).

The SSL model’s contribution is not another principles list but a reframing of ethical AI governance as a leadership capability system anchored in legitimacy production. It integrates existing governance instruments: documentation, auditing, accountability frameworks, risk management, evolving regulation, by specifying the leadership work that makes them durable under volatility. Figure 1 illustrates the full capability framework, showing how the three volatility dimensions, three failure modes, and three SSL capabilities connect through legitimacy infrastructure as the organizing logic.

This paper advances a conceptual argument about ethical AI governance under volatility using illustrative vignettes rather than empirical case evidence. Methodologically, it is best characterized as an analytically grounded conceptual framework: it does not derive propositions inductively from data, nor does it offer a purely normative argument about what governance should look like. Instead, it builds theoretical precision by specifying mechanisms, boundary conditions, and falsifiable propositions from a synthesis of legitimacy theory, leadership scholarship, and AI governance literature, grounded in the operational realities of high-volatility contexts. The aim is to make phenomena thinkable and causal logic trackable, especially for practitioner audiences acting under uncertainty with incomplete information (Whetten, 1989; Cornelissen, 2017; Siggelkow, 2007).

In volatile AI governance environments, two forces collide: organizations adopt AI to scale decisions and services – the innovation pull – while simultaneously being exposed to regulatory whiplash, infrastructure breakdowns, and legitimacy shocks – the disruption push. The vignettes are designed to illuminate leadership dilemmas that arise at this collision point, where ethics is not merely a compliance requirement but a strategic leadership constraint and capability. The three vignettes are intentionally varied to demonstrate the volatility typology: institutional, infrastructural, and socio-political, while maintaining focus on the central phenomenon: ethical AI governance amid instability and high-stakes decision-making. Each vignette draws from common organizational patterns observed during digital transformation across African contexts, characterized by rapid scaling, inconsistent data infrastructures, fragmented oversight, and heightened contestation over fairness, without relying on proprietary data or referencing specific organizations. This mirrors the use of theoretical cases to test and refine conceptual claims (Eisenhardt, 1989; Yin, 2018).

The analysis proceeds in four steps. First, each vignette identifies a dominant volatility regime and shows how it distorts fundamental governance principles: accountability lines, risk tolerance, data quality, and institutional expectations. Second, it shows how that volatility creates ethical stress points: fairness drift, explainability breakdowns, exclusion errors, and accountability gaps. Third, the paper process-traces leadership responses as mechanisms, detailing what leaders do to align innovation goals with ethical constraints over time (Langley, 1999; Cloutier & Langley, 2020). Fourth, insights are synthesized to illustrate when particular governance actions are likely to be effective and when they may fail, consistent with best practices in conceptual theorizing (Whetten, 1989; Cornelissen, 2017).

Rigor is maintained through four criteria: definitional precision in specifying what qualifies as volatility in governance terms; transparent mechanism logic showing how conditions produce outcomes; explicit boundary conditions stating where claims should not extend; and falsifiability, since the propositions derived in Section 4 are structured for empirical testing in future comparative research.

A rapidly expanding digital lender operating across multiple African markets introduces an AI-driven credit-scoring system to increase access to microloans for underbanked populations. The innovation offers tangible benefits: approval times drop from days to minutes, default prediction improves measurably, and the company gains market share among customers previously excluded from formal credit. Regulators in several markets initially signal encouragement, framing the system as advancing financial inclusion goals. Early results suggest the system is expanding access while remaining commercially viable.

However, institutional instability quickly becomes the dominant governance condition. Regulatory frameworks across central banks and consumer protection agencies are at different stages of development, producing inconsistent expectations. Enforcement signals shift unpredictably, from “encouraging innovation” to sudden investigations triggered by consumer complaints or political pressure. Data protection guidelines remain incomplete and contested across jurisdictions. Compliance becomes an interpretive challenge rather than a fixed standard: documentation acceptable to one regulator is deemed insufficient when another shifts focus. This is the characteristic pattern of institutional volatility, not the absence of rules, but their fragmentation, inconsistency, and rapid change.

