Skip to content

AI governance for charities

Trustees stay accountable for AI, even when its use is delegated.

Your charity may already draft appeals, screen donors or triage beneficiaries with AI, often through staff or third-party fundraisers. The board of trustees remains personally responsible in law for every one of those decisions. Governance AI advises trustees on the controls the Charity Governance Code expects, and builds the systems that meet them.

Take the Board AI Scorecard Book a conversation

Public trust is the asset AI puts at risk first.

Charity boards answer to beneficiaries, donors, the public and a statutory regulator, not to shareholders. An AI failure that misleads donors, mishandles safeguarding data or produces a biased grant decision is a governance and reputational matter, not an operational one. The Charity Governance Code now recommends that boards adopt AI and technology policies, and the Charity Commission expects trustees to apply their existing duties of reasonable care and skill to AI rather than wait for separate rules written specifically for it.

The Fundraising Regulator goes further still. Its guidance holds trustees accountable for AI used in fundraising, including by third-party suppliers acting in your name, and calls for an agreed AI policy with proportionate human oversight. Accountability does not transfer with the task.

The standards charities are held to.

AI does not create a separate rulebook. It runs through the duties and regulators you already answer to.

  • Charity Commission for England and Wales

    Its trustee-duties guidance (CC3) expects boards to apply existing duties of reasonable care and skill to any AI they deploy.

  • Charity Governance Code

    On an apply-or-explain basis, it now recommends that boards adopt AI and technology policies.

  • Fundraising Regulator and Code of Fundraising Practice

    Its AI guidance holds trustees accountable for AI in fundraising, including by third parties, and calls for an agreed policy.

  • Information Commissioner's Office (ICO)

    Enforces UK GDPR and PECR over donor and beneficiary data, including the soft opt-in available to charities for their own charitable purposes.

  • Charities Act 2011 trustee duties

    The statutory anchor for board accountability: acting in the charity's best interests, with reasonable care and skill, and reporting serious incidents.

What good AI governance looks like for charities.

The Board AI Scorecard measures five areas. Here is what each means in your sector.

Accountability & board oversight

The board of trustees holds, in law, the personal and collective responsibility for AI decisions, whether the work is done by staff, volunteers or an outsourced fundraiser.

AI policy & controls

A published AI policy that covers staff, volunteers and third-party fundraisers acting in your name is now a recommendation of the Charity Governance Code and an expectation of the Fundraising Regulator.

Risk, transparency & assurance

Biased grant or hardship assessments, fabricated outputs and undisclosed AI in fundraising are the failures most likely to harm beneficiaries and the public trust the charity depends on.

Data & security

Special-category beneficiary records and donor wealth-screening data must demonstrably satisfy UK GDPR and PECR before they go anywhere near an AI tool for profiling, targeting or assessment.

Board literacy & capability

Boards recruited for sector, fundraising or lived-experience credibility need enough AI literacy to interrogate suppliers and judge whether staff use is proportionate and safe.

Questions your board should be asking.

  • Do we have an agreed, published AI policy, and does it cover use by staff, volunteers and third-party fundraisers acting in our name?
  • Where are AI tools touching beneficiary or donor personal data, and can we demonstrate this is lawful under UK GDPR and PECR?
  • How do we ensure meaningful human oversight before AI affects a beneficiary, a grant or hardship decision, or a fundraising message?
  • When and how do we tell donors and the public that content or interactions are AI-generated, proportionate to the risk of misleading them?
  • How would we identify and remedy a biased AI outcome that disadvantages the vulnerable people we serve?
  • As trustees, do we understand the risk profile of these tools well enough to discharge our duty of reasonable care and skill?

Taking these to a meeting? Print the one-page board pack.

We advise the board on AI governance and build the controls it needs.

Start with the free Board AI Scorecard, a short self-assessment that shows trustees where your AI exposure sits against the Charity Governance Code and the Fundraising Regulator's expectations. From there, the AI Wake-Up Call is a board session that turns those gaps into priorities, and the GovernIQ™ Diagnostic gives you a full read of your AI risk with a remediation plan. Our work draws on the tgf Governance Code created by Dr Karl George MBE, and aligns to ISO/IEC 42001, the NIST AI Risk Management Framework and UK GDPR. We help you prepare for certification rather than issue it. One team advises and builds, with no handoff.

About the GovernIQ™ DiagnosticAI governance for boards

Latest insights for charities

Slender violet arcs forming a sheltering ring around a small circle on a near-white field, suggesting a board holding a line around beneficiaries

Sector playbooks

AI governance for charity trustees: what changed

The 2025 Charity Governance Code now names a technology and AI policy as evidence of good governance. What trustees must do, sized for small charities.

ArticleDr Karl George MBE8 min read

See where your trustees stand before the next board meeting.

Take the free Board AI Scorecard, or have a short conversation with us about where your charity's AI exposure sits and what the board should do about it.

Take the Board AI Scorecardor book a conversation

AI governance in other sectors.