EU AI Act Article 50 transparency obligations apply 2 August 2026 — soon days left. Check your exposure →

Board Governance · Updated 19 June 2026

What is board AI governance?

Board AI governance is the board's oversight of how an organisation develops, buys and uses AI. Directors do not need to run AI day to day, but they are accountable for setting risk appetite, ensuring competent management, and getting assurance that AI is used safely and lawfully.

By Spencer Welch — founder of AI Act Ready (Immersible Ltd), advising UK and EU businesses on EU AI Act compliance, ISO/IEC 42001 and AI governance.

Key facts

Definition: the board's oversight of how AI is developed, bought and used across the organisation.
The board's role is to set risk appetite, ensure competent management and obtain assurance — not run AI day to day.
AI affects strategy, risk and directors' duties of care, so it belongs on the board agenda.
Key inputs: an AI inventory, a risk register, policy status and incident reporting.
Oversight often sits with a named board sponsor or an existing risk/audit committee.

Why is AI a board-level issue?

AI now shapes strategy, customer outcomes, operational risk and reputation, and directors' duties of care extend to it. Boards are expected to oversee material risks, and AI is fast becoming one — sitting alongside cyber and financial risk rather than being delegated and forgotten.

What is the board accountable for?

Not the day-to-day, but the framework around it: approving the organisation's AI risk appetite, ensuring management is competent and resourced, confirming an AI governance framework exists, and obtaining regular assurance that it works.

What questions should directors ask?

Where are we using AI, and which uses are high-risk? Who is the accountable owner? What is our risk appetite, and are we within it? Are staff AI literate? Do we have policies and human oversight? How would we know if something went wrong, and what is our incident plan?

Where should AI oversight sit?

Define what AI use the organisation will and will not accept, then choose where oversight sits — a board sponsor, an existing risk or audit committee, or a dedicated group — with clear executive ownership beneath the board so accountability does not blur.

What does good AI reporting look like?

Concise, decision-useful reporting drawn from the AI inventory and risk register: material uses and their risk, changes since last time, policy and training status, open issues and incidents, and progress against the roadmap. See our board AI governance guide.

Frequently asked questions

What is board AI governance?

The board's oversight of how an organisation develops, buys and uses AI, including risk appetite, accountability and assurance.

Is AI really a board-level responsibility?

Yes — AI affects strategy, risk and directors' duties of care, and regulators increasingly expect board-level accountability.

What does the board need to do about AI?

Set risk appetite, ensure competent management, confirm a governance framework exists, and obtain regular assurance that it works.

What questions should directors ask about AI?

Where is AI used, which uses are high-risk, who owns them, are we within risk appetite, and what is our incident plan?

Where should AI oversight sit on the board?

Often with a named sponsor or an existing risk/audit committee, with clear executive ownership beneath the board.

Do directors need to be AI experts?

No — but they need enough literacy to ask the right questions and challenge management's answers.

Related pages

Sources

Last updated 19 June 2026.