Boards and Chief Risk Officers
AI is now a board-level risk. The governance, oversight, and disclosure expectations are crystallising fast — and director liability is following.
For: Non-executive directors, audit committee chairs, Chief Risk Officers
For boards and Chief Risk Officers, AI governance has moved decisively from a technology issue to a fiduciary one. APRA's 30 April 2026 industry letter set explicit expectations that boards understand AI risk well enough to exercise effective challenge. ASIC's 8 May 2026 cyber resilience letter framed AI as part of the directors' duty of care. The EU AI Act's deployer transparency obligations from 2 August 2026 will affect any Australian organisation with EU exposure. The work for boards and CROs now is establishing the governance, reporting, and assurance posture that satisfies these expectations without creating operational paralysis.
What this role is accountable for
The substantive AI governance responsibilities that fall to this role under current Australian and global expectations.
- 1AI risk appetite — articulated, documented, and approved at board level
- 2AI use case inventory and risk classification, with material exposures reported to the board
- 3Integrated assurance across cyber, data governance, model performance, operational resilience, privacy, and conduct (the APRA framing)
- 4Board AI literacy — sufficient to ask the right questions of management
- 5Director liability and D&O coverage as AI-related obligations expand
- 6Disclosure obligations under Australian Consumer Law, Corporations Act, and emerging Privacy Act ADM transparency (10 December 2026)
Most relevant intelligence
Curated coverage selected for this role — frameworks, regulatory developments, and operational guidance you can act on.
Board AI Literacy: A Directors' Guide
The seven questions every director should be asking about AI in their organisation.
Integrated Assurance for AI Governance
What APRA's integrated assurance framing means in practice — and why frontier systems break the static model.
AI, Directors' Liability, and D&O Insurance
Director exposure under AI obligations and what D&O policies actually cover.
AI Governance Board Reporting: Template and Cadence
What a credible AI report to the board looks like, monthly and quarterly.
What APRA Actually Expects on AI Governance
Practical interpretation of the 30 April 2026 industry letter.
AI in ESG Reporting and Governance
How AI use is increasingly material to ESG disclosures and investor expectations.
AI Governance for PE Portfolio Companies
For board members of PE-owned companies, the governance maturity expected through the hold period.
AI Governance in the Public Sector
For statutory body and government agency boards — sovereignty, accountability, and the Australian, UK, US, EU frameworks.
Frameworks that apply
The regulatory frameworks, standards, and guidance documents most relevant to this role.
Australian prudential regulator's explicit expectations on AI governance, control frameworks, and integrated assurance.
Frontier AI and the directors' duty of care — board-tabling directive.
Globally recognised AI management system standard. The de facto answer to APRA's "globally recognised control frameworks" expectation.
US National Institute of Standards reference framework, voluntary but widely adopted by enterprise.
Next steps
Take the AI Governance Assessment
A 10-minute board-level diagnostic of where your organisation stands against APRA, ISO 42001, and NIST AI RMF expectations.
ContinueFree Board Resources
Downloadable AI governance kits, board reporting templates, and director briefing materials.
ContinueSubscribe to Regulatory Updates
Monthly intelligence on Australian and global AI governance developments, written for senior decision-makers.
Continue