The ethical friction emerges as fairness drift. Proxy variables chosen for predictive power: location data, device type, transaction frequency, begin systematically replicating historical exclusion. Rural customers and those with lower digital literacy are flagged as higher risk, not because of creditworthiness but because of data patterns associated with infrastructure access. Importantly, this illustrates a critical tension in algorithmic credit systems: improved predictive performance does not automatically produce equitable access. Depending on the target variable and the historical biases embedded in training data, greater accuracy can tighten risk-based exclusion for precisely the populations the system was designed to serve (Selbst et al., 2019). Customers challenge adverse outcomes, but explanations are weak, the model is a complex ensemble system, and documentation practices have prioritized deployment speed over contestability.

Leadership’s response is strategic governance rather than reactive compliance. The executive team establishes an internal AI governance council with authority to slow or halt deployment when ethical boundaries are crossed, not merely to advise. The council sets differentiated risk tolerance levels: a higher tolerance for errors affecting established commercial borrowers, and a near-zero tolerance for exclusions affecting vulnerable populations. Critically, leadership introduces a standing regulatory sensing function, a dedicated team monitoring policy signals across markets, engaging industry consultations, and treating regulatory change as a permanent operational variable rather than an exceptional event. This enables proactive rather than reactive governance adaptation. The lesson: under institutional volatility, adaptive governance that treats uncertainty as a normal operating condition is more durable than static compliance documentation calibrated for a regulatory environment that no longer exists.

A public agency deploys a machine learning system to improve targeting for a large-scale social protection program, aiming to reduce fraud, accelerate approvals, and extend limited budgets further. Initial pilots in well-connected urban centers show promise. However, when deployment scales nationally, infrastructural instability becomes the dominant governance condition. National identity systems are fragmented across legacy databases with inconsistent data standards, a common characteristic of public digital infrastructure in resource-constrained settings where system modernization has been uneven (Graham, 2011). Data capturing income, household composition, and employment status are incomplete, particularly for informal economy workers and rural populations. Connectivity disruptions force the system to rely on outdated or missing data. Power outages interrupt batch processing cycles. The model’s foundational assumptions: stable pipelines, consistent uptime, and reliable verification, are not realized in operational practice.

Ethical breakdowns follow a predictable pattern: exclusion errors concentrate precisely among the groups the program was designed to assist. Rural households, informal workers, and marginalized communities consistently lack the digital traces the model relies on as signals of legitimacy. Appeals increase, but the agency lacks the capacity to investigate at scale. Frontline staff become de facto human overrides, using discretionary judgment to correct algorithmic errors. Without clear guidance, training, or accountability frameworks, this discretion introduces new inequities: outcomes vary by office, caseworker, and how vocally applicants contest decisions. Political opposition exploits visible failures, framing the system as technological neglect of the vulnerable rather than service modernization.

Leadership shifts from technical optimization to governance re-anchoring. The agency introduces mandatory pre-deployment and ongoing impact assessments that explicitly evaluate who is harmed when data is missing or degraded, not only when quality is high, thereby surfacing invisible exclusions before they become systemic (Raji et al., 2020). Contestability is treated as a leadership obligation: decisions must be challengeable through accessible pathways, explanations must be usable by people with limited digital literacy, and remediation is resourced as core infrastructure rather than afterthought. Leadership builds redundancy into monitoring through multiple feedback channels, community liaisons, SMS-based reporting, and field audits, ensuring the agency learns about harm even when digital systems fail. The lesson: under infrastructural volatility, designing for fragility rather than assuming stability is the essential governance posture, and redundancy in monitoring and recourse is not a luxury but a structural requirement.

