The Questions Got Sharper
In 2023 and early 2024, board-level AI conversations were mostly aspirational. By late 2025, the conversation had shifted. The board members who had been asking "what is our AI strategy" had moved on to asking "what could go wrong, and what is our response when it does." The shift is partly the result of EU AI Act enforcement approaching its August 2026 deadline. Partly it is the result of high-profile AI incidents at peer companies. Partly it is the natural maturation of any technology category from novelty to risk.
PwC's 2024 global board survey on AI governance found 78 percent of boards now include AI risk on their standard quarterly agenda (PwC, "Annual Corporate Directors Survey 2024"). The questions on those agendas have converged. Five specific ones now appear in roughly every meeting where AI is discussed.
CTOs walking into board meetings without prepared answers to these five questions are walking into an avoidable problem.
The Five Questions
The five questions cluster around different dimensions of AI risk and operational maturity. Each one has a specific answer pattern that produces confidence and a specific failure pattern that triggers escalation.
Question one is about systems inventory. "How many AI systems are in production, what do they do, and which ones could harm us if they fail." The board wants a complete picture, not a curated subset. The answer pattern is a current systems inventory with risk classification. The failure pattern is "we are still pulling that together" three quarters in a row.
Question two is about regulatory exposure. "What is our exposure to the EU AI Act and equivalent regulations, and what is the plan to manage it." The board wants specifics about which systems are high-risk under which regulation, the gap to compliance, and the timeline to close the gap. The answer pattern is a matrix with timelines and ownership. The failure pattern is general reassurance that compliance is being worked on.
Question three is about incident readiness. "When an AI system produces a bad outcome, what is the process and who is accountable." The board wants to see incident response that includes AI-specific scenarios. The answer pattern is a runbook with named owners and a record of practiced drills. The failure pattern is gesturing at the general incident response process without AI-specific extensions.
Question four is about cost trajectory. "What does AI cost us today, what will it cost in 12-24 months, and how does it compare to value delivered." The board wants unit economics, not aggregate spend. The answer pattern is per-feature cost analysis with value attribution. The failure pattern is the cloud bill divided by some convenient denominator.
Question five is about talent and capability. "Do we have the skills to operate the AI systems we have committed to, and what is the talent strategy to fill gaps." The board wants honesty about capability gaps. The answer pattern is a named gap with a named hiring plan or partner strategy. The failure pattern is asserting that all needed capability exists when the operating evidence suggests otherwise.
CTOs who can answer all five with specific evidence build board confidence faster than CTOs who answer one or two well and deflect the others. The pattern is recognizable across multiple companies.
What Specific Evidence Looks Like
Boards have learned to distinguish credible answers from rehearsed reassurance. Three properties of evidence make answers credible.
Specificity beats generality. "We have 47 AI systems in production, 12 classified as high-risk under our internal taxonomy, with 3 of those triggering EU AI Act high-risk obligations" is specific. "We have a robust portfolio of AI initiatives across the business" is general. Boards now recognize the difference.
Currency beats freshness. Evidence dated within the current quarter is current. Evidence dated six months ago is stale. Boards have learned to ask when the data was last updated.
Traceability beats summary. Statistics that can be traced back to source systems are traceable. Statistics that exist in summary form without underlying detail are summaries. Boards have learned to ask "where does this number come from."
The CTOs who survive board scrutiny in 2026 are usually the ones who have invested in making the underlying systems produce specific, current, traceable evidence. The investment is in the operational stack, not in the board presentation.
What Has Changed From 2024
Three things have changed in board-level AI discussions over the past 18 months.
Boards now have AI literacy that they did not have in 2023. Board members have attended workshops, read white papers, and had direct experience with AI tools. The questions are more informed. The reassurance answers that worked in 2023 do not work in 2026.
Audit committees have started owning AI risk explicitly, often delegating from the full board. Audit chairs ask more pointed questions about controls, evidence, and audit-readiness than the full board typically asks. CTOs increasingly find themselves in audit committee sessions specifically about AI.
External legal counsel and audit firms have published board-facing AI governance frameworks that board members read. The frameworks shape the questions. CTOs who have read the same frameworks know what is coming. CTOs who have not are sometimes surprised by questions that reference frameworks the directors have studied.
The trajectory will continue. Board AI conversations in 2027 will be more sophisticated than 2026 conversations, the way 2026 is more sophisticated than 2024.
The Quarterly Reporting Pattern That Works
The CTOs who maintain board confidence on AI typically produce a quarterly board report with consistent structure. The structure parallels the five questions.
The report opens with the systems inventory updated for the quarter, including additions, retirements, and risk classification changes.
The report covers regulatory exposure with the matrix updated for the quarter, including any regulatory changes or audit findings.
The report addresses incident readiness with any AI incidents that occurred, the response, and the lessons applied to the runbook.
The report includes cost and value, with the unit economics by feature and the trajectory against forecast.
The report closes with talent and capability, including hires made, gaps identified, and partner relationships maintained.
The same structure each quarter, with current numbers, produces board confidence over time. Variable structure, or numbers that arrive late or incomplete, produces escalation.
What Logiciel Does Here
Logiciel works with CTOs preparing for board-level AI conversations, particularly when prior conversations have shown gaps in the answers. The work is typically structured around the five-question framework with priority on whichever question has produced the most pushback.
The AI Governance Frameworks for Regulated Industries framework covers the five operational pillars that support the board-facing answers. The Responsible AI for Boards framework covers the two-minute drill structure for board updates specifically.
A 30-minute working session is enough to assess where your board materials sit relative to the five-question framework.
Frequently Asked Questions
How often should I update the systems inventory?
Continuously, in the operational systems that generate it. Reviewed monthly by the AI governance lead. Presented quarterly to the board with the most recent data. Annual or ad hoc updates are insufficient at the current bar.
What if my company has minimal AI deployment so far?
The five questions apply with lower numbers. "We have 3 AI systems in production, all classified as low-risk, with the following plan to scale responsibly" is a credible board answer. The questions do not assume a particular scale.
Should I prepare the board materials myself or delegate?
A senior team member (AI governance lead, head of platform engineering) typically owns the materials. The CTO reviews, edits, and presents. Pure CTO production usually produces materials that are too high-level. Pure delegation usually produces materials the CTO cannot defend in detail.
How do I handle a board member who asks a question outside the five?
Honestly. "We have not addressed that systematically yet. Here is what we know. Here is when we will have a complete answer." The pattern that fails is improvising a confident answer to a question the team has not actually addressed.
What about board education on AI?
Useful but not a substitute for evidence-based answers. Educated boards still ask the five questions and expect specific answers. The education raises the bar of the conversation rather than lowering the answer expectations. Sources: - PwC, "Annual Corporate Directors Survey 2024" - European Commission, EU AI Act timeline
