Let’s Talk about CAIO

A few weeks ago, before all hell broke loose on the new ISO 19650, I talked about the Italian attempt at proposing codified professional profiles when it comes to Artificial Intelligence through a technical norm (UNI 11621-8: 2026). Though we all know this will result in useless certifications as it happened with BIM, and I care jack shit about people pursuing that, I still think the norm offers valuable insights on the skills that are needed in the market, and that it’s worth taking a look. After studying it for a while, today I’d like to take a look at the Chief AI Officer (called CAIO, which is funny in Italian because it’s like taking a guy who’s a Decorative Upholstery Designing Engineer and calling him DUDE).

Governance of Artificial Intelligence and the new Officer in town

1. Introduction: the need for CAIO

Every technological season brings its own senior leadership roles, like pears or loquats and, exactly like those, some of them might be easier to ripen and harvest than the others: in the 90s, as organisations began to rely systematically on information technology, the Chief Information Officer emerged; in the following decade, with the spread of the internet and distributed systems, the Chief Technology Officer was needed. In the 2000s, the proliferation of data as a strategic resource led to the emergence of the Chief Data Officer. Today, as artificial intelligence permeates every aspect of business operations, there’s apparently the need for a new role: the Chief AI Officer.

If you remember, there was a report by Gartner a good ten years ago, explaining the differentiation of these professions, from the IT guy to the Chief Information Officer, and how the need for this role was a direct consequence of the world’s increasing complexity. I mention it often, see here for instance, because it’s a good guideline when we try to understand whether some new professional roles, like the BIM Manager, are transitional or here to stay. But I digress.

As we were seeing, the UNI 11621-8 standard from April is the first national technical-regulatory document to formally define this role, placing it within a coherent system of twelve professional profiles dedicated to the AI sector. It’s worth reminding that this is not a regulation in the legal sense — the standard applies to professional activities not regulated under Law 4/2013 — but rather a voluntary codification with significant practical implications: it guides the upskilling of individuals, provides a reference for hiring, and indirectly promotes the structuring of the market around a shared definition.

To understand why this figure has emerged at this particular moment, we need to look at three converging pressures.

1. Regulatory pressure. EU Regulation 2024/1689, better known as the AI Act, came into effect back in 2024 and imposes a series of specific obligations on organisations that develop or use high-risk AI systems: impact assessments, system registries, human oversight, and transparency toward users. Fulfilling these obligations is not a task that can be delegated to a legal department or a technical team without strategic coordination. Someone is needed to translate regulatory requirements into organisational processes, monitor them over time, and report on them to senior management and regulators. The UNI 11621-8 standard explicitly addresses this need: the Chief AI Officer is described as responsible for compliance with the AI Act and the UNI CEI ISO/IEC 42001 management standard, with duties that include publishing statements of compliance prior to the deployment of each system.
2. Organisational pressure. Companies that adopted AI on a significant scale have faced a widespread governance challenge: AI projects originate in data science teams, infrastructure is managed by IT, ethical and legal risks fall to Legal and Compliance, computational costs impact the CFO in an often unpredicted way, and external communication involves Marketing. The result is often fragmentation, where no one has a big-picture view and accountability is scattered. The Chief AI Officer is the organisational response to this fragmentation: a role that doesn’t replace existing functions but coordinates them, maintains a portfolio view of AI initiatives, and reports on them in a unified manner to senior management.
3. Pressure from the market. The regulation itself acknowledges in its introduction that “today’s market demands these new professional roles.” In the past (and presently, if I may add) we saw organisations seeking AI specialists for vertical applications — AI for healthcare, finance, and Industry 4.0 — without feeling the need for a cross-functional governance role. The spread of generative AI and its pervasiveness across all business processes have changed this logic. It is no longer enough to have skilled technicians; we need someone to strategically govern the whole. Does it sound familiar?

These three pressures converge in a professional profile that the regulation describes with unusual ambition and detail: the Chief AI Officer isn’t simply a technology manager with additional expertise in Artificial Intelligence, but a role that must be able to operate simultaneously on the strategic, technical, legal-regulatory, ethical, and communicative levels. A combination that, as we will see, poses significant training challenges and raises some critical questions about the actual availability of individuals capable of fully meeting the profile as outlined by the standard.

