Independent technology governance · UK & Ireland

AI is moving faster than boards can govern.

INED.UK helps UK boards close the gap with practical audits, clear policies, and plain-English advice. Not slide decks.

67% of UK CIOs say AI adoption is outrunning their governance · Logicalis UKI Executive Briefing, May 2026

83%

of S&P 500 companies now disclose AI as a material risk, up from 12% in 2023

The Conference Board, April 2026
2.7%

of S&P 500 directors have any disclosed AI expertise

The Conference Board, April 2026
75%

of UK firms worry about supplier AI risk, yet only 28% audit for it

QBE Europe, May 2026
2028

the year by which the NCSC says every organisation should have a quantum migration plan

NCSC, PQC migration timelines
“If you use this technology, you are still accountable for it. You can't blame it on the box.”
Mark Babington, Executive Director of Regulatory Standards, Financial Reporting Council

What I do

Three ways boards engage me

Every engagement is built for the boardroom. Short, practical, and written in the language directors use: duties, risk, and accountability.

The flagship

Board AI Readiness Audit

Half day · boards of up to eight · from £500

A facilitated session that surfaces what AI tools your directors and executives are actually using (usually more than anyone in the room expects) and makes the risks tangible against your duties as a board. You leave with:

  • A written AI usage and risk report, specific to your board
  • A draft AI acceptable use policy, ready to adopt at your next meeting
  • A proposed risk register entry, so AI oversight has a home
  • A short list of questions your board should be asking management

Most boards don't know what they don't know. This is where the picture gets clear.

Book the audit conversation →
For individuals

Cyber Security for Directors

Personal assessments · ongoing monitoring

Non-executive directors are high-value targets who sit outside the corporate IT perimeter: personal devices, personal email, and the most sensitive documents a company produces. The NCSC publishes specific guidance for high-risk individuals; very few directors have ever read it.

  • Personal cyber risk assessment across your devices and accounts
  • Breach monitoring for your email addresses and credentials
  • Practical hardening aligned to NCSC guidance, carried out with you step by step
Start with the free email security check →   See managed secure email plans →
Ongoing

Technology Governance & Advisory

Retained or ad hoc

A standing resource for boards that don't have a technology voice at the table. I help directors ask the right questions about digital transformation, data protection, and technology procurement, translating technical risk into language the boardroom can act on.

  • Pre-meeting briefings on technology items in the board pack
  • Procurement and supplier-risk challenge, including AI vendor claims
  • Board reporting that directors can actually interrogate
Book a conversation →

Approach

How an engagement works

01

A conversation

Half an hour at no charge. You describe where the board is and I'll tell you honestly whether I can help.

02

The session

A half day with the board. Structured, candid, and under Chatham House rules, so directors say what they actually do rather than what the policy says.

03

The report

Within ten working days: a written risk report, a draft policy, and a risk register entry, all written to be adopted at your next meeting.

04

The follow-through

A check-in after one board cycle. Governance that isn't revisited isn't governance; it's paperwork.

A quick test

Eight questions your board should be able to answer

If more than two of these draw a blank around your table, the gap is already material.

  1. Which AI tools are our directors and senior executives using today, including the unofficial ones?
  2. Has any board material ever been put into a free AI tool? Would we know if it had?
  3. Do we have an AI acceptable use policy, and has the board actually adopted it?
  4. Where does AI sit on our risk register, and who owns that entry?
  5. What are our key suppliers doing with AI, and with our data?
  6. How are board papers distributed, and to whose devices and accounts?
  7. If a director's personal email were compromised tonight, what would be exposed?
  8. Has anyone asked our IT team or suppliers about the NCSC's 2028 quantum-readiness milestone?

These are the questions the insights on this site and the audit are built around.

About

Mícheál Gallagher

Mícheál Gallagher

I've sat on both sides of the boardroom table. I understand what non-executives actually need to govern technology effectively, because I've been the person in the room asking the questions, and the person on the other side answering them.

Over a decade of board director experience across membership organisations and technology businesses.

CurrentlyFractional Technology Manager, IoD Ireland: a role spanning systems, cybersecurity, and data protection
PreviouslyImplementation Specialist at Diligent, deploying governance platforms to FTSE and global boards
Board roles10+ years as a director; a technology professional who knows the responsibilities that directors shoulder

Insights

The AI Enabled Director

Plain-English writing on AI governance, cyber security, and emerging risk, written for the directors who carry the accountability.

Board Email · Part 1 of 3

Moving Your Board's Email to Proton Won't Fix the Real Problem

Switching email providers feels like action. The governance gap is somewhere else entirely. The first of three posts on where board email really lives.

7 min read
Board Email · Part 2 of 3

The Free Setting Every Director on Gmail Should Switch On Today

Google's Advanced Protection Programme takes ten minutes and costs nothing. It also won't fix the thing your board should actually be worried about.

6 min read
Board Email · Part 3 of 3

Outlook Has No "Advanced Protection" Switch. The Reason Is the Lesson.

There is no Microsoft equivalent of Google's Advanced Protection, and once you see why, the whole series resolves into a single instruction: the organisation must own the account.

6 min read
AI Governance

What Directors Are Actually Doing with AI — And What They Should Stop

At least one director on your board is summarising the board pack in ChatGPT. No policy. No risk register entry. Here's what the FRC thinks about that.

7 min read

All insights →

Monthly

The INED.UK Board Briefing

A short monthly email covering the regulatory shifts, practical risks, and real-world examples that matter for anyone sitting on a board right now. Aimed at busy INEDs and chairs who want to stay informed without wading through the noise.

It's one short email a month, and you can leave whenever you like.

Subscribe to the Briefing

Latest edition · June 2026

  • Lloyds Banking Group puts AI inside the boardroom
  • KPMG signs Anthropic — Big Four AI integration begins
  • Only 33% of directors see their board as a value creation tool
  • BoE, FCA & HMT issue joint warning on frontier AI risk
  • SpaceX IPO exposes what happens when governance is absent

The conversation costs nothing.

Whether you need a board AI audit, cyber guidance, or someone to translate technology risk into boardroom language, I'd welcome a conversation. Book half an hour and you'll leave with something useful either way.

Book an appointment

Prefer email? mgallagher@ineduk.com · LinkedIn