Key facts
- Boards need working knowledge of AI use and risk, not technical expertise.
- Start every oversight conversation by asking for a current AI system inventory.
- The EU AI Act creates real legal obligations, with penalties for non-compliance.
- Ask who is accountable for AI governance, and how that accountability is evidenced.
- Use the free board oversight pack and agenda template to structure quarterly reviews.
Why boards need to engage with AI
AI decisions increasingly carry legal, financial and reputational consequences that sit squarely within board responsibility — from EU AI Act compliance to the reputational cost of a poorly governed AI system causing harm. Boards that treat AI purely as a management-level technical matter risk finding out about problems only after they have become serious.
The four things to ask for
An accurate AI system inventory: what AI is actually in use, including tools introduced by individual teams without formal sign-off. A risk classification: which systems are high-risk, limited-risk or minimal-risk under the EU AI Act, and why. Clear accountability: who owns AI governance day to day, and who is accountable to the board. Evidence, not assurance: documentation, audit trails and metrics — not just a verbal assurance that "it's under control".
What good oversight looks like in practice
A board that receives a short, regular AI governance update — inventory changes, new risk classifications, any incidents, and outstanding compliance gaps — is in a materially stronger position than one that asks about AI only when prompted by an external event such as a new regulation or a competitor's incident.
Getting started
Use the free board oversight pack and agenda template to structure a first AI governance review, then build a regular cadence — quarterly is typical for most SMEs — around the same core questions.
Frequently asked questions
Do board members need technical AI expertise?
No — they need enough working knowledge to ask the right oversight questions, not to build or audit AI systems themselves.
What is the first thing a board should ask for on AI?
A current AI system inventory — you cannot oversee AI risk you cannot see.
What legal obligations does the EU AI Act create for boards?
It creates compliance obligations for the organisation, with penalties for non-compliance, making AI governance a genuine board-level risk topic.
How often should a board review AI governance?
Quarterly is typical for most SMEs, more frequently for organisations with higher-risk AI use.
What does good AI board oversight look like?
Regular, short updates covering the inventory, risk classifications, incidents and outstanding gaps — backed by evidence, not just assurance.
Related pages
Sources
Last updated 19 June 2026.