Independent technology governance · UK & Ireland
AI is moving faster than boards can govern.
INED.UK helps UK boards close the gap with practical audits, clear policies, and plain-English advice. Not slide decks.
67% of UK CIOs say AI adoption is outrunning their governance · Logicalis UKI Executive Briefing, May 2026
of S&P 500 companies now disclose AI as a material risk, up from 12% in 2023
The Conference Board, April 2026of S&P 500 directors have any disclosed AI expertise
The Conference Board, April 2026of UK firms worry about supplier AI risk, yet only 28% audit for it
QBE Europe, May 2026the year by which the NCSC says every organisation should have a quantum migration plan
NCSC, PQC migration timelines“If you use this technology, you are still accountable for it. You can't blame it on the box.”Mark Babington, Executive Director of Regulatory Standards, Financial Reporting Council
What I do
Three ways boards engage me
Every engagement is built for the boardroom. Short, practical, and written in the language directors use: duties, risk, and accountability.
A facilitated session that surfaces what AI tools your directors and executives are actually using (usually more than anyone in the room expects) and makes the risks tangible against your duties as a board. You leave with:
- A written AI usage and risk report, specific to your board
- A draft AI acceptable use policy, ready to adopt at your next meeting
- A proposed risk register entry, so AI oversight has a home
- A short list of questions your board should be asking management
Most boards don't know what they don't know. This is where the picture gets clear.
Book the audit conversation →Non-executive directors are high-value targets who sit outside the corporate IT perimeter: personal devices, personal email, and the most sensitive documents a company produces. The NCSC publishes specific guidance for high-risk individuals; very few directors have ever read it.
- Personal cyber risk assessment across your devices and accounts
- Breach monitoring for your email addresses and credentials
- Practical hardening aligned to NCSC guidance, carried out with you step by step
A standing resource for boards that don't have a technology voice at the table. I help directors ask the right questions about digital transformation, data protection, and technology procurement, translating technical risk into language the boardroom can act on.
- Pre-meeting briefings on technology items in the board pack
- Procurement and supplier-risk challenge, including AI vendor claims
- Board reporting that directors can actually interrogate
Approach
How an engagement works
A conversation
Half an hour at no charge. You describe where the board is and I'll tell you honestly whether I can help.
The session
A half day with the board. Structured, candid, and under Chatham House rules, so directors say what they actually do rather than what the policy says.
The report
Within ten working days: a written risk report, a draft policy, and a risk register entry, all written to be adopted at your next meeting.
The follow-through
A check-in after one board cycle. Governance that isn't revisited isn't governance; it's paperwork.
A quick test
Eight questions your board should be able to answer
If more than two of these draw a blank around your table, the gap is already material.
- Which AI tools are our directors and senior executives using today, including the unofficial ones?
- Has any board material ever been put into a free AI tool? Would we know if it had?
- Do we have an AI acceptable use policy, and has the board actually adopted it?
- Where does AI sit on our risk register, and who owns that entry?
- What are our key suppliers doing with AI, and with our data?
- How are board papers distributed, and to whose devices and accounts?
- If a director's personal email were compromised tonight, what would be exposed?
- Has anyone asked our IT team or suppliers about the NCSC's 2028 quantum-readiness milestone?
These are the questions the insights on this site and the audit are built around.
About
Mícheál Gallagher
I've sat on both sides of the boardroom table. I understand what non-executives actually need to govern technology effectively, because I've been the person in the room asking the questions, and the person on the other side answering them.
Over a decade of board director experience across membership organisations and technology businesses.
Insights
The AI Enabled Director
Plain-English writing on AI governance, cyber security, and emerging risk, written for the directors who carry the accountability.
Moving Your Board's Email to Proton Won't Fix the Real Problem
Switching email providers feels like action. The governance gap is somewhere else entirely. The first of three posts on where board email really lives.
The Free Setting Every Director on Gmail Should Switch On Today
Google's Advanced Protection Programme takes ten minutes and costs nothing. It also won't fix the thing your board should actually be worried about.
Outlook Has No "Advanced Protection" Switch. The Reason Is the Lesson.
There is no Microsoft equivalent of Google's Advanced Protection, and once you see why, the whole series resolves into a single instruction: the organisation must own the account.
What Directors Are Actually Doing with AI — And What They Should Stop
At least one director on your board is summarising the board pack in ChatGPT. No policy. No risk register entry. Here's what the FRC thinks about that.
Monthly
The INED.UK Board Briefing
A short monthly email covering the regulatory shifts, practical risks, and real-world examples that matter for anyone sitting on a board right now. Aimed at busy INEDs and chairs who want to stay informed without wading through the noise.
It's one short email a month, and you can leave whenever you like.
Subscribe to the BriefingLatest edition · June 2026
- Lloyds Banking Group puts AI inside the boardroom
- KPMG signs Anthropic — Big Four AI integration begins
- Only 33% of directors see their board as a value creation tool
- BoE, FCA & HMT issue joint warning on frontier AI risk
- SpaceX IPO exposes what happens when governance is absent
The conversation costs nothing.
Whether you need a board AI audit, cyber guidance, or someone to translate technology risk into boardroom language, I'd welcome a conversation. Book half an hour and you'll leave with something useful either way.
Book an appointmentPrefer email? mgallagher@ineduk.com · LinkedIn