2. Who’s CAIO: definition, mission and expected results

2.1. Synthetic Definition and Mission

The technical standard introduces the role of Chief AI Officer with a concise definition that is worth reading in its entirety, as it summarises in just a few lines the expectations that the document will later elaborate in detail. Loosely translated, the Chief AI Officer is described as the person responsible for “technological decisions and for defining and overseeing the organization’s artificial intelligence strategy, ensuring the integration and implementation of innovative and secure AI solutions,” with the task of guiding “the governance and risk management of AI technologies, ensuring they are integrated into business processes in compliance with applicable legislation and best practices regarding transparency, traceability, and ethical management.”

Three words recur with intended frequency:

• governance;
• transparency;
• ethics.

These three concepts define the Chief AI Officer’s mission in very precise terms, not as a role that develops technology or manages it operationally, but as one that is accountable for it. This distinction is fundamental. The Chief AI Officer doesn’t write code, train models, or build data pipelines, just as much as the BIM Manager doesn’t model nor they perform clash detection. Instead, they ensure that those who do so operate within a framework of shared rules, responsibilities, and values, and they account for this framework externally, to the Board of Directors, to regulators, and to end users.

The mission, as defined by the regulation, has two inseparable components:

1. A technical and strategic component: “to ensure the secure and effective integration of artificial intelligence solutions into business processes.”
2. An ethical and institutional component: “to implement methods for auditability, traceability, and human oversight, as required by best practices for trustworthy AI governance.”

The standard, even in Italian, uses the term “trustworthy AI” — an artificial intelligence worthy of trust — which refers directly to the European framework developed by ENISA and incorporated into the AI Act. The Chief AI Officer, in other words, is the organisational guarantor of the trustworthiness of the organisation’s AI systems.

2.2 The expected results: the R/E/C model

The standard outlines the expected outcomes of the CAIO using a three-column model that distinguishes between what the Chief AI Officer is ultimately Responsible for (R), what they perform directly or Execute (E), and what they Contribute to in collaboration with others (C). This framework reveals a great deal about the logic behind the role.

2.2.1. Responsibilities

The Chief AI Officer’s primary responsibilities — those for which they are personally accountable — include:

• the AI strategy and the portfolio of initiatives aligned with the business plan (R01);
• the AI governance framework, including policies, roles, the RACI matrix, and processes (R02);
• compliance with the AI Act and UNI CEI ISO/IEC 42001 (R03);
• AI risk management and security (R04);
• transparency and accountability through the corporate register of AI systems and reports to the Board of Directors (R05);
• the sustainability and economic efficiency of AI, also measured in terms of energy consumption and CO₂ (R06);
• the development of organisational capabilities, from training to AI culture (R07).

This list covers nearly every aspect of an organisation’s operations that uses AI. The Chief AI Officer’s direct responsibilities, however, are more limited: issuing and updating policies and procedures, managing the Governance and Ethics Committee, validating impact assessments, approving critical risk mitigation plans, initiating and overseeing audits, and producing periodic reports to the Board of Directors. These are decision-making and oversight activities, not operational execution.

2.2.2. Contributions

The Contributions column illustrates the network of relationships that the Chief AI Officer must be able to manage: alignment with the Chief Information Officer (CIO), the Chief Technical Officer (CTO), the Chief Data Officer (CDO), the Chief Digital Fuffa Officer (CDFO), Legal, and HR; collaboration with the Chief Financial Officer (CFO) and Project Management on budgeting; engagement with users and customers regarding transparency; and governance of AI vendors. Possibly with a whip, I think. In this representation, the Chief AI Officer is a connector rather than a direct leader: their value lies in their ability to bring together different perspectives and translate them into coherent governance.

2.3. The Accountabillity Horizon

One aspect that the regulation addresses in detail — and which has practical implications for those involved in training this role — is the variety of stakeholders to whom the CAIO is accountable.

Internally, they report to the Board of Directors, with periodic reports that the standard requires to be accompanied by a “closed action log:” it is not enough to simply report; it must be demonstrated that the planned actions have actually been undertaken. They also report to their C-suite colleagues, with whom they must maintain continuous alignment. They report to the organization’s human resources department too, the poor things, ensuring training and development programs for AI literacy.

Externally, the Chief AI Officer is accountable to regulators — through logs, documentation, and statements of compliance — and to end users, ensuring that the decisions produced by AI systems are accompanied by understandable explanations. The standard explicitly states that these explanations must be “non-technical”: the Chief AI Officer cannot delegate communication with users to the model’s developers but must be able to provide explanations in an accessible manner.

