AI ethics is the set of moral principles that should guide how AI is built and used — concepts like fairness, transparency and human oversight. AI governance is the practical system of policies, roles, processes and controls an organisation puts in place to make sure those principles are actually followed. Responsible AI is the umbrella term for the combined outcome: AI that is ethical in intent and well-governed in practice. In short, ethics is the “why”, governance is the “how”, and Responsible AI is the result.
Ultimate accountability sits with the board, because AI now affects strategy, risk, customers and reputation. Day-to-day responsibility is usually shared across several roles: a senior executive sponsor (often the CEO, COO or Chief Risk Officer), a working group spanning legal, data, IT, HR and the business lines that use AI, and named owners for individual AI systems. Smaller organisations can combine these roles, but the principles are the same: clear board oversight, a named senior owner, cross-functional input, and individual accountability for each AI use case.
Yes — though the form it takes should be proportionate. Any organisation using AI tools (including everyday ones like ChatGPT, Microsoft Copilot or AI features inside existing software) is exposed to risks around data leakage, biased outputs, copyright, regulatory compliance and reputational harm. For a small business, AI governance might be a one-page acceptable use policy, a short staff training session, and a simple register of which AI tools are in use and for what. The cost of getting this wrong is the same for a small business as a large one — but the resilience to absorb the damage is usually lower.
Yes, in many cases. The EU AI Act applies to any organisation — regardless of where it is based — that places an AI system on the EU market, puts an AI system into service in the EU, or whose AI system’s output is used in the EU. So a UK company providing AI-enabled services to EU customers, or whose UK-built AI tool is used by EU staff, is likely in scope. The Act is being phased in from 2024 to 2027, with prohibitions and AI literacy obligations already in force. UK companies should map their AI use against the Act’s risk tiers and identify which obligations apply.
The NIST AI Risk Management Framework (AI RMF) is a voluntary framework published by the US National Institute of Standards and Technology to help organisations manage the risks of AI. It’s structured around four core functions — Govern, Map, Measure and Manage — and is widely used internationally, including by UK organisations, because it’s free, practical and technology-neutral. Unlike the EU AI Act, it’s not a law, but it is increasingly cited in contracts, procurement and board reporting as a benchmark for what “good” AI risk management looks like.
ISO/IEC 42001 is the international standard for AI management systems, published in December 2023. It sets out the requirements for establishing, implementing, maintaining and continually improving an AI management system inside an organisation — covering policy, leadership, risk, controls, training and improvement. Certification is valuable if your customers, regulators or investors expect demonstrable assurance that your AI is well-governed, or if you sell AI-enabled products. For many organisations, using ISO 42001 as a structuring framework — without formal certification — delivers most of the benefit at a fraction of the cost.
AI governance and data protection overlap heavily but are not the same. GDPR and the UK Data Protection Act govern how personal data is collected, used and protected — and because most AI systems are trained on or process personal data, data protection law applies whenever AI touches it. AI governance goes broader, covering risks that data protection law doesn’t fully address: bias, explainability, automated decision-making, intellectual property, environmental impact and societal harm. A good AI governance framework includes data protection as one component, alongside ethics, security, model risk and human oversight.
A board doesn’t need to understand the technology in detail, but it does need to ask the right questions. Useful starting questions include: where in our organisation is AI being used, by whom, and for what purpose? What are the highest-risk uses, and who owns them? How do we know the AI systems we rely on are accurate and unbiased? What would we do if an AI system caused a customer harm or a regulatory breach? How is our AI use aligned with our values and our published commitments? And — crucially — who in this organisation is accountable for the answers? Our Questions for Leaders downloadable guide sets these out in more detail.
A practical AI acceptable use policy should cover: which AI tools are approved and which are prohibited; what types of data must never be entered into AI tools (e.g. personal data, commercially sensitive information, client material under NDA); when AI use must be disclosed to customers, colleagues or regulators; the requirement for human review of AI outputs before they are acted on; intellectual property and copyright rules; and how breaches will be handled. The policy should be short enough to be read, written in plain English, and supported by training so staff understand not just the rules but the reasoning.
Start with the work, not the technology. Map the activities in your organisation that are repetitive, data-heavy, or constrained by capacity, then ask whether AI could realistically improve them. Score candidate use cases against four criteria: business value, feasibility (do we have the data, skills and tools?), risk (what could go wrong, and for whom?), and strategic fit. Prioritise the use cases that score highly on value and feasibility while sitting in lower-risk categories — these are your early wins. Higher-risk use cases can follow once governance and capability are established. Our half-day workshops walk leadership teams through this prioritisation process using their own real opportunities.
