AI governance for charities

What trustees need to understand

Trustees are legally accountable for how their charity uses AI.

That accountability extends to AI used by third-party suppliers acting on your behalf. Most charity boards aren’t ready for that.

of charity boards rated poor at AI skills, knowledge and confidence

0 %

are reviewing governance to give trustees proper AI oversight

0 %

of boards rated excellent at AI

0 %

Source: Charity Digital Skills Report 2025

The gap between what trustees are responsible for, and what they currently understand is where organisational risk exists.

Why this is a trustee issue, not just an IT issue

AI decisions aren’t technical decisions made by your digital team. They’re governance decisions that require trustee sign-off, trustee oversight, and trustee accountability.

The Fundraising Regulator is explicit on three points:

Trustees are responsible and accountable for their charity’s use of AI — including when AI is used by third-party fundraisers acting on the charity’s behalf.

Trustees must ensure they have sufficient oversight of how AI is being used in their name.

AI knowledge and capability should not be concentrated among a minority of trustees. If only one or two board members understand AI, that is a governance risk in itself.

Source: Fundraising Regulator, guidance accompanying the updated Code of Fundraising Practice, November 2025

If your charity uses an agency, direct mail house, or any supplier with AI-enabled tools, your trustees are accountable for that AI use.

Whether or not they know it’s happening.

What good AI governance looks like

Good AI governance isn’t about banning tools or creating bureaucracy. It’s about ensuring decisions are made deliberately, risks are visible, and someone is accountable.

For a charity board, that means:

A written AI policy that trustees have adopted and can stand behind. Not a policy drafted by staff and filed away; something the board has read, discussed and signed off.

A risk register entry for AI covering the tools in use, the data involved, the potential harms, and the controls in place. Updated at least annually.

Clarity on who is accountable for AI use across the organisation — not just the digital team, but a named trustee or senior leader with oversight responsibility.

A process for staying current. AI is changing quickly. Boards need a mechanism for being briefed on significant changes — new tools, new regulatory guidance, new risks — without requiring individual trustees to become AI experts.

Understanding of third-party exposure. A review of which suppliers use AI, what data they access, and whether existing contracts reflect the charity’s responsibilities under the Fundraising Regulator’s Code.

The leadership gap

Governance starts at the top. But the top has a problem.

36% of charity CEOs are rated poor at AI skills, knowledge and confidence. A CEO who can’t assess an AI risk can’t brief a board on one. A board that hasn’t been briefed can’t make an informed decision.

Source: Charity Digital Skills Report 2025

This isn’t about expecting every CEO or trustee to become an AI specialist. It’s about having enough shared understanding to ask the right questions, challenge supplier claims, and make decisions the organisation can account for.

How we help

We work with charity leadership and boards to build the understanding and frameworks needed to govern AI responsibly. That typically means some combination of the following.

Governance review

A structured assessment of your current AI governance position: what tools are in use, what data is involved, what your third-party supplier exposure looks like, and where the gaps are. Output is a clear action list with priorities.

Trustee and leadership briefings

A plain-language session for your board or senior leadership team. Not a technology lecture — a governance conversation. We cover what AI is doing in the charity sector, what the Fundraising Regulator now requires, and what questions your board should be asking regularly.

AI risk register development

We develop or update your AI risk register: identifying the tools in use, assessing the risks they carry, and defining the controls and oversight mechanisms that need to be in place. Something your board can adopt and return to.

Policy and governance framework

Where an AI policy doesn’t yet exist, we develop one alongside a governance framework that gives it teeth: sign-off processes, review cycles, and accountability structures that work for how your organisation actually operates.

Is your board ready for an AI governance conversation?

We work with charity boards and leadership teams across the UK. A free 30-minute call is a good place to start, no preparation needed.

What happens without proper governance

AI governance failures rarely announce themselves. They accumulate quietly — in supplier contracts that nobody reviewed, in staff using tools that nobody approved, in donor data that entered systems nobody audited.

When something goes wrong — a data breach, a biased output, a complaint to the Fundraising Regulator — the question isn’t whether the technology failed. The question is whether the board was aware of the risk and had controls in place.

If the answer is no, that’s a governance failure. And governance failures sit with trustees.

The Charity Commission expects trustees to understand and manage the risks their charity faces. AI is now one of those risks. That expectation doesn’t require a technical understanding of how AI works; it requires governance.