3. But didn’t we already have a CAIO? Similarities and differences with existing figures

3.1. A problem of boundaries

When a new professional role emerges, the first question organizations ask is a practical one: wasn’t there already someone doing these things? In the case of the Chief AI Officer, the question is legitimate, because the responsibilities assigned to them by the regulation overlap, at least in part, with those of roles that have existed for years in more structured organizations. Understanding where the Chief Information Officer’s scope ends and the Chief AI Officer’s begins, or what distinguishes them from the Data Protection Officer when both deal with regulatory compliance, is not an academic exercise: it is a concrete organizational issue that anyone hiring or training this role must be able to address.

The regulation addresses the issue only indirectly, through the matrix of contributions (column C) that lists the C-suite colleagues with whom the Chief AI Officer must align. The fact that these are counterparts rather than subordinates already says something about the logic of the role: the Chief AI Officer does not replace them, but coordinates them within a specific scope. But the distinction deserves to be made explicit.

Let’s see a couple of them.

3.2. Chief AI Officer and Chief Information Officer: same governance, different subject

The Chief Information Officer is the role with which the Chief AI Officer has the most obvious overlap: both are responsible for technology governance, both report to senior management, and both manage portfolios of technology initiatives. The difference lies in the scope and depth of the ethical and regulatory implications.

The Chief Information Officer oversees IT as a whole: infrastructure, applications, security, and business continuity. For them, AI is one of the technological areas to manage, but not necessarily the primary one. The Chief AI Officer governs AI systems exclusively, but does so with a level of attention to ethical, social, and regulatory impacts that’s unprecedented for the Chief Information Officer and that traditional figures in that role haven’t been trained to manage. Algorithmic impact assessment, human oversight of automated decision-making systems, and the publication of statements of compliance with the AI Act: these are tasks that require skills that go far beyond traditional IT management.

In many organizations, particularly medium-sized ones, the Chief AI Officer will likely serve as an additional function of the existing Chief Information Officer rather than a separate role, but this means they will need upskilling and additional training in areas they aren’t traditionally prepared to cover. The standard does not explicitly address this, but the correlation proposed in Appendix C — which links the Chief AI Officer to the Chief Information Officer as a corresponding second-generation profile — suggests a genealogical continuity rather than a clear separation.

3.3. Chief AI Officer and Chief Technology Officer: strategy vs. engineering

The Chief Technology Officer has a different focus: they are typically more involved in technological development, system architecture, and platform decisions. In technology companies, the CTO is often a senior engineer who has moved into a managerial role. The Chief AI Officer, as defined by regulations, is not this type of role: they do not select machine learning frameworks, do not oversee model engineering, and do not decide on deployment architectures.

What the Chief AI Officer shares with the CTO is a focus on technology as a strategic lever. The difference is that the CTO optimizes technology choices for performance and scalability, while the Chief AI Officer also evaluates them for regulatory compliance, ethical impact, and sustainability. In a mature organization, the two roles complement each other: the CTO decides how to build AI systems, while the Chief AI Officer decides whether and how to deploy them in compliance with the rules of the game.

3.4. Chief AI Officer and Chief Data Officer: data vs. systems

The Chief Data Officer manages data as a strategic asset: quality, source, cataloguing, governance, and privacy. This role overlaps significantly with that of the Chief AI Officer, because AI systems depend on data, and many of the new responsibilities — from the traceability of training datasets to consent management, from GDPR compliance to interoperability — are also typical responsibilities of the Chief Data Officer.

The practical distinction is that the Chief Data Officer is responsible for the data itself, regardless of how it is used, while the Chief AI Officer is specifically responsible for the AI systems that use that data to generate automated decisions. In an organization where data powers pervasive decision-making models, the two roles must work in close coordination to avoid both duplication and gray areas.

3.5. Chief AI Officer and Data Protection Officer: same compliance, different angles

The Data Protection Officer is a mandatory function for many organizations under the GDPR, with specific expertise in personal data protection. Their responsibilities include conducting data protection impact assessments (DPIAs), handling requests from data subjects, and monitoring compliance with the GDPR.

Under the AI Act, the responsibilities of the Data Protection Officer and those of the Chief AI Officer are becoming dangerously intertwined. High-risk AI systems require both a DPIA (DPO’s responsibility) and an algorithmic impact assessment (Chief AI Officer’s responsibility). The regulation assigns the Chief AI Officer the responsibility to “validate DPIA/AIA and impact registers” (E03), which implies close collaboration with the DPO, but also a potential overlap of responsibilities.