A practical AI vendor evaluation covers six areas: what the system actually does and how it works at a level you can explain to your board; what data it was trained on and what data you’ll be expected to share; how accuracy, bias and drift are monitored; what happens when the system gets it wrong, including liability and recourse; security, data protection and regulatory compliance, including the EU AI Act if relevant; and exit — how you would extract your data and switch supplier. Ask for evidence, not assertions, and be wary of vendors who can’t explain their model in plain language.
Cost depends on format, duration, audience size and customisation. As a guide: a half-day board development workshop for a single leadership team typically ranges from a few thousand to low five figures, depending on the depth of pre-work and tailoring. Open-enrolment online Executive Education courses are priced per learner and are significantly more accessible. Multi-day or multi-cohort programmes for larger organisations are quoted on the basis of scope. We provide a written proposal with clear pricing after an initial scoping conversation, and we offer pro bono support for charities and causes aligned with our social-impact mission.
Most organisations can establish a credible baseline — a published policy, a named senior owner, a register of AI systems in use, and core training delivered to leaders and staff — within 8 to 12 weeks. A more comprehensive framework aligned to ISO 42001 or the NIST AI RMF, with operating procedures, risk assessments and supplier controls embedded across the business, typically takes 6 to 12 months. The biggest determinant of speed is not technical complexity but executive commitment: organisations whose CEO and board prioritise AI governance move faster than those where it’s delegated downward.
AI governance refers to the management and regulation of artificial intelligence (AI) systems to ensure that they are developed, deployed and used ethically and responsibly. It involves setting guidelines, policies and principles for AI development and use, as well as monitoring and enforcing compliance with those guidelines.
We provide business consultancy, board development, executive education, research, regulatory advice and pro bono services. You can find out more about our services here.
Our latest research can be found here on the Research page of our website. If you’re interested in collaborating with us, or you have a research project you would like us to carry out for you, just get in touch.
AI Governance Limited is a purpose-driven company that specialises in providing AI governance consulting services. We work with businesses, public sector and not for profit organisations to ensure that their AI systems are developed, deployed and used ethically and responsibly. We’re guided by our mission – to inspire as many organisations as possible to use AI with wisdom and integrity.
Our clients include businesses and corporations, public sector organisations and not for profit organisations. We work with organisations of all sizes, and across various business sectors, to help them develop and implement ethical and responsible AI governance practices.
Our clients are also people who come to us individually for help with understanding the opportunities and risks of AI, as well as our Executive Education students.
Yes we spend a lot of time speaking at events! From webinars and online workshops to in person conferences and Board development sessions, we believe it’s important to inspire as many people as possible to understand what AI is, how it could be used in their organisation and what the ethical issues are they need to be aware of. If you have an event where we could add value, please contact us to discuss your requirements or fill in the form on this page to let us know your requirements.
The term “artificial Intelligence” was first coined by John McCarthy, one of the founders of the discipline, in 1955. He was a young Assistant Professor of Mathematics at Dartmouth College in America, where he organised a summer workshop – known as the 1956 Dartmouth conference – to bring together a group of experts to develop ideas about “thinking machines”.
So the idea of artificial intelligence has been around for a while but it may surprise you to learn that there is no single agreed-upon definition of what AI is.
It is defined by the Oxford English Dictionary as “the capacity of computers or other machines to exhibit or simulate intelligent behaviour”. And it’s defined by the UK Government as: “technologies with the ability to perform tasks that would otherwise require human intelligence, such as visual perception, speech recognition and language translation”.
A broad definition that we often see used is that AI refers to “computers completing tasks near, at or above human levels of achievement”.
To learn more about what AI is and how to make use of it, take a look at our course that explains it from scratch.
Sure! Take a look at this video for an explanation of large language models – ChatGPT in particular – in less than 3 minutes. We’ve created a new short and affordable course so you can learn about generative AI and keep your skills up to date. Enrol here and plug the gaps in your knowledge.
From time to time we have a Chatbot on this website that is powered by ChatGPT so you can ask questions and see what answers you get. Our bot is tuned so it should only converse about AI education, AI ethics and AI governance. But beware, bots can be tricked and they don’t always give true answers. We monitor it and switch it off when it doesn’t perform as it should!
Just like there’s no one definition of what AI is, there’s no single definition of what Responsible AI is. At AI Governance we’ve consolidated the best of many frameworks into this Responsible AI Framework. Get in touch if you’d like our help to implement Responsible AI in your organisation.
Yes of course! Using our Responsible AI Framework we’ve developed our policy. Take a look at it here and ask us if you’d like our help to develop and implement a framework that’s right for your organisation.
We offer comprehensive AI training programmes designed for all organisational levels. Our training portfolio includes:
- AI Literacy Training for staff at all levels to understand AI fundamentals and practical applications
- Board Development Training focused on strategic AI oversight and governance responsibilities
- Framework Implementation Training to help teams deploy AI governance frameworks effectively
- Executive Education covering AI strategy, risk management, and responsible AI leadership
- Custom Training Programmes tailored to your organisation’s specific needs, industry context, and AI maturity level.
