AI governance training for New Zealand directors and executives.

Aotearoa has no dedicated AI legislation. 76% of New Zealand leaders are already prioritising AI agents across their organisations. The Companies Act 1993, Privacy Act 2020, and Treaty of Waitangi create binding obligations that apply to every system you operate today. We equip directors and executives to lead with confidence.

View training modules

Built for

Directors & C-suite Crown entity boards Public service chief executives NZX-listed company directors IoD members
We teach against: Companies Act 1993 ss 131-138 / Privacy Act 2020 / Public Service AI Framework / Te Tiriti o Waitangi / OECD AI Principles / NZX Corporate Governance Code

The awareness gap is a governance risk.

New Zealand was the last OECD country to publish a National AI Strategy in July 2025. 25% of leaders say governance is the "missing link" in their digital transformation efforts. 81% want artificial intelligence regulation, only 6% can identify what rules already exist.

  1. 01
    Personal liability

    Director liability already covers AI.

    Without dedicated AI legislation, businesses must interpret existing law through governance frameworks. The Companies Act 1993 imposes personal liability on directors under sections 131-138 for failures of care and diligence, including failure to oversee emerging technology risks. The Privacy Act 2020 applies its 13 Information Privacy Principles to every automated decision. The Health Information Privacy Code 2020 governs AI in healthcare. We help leaders translate these obligations into practical steps their teams can follow.

  2. 02
    Constitutional obligation

    Treaty of Waitangi obligations extend to AI.

    Te Tiriti o Waitangi creates constitutional obligations for how AI systems collect, process, and use data relating to M膩ori. The concepts of kaitiakitanga and tino rangatiratanga demand that organisations approach M膩ori data governance with genuine partnership, not tokenistic compliance. Leaders across both government and the private sector must understand M膩ori data sovereignty, data as a taonga, and how Treaty principles shape responsible innovation in te ao M膩ori.

  3. 03
    Active scrutiny

    Regulators are already watching.

    The FMA expects financial services firms to govern AI-driven advice and lending decisions with the same rigour as human decision-making. The RBNZ is scrutinising AI in credit risk models and expects operational resilience across all technology-dependent processes. The Office of the Privacy Commissioner has signalled enforcement on automated decision-making without transparency. These regulators are not waiting for dedicated legislation.

Leadership governance training vs staff AI literacy.

Your board does not need to build a machine learning model. They need to understand which governance strategies to adopt, which risks to escalate, and where personal liability sits under the Companies Act 1993.

Staff literacy

For the general workforce

  • Safe use of generative AI tools at work.
  • Protecting personal and organisational data under Privacy Act 2020.
  • Recognising AI-generated content, hallucinations, and bias.
  • Productivity gains and workflow integration.
  • Following the organisation's AI acceptable use policy.
View staff training

Leadership governance

For directors and executives

  • Companies Act 1993 director duties applied to AI governance.
  • Privacy Act 2020 compliance: 13 Principles for automated decisions.
  • Treaty of Waitangi obligations and M膩ori data governance frameworks.
  • FMA and RBNZ regulatory expectations and risk management strategies.
  • Public Service AI Framework and OECD AI Principles implementation.

Leadership training modules built for Aotearoa.

Five targeted modules addressing specific governance challenges New Zealand organisations face. Delivered on-site or virtually. Each module stands alone or combines into a comprehensive programme.

Module 1 路 4 hrs

AI governance fundamentals

The foundation module for any leader who needs to understand what AI governance means in a country without dedicated AI legislation. How existing NZ law applies to AI systems, where the governance gaps create risk, and what responsible oversight looks like in practice.

  • What AI governance means for NZ organisations and why it matters now.
  • The NZ regulatory patchwork: mapping existing compliance obligations to AI risk management.
  • AI risk categories: operational, reputational, legal, and ethical.
  • National AI Strategy, Algorithm Charter, and OECD AI Principles.
  • Building governance when there is no prescriptive law.

