Skip to content

AI governance for boards

Your board is accountable for AI, ready or not.

Directors carry the duty for how their organisation adopts AI, often before they are comfortable with it. We give boards the literacy, the controls and the evidence to govern AI responsibly and adopt it with confidence.

Take the Board AI Scorecard Book a 15-minute call

Accountability arrives before comfort.

AI is already in use across most organisations: in tools staff adopt quietly, in systems suppliers embed it into, in decisions that affect people’s lives. The board remains answerable for the risk, the fairness and the defensibility of all of it. The distance between that responsibility and the board’s confidence is where governance fails.

The obligations arrive on a schedule. Readiness is a board decision.

The dated duties a UK board is already governing under, and the ones arriving next. None of them waits for the board to feel comfortable.

  1. EU AI Act prohibitions and AI literacy duties apply

  2. Data (Use and Access) Act 2025 receives Royal Assent

  3. EU AI Act: obligations on general-purpose AI models

  4. Articles 22A to 22D in force, replacing UK GDPR Article 22

  5. FCA and PRA reaffirm a technology-neutral approach to AI

  6. ICO consultation closes; final ADM guidance expected summer 2026

  7. EU AI Act high-risk obligations: stand-alone systems*

  8. EU AI Act high-risk obligations: systems embedded in products*

*EU AI Act high-risk dates as amended by the 2026 Digital Omnibus on AI, agreed politically in May 2026 but still completing the EU legislative process. The ICO’s updated automated-decision-making (ADM) guidance remains in draft. Sources: Regulation (EU) 2024/1689; Data (Use and Access) Act 2025; ICO; FCA.

The five areas

What good board AI governance covers.

Five areas decide whether a board can govern AI well. They are the areas the Board AI Scorecard measures.

01

Accountability & board oversight

Who owns AI at board level, and how often the board looks at it.

02

AI policy & controls

Whether AI use is governed by an approved policy and an approval route.

03

Risk, transparency & assurance

Visibility of AI risk, and readiness for ISO/IEC 42001, EU AI Act exposure and UK GDPR.

04

Data & security

Whether you can see what AI staff already use, and govern its data and security risk.

05

Board literacy & capability

How well the board can scrutinise an AI decision put in front of it.

How we help

Board-level governance, grounded in practice.

Our advisory is grounded in the practice of our founder, Dr Karl George MBE, creator of the tgf Governance Code.

AI Wake-Up Call

A board literacy session that gets directors fluent in the AI decisions in front of them: what to ask, what to govern, and what to leave alone.

Book a 15-minute call

GovernIQ™ Diagnostic

A structured read of where your AI governance stands today, with a scored picture, the gaps that matter most, and a prioritised plan to close them.

About the diagnostic

By sector

The same accountability, shaped to your sector.

The duty on the board does not change. The regulators, the data and the questions do. We have set out the board AI governance picture for these sectors.

See where your board stands.

The Board AI Scorecard takes about two minutes and gives you a readiness score, your weakest area, and a recommended next step.

Take the Board AI Scorecardor book a 15-minute call