FOUNDED 2025 · INDEPENDENT UK PRACTICE

AI Governance Board Pack

Seven decisions before EU AI Act high-risk enforcement.

Seven decisions every UK board, audit committee chair and CISO should be making before EU AI Act high-risk Annex III obligations take effect on 2 August 2027. Mapped to ISO/IEC 42001:2023, NIST AI RMF 1.0, the EU AI Act and the ICO AI audit framework.

Download the paper · PDF · 16 pp Related service · AI Security & Governance
02Use this paper when

Scenarios where this paper earns its place on the desk.

  1. 01A board or audit committee paper on AI is due in the next quarter
  2. 02The first production AI use case is approaching go-live
  3. 03A customer or regulator has asked how AI is governed
  4. 04Internal audit has scoped AI in the next annual plan
  5. 05An EU AI Act provider or deployer classification is needed
03What you'll find inside

Artefacts and templates included with the paper.

  • ARTEFACT
    AI use-case classifier
  • ARTEFACT
    Model & system card templates
  • ARTEFACT
    AI risk register schema
  • ARTEFACT
    Board-pack template
  • ARTEFACT
    Conformity checklist
04If this is on your desk
RELATED SERVICE

AI Security & Governance

Open service  →
RELATED TOOLKIT

EU AI Act + ISO 42001 + NIST AI RMF toolkits

Open toolkit  →
RELATED READING

Bridging the AI Governance Gap

Open  →
Paul Jolliffe, Founder of InfoSecAI
AUTHOR

Paul Jolliffe

FOUNDER · INFOSECAI · MBA · CISSP · ISO 27001:2022 LA / LI / IA · PRINCE2 Practitioner

Twenty years of senior security leadership across financial services, healthcare, government, telecoms and technology. Independent UK practice founded 2025. Author of the InfoSecAI insights library.

Book a 30-minute working consultation About the practice

Get The Brief: practitioner notes on what is changing.

Weekly. No tracking pixels, no marketing automation. Unsubscribe in one click.