A major consumer-facing platform operating across African markets deploys generative AI tools and algorithmic moderation systems to handle content at scale: automating triage, flagging harmful material, and personalizing recommendations. Internal dashboards indicate strong performance on precision and recall metrics. Then a legitimacy crisis erupts. Civil society organizations publish a detailed report documenting systematic bias: political speech in certain languages flagged as extremist, cultural content suppressed as inappropriate, and misinformation amplified in low-resource language contexts where training data was limited, patterns consistent with documented failures of content moderation systems trained predominantly on high-resource language data (Selbst et al., 2019; Noble, 2018). Political actors across the spectrum weaponize the findings. A viral incident, a widely shared video of peaceful protest wrongly flagged as inciting violence, triggers advertiser withdrawals, boycotts, and parliamentary inquiries.

The organization discovers that governance failure is relational and political, not only technical. Internal metrics entirely miss what matters to stakeholders: whether communities feel heard, whether cultural contexts are respected, and whether power imbalances are reproduced or challenged. The platform’s initial response, technical explanations of model limitations and promises of further tuning deepen distrust. Stakeholders interpret opacity as indifference and technical language as evasion.

Leadership must now govern across competing institutional logics: sustaining the innovation engine while rebuilding legitimacy through transparency and credible external oversight. The effective response treats ethics as institution-building rather than reputation management: establishing an independent external advisory board with the authority to audit decisions and publish findings, creating escalation protocols that ensure community concerns reach decision-makers directly, and implementing transparent reporting on moderation patterns, disaggregated by language and region (NIST, 2023). Procedural justice is operationalized rather than promised: affected users can understand why content was flagged, challenge decisions through accessible channels, and see evidence that challenges result in genuine review rather than performative acknowledgment (Kroll et al., 2017). The lesson: in times of socio-political volatility, legitimacy built through procedural justice is the decisive strategic capability; technical correctness without social acceptance is strategically inert.

The vignettes converge on a single insight: ethical AI governance under volatility is primarily a leadership challenge, not a technical or compliance matter. In stable environments, governance can be systematized through policies and procedures. In volatile conditions, it must be continuously recalibrated because the regulatory ground shifts, the infrastructure wobbles, and the legitimacy terrain changes faster than any static framework can track. This is precisely why the pull-push framing is analytically powerful: innovation pulls organizations toward deployment velocity while disruption forces leaders into governance accountability moments they did not anticipate (Christensen, 1997; Amosh, 2026b).

Across all three volatility regimes, leaders must perform three interconnected roles. As institutional sensemaker, the leader scans, translates, and anticipates shifts in policy signals, enforcement patterns, and societal expectations. This is strategic work, not a task delegable to legal teams − it shapes risk appetite, investment pacing, and governance design (Weick, 1995; Maitlis & Christianson, 2014). As architect of adaptive guardrails, the leader establishes governance structures that withstand uncertainty without becoming so rigid that they stifle learning. This means living documentation, continuous monitoring, and escalation pathways that empower teams to pause or roll back systems when harms emerge, treating AI risk as contextual, evolving, and connected to real-world consequences rather than confined to laboratory metrics (NIST, 2023; Raji et al., 2020; Pesqueira et al., 2025). As a legitimacy steward, the leader engages stakeholders not as an afterthought but as a structural governance requirement. Transparency becomes strategic: who participates, what is disclosed, how redress is managed, and how power is balanced between automated decision-making and human accountability (Martin & Waldman, 2023; Taeihagh, 2021).

These roles map directly onto the SSL capabilities: sensemaking anchors Sensing, adaptive guardrail architecture anchors stabilizing and legitimacy stewardship anchors legitimizing. Table 1 translates this mapping into an operational governance structure, specifying decision rights, escalation pathways, and example metrics for each capability. Table 1 is provided as a supplementary file for ease of practical reference and adaptation.

