The AI Strategy Guide logo The AI Strategy Guide at the cusp of AI Subscribe →
AI Maturity Models: A Strategic-Posture-Conditional Reading — Maturity illustration
Maturity

AI Maturity Models: A Strategic-Posture-Conditional Reading

Six AI maturity models — Gartner, Microsoft CAF, MITRE, CNA, Deloitte, and an operator-built version — plotted against one set of axes. Target maturity stage is conditional on strategic posture, not absolute.

2 briefs · updated continuously Maturity
Generative AI Maturity Model: A Four-Axis Operator's Read
Essay

Generative AI Maturity Model: A Four-Axis Operator's Read

Updated 2026-05-29 · 11 min
The Gartner AI Maturity Model: An Honest Read
Essay

The Gartner AI Maturity Model: An Honest Read

Updated 2026-05-28 · 11 min

The first time I scored an organisation against the Gartner AI Maturity Model, the result was stage four. The same week, the same organisation cut its AI budget by 40% mid-year because the procurement team had discovered that the operating-cost line on the three-year forecast was three times the discretionary budget that had originally funded the work. The maturity model said stage four. The cash flow said stage two. The board listened to the cash flow, and the strategy was rewritten in six weeks.

That gap is what AI maturity models almost always miss. The published stages — and there are essentially six published frameworks in serious enterprise use in 2026 — describe what an organisation can do. They do not describe what the organisation can afford to keep doing. The number stopped measuring the thing the moment the cost curve flattened against the budget curve.

This page is the working comparison: six models on one set of axes, and the principle I have ended up using on every engagement since 2024. Target maturity stage is conditional on strategic posture, not absolute. A follower-posture organisation at stage three is correctly positioned; a follower-posture organisation pursuing stage five is on its way to a budget crisis the maturity model will not have predicted. The read on Gartner specifically lives at /maturity/gartner/; the generative-AI-specific maturity question lives at /maturity/generative/.

What an AI maturity model is for

A maturity model is a vocabulary plus a sequence — the same shape as a strategy framework, but pointed inward. The vocabulary lets a board hear “we are at stage three” and understand roughly what that means relative to peers. The sequence lets an engineering team agree on what “moving up one stage” requires.

Maturity models fail when stages are treated as goals rather than diagnostics. Stage four is not better than stage three in the abstract; it is more expensive, more governed, and more committed. The honest reading is: stage four is correct if your strategic posture demands stage-four capability, and incorrect if it does not. Most published models obscure this because the framework authors are selling the upward motion, not the standstill.

The other failure mode is treating stage transitions as continuous. They are not. The transition that breaks programmes is almost always the discretionary-to-operating-budget transition — the moment AI capability leaves the innovation budget and enters the year-on-year cost base. That transition typically lives between stages three and four on most models, and it is the single most expensive move an AI programme will ever make. Frameworks describe it as a milestone. It is a cliff.

The six models, briefly

Gartner AI Maturity Model. Five stages: Awareness, Active, Operational, Systemic, Transformational. Strong labels, weak on the budget-transition realism. The full read lives at /maturity/gartner/. The vocabulary survives board meetings — use it for that. The stage-transition assumptions need to be overlaid with your own cost model.

Microsoft Cloud Adoption Framework (CAF) for AI. Not strictly a maturity model, but functions as one. Phased adoption across Strategy, Plan, Ready, Adopt, Govern, Manage. Strong sequencing, vendor-shaped (assumes Azure tooling), and updated frequently — the 2026-04 refresh is the most current of any model on this list.

MITRE AI Maturity Model. Originally written for U.S. federal contexts, increasingly adopted in regulated industries. Eight pillars (Ethical, Strategy, Operations, Data, Models, Tools, People, Performance) scored independently. Strong on the multi-axis read; weak on the resulting single-stage labelling. The most honest model on the list — refuses to compress eight axes into one number — and the least board-friendly for the same reason.

