AI Regulation Reference

ISO/IEC 38507 Governance of AI

Jurisdiction:
OECD
 voluntary
Effective:
Apr 8, 2022
Authority:
International Organization for Standardization
 Official text Verified Mar 26, 2026

Obligations Covered

Human Oversight

Provisions (1)

Board-Level AI Governance #

Obligation:
Human Oversight
 enforcing
Effective:
Apr 1, 2022
Risk tier:
all
Scope:
deployers
 cross-domain
ISO/IEC 38507 is the only international standard specifically addressed to governing bodies (boards, executives) rather than technical teams — directing boards to evaluate, direct, and monitor AI use. As regulators increasingly hold organisations accountable at the board level for AI governance, this standard defines what board-level AI oversight looks like.

Requirements

RequirementDetails
Governing body responsibilityBoards and governing bodies must evaluate, direct, and monitor the organisation's use of AI
Effective useEnsure AI is used effectively to fulfil organisational objectives
Efficient useEnsure AI use delivers value proportionate to resources and risks
Acceptable useEnsure AI use complies with applicable laws, regulations, and ethical expectations
AI governance frameworkEstablish governance structures for oversight of AI across the organisation
Accountability assignmentAssign clear accountability for AI-related decisions and outcomes at executive level

Penalties

ViolationFine
Non-complianceVoluntary — no binding enforcement mechanism