For: all leaders. Format: on-site or virtual.

Module 2 路 8 hrs

Executive and board AI governance

Designed for directors and C-suite executives who carry personal liability under the Companies Act 1993. Sections 131-138 director duties as they apply to AI decisions, NZX Corporate Governance Code reporting expectations, and the oversight practices boards must adopt.

  • Companies Act 1993 ss 131-138: duty of care, good faith, and reckless trading applied to AI.
  • Personal liability scenarios: when AI failures become director compliance failures.
  • Board committee structures and governance frameworks for AI oversight.
  • NZX Corporate Governance Code reporting on technology governance.
  • The 20 questions every board should ask their team about AI strategies and risk exposure.
  • Documenting AI governance for annual reporting and IoD expectations.

For: directors, C-suite. Format: on-site or virtual.

Module 3 路 8 hrs

Public Service AI Framework

For government chief executives, deputy secretaries, and senior public servants responsible for implementing the Public Service AI Framework. Framework principles translated into operational governance, procurement decisions, and citizen-facing deployment approaches.

  • Public Service AI Framework principles, compliance requirements, and accountability structures.
  • Treaty of Waitangi obligations in government AI: partnership, protection, M膩ori data governance.
  • AI procurement governance: risk management frameworks for vendor assessment.
  • Transparency, accountability, and public trust in automated government decisions.
  • Equity impact assessments and OECD AI Principles for AI affecting diverse communities.
  • Lessons from NZ government AI deployments: approaches that worked and failures to avoid.

For: public sector leaders. Format: on-site or virtual.

Module 4 路 4 hrs

Privacy Act 2020 compliance for AI

A deep dive into how the Privacy Act 2020 and its 13 Information Privacy Principles apply to AI systems across NZ organisations. Collection limitations, purpose constraints, cross-border data transfers, and the Office of the Privacy Commissioner's expectations for automated decision-making transparency.

  • All 13 Information Privacy Principles mapped to AI use cases.
  • IPP 1-4: lawful collection and purpose limitation strategies for training data.
  • IPP 6: access rights and compliance obligations when AI makes decisions about individuals.
  • Cross-border data transfer governance for cloud-hosted AI models (IPP 12).
  • Health Information Privacy Code 2020: additional obligations for healthcare AI.
  • Privacy Impact Assessments for AI: when and how your team should conduct them.

For: all sectors. Format: on-site or virtual.

Module 5 路 4 hrs

M膩ori data governance, Te Tiriti, and AI

Unique to Aotearoa. The intersection of Te Tiriti o Waitangi, M膩ori data sovereignty, and AI governance. An area where no other country's frameworks can guide New Zealand organisations.

  • Te Tiriti principles applied to AI: partnership, protection, participation.
  • M膩ori data sovereignty: data as a taonga, collective rights, tino rangatiratanga.
  • Engagement strategies with iwi and hap奴 on AI systems affecting M膩ori communities.
  • Bias, fairness, and risk management: preventing disproportionate harm to M膩ori through AI.
  • Governance that honours kaitiakitanga in data stewardship and AI adoption.
  • Practical steps for incorporating Treaty of Waitangi obligations into AI policy.

For: all sectors. Format: on-site or virtual.

Built for the NZ regulatory environment.

Most AI governance training assumes a dedicated AI Act exists. Aotearoa has no such legislation. We teach leaders how to apply existing law to AI decisions their organisations are making right now.

Existing law, not hypothetical legislation

We teach leaders how to apply the Companies Act 1993, Privacy Act 2020, HIPC 2020, and sector regulations to AI decisions their organisations are making right now. Frameworks grounded in enforceable obligations, not speculative future rules.

Sector-specific strategies

Financial services leaders receive FMA and RBNZ-focused governance strategies. Healthcare leaders work with HIPC compliance scenarios. Government leaders train on Public Service AI Framework implementation and Treaty of Waitangi obligations. Every module reflects how organisations in Aotearoa operate.