Centre for Naval Analyses (CNA) AI Maturity Framework. Five-stage model, public-domain, originally for defence acquisition. Quietly the best-engineered of the public-domain models. Adoption in commercial enterprise is low because the provenance is unfamiliar; the framework itself is among the most rigorous published.

Deloitte State of AI in the Enterprise stages. Four stages — Underachievers, Starters, Skilled, Seasoned. Strong on benchmarking against peers (the State-of-AI survey publishes peer distributions annually); weak on the prescriptive side. Useful as a where-do-we-sit reference, not as a where-should-we-go plan.

The operator-built version I use. Three axes scored independently — capability depth, governance maturity, cost-base integration — rather than a single stage. The three are not correlated. An organisation can sit at deep capability + low governance + discretionary budget (the typical 2024–2025 archetype that fails compliance review in 2026), or shallow capability + high governance + operating budget (the regulated-industry archetype that delivers reliably but slowly). Compressing the three into one stage hides the most important diagnostic.

The axes that actually matter

The six models above use different axes, and the differences are not cosmetic. The axes I have ended up scoring against across forty engagements:

Capability depth — what AI work can the organisation execute without external help. This is the axis published models foreground most, and it is the easiest to measure. Inventory the AI capabilities currently in production; score each on a four-point scale (vendor-only, vendor-with-internal-supervision, internal-with-vendor-assist, fully internal). The aggregate is a reasonable capability score. Most organisations overestimate this axis by one full point on first scoring; the second pass after technical due diligence is the one that holds up.

Governance maturity — what controls exist around AI usage, decision-making, and risk. NIST AI RMF is the most widely recognised public-domain working vocabulary for this axis (ISO 42001 is the certifiable alternative). Score against the four NIST RMF functions (Govern, Map, Measure, Manage), and the result is comparable across organisations in a way the published maturity models are not. The EU AI Act’s 2026 enforcement timeline — staggered, with the high-risk system obligations binding from August — has made this axis non-optional for any organisation with European customers; it was discretionary in 2024 and is regulatory in 2026.

Cost-base integration — what budget tier funds the AI work, and what would survive a budget cut. This is the axis published maturity models almost universally miss. The three tiers are discretionary (innovation budget, marketing, CEO’s office), operating (year-on-year cost base, line in the IT budget), and transformative (capital expenditure committed across multiple years). Stage transitions on most published models implicitly require the discretionary-to-operating transition; few models name it.

These three axes are not correlated. The axiom that drives this entire page: target stage on any axis is conditional on strategic posture, not absolute. A follower-posture organisation correctly sits at moderate capability depth, high governance maturity (defensive), and stable operating-budget integration. A leader-posture organisation correctly sits at high capability depth, high governance maturity (proactive), and growing operating-or-transformative budget integration. An absentee-posture organisation correctly sits at low capability depth, governance maturity sufficient to meet regulation, and minimal cost-base integration. All three are correct for their posture.

The transition that breaks programmes

If there is one moment to plan for, it is the discretionary-to-operating budget transition. I have watched five enterprise AI programmes fail at this transition between 2023 and 2026, and the mechanism was the same each time.

A programme funded out of the discretionary budget runs for eighteen to twenty-four months on innovation funding. It produces measurable wins — internal productivity tools, a customer-service assistant, a fraud-detection improvement. The wins justify a request to embed the capability permanently. The CFO asks what the operating cost will be year-on-year. The answer, honestly calculated, is between three and seven times the original discretionary spend, because the discretionary work was funded as project costs and the operating cost includes the platform fees, the model usage costs, the security review cycles, the compliance overhead, and the team scaling required to support production-grade SLAs.

The CFO does not say no. The CFO asks for a phased proposal that fits the operating budget that does exist. That proposal cuts capability by 50% or more. The programme leadership has to choose between accepting a smaller permanent footprint or returning to discretionary funding for another cycle. Either choice is honest. The frameworks that describe stage transitions as a continuous upward motion do not contain the language for this choice.

