020 3026 4629 4.7 rated on Google

Level 3 AI Governance for Managers and Supervisors

Overview

Your staff are already using AI. Someone has to be in charge of how.

AI tools have arrived in almost every workplace, often without anyone deciding they should. Staff draft emails with chatbots, paste documents into summarisers and use AI features built into the software they already have. That creates real business risk: confidential data leaving the organisation, decisions influenced by inaccurate or biased output, and regulators who increasingly expect employers to show that AI use is understood and controlled. Under Article 4 of the EU AI Act, organisations in scope must ensure staff who use AI have an appropriate level of AI literacy, and UK regulators including the ICO expect data protection duties to be met however the processing happens.

This Level 3 course is written for the people who carry that responsibility. It takes you through the regulatory landscape in plain terms, then gets practical: how to find out what AI is actually being used in your business, how to risk assess a tool before approving it, how to write an AI use policy that staff will actually follow, and how to keep records that show a regulator, a client or a court that you took your duties seriously. You will also cover the data protection side in depth, including when an AI project needs a data protection impact assessment.

The course is fully online and self paced. Most learners complete it across several sessions, and you keep access for twelve months from enrolment. Pass the closing assessment and your CPD certified certificate is generated straight away, dated and named, ready to download and print.

CPD Certified
Fully Online
Level 3 · Management
All Sectors

What you’ll learn

What you’ll be able to do

By the end of this course you will be able to:

Explain where AI is used across a typical business and why unmanaged use creates legal, security and reputational risk.

Describe the UK regulatory approach to AI, the EU AI Act risk tiers and the AI literacy duty, and know when each applies.

Apply UK GDPR principles to AI tools, including lawful basis, data minimisation and transparency.

Risk assess an AI tool before approval, covering data flows, accuracy, bias, confidentiality and vendor terms.

Write and roll out an AI use policy with clear permitted uses, red lines and an approval route for new tools.

Run a proportionate procurement and onboarding process for AI tools, including contracts and data processing terms.

Supervise day to day AI use, keeping meaningful human review of AI-assisted output and decisions.

Recognise and respond to AI incidents, keep the records that prove accountability and review the policy as tools change.

Course content

Eight modules to work through

Each module builds on the last and ends with the material you need for the final assessment. Work at your own pace and return to any module during your twelve month access window.

1AI in the Workplace: The Manager’s ResponsibilityWhat AI tools actually do, where they already sit in your business and why governance lands on you.
  • What generative AI and machine learning tools actually do, and what they cannot do
  • Where AI is already in your business: chatbots, built-in assistants, screening and analytics tools
  • Shadow AI: the tools staff use without asking, and why banning rarely works
  • The risk picture: data leakage, inaccurate output, bias, IP and reputational harm
  • Why the law and regulators put responsibility on management, not on the tool
2The Legal and Regulatory LandscapeThe UK approach, the EU AI Act and the regulators who already have jurisdiction over your AI use.
  • The UK’s principles-based approach and the role of existing regulators
  • The EU AI Act: prohibited practices, high-risk systems and the risk-tier model
  • Article 4 AI literacy: who is in scope and what “sufficient AI literacy” means for your staff
  • The ICO, the EHRC, the FCA and sector regulators: who cares about what
  • Contractual and insurance consequences of ungoverned AI use
3Data Protection and AIHow UK GDPR applies when personal data meets an AI tool, and the rules your staff must follow.
  • How AI tools process personal data, and the difference between public and enterprise deployments
  • Lawful basis, purpose limitation and data minimisation applied to AI use
  • What must never be entered into a public AI tool, and why
  • Model training on your inputs: reading vendor terms properly
  • Transparency duties: telling people when AI is involved in processing their data
4Risk Assessing AI ToolsA practical framework for assessing any AI tool before you approve it.
  • A structured AI risk assessment: data, accuracy, bias, security, dependency
  • Hallucination and error rates: judging what a tool can safely be used for
  • Bias and discrimination risk, and where it does the most damage
  • Confidentiality, trade secrets and intellectual property questions
  • Vendor due diligence: hosting, retention, sub-processors and exit
5Writing an AI Use PolicyThe document that turns good intentions into enforceable rules.
  • What a workable AI use policy contains, and what to leave out
  • Defining permitted tools, permitted uses and hard red lines
  • The approval route for new tools and new use cases
  • Disclosure rules: when staff must say AI was used
  • Getting sign-up: communicating and enforcing the policy without driving use underground
6Approving and Onboarding AI ToolsProcurement, contracts and pilots that keep new tools inside your controls.
  • Building AI questions into procurement and supplier review
  • Data processing agreements and where AI vendors fit in your GDPR paperwork
  • Running a contained pilot before a full rollout
  • Configuring enterprise AI tools: retention, training opt-outs and access control
  • Bringing shadow AI into the tent: amnesty, assessment and approved alternatives
7Managing Staff Use Day to DayTraining, oversight and quality control once tools are approved.
  • Meeting the AI literacy duty: training that matches each role’s actual use
  • Meaningful human review: what it looks like and how to evidence it
  • Quality control of AI-assisted output before it reaches customers or decisions
  • Proportionate monitoring that respects employee privacy
  • Handling misuse: from coaching conversations to disciplinary action
8Incidents, Records and ReviewWhat to do when AI goes wrong, and the paper trail that protects you.
  • What an AI incident looks like: data leakage, harmful output, biased decisions
  • Linking AI incidents into your existing breach and incident procedures
  • When an AI incident is a personal data breach, and the 72 hour clock
  • The records that demonstrate accountability: assessments, approvals, training logs
  • Reviewing the policy: new tools, new features, new law and lessons learned

