What boards are quietly asking about AI

Most CISOs walk into the audit committee with a deck calibrated to last year's threat model. The committee, increasingly, is calibrated to next year's regulator. The widening delta between those two postures is now the most common source of unforced board exposure in regulated enterprises.

Across briefings in financial services, healthcare, energy, and the public sector through 2025, a recurring pattern has emerged. Boards are not asking the questions security leaders prepared for. They are asking eight specific, structurally awkward ones that map directly to the obligations created by the EU AI Act, the SEC cyber disclosure rules, ISO/IEC 42001, and the operational reality of AI sitting somewhere in every business unit.

None of the questions are unanswerable. All of them are structurally awkward to answer well without an operational system underneath. The gap is not knowledge; it is reporting fidelity.

S/00Why these questions, now

The board's attention to AI hardened sharply in 2025. Three forces converged. The first was the EU AI Act entering its phased applicability window, with prohibited-use provisions live from February 2025 and general-purpose AI obligations from August 2025.¹ The second was the SEC's cyber disclosure regime maturing into routine 8-K filings, which trained boards to ask "could this be material?" reflexively. The third was operational: AI copilots, agentic tooling, and embedded model features arrived inside every enterprise suite, often via vendor update rather than procurement decision.

The result is an audit committee that now treats AI the way it learned to treat cyber a decade ago — not as a topic but as a category of risk that must be reported on, owned, and disclosed against. The vocabulary has caught up. The reporting infrastructure beneath it, in most enterprises, has not.

S/01The eight questions

These are paraphrased from observed audit-committee transcripts and structured CISO debriefs. The wording varies; the structural intent does not.

"What AI is operating in our environment that we didn't approve?"

The board is asking for a shadow-AI inventory — not a policy. The honest answer is uncomfortable: in most enterprises, shadow AI is a function of every SaaS vendor enabling generative features by default, plus a long tail of employee-led copilot usage. A "we don't allow it" response is heard as either complacency or naïveté.

Structural answer: an intake registry with discovery telemetry, not a written policy.

"If an AI system makes a wrong decision tomorrow, who signs?"

This is the accountability question. It is almost never about the engineer. It is about whether the chain of approval from use-case intake to production reaches a named executive, with a documented sign-off, and whether that approval is replayable a year later when the regulator asks. Most organisations cannot name the signer for any specific deployed model.

Structural answer: approval chains with role-bound sign-off, evidenced.

"Are we in scope for the EU AI Act, and at what tier?"

A scoping question, but one that exposes whether the enterprise has done risk classification at all. The four tiers — unacceptable, high, limited, minimal — drive everything downstream: conformity assessment, post-market monitoring, registration. A vague answer here signals that the conformity work has not started.

Structural answer: a risk classification matrix mapped to deployed use cases.

"What is our exposure to model failure modes we cannot see?"

The question behind the question is whether the organisation has any observability into model behaviour beyond uptime. Hallucinations, drift, jailbreaks, prompt injection, retrieval failure — these are not edge cases for the board, they are categories of operational exposure. The expected answer is a monitoring posture, not a reassurance.

Structural answer: a model observability layer with named failure-mode coverage.

"Have we ever audited an AI decision end-to-end?"

A pointed test. The board is asking whether, given a specific AI output, the organisation can reconstruct the prompt, the retrieved context, the model version, the guardrails applied, the human review (if any), and the resulting action. This is the EU AI Act's Article 12 logging requirement made concrete. Most enterprises cannot produce this trace for a single decision, let alone systematically.

Structural answer: immutable per-decision evidence, replayable at any time.

"Can we explain a denied output to the affected person?"

Often phrased differently — "what do we tell a customer whose loan/claim/onboarding the model rejected?" — but it is the same question. It touches transparency, right to explanation under GDPR Article 22, and the EU AI Act's transparency obligations for high-risk systems. The answer must hold up to a regulator or a tribunal, not internally.

Structural answer: documented transparency mechanisms by use-case tier.

"What is our incident plan for an AI-attributable harm event?"

A direct extension of cyber incident response, but materially different. The trigger is not a breach; it is an output. The reporting clock under the EU AI Act for serious incidents involving high-risk systems is fifteen days. The internal escalation, legal review, regulator notification, and public communication sequence must already exist when the event occurs — not be drafted in response.

Structural answer: a dedicated AI incident playbook with named escalation.

"How will we report this to the board next quarter — and where do we stand today?"

