AI Governance

Who is accountable for AI on your board?

In most SMEs, no one can say who is accountable when an AI system causes harm or cost. As regulation tightens in 2026, that gap is a real liability. The fix is not a Chief AI Officer. It is a named owner and proportionate governance.

Rafal Bergman··4 min read
Part of The Founder's Playbook
Summary

In most small and mid-sized companies, if you ask who is accountable when an AI system makes a costly or harmful decision, you get a shrug. The honest answer is usually 'the board', but no individual has been named and proportionate governance has not been set up. That gap is becoming a real liability in 2026 as regulation tightens and AI moves from experiments into decisions that affect customers and money. The fix is not to hire a Chief AI Officer. It is to name an accountable owner, usually an existing executive, and put lightweight, proportionate governance in place: an inventory of AI in use, clear lines on what AI may decide without a human, a simple audit record, and a regular review.

In most small and mid-sized companies, if you ask who is accountable when an AI system makes a costly or harmful decision, you get a shrug. The honest answer is usually "the board", but no individual on it has been named, and proportionate governance has not been set up. That gap is becoming a real liability in 2026, as regulation tightens and AI moves from experiments into decisions that affect customers and money. The fix is not to hire a Chief AI Officer. It is to name an accountable owner and put lightweight governance in place. Here is what that means for a company without a dedicated AI function.

Who answers when the AI gets it wrong?

Picture an AI system in your business making a decision that turns out badly: a customer wrongly refused, money misdirected, data exposed. Now ask who, by name, answers for it. In most SMEs there is no answer. The work has been delegated to a tool, the tool has been delegated to a team, and accountability has quietly evaporated somewhere in between.

This is different from the day-to-day question of who is allowed to use which tools, which is an operational matter. The board-level question is narrower and sharper: who is personally accountable for AI risk, and have you actually named them?

You probably don't need a Chief AI Officer

The market is busy telling you the answer is to hire a Chief AI Officer. For most companies your size, it is not. A dedicated AI chief is often premature, and the role has a habit of becoming a vanity title with an 18-month shelf life. You do not need a new seat in the C-suite. You need two things that cost almost nothing: a named accountable owner, usually an existing executive, and a proportionate system around them.

Naming the owner is the part everyone skips and the part that matters most. Accountability that belongs to "the board" belongs to no one. Accountability that belongs to a named person, with the authority to set policy and the proximity to see where AI is actually used, is real.

Why this is suddenly urgent

Two things are converging. AI is moving out of the sandbox and into decisions with real consequences. And the regulatory direction is unmistakable: accountability is becoming a named-person question, not a corporate abstraction. The EU AI Act's high-risk obligations are phasing in through 2026, and UK regulators are applying existing accountability frameworks to AI rather than waiting for a single new statute. For regulated firms, individual senior-manager accountability already extends to the systems they rely on.

The trouble is that almost all the guidance you will find online is written for large enterprises, by law firms and big consultancies. It does not tell a fifty-person company what proportionate actually looks like. That gap is the whole problem.

What proportionate governance looks like

Not a forty-page policy. For a company your size, five things:

  1. A named owner. One accountable individual, on the record.
  2. An inventory. A simple list of where AI is in use, including the unsanctioned tools your staff are already running. You cannot govern what you cannot see.
  3. Clear lines. What AI is allowed to decide on its own, and what always needs a human. Especially for anything irreversible or customer-facing.
  4. A record. A basic audit trail of significant AI-driven decisions, so you can answer "why did it do that?" after the fact.
  5. A rhythm. A short, regular review of the above, so it stays current as your AI use grows.

This is the board-level layer that sits above the operational control plane. The control plane governs what the agents do. This governs who answers for them.

You do not need to become an AI expert or build a compliance department. You need one accountable owner and a proportionate system, set up before an incident or a regulator forces the question rather than after.

If you want help working out what proportionate AI governance looks like for a company your size, and who on your board should own it, that is something I help leadership teams put in place. Let's talk.

Related: Shadow AI is your next audit finding · Agent sprawl is the new shadow IT. Your business needs a control plane · Does your business need a CTO?

Rafal Bergman
Rafal Bergman
Fractional CTO | Director of AI Engineering | PhD

Serial founder, four exits. Currently Director of AI Engineering at OpenAsset. As a Fractional CTO, I help startup founders and small to mid-market companies stop running AI pilots and start shipping systems that move the P&L. Connect on LinkedIn

Frequently asked questions

Who is accountable for AI in a company?
Ultimately the board, but accountability only works when a specific individual is named. In most SMEs no one has been, which means that when an AI system causes harm or cost, there is no clear owner. Naming an accountable owner is the first and cheapest governance step.
Does a small company need a Chief AI Officer?
Usually not. For a company without a large AI function, a dedicated CAIO is often premature or a vanity role. What you need is a named accountable owner, frequently an existing executive, plus proportionate governance, not a new C-suite hire.
What is proportionate AI governance for an SME?
A lightweight version of what enterprises do: a named owner, an inventory of AI in use (including unsanctioned tools), clear rules on what AI may decide without a human, a simple audit record, and a regular review. Not a forty-page policy.
Why does AI accountability matter now?
Regulation is tightening: the EU AI Act's high-risk obligations are phasing in through 2026, and UK regulators are applying existing accountability frameworks to AI. At the same time AI is moving from experiments into decisions that affect customers and money. Accountability is becoming a named-person question.
Who should own AI risk on the board?
Usually an existing executive with the authority to set policy and proximity to where AI is used, supported by independent technical input. The key is that one named person is accountable, not that a new role is created.
Stay ahead

AI & tech are moving fast.
Get the signal, not the noise

Get in touch

Ready to make AI actually work?

Tell me what you're working on. I'll respond personally. If there's a fit, we'll take it from there.

Start a conversation See the engagements first Free AI readiness assessment
Accepting one new client · second slot opens Q3 2026