One of the ways to solve this overlap is by focusing on a difference in perspective: the Data Protection Officer safeguards individuals’ rights regarding the processing of personal data, while the Chief AI Officer oversees the overall impact of AI systems on the organization and its stakeholders. The former takes a more legal approach, while the latter adopts a more strategic and systemic perspective. In practice, in organizations that do not yet have a Chief AI Officer, it is often the Data Protection Officer who ends up managing AI governance issues by default, with all the limitations of an implicit delegation to a role that was not designed for this purpose. So beware of that.

3.6. Chief AI Officer and Chief Information Security Officer: security as a subsystem

The Chief Information Security Officer is often responsible for the security of IT systems: vulnerability management, incident response, access control, and business continuity. With AI, security takes on new dimensions — adversarial attacks on models, data poisoning, and model stealing — that the traditional Security Officer does not necessarily have a firm grasp on.

The technical norm assigns responsibility for AI risk and security management (R04) to the Chief AI Officer, including activities such as red-teaming and incident management. However, the same standard includes a dedicated role for the AI Security Specialist (Figure 9), suggesting that AI security is a specialized domain that the Chief AI Officer oversees but does not necessarily execute. In other words, the Chief AI Officer establishes security policies, oversees red-teaming, and approves mitigation plans; the AI Security Specialist implements them operationally.

3.7. Synthesis: the Chief AI Officer as an Integration Role

When we put these comparisons together, the coherent picture emerging is that the Chief AI Officer isn’t simply the sum of what the other Cs are doing, just focused on AI. A role would be unrealistic to even describe. Rather, it is an integration role: it bridges the gap between these functions when it comes to AI, ensuring that none of the risks typical of that domain fall into the gap in responsibility between one role and another.

As an educator such as myself, this has a direct implication for training. Upskilling someone to become a Chief AI Officer doesn’t mean training someone who can do everything that the roles listed above do in the field of AI, because that would be either impossible or the profile of a genius that woluldn’t come to work for your company. It means training someone who can coordinate different aspects, who understands each domain well enough to ask the right questions, and who has the communication and organizational skills to translate the answers into effective governance. It is a T-shaped profile in the extreme sense: very broad in scope, with selective depth in the areas of governance, risk, and regulatory compliance.

The question that remains unanswered — and which the regulation alone cannot resolve — is whether this skill set can realistically be acquired through structured training programs, or whether it is destined to remain the preserve of professionals who develop it through experience over the course of a long and varied career. We will return to this question in the section on training. And the answe isn’t going to be in black and white.

4. CAIO’s main tasks in practice

The standard lists thirteen main tasks of the Chief AI Officer, numbered CP01 through CP13. Taken individually, each of them might seem like the description of a standalone role. Taken together, they paint a picture of a professional working across five distinct thematic areas, each with its own logic and specific skill requirements.

Let’s take a look at them.

4.1. Strategy and Roadmapping

The first task (CP01) is to define the AI strategy and roadmap. This is not about operational planning, but rather about aligning the organization’s AI ambitions with its overall business plan. The Chief AI Officer must determine which AI initiatives are worth pursuing, in what order, with what resources, and over what timeframe.

Linked to this is CP07, dedicated to portfolio and value management: prioritizing initiatives based on expected value, risk, and dependencies, with a stage-gate system that allows for deciding when to proceed, slow down, or halt a project. It is a task that requires familiarity with portfolio management methodologies but applied to a domain where technical uncertainty and regulatory volatility are structurally higher than in other IT areas.

A question arises, regarding to this: looking at the e-competencies assigned to the Chief AI Officer, there is a significant lack of any competencies related to generative innovation, so who’s supposed to develop or propose the AI initiatives the Chief AI Officer is supposed to evaluate into a roadmap? A.1 concerns strategic alignment, not ideation. None of the five assigned competencies corresponds to an innovation scouting or demand management profile.

Unfortunately, the only role in the technical standard that aligns with this area: the damn AI Consultant, whose responsibilities include “analysing business needs and identifying opportunities for AI deployment” (CP01) and “developing AI strategies in line with business objectives and ethical principles” (CP03). This is the role that, at least in part, could fuel the pipeline of initiatives that the CAIO then oversees. I can’t overstate how much I don’t like this approach: the generation of innovative initiatives might come from the outside, from auditing for instance, but should also be fostered on the inside.

4.2. Governance and Policy

Three tasks directly concern the establishment and maintenance of the AI governance system. CP02 calls for the establishment of a governance framework using a RACI matrix — the one ISO 19650 doesn’t like, for some reason — stating who is responsible for what, who approves, who is consulted, and who is informed. CP03 requires the development of policies and operational procedures for data, models, MLOps, and the acceptable use of generative AI. CP04 assigns the Chief AI Officer the chairmanship of the Ethics and Governance Committee, with the task of documenting decisions made regarding each AI system.

