What are the core responsibilities of the governing body regarding AI?

The key idea is that governance oversight for AI focuses on risk management and principled direction. The governing body sets the AI risk appetite, ensuring that AI initiatives are pursued within the organization’s tolerance for potential harms, biases, privacy impacts, and regulatory exposure. It also requires clear communication of AI risks to stakeholders and establishes formal processes to identify, assess, and monitor those risks across all AI projects. In addition, it ensures appropriate practices for AI use cases—covering model lifecycle management, data governance, ethics and bias controls, security, privacy, explainability, and ongoing monitoring—so that AI works align with strategy, regulatory requirements, and accountability standards. The other activities mentioned—writing code, managing marketing campaigns, or conducting user research—belong to operational teams and business functions, not governance oversight of risk and controls for AI.