Governance

"We have assessed AI risk."

With the AI Act in force, that sentence is becoming a governance expectation — one a board should be able to say, date, and evidence.

The expectation

From prudent to expected.

Boards are already expected to state that they have assessed cyber risk, climate exposure, and going concern. AI exposure is joining that list — not because a regulator demands the exact document, but because the question is now asked in every diligence process, credit review, and renewal negotiation.

An exposure statement answers it the way boards prefer to answer: with a dated, scored, comparable document rather than a narrative.

Diligence
Buyers and lenders ask for AI exposure in writing. A scored statement is an answer; a slide is not.
Fiduciary cover
The board minuted an assessment by an independent party. The duty of care is evidenced.
Renewals
Customers ask what you do with their data and whether your service survives the shift. The position statement answers publicly.
Reassessment
Scores are dated and revisited on a fixed cycle. Cover that isn't current isn't cover.
Position statements

Silence becomes conspicuous.

The position statement is the public rendering: how a company uses AI, what it does not do with customer data, and why its service holds. Once a few companies in a market publish one, the question moves to those who haven't.

CopenhagenEjendomsservice, 340 FTEPublished
StockholmSpecialty insurerPublished
HamburgMittelstand componentsDraft
The assessment is the evidence. The statement is the cover.