Every director on a board that deploys AI carries a personal duty of care under Companies Act 2006 s.174 — a duty that cannot be discharged by board minutes, company compliance programmes, or reliance on management. That duty has been running since the EU AI Act entered into force in August 2024.
Enforcement dates for the high-risk Annex III categories are now fixed at 2 December 2027 following the Omnibus VII amendments. The extension changes the technical compliance timeline. It does not pause your personal oversight obligation — or the evidence gap accumulating against it.
Answer 10 questions. Understand your personal position in under 3 minutes.
The EU AI Act (Regulation 2024/1689) entered into force on 1 August 2024. From that date, any company deploying AI in material processes has been operating inside the Regulation's architecture — and every individual director of that company has carried a personal oversight obligation alongside it.
The obligation does not come from the AI Act alone. In the UK, it comes from Companies Act 2006 Section 174: the personal duty of care, skill and diligence owed by every director individually. Re Barings plc (No 5) [1999] confirmed that this duty is non-delegable — each director must personally demonstrate what they did. Equivalent standards apply in the United States (the Delaware Caremark line), Australia (ASIC v Healey), and the ADGM and DIFC.
English commercial courts place significantly greater weight on documentary evidence created at the time of an event than on witness recollection reconstructed afterwards. A director who cannot produce a contemporaneous personal record of the AI governance questions they raised is defending years-old conduct from memory — against a documentary standard.
This is why a change to the technical enforcement timeline changes nothing for individual directors: the personal duty is continuous, and the evidence gap either accumulates or it does not.
The assessment reflects your own answers back through a structured governance framework across four dimensions of personal exposure:
It is anonymous, runs entirely in your browser, and stores nothing.
The EU AI Act applies to companies with EU market exposure regardless of where the board is registered. The personal liability standard that runs alongside it is set by your jurisdiction of appointment.
The duty is individual — it cannot be discharged by board minutes, collective decisions, or reliance on management. Re Barings plc (No 5) [1999] confirmed each director must personally demonstrate what they did. The duty is continuous — it is not timed to a technical compliance deadline.
Courts place significantly greater weight on documentary evidence created at the time of an event than on witness recollection reconstructed afterwards. Where a director relies on memory alone, courts assign it substantially less weight than a timestamped personal record created at the moment of oversight. This principle is firmly established in English commercial litigation and applies directly to director liability proceedings.
Directors may retain their own questions, notes and assessments for personal legal defence. This confirms that a personal record of your conduct — distinct from company confidential data — is legally yours to keep after resignation.
The Delaware Supreme Court held directors liable for breach of the duty of loyalty where they failed to make a good faith effort to implement board-level monitoring of mission-critical risks. The court scrutinised board minutes and found them wanting. Absence of evidence in the minutes was treated as absence of oversight.
The Delaware Supreme Court expanded the definition of books and records to include informal electronic communications — emails, texts — where a company conducts business informally. A director's personal devices become fair game in discovery if no formal governance record exists.
A former director generally loses Section 220 inspection rights upon resignation and cannot compel the company to produce documents to defend their past conduct. Possessing an independent personal record before departure is the only guaranteed proactive defence.
The Federal Court rejected the defence that directors had relied on management and external auditors. Justice Middleton held each director must apply an enquiring mind and take a diligent and intelligent interest in the information available. Passive reliance is not a defence.
Former directors have a right to inspect company books for legal proceedings — but only once a proceeding exists. Hostile boards routinely deny access, forcing court applications. A personal record held independently bypasses this gatekeeping entirely.
The Federal Court reiterated the danger of relying on reconstructed direct speech in affidavits years after the event. A contemporaneous timestamped note created at the time of a board meeting is evidentially superior to sworn testimony reconstructed years later — a principle now firmly established in Australian commercial litigation.
ADGM applies English common law. The personal director liability standard mirrors the UK duty of care exactly. The wrongful trading defence under ADGM Insolvency Regulations requires proof that a director took every step to minimise creditor loss — a defence of documented process, not outcome.
The DIFC imposes a duty equivalent to the UK and Australian standards. In Lynch v Cadwallader [2021], the DIFC Courts held that documentary evidence created at the time carries significantly greater weight than witness memory reconstructed in credibility disputes — a principle applied directly to director conduct proceedings in the region.
Onshore UAE civil courts have no broad pre-trial discovery process. A director cannot compel a hostile company to produce thousands of emails to prove their diligence. In a system where you must produce the evidence you rely upon, possessing a personal contemporaneous record is the only reliable defence. Electronic records are admissible under the UAE Electronic Transactions Law and Evidence Law.
A portfolio director with UK, US and Australian appointments faces the English contemporaneous evidence standard, Marchand/Caremark (Delaware) and Centro (Australia) simultaneously — and a failure in any one does not protect against claims in another. A company compliance programme in one jurisdiction does not discharge your personal duty in another. Annex III obligations follow EU market exposure, not board registration.
Ethical AI Advisor is a trading name of Archimedes Lever Ltd, a private limited company registered in England and Wales (Company No. 16859569), specialising in personal governance protection for corporate directors. The assessment framework is built on primary sources: the Companies Act 2006, Regulation (EU) 2024/1689, and the reported case law cited on this page.
The assessment is a self-assessment tool, not legal advice. It reflects your own responses back through a structured governance framework and makes no determination about your personal legal position. Full details are on the Legal & Privacy page.
Cross-referencing EU AI Act Annex III, your jurisdiction's
director liability standard, and your personal evidentiary position