The RICS responsible AI standard is a mandatory RICS professional standard for members and regulated firms where AI materially affects surveying services. Effective from 9 March 2026, it requires records, governance, risk registers, due diligence, human judgement, client disclosure and compliance with applicable law.
For boards, the point is not whether AI is allowed. RICS states that AI can support surveying practice, but the professional standard is designed to keep members and regulated firms in control of professional work, client communication and risk management. That turns AI adoption from an IT permission into a board assurance question.
Key takeaways
- RICS members and regulated firms using AI outputs with a material impact on surveying services must comply with the RICS professional standard and with relevant law in the jurisdiction where they operate.
- The standard makes written evidence central: material-impact determinations, appropriateness assessments, AI system registers, risk registers, supplier due diligence and reliability decisions all need records.
- Professional judgement does not move to the model. RICS requires reliability decisions to be made by, or under the supervision of, an appropriately qualified named surveyor who accepts responsibility for the output.
- Client disclosure is not optional where AI materially affects service delivery. Engagement documents need to say when and where AI is involved, how contesting or redress works, and whether clients can opt out.
- Professional-services boards outside surveying should not treat the RICS standard as binding on them. They can still use the RICS scope and disclosure model as a practical benchmark for professional accountability, evidence and client communication.
Who the standard applies to
RICS defines the document as a global professional standard for RICS members and RICS-regulated firms, and the PDF states that members must comply with RICS professional standards. The same section says members and regulated firms must also comply with relevant legislation, and that applicable legislation takes precedence where there is a conflict with the standard.
The scope is narrower than "any use of AI in the office". The standard applies to outputs of AI systems that have a material impact on the delivery of a surveying service. RICS gives examples including outputs that summarise documents later relied on in a report, compose all or significant parts of an opinion, or recommend which part of a building to investigate for a fault.
That distinction matters for boards. Back-office diary management may sit outside the standard if it is incidental to service delivery, but an AI feature embedded in valuation, building surveying, quantity surveying, document review, client reporting or defect identification may fall inside it. RICS' own supporting page says members and regulated firms should apply informed professional judgement to material impact, while noting that the Regulatory Tribunal may ultimately determine whether a use was in scope.
For non-RICS professional-services boards, the duty does not transfer automatically. Solicitors, accountants, auditors, consultants and financial advisers answer to their own regulators and law, while the RICS Rules of Conduct form the wider conduct frame for RICS members and firms. The reason this standard matters beyond surveying is different: it gives a current, profession-specific model of how a regulator expects AI use to be governed when professional judgement, client reliance and evidence sit in the same file.
What the RICS responsible AI standard requires
The standard is built around five operating requirements that a board can test without reading model documentation.
First, members who use AI systems to deliver surveying services must maintain enough knowledge to use them responsibly. RICS names basic understanding of AI types, limitations, failure modes, erroneous output, bias and data risks.
Second, regulated firms must put practice-management controls around data, systems and risk. The data governance section requires private and confidential data to be safeguarded, with access restricted to staff who need it, staff trained at least annually where they have access, and private data not uploaded to AI systems unless advance written consent and risk checks are in place.
Third, firms must assess whether AI is the appropriate tool before using a system with material impact. RICS requires that assessment to be recorded in writing, and it must consider the service, task, alternatives, environmental and stakeholder impact information, data risks, and the risks of erroneous or biased output.
Fourth, firms must maintain written registers. One register records AI systems used with material impact, their purpose, first-use date and next review date. A risk register records AI risks, likelihood, impact, mitigation, risk appetite, progress updates and a red, amber, green or similar rating; RICS requires it to be reviewed and updated at least quarterly by staff responsible for decisions about AI use.
Fifth, AI suppliers require documented due diligence. Before procuring a third-party AI system with material impact, RICS requires written requests and recorded assessment, plus a record of practical testing carried out for fitness for purpose. If the supplier provides limited information, the missing information becomes a risk entry rather than an excuse to proceed undocumented.
Board decisions before and after 9 March 2026
RICS confirmed on 18 March 2026 that its first global professional standard for responsible AI in surveying practice is now in effect for all members and regulated firms from 9 March 2026. A surveying board should therefore be asking whether the firm has live evidence now, not whether a policy is planned.
The board decision frame is concrete:
- Scope: which AI uses have a material impact on surveying services, and where is the reasoning recorded?
- Accountability: which appropriately qualified named surveyor accepts responsibility for reliability decisions on each output type?
- Risk appetite: what level of AI risk is acceptable for each service line, and how does that appear in the risk register?
- Client position: what do engagement letters say about when AI will be involved, opt-out, contesting and redress?
- Supplier evidence: what information did each vendor provide, what testing did the firm run, and what risk remains because information was missing?
- Assurance rhythm: who reviews the AI system register and risk register at least quarterly, and what changed after the last review?
That frame also helps wider professional-services boards. In our AI disclosure guide for professional services, the transferable lesson is that client-facing disclosure must be backed by a record of what AI did and who checked it. In our append-only AI decision ledger article, the same point becomes an engineering control: the system logs the model input, output and named human accept, modify or reject decision, so evidence exists before anyone asks for it.