Who it’s for

Is this course a good fit?

This course is written for the people who decide, or should decide, how AI is used in their organisation. If AI use in your team would land on your desk when it goes wrong, this is the level of knowledge the role needs.

Directors & senior managers

Leaders accountable for how the organisation adopts AI and for the risk it carries.

Department & operations managers

Managers whose teams already use AI tools day to day, approved or not.

HR managers

People teams handling AI in recruitment, performance and employee relations.

Compliance & data protection leads

DPOs and compliance officers adding AI to their oversight remit.

IT & information security leads

Those who approve tools, configure them and manage the data they touch.

Business owners

SME owners who need one person in the business to properly own AI risk.

No technical background is required. The course explains AI in plain business terms and focuses on decisions, controls and evidence rather than the technology itself. Businesses training several managers can use volume licensing with consolidated invoicing and completion tracking, with seat prices reducing as team size grows.

Assessment

How it’s assessed

The course is assessed by a single online multiple choice test taken after the modules. It can be retaken as many times as you need at no extra cost.

End-of-course assessment

FormatMultiple choice
Questions25 MCQs
Pass mark80%
MarkingInstant, automated
ResitsUnlimited, free

Study details

Study time6–8 hours
Access period12 months
Delivery100% online
DeviceAny, phone, tablet, PC
CertificateInstant on passing

You can pause and resume at any point, and your progress is saved automatically. There is no time limit on the assessment itself.

Certification

Your CPD-certified certificate

Level 3 AI Governance for Managers and Supervisors — CPD Certified

On passing the assessment, your CPD certified digital certificate is available to download and print immediately, with your name, the course title and the completion date. It is dated, named evidence that the people directing AI use in your business are trained to do it, the kind of record that supports your accountability obligations under UK GDPR and your AI literacy duty under the EU AI Act. We recommend refresher training every two years, or sooner given the pace of change in AI regulation.

CPD Certified
Instant download
Supports GDPR accountability
Refresher recommended every 2 years

FAQs

Questions people often ask

Does the EU AI Act even apply to a UK business?
It can. The EU AI Act applies to organisations outside the EU when their AI systems are placed on the EU market or their output is used in the EU, so UK businesses with EU customers, EU operations or EU-facing services are often in scope. Even where it does not apply, UK regulators expect existing law, including UK GDPR and the Equality Act, to be met whenever AI is used, and the course covers both regimes so you can judge your own position.
Is this course technical? Do I need to understand how AI models work?
No. This is a governance course, not a technical one. You will learn what AI tools do at the level a decision-maker needs, and then spend most of the course on risk assessment, policy, procurement, oversight and records. If you can manage a team or a budget, you can manage this material.
We already have an IT acceptable use policy. Do we really need an AI policy?
Usually yes. Acceptable use policies written before generative AI rarely answer the questions staff actually have: which tools can I use, what can I paste into them, do I have to say when I used one, and who approves a new tool. The course includes a full module on writing an AI use policy, and you can build yours as you work through it.
How long do I get to complete it?
You have twelve months of access from the day you enrol. The material takes most people six to eight hours in total, which you can spread across as many sessions as you like. Your progress is saved automatically, so you can stop and pick up where you left off.
What happens if I fail the assessment?
You can retake it as many times as you need at no extra cost. There is no time limit on the test itself, and you can go back through the modules before trying again. The pass mark is 80 percent.
What other training pairs well with this?
For your wider workforce, pair this with our Safe Use of AI at Work staff course and AI-Enabled Fraud and Deepfake Awareness, which together cover the everyday behaviours your policy will require. If your organisation handles significant personal data, AI, Data Protection and UK GDPR goes deeper on the data side. Ask us about bundle pricing for whole organisation rollouts.
Get 10% OFF All Products!

Special Offer!

Exclusive Discount

10% OFF

Use code NCT10 at checkout

*Valid on all products. Does not include examination resits.

X
X