Skip to content

AI governance consultancy

AI Governance Consultancy UK

Governance AI is a UK AI governance consultancy for boards: a scored diagnostic (from £3,950), policy and control design, and engineered evidence, mapped to ISO 42001, NIST AI RMF, UK GDPR and your sector regulator — led by Dr Karl George MBE, founder of The Governance Forum.

Who this applies to.

UK boards, company secretaries, risk and audit committees, and executives in regulated or public-facing organisations who are evaluating or buying AI governance help — from a first scorecard through to implementation. We work most often with:

What the board needs to decide.

Before you engage anyone, five decisions shape what you should buy and in what order.

  • Whether the immediate need is diagnosis (where do we stand) or implementation (build and prove the controls).
  • Whether ISO/IEC 42001 certification readiness or EU AI Act scope is in play for you this year.
  • Who owns AI governance internally, and what evidence they will need to show a regulator or auditor.
  • Advisory alone, or an adviser who has also shipped governed AI systems into production.
  • Budget tier: the free Board AI Scorecard, then GovernIQ Lite (£3,950), the full diagnostic (£9,950), or diagnostic plus roadmap (from £18,000).

For the numbers in full, see our AI governance consultancy pricing guide.

What Governance AI does.

We run two service lines. The first is a board-level advisory programme — Foundation, Development and Accreditation — that takes a board from AI literacy to a defensible governance position and, where it fits, the Governance AI Quality Mark. The second is governance-first builds: we design and ship production AI with the controls written into the code, not bolted on to pass a review.

Most firms do one or the other. We do both, with one team, so the governance and the system are never lost in a handoff between adviser and developer.

How an engagement works

From baseline to evidence a regulator can inspect.

An engagement is a sequence of controls, each producing evidence with a named owner. This is the same discipline we apply at the model level, one rung up.

ControlEvidence producedOwner
AI inventory and scorecard baselineBoard AI Scorecard result and a first inventory of where AI is already in useCompany secretary / board
GovernIQ™ diagnosticA scored readiness report across five areas, presented at a board readoutRisk or audit committee
Policy and rolesAn AI governance policy, an acceptable-use standard, and a named accountable ownerNamed AI owner (executive)
Engineered controlsRead-only data access, an append-only audit ledger, confidence floors and human approval gates, written into the codeCTO / delivery team
Assurance and Quality Mark preparationControls mapped to ISO/IEC 42001 and the NIST AI RMF, and an evidence pack a board or auditor can inspectBoard / external auditor

At system level, this becomes a specific set of AI model governance controls.

The frameworks we map your governance to.

AI does not create a separate rulebook. It runs through the standards and regulators you already answer to.

FrameworkWhat it governsHow we map to it
ISO/IEC 42001The AI management system: policy, roles, risk process and continual improvement.We prepare you for certification and leave the evidence in place. We do not issue the certificate.
NIST AI RMFThe risk function across Govern, Map, Measure and Manage.We map each control we design to the four functions, so the work is legible to a US-facing or model-risk audience.
UK GDPR / ICOPersonal data, automated decisions and the duty to complete a DPIA where the risk is high.We review where AI touches personal data and what a data protection impact assessment must record.
EU AI ActRole-based scope (provider or deployer) and risk tiers, which can reach a UK-only organisation.We assess whether the Act applies to you and, if it does, what your role obliges you to hold.
Sector regulatorThe duties you already answer to: FCA, RICS, DfE/ESFA, the RSH or the ICO for local authorities.We score the diagnostic against your regulator, not a generic checklist.

Going deeper on one of these? See our guides to the ISO 42001 consultant question and EU AI Act consultancy scope.

Why Governance AI

Board authority, and systems we have actually shipped.

Our advisory is grounded in the practice of our founder, Dr Karl George MBE — founder of The Governance Forum, creator of the Governance Assessment Process and the RACE Equality Code, and Partner and Head of Governance at RSM UK. No UK boutique in this market leads with a board-governance figure of that standing.

That authority sits on top of an AI-native operating model and systems we have built and governed: read-only data access, append-only audit ledgers and confidence floors that overrule the model, engineered into production rather than described in a policy.

Common mistakes when buying AI governance.

The failures we are most often called in to fix have the same few roots.

  • Buying a framework or a policy pack with no evidence behind it. A policy a regulator cannot test is a statement of intent, not a control.
  • Treating a diagnostic as a one-off certificate rather than a baseline to re-score as your AI use grows.
  • Hiring for brand over shipped evidence. Ask what the adviser has actually built and governed, not only what they have reviewed.
  • Assuming a consultancy's certification claim is the same as an accredited certification body's audit. A consultancy prepares you; only an accredited body can certify you against ISO/IEC 42001.

For a vendor-neutral way to test any adviser, see how to choose an AI governance partner and our responsible AI consultancy selection test.

Questions boards ask us first.

If yours is not here, a short conversation will answer it faster than another page would.

Start where it is proportionate.

The free Board AI Scorecard takes about two minutes and tells you your weakest area and the right next step. The GovernIQ™ Diagnostic goes deeper, from £3,950.