All our training combines practical exercises with real-world case studies to ensure immediately applicable knowledge.
Our AI literacy training is designed for people at all levels who work – or want to work – with or alongside AI systems. This includes frontline staff who use AI tools daily, managers who oversee AI-assisted teams, technical staff who implement AI solutions, and senior leaders who make strategic AI decisions. No technical background is required – we tailor content to each audience’s needs, from basic AI concepts and practical applications to understanding AI’s impact on your specific role. The training helps everyone in your organisation speak a common AI language and understand both the opportunities and responsibilities that come with AI adoption
Our training sessions are flexible and designed to fit your organisation’s schedule and learning objectives. We offer: Half-day workshops (3-4 hours) for focused topics like AI literacy basics or specific governance frameworks; Full-day intensives (6-8 hours) covering comprehensive AI governance implementation; Multi-day programmes (2-5 days) for in-depth board development or complete framework rollouts; and Modular series delivered over several weeks to allow for implementation between sessions. We also provide ongoing support and refresher sessions. All formats can be delivered in-person, virtually, or in hybrid mode to accommodate your team’s needs.
Yes, we offer both online and in-person training options to suit your organisation’s preferences and circumstances. Our in-person training provides immersive, hands-on experiences ideal for team building and complex topics. Our online training uses interactive platforms with breakout rooms, live polls, and collaborative exercises to maintain high engagement. We also offer hybrid formats combining the best of both approaches. All delivery modes include the same high-quality content, practical exercises, and expert instruction. We’ve found that online training works exceptionally well for geographically distributed teams, while in-person sessions are preferred for board development and senior leadership programmes.
Our board development training equips board members and senior leaders with the knowledge to provide effective AI governance oversight. The programme covers: understanding AI fundamentals without requiring technical expertise; strategic AI governance frameworks and best practices; board responsibilities for AI risk management and ethics; regulatory landscape and compliance requirements; questions boards should ask about AI initiatives; practical case studies of AI governance successes and failures; and tools for evaluating AI proposals and monitoring implementations. Sessions are highly interactive with real-world scenarios tailored to your industry. We provide board-ready materials including governance checklists, policy templates, and ongoing support to help your board confidently guide your organisation’s AI journey.
Yes, framework implementation training is one of our core specialties. We provide hands-on training to help your teams effectively deploy AI governance frameworks in your organisation. This includes: detailed walkthrough of frameworks like the NIST AI Risk Management Framework, EU AI Act requirements, or ISO standards; practical workshops to adapt frameworks to your specific context; training on conducting AI risk assessments and impact evaluations; guidance on creating governance documentation and policies; and implementation roadmaps with clear milestones. Our training goes beyond theory – we work alongside your team to apply frameworks to real AI projects in your organisation, ensuring practical competence and confidence in framework application.
Our training and consultancy services complement each other but serve different purposes. Training focuses on building your team’s capabilities – we teach you and your staff basic AI literacy, how to implement AI governance, conduct risk assessments, and apply frameworks yourselves. Training is about knowledge transfer and skill development, empowering your organisation to manage AI governance independently. Consultancy provides expert guidance on specific challenges – we work alongside you to develop strategies, create governance structures, or solve complex AI governance problems. Many clients start with training to build foundational knowledge, then engage consultancy for implementation support. We often combine both: training your team while providing consultancy on strategic decisions, ensuring both capability building and practical outcomes.
Booking training is straightforward. Contact us via email at enquiries@aigovernance.co.uk or call +44 (0)800 861 1812 to discuss your organisation’s needs. We’ll arrange a consultation to understand your current AI maturity, specific challenges, team composition, and learning objectives. Based on this, we’ll recommend appropriate training programmes and delivery formats. We’ll provide a detailed proposal including content outlines, timings, pricing, and expected outcomes. Once approved, we’ll work with you to schedule sessions that fit your team’s availability. We typically require 2-4 weeks lead time for standard training and 4-8 weeks for custom programmes, though we can accommodate urgent requests where possible. Take a look at our services to see the range of our offering.
Our team is available to answer any questions you may have and provide more information about our services. We’re always happy to talk to people interested in AI governance topics so get in touch at enquiries@aigovernance.co.uk or +44 (0)800 861 1812.
AI literacy is the ability to understand what AI can and can’t do, recognise when AI is being used, evaluate its outputs critically, and use AI tools responsibly. It matters because most workplace decisions about AI — from buying tools to setting policy — are now being made by people who haven’t been trained in the technology. The EU AI Act (Article 4) makes a baseline level of AI literacy a legal requirement for staff using AI systems, and good AI governance depends on people throughout an organisation being able to ask the right questions. Learn more about our AI literacy training.