Skip to content
Calibrant
Calibrant Consulting

Free resource

AI Governance Readiness Checklist

A 12-point checklist to pressure-test where your AI adoption stands against the obligations now landing - the same lens the readiness assessment uses.

Twelve checks across five areas. If you can’t tick most of them with confidence, that is the gap a readiness assessment exists to close.

1. Know what you have

  • You maintain an up-to-date inventory of where AI is used across the organisation - including tools embedded in third-party software.
  • Each AI use is classified by risk (e.g. against the EU AI Act's risk tiers), not treated as uniform.
  • You know which systems make or materially influence decisions about people.

2. Ownership & accountability

  • A named person or function owns AI governance - it is not diffused across everyone and therefore no one.
  • There is a clear escalation path when an AI system behaves unexpectedly or a new risk emerges.
  • Board or senior leadership receive a periodic, honest read on AI risk - not just AI opportunity.

3. People & literacy

  • Staff who build, buy, or operate AI have an adequate level of AI literacy for their role (an EU AI Act obligation already in force).
  • The people relying on AI outputs understand the system's limits well enough not to over-trust them.

4. Data & controls

  • You can account for the data flowing into and out of your AI systems, including what leaves your boundary.
  • AI sits within your existing security and resilience controls (e.g. NIS2 obligations, ISO 22301 continuity), not outside them.

5. Evidence & defensibility

  • For consequential systems, you could show a regulator or board how a decision was reached and what controls applied.
  • You have a plan, with owners and sequencing, for the obligations landing in 2026–2027 - drafted before the deadline, not at it.

This checklist is general information, not legal advice. Confirm specific obligations against the current official text and guidance for your situation.

Turn the checklist into a plan

The AI Governance Readiness Assessment scores you against these areas and hands you a board-ready remediation roadmap in 2–3 weeks. Typically responds within 24–72 hours.

Book the assessment