Skip to content

How governed is your company's AI usage?

This self-assessment diagnoses your current state of governed AI use — from company policy and data classification to EU AI Act compliance and shadow AI protection. Your results and recommendations are instant.

Time to complete: 5–10 minutes 20 questions, 7 areas
After completing the test, we'll send you a personalised evaluation and a draft AI governance policy within 3 business days.
0 points Not addressed

This area is not formally covered or we are not aware of it.

1 point Partial

We have the basics or informal rules, but significant gaps remain.

2 points Mostly

The area is covered, but not consistently or not for all cases.

3 points Fully

The area is formally addressed, consistently followed, and regularly reviewed.

  1. 1 About you
  2. 2 Strategy
  3. 3 Data
  4. 4 Tools
  5. 5 Agents
  6. 6 AI Act
  7. 7 People
  8. 8 Monitoring
Step 1 of 8

First, a few details about your organisation

This helps us contextualise your results. All information is kept strictly confidential.

Step 2 of 8

A. Strategy and governance

Governance and strategy form the foundation of governed AI. Without written policies and clear accountability, everything else is built on sand.

1. Does the company have a written policy for AI use?
2. Is there a designated person or team responsible for AI governance?
3. How are decisions made about which AI tools are permitted?
Step 3 of 8

B. Data and data protection

A critical area: employees must know what data they can and cannot put into AI. Otherwise sensitive or client information is at risk.

4. Do employees know clearly what data they may or may not enter into AI?
5. Where is sensitive or client data processed in AI?
6. Is personal data (GDPR) entered into AI only via approved tools with a legal basis?
Step 4 of 8

C. Approved tools and shadow AI

Shadow AI — unreported and unapproved AI tools — is one of the biggest risks. Organisations without oversight have no control.

7. Do you know which AI tools your people actually use?
8. Do employees use personal AI accounts (personal ChatGPT etc.) for work?
9. Is there an approved, secure alternative so people do not need to circumvent policy?
10. Can employees easily request approval for a new tool?
Step 5 of 8

D. Advanced use and AI agents

Agentic AI introduces new risks — automated actions with access to company systems require clear rules and human oversight.

11. Do you use AI agents or automations with access to company data — and under what control?
12. Do critical AI actions (sending externally, payments, system changes) require human approval?
Step 6 of 8

E. EU AI Act and GDPR compliance

The EU AI Act is in force — organisations have obligations around AI literacy, transparency and risk assessment. Ignorance is not a defence.

13. Do you know what the EU AI Act means for your organisation?
14. Do you train employees in AI use (AI literacy obligation, Art. 4 AI Act)?
15. Do you label AI-generated content intended for external audiences (transparency, Art. 50)?
Step 7 of 8

F. People, culture and output verification

Technology without people does not work. A reporting culture, output verification and clear escalation paths ensure AI actually helps.

16. Do people verify AI outputs before use (risk of hallucinations)?
17. Do employees know who to contact if they have concerns about AI?
18. What is the culture around reporting AI mistakes?
Step 8 of 8

G. Monitoring and incidents

Without records and an incident response process you cannot manage what you cannot measure. Organisations without monitoring find out about crises too late.

19. Do you maintain a register of AI tools, access rights and incidents?
20. Do you have a procedure for what to do in the event of a data leak into AI?

Your answers are treated confidentially and not shared with third parties. Privacy policy →

Get in touch