Action research: running an AI programme you can defend

AI programmes fail as often from a lack of evaluative discipline as from technical missteps. Action research offers a rigorous, iterative structure that turns a change initiative into something you can defend to a board — or an auditor.

Michael McCarroll 14 min read Updated June 2026

Why AI programmes need a research method, not just a project plan

A conventional project plan assumes the destination is known. AI adoption rarely works that way. The tools change under you, the workforce reaction is not predicted by the business case, the promised benefits materialise in unexpected places and fail to materialise in obvious ones. A method that assumes the destination is fixed treats every surprise as a project management failure.

Action research assumes the opposite. It is a disciplined way of learning by doing, in cycles of plan, act, observe and reflect (Lewin 1946; Reason and Bradbury 2008). It is the natural method for enterprise AI because AI adoption is genuinely exploratory: you cannot know what your users will actually do with Copilot until you give it to them, and you cannot know whether your governance is fit for purpose until it meets real cases.

The four-phase cycle applied to an AI programme

1. Plan. Establish a baseline. In an AI programme this means a pre-implementation survey of attitudes, confidence, existing shadow AI use and concerns; a mapped view of the data estate the tool will touch; and a documented set of hypotheses about what the intervention is expected to change.

2. Act. Introduce the intervention — training, tool access, governance forums, a community of practice — with clear scope and named accountability. The intervention is not just the technology; it is the whole arrangement of technology, training, communication and support.

3. Observe. Collect evidence during and after the intervention. Survey the same population that gave the baseline. Interview users. Capture the artefacts produced. Log the incidents, the near-misses and the workarounds.

4. Reflect. Interpret the evidence, ideally through a theoretical frame that lets you explain patterns rather than just describe them. Socio-technical systems theory and actor–network theory both do useful work here because they treat outcomes as emerging from the interaction of people, tools, data, policies and governance artefacts, not from any single actor (Trist and Bamforth 1951; Latour 2005).

The insider practitioner problem

Most organisational AI research is done by insiders — the person leading the programme is also the person studying it. This creates access advantages and discipline risks in equal measure. The advantages are obvious: proximity to decisions, access to artefacts, ability to observe what actually happens rather than what people report happening.

The risks are less obvious and more consequential. Bias, over-familiarity, an unconscious drift toward celebratory accounts of the programme's own success, and power imbalances that can suppress dissenting evidence from participants (Costley, Elliott and Gibbs 2010). The remedies are procedural, not attitudinal.

  • Multiple evidence sources. Survey plus interview plus artefact plus incident log. No single-source claims.
  • Independent challenge. An external supervisor, a peer-review forum, or a critical friend outside the reporting line.
  • Reflexive journalling. A running log of ethical dilemmas and moments where your role as practitioner conflicted with your role as researcher.
  • Publish limitations. Report what did not work and what remained difficult with the same rigour as what did. A programme with no downsides is a programme that has not been evaluated honestly.

Why regulators and auditors are starting to ask for this

ISO/IEC 42001 requires evidence of stakeholder engagement, documented decision rationale, evaluated outcomes and continual improvement. The EU AI Act requires post-market monitoring for high-risk systems. Both are, in effect, asking for the artefacts an action-research cycle produces as a matter of course (ISO/IEC 2023; European Parliament 2024).

Running your AI programme as action research from the start means the evidence a reviewer wants is generated by the programme itself, not manufactured afterwards. The baseline survey becomes your stakeholder engagement record. The intervention documentation becomes your decision rationale. The post-implementation evaluation becomes your effectiveness evidence.

References

  • Costley, C., Elliott, G. and Gibbs, P. (2010) Doing Work-Based Research. London: Sage.
  • European Parliament (2024) Regulation (EU) 2024/1689 (Artificial Intelligence Act). Official Journal of the European Union.
  • ISO/IEC (2023) ISO/IEC 42001:2023 Artificial intelligence — Management system. Geneva: ISO/IEC.
  • Latour, B. (2005) Reassembling the Social. Oxford: Oxford University Press.
  • Lewin, K. (1946) 'Action research and minority problems', Journal of Social Issues, 2(4), pp. 34–46.
  • Reason, P. and Bradbury, H. (eds) (2008) The SAGE Handbook of Action Research. London: Sage.
  • Trist, E. and Bamforth, K. (1951) 'Some social and psychological consequences of the longwall method of coal-getting', Human Relations, 4(1), pp. 3–38.

Frequently asked questions

What is action research and why use it for AI programmes?
Action research is Lewin's iterative cycle of plan, act, observe, reflect. It fits AI adoption because AI programmes are inherently iterative and socio-technical — the technology, the people and the governance all change together, and each cycle informs the next.
How is action research different from a normal project plan?
A project plan defines fixed outcomes and drives to them. Action research treats each intervention as a data-gathering exercise, evaluates results honestly, and adjusts the next intervention. That evaluative discipline is what makes an AI programme defensible to a board, an auditor or a regulator.
How do you keep insider practitioner research rigorous?
Use multiple sources of evidence — baseline surveys, thematic interviews, post-implementation evaluation — declare limitations, and keep a traceable chain from diagnosis to intervention to evaluation. Triangulation and published limitations are what separate practitioner research from opinion.
Does action research produce ISO 42001 or EU AI Act evidence?
Yes. The artefacts action research generates — documented rationale, stakeholder engagement records, evaluated outcomes and iterative improvement — map directly to the evidence requirements of ISO 42001 and the deployer obligations of the EU AI Act.

Turn your AI programme into evaluated evidence

ISO-STANDARD.app gives you the register, the engagement log and the evaluation records action research produces — ready for ISO 42001, the EU AI Act and your own board.

ISO-STANDARD.app ships a ready-to-adopt ISO 42001 workspace with the risk register, controls catalogue, policies and audit-ready exports already wired together — no spreadsheet sprawl, no consultant lock-in.

Free downloads for this topic

Prefer a conversation? Email hello@iso-standard.app — a real human responds within one business day.

Trust & security
ISO 27001 aligned
Controls mapped to Annex A
Encryption in transit & at rest
TLS 1.3 · AES-256
MFA enforced
TOTP required for all admins
GDPR & UK GDPR
DPA on request · EU/UK data
SOC 2 ready posture
Audit-grade logging
RLS-isolated tenants
Row-level data separation
← All guidesHome →