How the scoring works

Every question feeds one or more of three sub-scores, each shown on your result from 0 to 100.

Obligation pressure: how strongly the outside world, your sector, your customers, regulators and insurers, is asking you to show you manage AI responsibly.

Exposure surface: how much of your business AI touches, and how sensitive the data flowing through it is.

Readiness gap: how far you are from being able to say, with evidence, that you manage your AI, given what you already have in place.

The three sub-scores combine into a single headline band, weighted towards obligation and exposure. The bands are Low (a light AI footprint with manageable obligations), Moderate (real AI use with governance not yet formal), High (material exposure with governance lagging), and Urgent (live commercial and regulatory risk).

Two combinations raise your band regardless of the arithmetic, because they are situations where a middling score would be false reassurance. They can only raise the band, never lower it.

First: a regulated sector, plus AI involved in decisions about people, plus no written AI policy, sets a floor of High.

Second: AI in use, plus someone actively asking how you govern it, plus a deadline within six months, sets a floor of Urgent.

This is a screening tool. It tells you whether and how urgently to think about AI governance. It is not a formal ISO/IEC 42001 conformity assessment and does not give you a statement of conformity against the standard.

If you would like to understand your own result in detail, Matt can walk you through how it was calculated, line by line.