Actionable governance frameworks

Participants receive board question frameworks, AI governance policy templates, risk management checklists, and compliance documentation suitable for NZX annual reporting or IoD governance reviews. Practical tools your organisation can deploy the following week.

Which leaders should attend.

The Companies Act 1993 director duty of care applies across sectors. The specific obligations layered on top vary by regulator.

01

Government and public sector leaders

Public service chief executives, deputy secretaries and tier-two leaders, Crown entity board members, local government executives, and government chief digital officers and innovation leads.

02

Financial services organisations

Bank and insurer board directors, FMA-licensed financial advice providers adopting AI, chief risk officers and compliance leads, KiwiSaver and fund manager executives, and RBNZ-regulated entity senior management.

03

Healthcare, education, and other businesses

Te Whatu Ora board members governing AI in clinical settings, NZX-listed company directors seeking governance frameworks for AI, university and polytechnic leadership teams, infrastructure and energy sector executives, and IoD members seeking specialist AI governance competence.

Common questions.

If NZ has no AI-specific law, why do our leaders need AI governance training?

Because existing laws already create binding compliance obligations. The Companies Act 1993 holds directors personally liable for failures of care and diligence, including failure to oversee emerging technology risks. The Privacy Act 2020 governs automated decisions about individuals. The FMA expects financial services businesses to govern AI-driven advice and lending. The RBNZ expects operational resilience across all technology-dependent processes. The absence of a dedicated AI Act does not reduce your obligations; it makes them harder to interpret without specialist guidance.

How does the Treaty of Waitangi affect our organisation's AI governance strategies?

Te Tiriti o Waitangi creates constitutional obligations around how data relating to M膩ori is collected, stored, and used in AI systems. Partnership, protection, and participation principles, along with concepts like kaitiakitanga and M膩ori data governance, apply to every AI decision that affects M膩ori communities. For government agencies, the Public Service AI Framework explicitly requires Treaty consideration. For private sector businesses, failing to address these obligations creates legal, reputational, and ethical risk. Our programmes help your team develop governance that honours these obligations substantively.

We are a financial services organisation. What modules are relevant?

Module 2 (Executive and Board AI Governance) covers Companies Act 1993 director liability directly relevant to financial services businesses. We tailor content around FMA conduct expectations for AI-driven financial advice, RBNZ expectations for AI in credit risk modelling and operational resilience, and the anti-money laundering compliance implications of AI-based customer screening. Financial services leaders typically combine Module 1, Module 2, and Module 4 for comprehensive governance frameworks.

Can modules be combined into a custom programme?

Yes. Most organisations combine two or three modules into a one- or two-day programme tailored to their sector, governance maturity, and AI priorities. Most government engagements combine Modules 1, 3, and 5 to address Public Service AI Framework and Treaty of Waitangi obligations. Financial services businesses typically combine Modules 1, 2, and 4 for comprehensive FMA and RBNZ compliance coverage. We also deliver individual modules as standalone sessions for board strategy days, committee meetings, or leadership team workshops.

What governance frameworks and documentation do participants receive?

Every participant receives a completion certificate, a summary of key compliance obligations covered, and practical toolkits including board question frameworks, risk management assessment templates, and AI governance policy drafting guides. These materials support NZX Corporate Governance Code reporting, IoD governance reviews, and internal board documentation. Organisations also receive an AI governance maturity assessment benchmarked against OECD AI Principles and NZ-specific regulatory expectations.

Equip your leadership team with AI governance expertise.

Your directors already carry personal liability under the Companies Act 1993. The Office of the Privacy Commissioner is already enforcing Privacy Act 2020 obligations. The FMA, RBNZ, and Public Service AI Framework are already shaping compliance expectations. We deliver the training your team needs to close the gap before it becomes a regulatory failure.

Or view staff training

Get in Touch