What Every CEO Needs to Know About AI Governance and the Board

Q: What questions are boards asking CEOs about AI?

In 2026, boards are consistently asking CEOs five categories of AI questions: what is our AI strategy and competitive positioning, what AI risks are we exposed to and how are they managed, who is accountable for AI decisions, what is our AI governance framework, and what is our regulatory and liability exposure from AI across all operating jurisdictions.

Q: How should a CEO prepare for AI questions from the board?

CEOs should be able to answer four things with specificity: which AI systems are making or influencing consequential decisions, who is accountable for those decisions, what the process is for identifying and mitigating AI risk, and what the regulatory exposure is in each jurisdiction where the company operates.

The boards of well-run companies are no longer asking about AI strategy in the abstract. They are asking specific operational questions: which AI systems are making or influencing consequential decisions, who is accountable when those systems get it wrong, and what the regulatory exposure is in each jurisdiction the company operates in. CEOs who cannot answer these questions with specificity are losing board confidence. CEOs who can are gaining it.

Why AI Governance Has Become a Board Priority

The catalyst has been a series of high-profile AI failures over the past eighteen months. Not catastrophic failures, but the kind that are expensive, embarrassing, and — critically — attributable. A lending institution's AI underwriting system found to have systematic bias. A healthcare company's AI-assisted diagnostic tool producing recommendations outside its validated use case. In each case, the board's first question after the fact was: who knew about this risk, and what was the governance structure around it? The answer, in most cases, was that nobody had asked the question in advance.

Boards have taken note. AI governance has moved from a technical topic that could be delegated entirely to the CTO or CISO to a board-level topic with real liability implications for directors who failed to exercise appropriate oversight.

The Five Questions Your Board Will Ask

01Strategy: What is our AI strategy and how does it translate to competitive advantage? Not "we are using AI" — specifically where and how, and what does the outcome look like in three years?
02Risk: What are the AI risks we are exposed to — in our own systems and in our vendors — and how are we managing them?
03Accountability: Who in the organisation is accountable for AI decisions? Is there a clear ownership structure?
04Governance: What is our AI governance framework? How do we decide which AI use cases to pursue, what oversight is applied, and when a human must be in the loop?
05Regulatory: What is our regulatory exposure from AI across all jurisdictions? What is our EU AI Act compliance posture?

"The CEOs who handle these questions well are not necessarily the ones with the most sophisticated AI strategy. They're the ones who thought through governance before they were asked about it."

What Good AI Governance Actually Looks Like

An AI Inventory

The most basic governance requirement is knowing what AI systems are operating in your organisation and what decisions they are making or influencing. You cannot govern what you cannot see. An AI inventory — updated at least quarterly — is the foundation of everything else. The majority of enterprises that have done a systematic audit have discovered AI deployments they did not know about, often embedded in vendor products or deployed by business units without central visibility.

A Risk Tiering Framework

Not all AI decisions carry the same risk. A risk tiering framework classifies AI use cases by the consequence of an error and the reversibility of the decision, and applies proportionate oversight to each tier. This is what allows you to be genuinely fast on low-risk AI deployment while being genuinely rigorous on high-risk deployment — without the blanket caution that slows everything equally.

Clear Human-in-the-Loop Requirements

For consequential decisions, the governance framework should specify when a human must be in the loop, at what threshold, and with what authority to override the AI recommendation. This is not just a risk management requirement — it is an increasingly common regulatory requirement, and it will be examined by regulators and counterparties who have been through AI-related incidents elsewhere.

The CEO's Specific Role in AI Governance

AI governance is ultimately an organisational design question, and organisational design is a CEO responsibility. The specific things a CEO needs to own: the accountability structure (someone needs to be accountable for AI across the enterprise, with real organisational authority), the governance cadence (quarterly review of high-risk AI deployments, with board visibility at least annually), and the culture (the most effective governance frameworks work because the organisation treats AI accountability as a real responsibility, not a compliance exercise).

That culture starts with the CEO's posture toward AI risk — whether AI failures are treated as learning opportunities to be examined honestly, or as embarrassments to be minimised.

Last updated: March 18, 2026

Murray Newlands

Founder, Open Future Forum

Murray Newlands has been building executive communities in Silicon Valley since 2019. Open Future Forum hosts private dinners for C-suite leaders navigating the AI era, grounded in a give-first philosophy.

About Murray LinkedIn Twitter / X Substack

Frequently Asked Questions

What questions are boards asking CEOs about AI?

In 2026, boards are consistently asking five categories of AI questions: AI strategy and competitive positioning, AI risk exposure and management, accountability structures for AI decisions, the AI governance framework, and regulatory and liability exposure across all operating jurisdictions.

What is AI governance and why does it matter for CEOs?

AI governance is the set of policies, processes, and accountability structures that determine how AI systems are developed, deployed, monitored, and retired. It matters for CEOs because boards, regulators, and counterparties are increasingly requiring evidence of it — and because the reputational and legal exposure from AI failures is now significant enough to affect enterprise value.

How should a CEO prepare for AI questions from the board?

Be able to answer four things with specificity: which AI systems are making or influencing consequential decisions, who is accountable for those decisions, what the process is for identifying and mitigating AI risk, and what the regulatory exposure is in each jurisdiction where the company operates.

Who should own AI governance in a company?

At larger enterprises, AI governance ownership is increasingly sitting with a Chief AI Officer or dedicated AI governance function. At mid-market companies, it typically falls to the CTO or CIO with an explicit mandate. The CEO's role is to set the accountability structure and ensure it is real, not nominal.

CEO Executive Forum

Join the CEO Dinner Series

Open Future Forum hosts private CEO dinners in Silicon Valley focused on AI strategy, governance, and the future of executive leadership. Invite-only. No agenda. Candid conversation.

Learn About CEO Forum Apply to Join