The most uncomfortable question. The board is asking what the reporting will look like, in advance, so that progress can be measured against a baseline rather than narrated. This requires a fixed reporting framework with stable metrics — not a fresh deck each cycle. Most organisations report different things every quarter because the framework is being invented in flight.

Structural answer: a fixed AI governance reporting cadence with baselined metrics.

S/02Why each question is hard

The structural difficulty of these questions is not technical. It is organisational. Each question requires an answer that:

Crosses functions — security, legal, data, product, business unit — without losing fidelity in translation.
Survives time — the answer given this quarter must still be defensible in the next, with evidence.
Maps to a regulation — generic governance language no longer suffices when the question maps to a specific article of a specific act.
Reconciles policy and reality — what is written down and what is happening must be the same artefact, or the gap itself becomes the disclosure.

These four properties — cross-functional, durable, regulation-mapped, reality-aligned — are the operational requirements for any answer to hold up at a board level. Few governance programmes are organised around all four simultaneously. Most are organised around policy documents, which satisfy none of them.

An audit committee does not need a longer policy. It needs evidence that the policy is operationally real. — Field observation, Q4 2025 briefings

S/03What a structured answer looks like

The eight questions cluster around four operational artefacts. A governance programme that can produce these four artefacts on demand answers all eight questions credibly, regardless of which one is asked first.

FIG · 01The four artefacts behind a credible board answer

Each artefact maps to specific board questions. Decision evidence is the load-bearing one — it answers three of the eight.

Artefact A — Intake registry

A live record of every AI use case, with discovery telemetry that reaches into SaaS vendors and developer environments. This is the inventory that answers question one, and it is the basis for risk classification under question three. The registry is the single most catalytic artefact: organisations that build it well discover within weeks that their actual AI footprint is two to five times larger than their policy assumed.

Artefact B — Approval chain

A documented, role-bound approval path for every use case crossing a risk threshold, with named signers and dates. This is not a workflow tool; it is a record that survives organisational change. When a question two arrives, the answer is a name, a date, and a document — not an explanation.

Artefact C — Decision evidence

The load-bearing artefact. For every AI decision of regulatory or commercial significance, the system retains the prompt, retrieved context, model identifier, guardrail trace, human review state, and resulting action. Stored immutably. Replayable on request. This is the artefact that makes Article 12 of the EU AI Act operationally real, and it is what enables an honest answer to questions four, five, and seven.

Artefact D — Reporting cadence

A fixed quarterly framework with stable metrics — coverage of the intake registry, classification distribution, decision audit coverage, incident counts by class, regulatory readiness scores. The cadence is what makes question eight answerable, because the answer is "here is the same chart, last quarter and this quarter."

S/04Closing the gap

The eight questions are not exotic. They are, individually, fair and operational. What they expose collectively is whether an organisation has moved from AI policy to AI governance — from a document people sign to a system that produces evidence on demand.

The bridge between the two is the four artefacts above. They are not the only possible answer, but they are the minimum coherent answer. Nexora's AI Governance Framework System is built around exactly these four artefacts, with the EU AI Act, ISO/IEC 42001, and NIST AI RMF crosswalks pre-mapped. The Executive Board Reporting System turns artefact D into a quarterly cadence that survives across reporting cycles.

NXR · Operating Note

If the next audit committee asks question five — "have we ever audited an AI decision end-to-end?" — the right answer is not yes or no. The right answer is a one-page evidence trail for a single decision, produced in under a day. If that is not possible today, that is the gap to close before the question arrives.

The board is not asking these questions because they want a longer answer. They are asking because they have learned, from cyber, that the right answer is structural — and they want to know whether the structure exists yet.

References & further reading

1European Commission, "Regulation (EU) 2024/1689 of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act)," Official Journal of the European Union, 12 July 2024. eur-lex.europa.eu/eli/reg/2024/1689/oj
2U.S. Securities and Exchange Commission, "Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure," Release Nos. 33-11216; 34-97989, July 2023. sec.gov/files/rules/final/2023/33-11216.pdf
3NIST, "Artificial Intelligence Risk Management Framework (AI RMF 1.0)," NIST AI 100-1, January 2023. nist.gov/itl/ai-risk-management-framework
4ISO/IEC 42001:2023, "Information technology — Artificial intelligence — Management system." iso.org/standard/81230.html
5OECD, "AI Principles," updated 2024. oecd.ai/en/ai-principles

Operationalise these answers.

The AI Governance Framework System and the Executive Board Reporting System together provide the four artefacts behind every credible answer above — pre-mapped to EU AI Act, ISO/IEC 42001, and NIST AI RMF.

Preview AI Governance Framework → Preview Board Reporting System →