ISO/IEC 38507:2022 (Governance Implications of AI) director duties operationalised against a standard

Why it matters for NETEVO

ISO/IEC 38507:2022 is the governance standard addressed to the board itself, not to the AI management system the board owns — and that altitude is what connects the international AI standards to the law of director duties.

A direct overlay onto the Australian director-duty regime. Where ISO/IEC 42001 governs the AI management system and ISO/IEC 23894 governs AI risk, ISO/IEC 38507 addresses the governing body that owns the management system — the same body on which Australian director-duty law already operates. The overlay is not loose: fourteen distinct mappings connect the standard to the Australian regime, among them Corporations Act 2001 (Cth) ss 180-183, ASX CGC Principles 1, 4 and 7, APRA CPS 230 operational risk management, the governance hooks of the Privacy Act 1988, the NSW AI Assessment Framework, and the eight elements of the AICD/HTI Director's Guide. The consequence for a board is that the duty of care and diligence under section 180 can be tested against an international standard rather than asserted from first principles.

Two substantive shall obligations carry unusual weight for a guidance standard. Clause 4.1 normatively forward-references Annex A, so the annex is treated as binding rather than informative; Clause 6.7.3 obligates stakeholder consideration of reputation and trust. For anyone drafting board charters or policies against the standard, those two modal verbs carry compliance weight that the surrounding guidance language does not.

The standard that governs the delegation of authority itself. Where ISO/IEC 42001 governs AI systems and ISO/IEC 23894 governs AI risks, ISO/IEC 38507 governs who delegates authority into the AI system in the first place — the precise question the Implicit Authority Cascade frames. It is the only international standard in the suite whose normative structure maps cleanly onto board-level accountability for delegated agent authority.