Most board AI governance sessions do not produce actionable outcomes. They produce awareness — which is useful, but is not the same as governance. This piece sets out what a well-structured board AI session should cover, and what it should produce.
Why most board AI sessions fall short
The typical board AI session is structured as a briefing: a presentation from management or a consultant on AI trends, regulatory developments, and organisational AI initiatives. The board asks questions. Management answers them. The session concludes with a general sense that AI is important and that management is on top of it.
This is not governance. It is information receipt.
Effective board governance of AI requires the board to do three things that briefings do not enable: form an independent view, apply accountability, and ask questions that management cannot answer on its own behalf.
What a governance session should cover
A structured board AI governance session should address four areas:
1. AI exposure mapping
Before the board can govern AI risk, it needs a clear view of what AI is in use and where. This sounds obvious, but many boards have not seen a structured inventory of their organisation's AI use. The inventory should cover:
- AI systems operated by the organisation
- AI embedded in third-party platforms and supplier services
- AI used in customer-facing processes
- AI used in employment and HR decisions
The board does not need to evaluate each system. It needs to understand the scope of exposure and the classification of the most significant systems under the EU AI Act's risk framework.
2. Accountability structure
For each high-risk or material AI use, the board should confirm that there is a named accountable person, a defined governance process, and a mechanism for escalation. If any of those three elements is absent, that is a governance gap.
This is not a technology question. It is an organisational question — and boards are well positioned to ask it.
3. Regulatory readiness
With the EU AI Act in force and Ireland's AI Office becoming operational in August 2026, boards need to understand their organisation's regulatory position. This includes:
- Which AI uses are in scope of the Act
- What obligations attach to those uses
- What the current compliance status is
- What the remediation plan is for any gaps
Management should present this. The board's role is to assess whether the presentation is credible and whether the timeline is realistic.
4. Strategic AI positioning
Beyond compliance, the board should form a view on whether the organisation's AI strategy is coherent. This includes: Is AI being adopted in a governed way, or reactively? Is there a clear ownership structure for AI decisions? Is the organisation in a position to respond if a competitor deploys AI in a way that changes market dynamics?
These are strategic questions, not operational ones. They are board-level questions.
Questions the board should ask
Effective board governance depends on the quality of the questions asked. The following are substantive questions that management should be able to answer — and that produce useful information if they cannot:
- Can you show me the inventory of AI systems we currently operate or rely on?
- For our highest-risk AI use, who is accountable and what is the governance process?
- What is our regulatory position under the EU AI Act, and who has assessed it?
- If our AI supplier changes their model or terms, what is our exposure?
- Has any AI decision in the last 12 months been challenged by a customer or regulator?
- What is our policy on AI use in employee-facing processes?
These questions are not technically complex. They are the questions that reveal whether AI governance is real or assumed.
What the session should produce
A board AI governance session should produce at least three concrete outputs:
1. A record of the board's current understanding. Not a minutes entry that says "AI was discussed," but a documented view of the board's assessment of AI exposure and governance adequacy.
2. A list of open questions requiring management response. Where the board identified gaps in the information presented, those gaps should be tracked and addressed at the next meeting.
3. A governance calendar entry. AI governance should not be a one-time briefing. It should be a recurring agenda item — at least quarterly — with a standard set of information provided by management and a standard set of questions asked by the board.
The role of external advisory
Boards are not well served by relying exclusively on management for their AI briefings. Management has an inherent interest in presenting AI initiatives positively. External advisory — from a source with no commercial relationship to the technology — provides the independent view that effective governance requires.
This is not a reflection on management. It is an observation about structure. The same logic applies to financial audit, to legal advice, and to any function where independent oversight matters.
The Acuity AI position
Ger Perdisatt is a current Non-Executive Director at Dublin Airport Authority and Tailte Éireann. Board AI advisory is grounded in that experience — in what boards actually need to hear, and how to present it so that governance is real rather than procedural.
We work with boards to structure governance sessions, develop AI governance frameworks, and deliver director education that enables effective oversight. The starting point is always a diagnostic of what governance currently exists — and where the gaps are.