v2.4.0 | Report Errata
docs operations docs operations

Level 5: Executive Leadership — Personnel & Function Level 5 comprises the CEO, CTO, CRO, and board members with AI governance oversight. They provide strategic oversight of the organisation’s AI compliance programme, resource allocation, and risk appetite decisions. Executive leadership must receive periodic reporting (quarterly during normal operations, immediately for serious incidents) covering the compliance status of all high-risk systems, the open non-conformity register, serious incidents or near-misses, the PMM summary, and the overall risk posture. Level 5 holds the authority to increase compliance investment, adjust risk appetite, halt deployments, and set organisational culture around AI governance. Without executive engagement, the compliance programme lacks the organisational weight to compete with commercial priorities. Executive oversight is documented through board and committee reporting materials, providing evidence that the organisation’s leadership is actively engaged in AI governance. Key outputs

  • Strategic oversight of AI compliance programme
  • Resource allocation and risk appetite authority
  • Quarterly and immediate reporting cadence
  • Board and committee documentation as evidence

Level 5: Periodic Reporting Executive reporting follows a dual cadence. Quarterly reports cover the portfolio compliance status, aggregated PMM trends, non-conformity register summary, resource utilisation against plan, regulatory developments, and upcoming milestones. Immediate reports are triggered by serious incidents under Article 73, non-conformities that the AI Governance Lead has been unable to resolve within defined timelines, and resource constraints threatening compliance posture. The quarterly report is concise and decision-oriented: it presents the information executives need to allocate resources, set priorities, and assess whether the organisation’s AI risk appetite is appropriate. Detailed technical analysis remains at Levels 1–4; Level 5 receives strategic summaries with clear escalation points. Key outputs

  • Quarterly portfolio compliance reporting
  • Immediate reporting for serious incidents and unresolved non-conformities
  • Decision-oriented format with clear escalation points
  • Module 7 AISDP evidence

Level 5: AI Literacy for Executives (Art. 4) Article 4’s AI literacy requirement extends to executive leadership. Executives need strategic awareness: what the organisation’s AI systems do and which populations they affect, what the regulatory obligations are and what non-compliance consequences entail, how to interpret compliance reporting, and when to exercise authority to halt or modify a deployment. Executive literacy is delivered through focused briefings (annual, with event-triggered updates for material regulatory changes), not through the same detailed programme as operators. The briefings cover the AI portfolio overview, risk posture, compliance status, and upcoming regulatory milestones. They should equip executives to ask informed questions and make governance decisions, not to interpret model metrics. Key outputs

  • Strategic AI literacy for executive decision-making
  • Annual briefings with event-triggered updates
  • Portfolio overview, risk posture, and regulatory milestones
  • Module 7 AISDP evidence

Level 5: Escalation Triggers Level 5 escalation triggers include any serious incident under Article 73, non-conformities that the AI Governance Lead has been unable to resolve within defined timelines, resource constraints preventing the organisation from maintaining its compliance posture, and board-level risk appetite decisions regarding residual risks. Escalation to Level 5 is the final internal step before external regulatory engagement. When the AI Governance Lead escalates to Level 5, the expectation is that executive authority is needed to resolve the issue, whether through additional resources, strategic reprioritisation, or a decision to withdraw a system. Level 5 decisions are documented and retained. Key outputs

  • Four categories of executive escalation trigger
  • Final internal escalation before external engagement
  • Executive authority required for resolution
  • Documented decisions retained as evidence
On This Page