Controls and evidence the board should expect
The useful test is whether management can produce the artefact, dated and linked to a named owner. A board pack that says "AI governance in progress" is not the same as a record that proves the standard is operating.
| Board control | Evidence to inspect | Owner |
|---|---|---|
| Material-impact assessment | Written determination for each AI use, including the reasoning and whether the output can influence service delivery | Service-line lead with compliance review |
| AI system register | System name, purpose, first-use date, next review date and whether it has material impact | Operations or risk owner |
| Responsible-use policy | Roles, responsibilities, liabilities, annual training expectations, human control and risk mitigation guidance | Managing partner or responsible principal |
| Data governance | Access permissions, annual training records, anonymisation process and written consent where private data is uploaded | Data protection lead |
| Risk register | Bias, erroneous output, data retention and limited-supplier-information risks, each with likelihood, impact, mitigation, risk appetite and status updates | Risk owner |
| Supplier due diligence | Written vendor requests, follow-up, information received, gaps recorded, liability position and fitness-for-purpose testing record | Procurement with technical lead |
| Reliability decision | Written assumptions, concerns, mitigation, final usability decision and named surveyor supervision or approval | Qualified surveyor |
| Client communication | Engagement terms covering AI involvement, process stages, professional indemnity position where available, contesting, redress and opt-out | Client relationship owner |
The RICS client information note makes the disclosure point plain for clients: engagement documents must state when AI is involved, the parts of the process affected, the professional indemnity position where available, contesting and redress processes, and whether opt-out is available. It also says clients are entitled to information on request about the type of AI system, its basic workings and limitations, due diligence, risk management and reliability decisions.
Those artefacts belong in the same governance spine as the firm's wider AI controls. If a board does not yet have a complete view, the Board AI Scorecard gives a short baseline, and the AI governance diagnostic maps gaps into an evidence plan. For a working example in surveying, the AI-assisted surveying case study shows how bounded AI use, sticky human verification and generated disclosure can be built into the operating system.
Framework mapping for surveying and professional-services boards
RICS is the binding professional standard for the covered RICS population; the other frameworks help boards organise the controls around it.
| Framework or law | What it contributes | How it maps to the board evidence |
|---|---|---|
| RICS professional standard | Mandatory requirements for covered RICS members and regulated firms where AI materially affects surveying services | Material-impact records, AI system register, risk register, due diligence, reliability decisions and client disclosure |
| ISO/IEC 42001 | ISO describes it as an international standard for establishing, implementing, maintaining and continually improving an AI management system | AIMS scope, AI policy, owner responsibilities, risk treatment, monitoring, management review and continual improvement |
| NIST AI RMF | NIST describes the AI RMF as a voluntary framework for improving trustworthy AI risk management across design, development, use and evaluation | Govern, Map, Measure and Manage can structure the firm’s risk register, measurement plan and assurance cadence |
| UK GDPR and ICO guidance | The ICO guidance covers accountability, governance, transparency, lawfulness, accuracy and fairness where AI processes personal data | DPIA, lawful basis, transparency notices, fairness assessment, accuracy controls and human-review evidence |
| UK AI principles | The February 2024 government response confirmed five cross-sectoral principles for regulators: safety, transparency, fairness, accountability and contestability | Principle-to-control mapping for each material AI use, with one artefact proving each control |
| EU AI Act | RICS cites EU Regulation 2024/1689 as an example of relevant legislation; EUR-Lex sets out human oversight and high-risk system obligations where the Act applies | EU exposure assessment, role classification, human oversight, logging, documentation and supplier contract evidence |
The board should resist treating framework mapping as a branding exercise. The useful output is a control matrix: one professional duty or legal principle, one control, one artefact, one owner. Our wider UK AI governance framework guide sets out that same evidence-led approach across sectors, and our trust page shows the engineered controls we rely on in our own systems.
Common mistakes and the next step
The first mistake is scoping too narrowly. AI embedded in a broader product can still materially affect a surveying service, and RICS' standard page notes that many third-party tools provide limited detail about which functions use AI. The response is not to ignore the tool; it is to record the gap, ask the supplier in writing, test where practical and add unresolved information to the risk register.
The second mistake is treating human review as a sentence in a policy. RICS requires written decisions about reliability for material-impact outputs, prepared by or under the supervision of an appropriately qualified named surveyor. A policy that says "all AI output is reviewed" must resolve into records: who reviewed, what assumptions were made, what concerns were identified and why the output could reasonably be used.
The third mistake is telling clients less than the engagement record says internally. RICS' client note requires disclosure before AI systems are used in service delivery and gives clients a route to ask for further information. A firm that keeps its AI register internally but leaves terms of engagement silent has not closed the trust gap.
The fourth mistake is letting the RICS standard float apart from data protection and wider law. The ICO’s AI guidance sits underneath any AI use involving personal data, and the UK government’s five principles still shape how UK regulators expect AI risks to be controlled within their remits.
The practical next step is a board-level evidence review. Take the three AI uses most likely to affect professional advice, and ask management to produce the material-impact record, AI system register entry, risk-register entry, supplier due-diligence file, reliability decision and client disclosure wording for each. If any artefact is missing, the board has found the work.
To baseline that work, start with the Board AI Scorecard. If the firm needs a mapped plan, commission the AI governance diagnostic. To see how these controls are implemented rather than merely described, review our case studies and services.
Last reviewed: 18 June 2026.
Sources: RICS professional standard PDF · RICS standard page · RICS in-effect news page · RICS client information note · RICS Rules of Conduct · ISO/IEC 42001 · NIST AI Risk Management Framework · ICO AI and data protection guidance · UK AI regulation government response · Regulation (EU) 2024/1689