The fix is upstream. A maturity assessment that plots cost-base integration as a separate axis surfaces the transition before it arrives. The strategic-posture-conditional read tells you whether the transition is the right move at all. For a follower-posture organisation, the right answer is often “no” — keep the capability in discretionary, accept the smaller footprint, and revisit when the cost curves move. For a leader-posture organisation, the right answer is “yes, and the operating-cost line item should have been in the year-one strategy document.” The transition is supposed to be planned; the failure mode is that it is not.

How to use this hub

If you are scoring your organisation for the first time, do not start with Gartner. Score against the three axes above — capability depth, governance maturity, cost-base integration — and resist the temptation to compress into one stage. Then map the three-axis result to whichever named model your board recognises (almost certainly Gartner) for the communication artefact. The two-document approach reads as redundant on first pass and is what every successful programme I have audited has ended up doing.

If you are pressure-testing an existing maturity assessment, the first question to ask is: does it score cost-base integration. If not, the assessment is incomplete and the transition will surprise the programme. The second question: does it state strategic posture as a premise. If not, the target stage is being read as absolute when it should be conditional.

If you are starting from Gartner specifically, /maturity/gartner/ is the focused read on what to keep and what to overlay. If your work is generative-AI-specific — which has its own stage shape, particularly around the build-vs-buy-vs-fine-tune question — /maturity/generative/ is the cluster-completing piece.

The strategy framework that sits upstream of any maturity assessment lives at /framework/. The four-question diagnostic in particular is what tells you which posture you should be reading the maturity model against. Read that first if you have not.

What this hub is not

It is not a stage benchmark. The Deloitte State of AI survey and similar produce peer distributions; this hub does not. The value here is in the conditional read — what stage is correct for your posture — not in the where-do-we-sit comparison.

It is not a Gartner replacement. The labels work; use them. The overlay is what changes the reading, not the labels themselves.

It is not a maturity-assessment-as-a-service pitch. The scoring sheet behind the three-axis read is published CC-BY-4.0; fork it, change the weights, publish a fork with a different verdict. Self-scoring is fine for a first pass. The cases where an external read is worth paying for are the ones where the cost-base-integration axis is contested internally — the CFO and the CIO disagree on what the operating-cost line will look like — and an external assessment is, occasionally, the cheapest way to force the conversation.

Sources & methodology

If your organisation’s posture-vs-stage read disagrees with mine, send the disagreement and I will publish it with attribution.

Across the guide

Capabilities and Adjacencies: What the Strategy Turns IntoAI Governance: A Practitioner's Map of the 2026 LandscapeAI Strategy Frameworks: A Practitioner ComparisonAI Roadmap and Transformation: Sequencing the Work When Budget is RealTeams and Roles: The CAIO Question, HonestlyAI Software Engineering: An Engineering Leader's Map

Frequently asked questions

What is the best AI maturity model to use?
There is no best model in the absolute. The best model is the one whose stage labels match the vocabulary your board already uses, plotted against axes that reflect the decisions your organisation actually has to make. Most clients I have worked with end up using Gartner labels for board memos and an operator-built version of the axes for the engineering plan. Trying to use one model for both audiences is the mistake.
What stage should an enterprise aim to reach?
That is the wrong question. Target stage is conditional on strategic posture — a follower-posture organisation should not aim past stage three on most models, because the cost of stages four and five does not justify itself without leader-posture economics. The right question is: what is the minimum stage that supports our posture, and what is the maximum stage our budget can sustain. The answer lives between those two.
How long does it take to move up one maturity stage?
Eighteen months for a clean stage transition with budget commitment, three years if the transition crosses the discretionary-to-operating budget boundary. Most published stage transitions assume twelve months because that is what the framework authors needed to justify the framework's pace of change. In practice the boundary that breaks programmes is not stage three to four; it is the budget-source transition that usually coincides with it.
Is the Gartner AI Maturity Model still useful in 2026?
Useful for vocabulary, not for planning. The Gartner labels survive every board meeting I have used them in, and that is a real benefit. The stage-transition assumptions — particularly the budget naivety I describe in the [Gartner-specific read](/maturity/gartner/) — are where you have to overlay your own thinking. Use the labels, ignore the implicit pace.