Board AI Governance: The Director's Guide

In shortBoard AI governance is the board's oversight of how an organisation develops, buys and uses AI. Directors do not need to run AI day to day, but they are accountable for setting risk appetite, ensuring competent management, and getting assurance that AI is used safely and lawfully. As AI becomes business-critical, it belongs on the board agenda alongside cyber and financial risk.

In this guide

What is board AI governance?Definition, the board's role and the questions directors should ask.

Key facts

Definition	The board's oversight of how AI is developed, bought and used across the organisation
Board's role	Set risk appetite, ensure competent management and obtain assurance — not run AI day to day
Why now	AI affects strategy, risk and duties of care; regulators expect board-level accountability
Key inputs	An AI inventory, a risk register, policy status and incident reporting
Accountability	Often a named board sponsor or committee, with executive ownership below
Cadence	Regular reporting, with AI risk integrated into existing risk and audit committees

Why AI is a board-level issue

AI now shapes strategy, customer outcomes, operational risk and reputation, and directors' duties of care extend to it. Boards are expected to provide oversight of material risks, and AI is fast becoming one — sitting alongside cyber and financial risk on the agenda rather than being delegated and forgotten. See what is board AI governance?

What the board is accountable for

Not the day-to-day, but the framework around it: approving the organisation's AI risk appetite, ensuring management is competent and resourced, confirming an AI governance framework exists, and obtaining regular assurance that it works. The board sets the tone and holds management to account.

Questions every board should ask

Where are we using AI, and which uses are high-risk? Who is the accountable owner? What is our risk appetite, and are we within it? Are staff AI literate? Do we have policies and human oversight? How would we know if something went wrong, and what is our incident plan?

Setting risk appetite and oversight structures

Define what AI use the organisation will and will not accept, then choose where oversight sits — a board sponsor, an existing risk or audit committee, or a dedicated group. Keep executive ownership clear beneath the board so accountability does not blur.

What good AI reporting to the board looks like

Concise, decision-useful reporting drawn from the AI inventory and risk register: material AI uses and their risk, changes since last time, policy and training status, open issues and incidents, and progress against the compliance roadmap.

Frequently asked questions

What is board AI governance?

The board's oversight of how an organisation develops, buys and uses AI, including risk appetite, accountability and assurance.

Is AI really a board-level responsibility?

Yes — AI affects strategy, risk and directors' duties of care, and regulators increasingly expect board-level accountability.

What does the board need to do about AI?

Set risk appetite, ensure competent management, confirm a governance framework exists, and obtain regular assurance that it works.

What questions should directors ask about AI?

Where is AI used, which uses are high-risk, who owns them, are we within risk appetite, and what is our incident plan?

Where should AI oversight sit on the board?

Often with a named sponsor or an existing risk/audit committee, with clear executive ownership beneath the board.

Related guides

Sources

Last updated 19 June 2026.