Implementing this playbook does not require extensive resources; it requires deliberate design. Widely recognized frameworks provide useful scaffolding without demanding copy-paste compliance. The NIST AI RMF treats governance as an ongoing lifecycle process emphasizing contextual risk mapping, measurement, and management (NIST, 2023). ISO/IEC 42001 treats AI governance as an auditable management system rather than a collection of disparate policies (International Organization for Standardization & International Electrotechnical Commission, 2023). Algorithmic impact assessments are particularly valuable in volatile environments because they require leaders to document context, anticipate harms, and define accountability before deployment, and to revisit those assumptions when environments shift (Raji et al., 2020).

The African contribution to this playbook is not a contextual backdrop but a theoretical pressure. Volatility in many African operating environments is not episodic disruption but a persistent condition, which shifts the definition of leadership competence from visionary rhetoric to embedded ethical adaptability: the capacity to innovate without normalizing harm (George et al., 2016; Hällgren et al., 2018). This redefines crisis leadership for the algorithmic era: the crisis is rarely a single event but cumulative: regulatory ambiguity, infrastructural fragility, and legitimacy contestation interacting over time.

Finally, the framework’s applicability has explicit boundaries. The SSL model adds most explanatory power when AI systems function as consequential decision infrastructure, when volatility is meaningful on at least one dimension, and when legitimacy cannot be assumed. In low-stakes internal systems, highly stable regulatory contexts, or settings where a single authoritative institution controls both oversight and consent, conventional governance toolkits are likely sufficient, and the legitimacy infrastructure framing offers diminishing additional returns.

This paper proposes a consequential reframing of ethical AI governance, from a compliance issue and a technical assurance problem to a legitimacy infrastructure: a leadership capability system that makes algorithmic authority governable when infrastructure is unstable, institutions are shifting, and social consent is contested. The central contribution is integrative-conceptual: it does not claim empirical generalization from cases but theoretical precision, specifying mechanisms, boundary conditions, and falsifiable propositions at the intersection of ethical AI governance, legitimacy theory, and leadership scholarship. The shift from “ethical AI” to “algorithmic authority” and from “policy alignment” to “legitimacy production” is not semantic; it reorients the governance problem toward what leaders must actually build rather than what principles they must espouse (Suchman, 1995; Kroll et al., 2017; Mittelstadt, 2019).

By framing volatility as a multidimensional causal condition rather than ambient turbulence, the paper demonstrates why prominent governance approaches, principles, documentation, audits, and risk frameworks remain necessary but insufficient unless leaders design and maintain the organizational capabilities that keep these instruments operational under instability (Jobin et al., 2019; Raji et al., 2020; NIST, 2023). Africa is positioned as a theory-generating extreme context, not a peripheral application site, revealing hidden stability assumptions in dominant frameworks and generating transferable insights as global volatility intensifies through climate shocks, geopolitical disruption, and institutional polarization (Hällgren et al., 2018; Bamberger & Pratt, 2010; Mair et al., 2012).

This framing advances strategy and leadership scholarship by specifying what agility and resilience must mean when AI systems mediate organizational authority. Responsible speed is not a moral preference under volatility; it is a strategic necessity because legitimacy collapses are costly, contagious, and difficult to reverse. Ethical governance becomes constitutive of strategic agility: leaders must orchestrate experimentation while preserving governability, ensuring that deployment does not outpace the organizational capacity to detect harm, stabilize safeguards, and sustain consent (Teece et al., 2016; Schoemaker et al., 2018; Pesqueira et al., 2025). The SSL capability system specifies the leadership work required to keep innovation productive without normalizing harm, resonating with leadership-for-adaptability perspectives that treat leadership as the design of enabling conditions and disciplined orchestration under turbulence (Uhl-Bien & Arena, 2018).

