Welcome to the AI Governance and Risk Readiness Assessment.
This tool helps organisations evaluate their AI governance, transparency, and risk-management maturity in a legally neutral way. Your responses are confidential and used only for awareness and improvement. This assessment does not imply legal compliance.

Organisation Profile
General, non-identifying information about your organisation.
Governance and Accountability
Do you have a designated AI governance lead or committee?
Are AI policies approved by senior management?
Do you maintain documentation on system purpose, data sources and decisions?
Do you perform periodic internal AI audits?
Transparency and Explainability
Questions about openness, traceability and communication of AI outputs.
Can you provide explanations for AI-driven outcomes?
Are end-users informed when interacting with AI systems?
Are model inputs and limitations documented?
Do you disclose data provenance or training datasets?
Data Management and Privacy
Questions about how data are collected, processed, and protected in AI systems.
Are personal data anonymised or minimised before use?
Do you have data retention and deletion policies?
Is dataset bias periodically reviewed?
Do you rely on synthetic or licensed datasets?
Synthetic datasets are artificially generated data that imitate real-world information.
Licensed datasets are those obtained with formal usage rights or permissions.
Unverified datasets lack clear origin or legal rights for use.
Is user consent required before data use?
Human Oversight and Safety
Questions about how human decision-makers supervise, test, and mitigate AI behaviour.
Can human operators override AI decisions?
Are human reviewers trained to interpret AI outputs?
Are there safeguards for harmful or biased outcomes?
Do you perform testing in real-world or simulated environments?
Risk and Compliance
Questions about risk classification, legal awareness, and external assurance.
Do you classify AI systems by risk level (low, medium, high)?
Do you assess potential legal obligations (e.g., data protection, liability)?
Do you track updates to AI or data laws internationally?
Have you conducted any external or third-party audit of AI systems?