Initially as it is in read-only mode, there are no risks. But once you enable policy enforcement it will block non-compliant deployments to your cluster. Your organisation has to be ready for it, as it might block a developer trying to apply a hotfix.. you need to have the right mechanisms of enabling skips and escalating critical deployments, as any security tool i suppose