The research agenda makes the paper’s claims empirically testable across three directions. The first is a cross-sector comparison of fintech, public service delivery, health, and platform governance because these domains vary systematically in institutional oversight severity, exclusion stakes, and feasibility of contestability. The three propositions derived in Section 4 provide the falsifiable starting points: whether redundant sensing reduces undetected exclusion under infrastructural volatility, whether adaptive documentation sustains legitimacy longer under institutional volatility, and whether procedural justice investment outperforms technical accuracy investment under socio-political volatility. The second direction is cross-country and cross-regional comparison, using volatility as a contingency lens rather than geography as a proxy, to identify whether infrastructural volatility matters most when contestability is weak, or whether institutional volatility matters most when vendor ecosystems dominate model development. The third direction is measurement development. Infrastructural volatility can be operationalized through data pipeline stability indicators, verification failure frequency, and monitoring uptime. Institutional volatility can be gauged via regulatory churn rates, enforcement ambiguity indices, and compliance uncertainty measures. Socio-political volatility can be tracked through complaint volumes, appeal rates, civil society scrutiny events, and the frequency of reputational shocks. Governance effectiveness should be measured not only by technical metrics: drift rates, disparate impact scores, but also by legitimacy indicators: perceived procedural justice, access to recourse, remediation timeliness, and accountability visibility. Table 1 provides the operational starting point for this measurement agenda by translating SSL capabilities into decision rights, escalation pathways, and example dashboard metrics that future empirical work can instrument and test across contexts.

Theoretically, the paper’s most transferable insight is this: amid volatility, the gap between governance as documented and governance as practised is not a management failure; it is a structural condition requiring deliberate investment in leadership capability. Future scholarship should examine how organizations build and sustain that investment over time, how it degrades under resource pressure, and whether the SSL capability chain operates sequentially or simultaneously across different volatility configurations. These questions extend the paper’s framework from a static model into a dynamic theory of legitimacy maintenance under algorithmic governance, the next frontier for both research and practice.

This paper argues that ethical AI governance under volatility is best understood as legitimacy infrastructure, a leadership capability system that makes algorithmic authority governable when infrastructure is unstable, institutions are shifting, and social consent is contested. By identifying three dimensions of volatility: infrastructural, institutional, and socio-political, and specifying a leadership mechanism chain of Sensing–Stabilizing–Legitimizing, the paper redefines ethical AI governance from a compliance issue into a strategic leadership challenge with measurable organizational consequences.

The African vantage point is presented not as a contextual footnote but as a theory-generating extreme context, revealing what dominant governance models silently assume: stable data realities, coherent oversight, and enduring legitimacy reserves (Hällgren et al., 2018; Suchman, 1995). These assumptions do not hold universally, and as global volatility intensifies, they hold less and less even in contexts once considered stable. The lessons generated here are therefore anticipatory rather than exceptional.

The practical implication is that leaders who treat ethical AI as a delegated technical task risk governance drift, compliance theater, and legitimacy collapse when competitive pressures make recovery most difficult. Leaders who treat ethical AI as legitimacy infrastructure build organizations capable of innovating without normalizing harm, detecting emerging risks early, maintaining safeguards under constraint, and ensuring contestability and accountability are embedded in practice rather than promised in policy (Mittelstadt, 2019; Raji et al., 2020; Uhl-Bien & Arena, 2018).

The deeper theoretical implication is that legitimacy is not a byproduct of good governance; it is its precondition. Under volatility, organizations cannot govern what they have not first legitimized. This inverts the conventional compliance logic: rather than building systems and then seeking acceptance, leaders must build acceptance infrastructure alongside, and sometimes before, the systems themselves. As algorithmic authority continues to expand in scope, scale, and consequence, the capacity to construct and sustain legitimacy infrastructure becomes not merely a governance competency but the defining leadership capability of the algorithmic era.

During the preparation of this paper, the author used Claude, an AI assistant created by Anthropic, in order to assist with language refinement, grammar checking, and clarity improvements in the manuscript. After using this tool, the author reviewed and edited the content as needed and takes full responsibility for the content of the publication.

The supplementary material for this article can be found online.