Who is responsible for AI governance in an organisation?

The board's role in AI governance

The board is responsible for AI governance in the same way it is responsible for financial governance or risk governance — it does not manage the detail, but it is ultimately accountable for the organisation's approach. Board-level AI governance involves setting the organisation's AI risk appetite: defining what level and type of AI risk the organisation is willing to accept. It involves ensuring that management has put adequate governance structures in place. And it involves receiving regular reporting on AI use, AI risk, and AI governance activity — and being willing to ask hard questions when something looks wrong. Directors who are not engaged with AI governance are not off the hook; they are simply failing to discharge an obligation that now has legal backing under the EU AI Act.

Operational accountability for AI governance

Below board level, AI governance accountability typically sits with the CEO, Chief Risk Officer, or a nominated AI governance lead. In larger and more AI-intensive organisations, a dedicated Chief AI Officer or Head of AI Governance may hold the role. The operational AI governance lead is responsible for maintaining the AI inventory, implementing the AI use policy, running the risk assessment process, overseeing incident reporting, and producing regular reporting to the board and senior leadership. In smaller organisations, this role is often shared — the CEO holds overall accountability, with the risk or compliance function handling the day-to-day mechanics. What matters is that someone holds the role explicitly, not that every organisation has the same structure.