This cluster of tasks is perhaps the furthest removed from traditional technical training. Building a RACI matrix for AI systems is not an engineering problem but an organizational one that requires process analysis skills, an understanding of internal power dynamics, and negotiation skills. Chairing an ethics committee requires skills in facilitation and managing conflict between different perspectives — technical, legal, and business — which are rarely taught in computer science or data science degree programs.

4.3. Conformity, risk and security

Tasks CP05 and CP06 cover regulatory compliance and risk management, respectively. Compliance readiness with the AI Act and UNI CEI ISO/IEC 42001 (CP05) includes the ability to prepare for audits — both internal and external — and to keep the necessary documentation up to date. Risk management (CP06) includes the risk management framework, incident management, and red-teaming (as we have seen, simulating adversarial attacks to test the robustness of AI systems prior to deployment).

CP12, which focuses on post-market monitoring and continuous improvement, brings the process full circle: AI systems are not evaluated just once before release, but are monitored in production through telemetry and drift detection. The Chief AI Officer must implement PDCA cycles — Plan, Do, Check, Act — to ensure that security and governance measures are continuously updated over time.

These tasks have a specific implication when it comes to training: the Chief AI Officer must understand the structure of the main risk management frameworks (NIST AI RMF, ISO 31000) and know how to translate them into concrete operational processes. They do not need to know how to apply them technically in detail — that is what specialists are for — but they must understand them well enough to manage them. And that’s something they have in common with the BIM Manager, in my opinion.

4.4. Sustainability and Cost Management

Two responsibilities address areas that, until just a few years ago, would have seemed unrelated to a technology governance role. CP08 covers Sustainability and Financial Operations (FinOps) for AI: the Chief AI Officer must monitor the energy consumption and CO₂ emissions of AI systems, establish efficiency thresholds, and optimize the Total Cost of Ownership. There’s no mention on how to do it, since most vendors aren’t transparent on that data. CP09, along these lines, addresses the governance of AI vendors: technical and legal due diligence on vendors, the definition of Service Level Agreements, and contractual clauses regarding transparency and security.

The inclusion of environmental sustainability among the primary responsibilities of an ICT governance role represents a significant regulatory development. AI systems — especially those based on large-scale models — have a significant energy impact, and the regulation does not treat this impact as an externality to be ignored, but as a direct responsibility Officer in charge. For those designing training programs, this means that the Environmental, Social, and Governance dimension cannot be relegated to an optional module but need to be an integral part of the role.

4.5. Transparency, Communication and Organisational Culture

The last three tasks of the Chief AI Officer pertain to the softer aspects of the role, but they are no less critical for that. CP10 concerns transparency and reporting: maintaining the company’s AI registry, producing Model Cards for each system, and providing periodic reports to the Board of Directors. CP11 addresses change management, training, and AI culture: the Chief AI Officer must analyse the organization’s training needs, design AI literacy programs, establish communities of practice, and measure the effectiveness of training initiatives.

CP13 is the most unusual item on the list: the Chief AI Officer must publish an annual report on the ethical and social impact of AI, aligned with recognised frameworks such as ALTAI (Assessment List for Trustworthy AI) and IEEE 7000. This is a public document, not an internal one, that accounts for the decisions made and their effects on the broader community. This task brings the Chief AI Officer closer to the logic of corporate sustainability reporting — ESG reports — rather than that of traditional IT governance. And it’s huge.

4.6. The PDCA cycle as fil-rouge

When reading the thirteen tasks as a whole, a cyclical logic emerges that the regulation explicitly refers to as the PDCA cycle: planning of strategy and policies (Plan), implementation of governance and compliance systems (Do), verification through audits and continuous monitoring (Check), and corrective action based on the results (Act). The Chief AI Officer is not a role that performs one-time tasks: it is a role that maintains a governance system that, by definition, must evolve with technology, the regulatory environment, and emerging risks.

This cyclical nature has implications for training that go beyond content, as a Chief AI Officer needs to have the capacity for continuous learning, and the willingness to update one’s frame of reference when technology or rules change. In a field that evolves at the speed of AI, this meta-skill is likely to be more enduring and more valuable than any specific content.

5. Key Competencies

The Chief AI Officer competency framework includes nineteen skills (coded S001 through S019) and fourteen knowledge areas (K001 through K014). It is the most extensive catalogue among all twelve profiles in the standard, which reflects the breadth of the role but also raises a legitimate question: is it realistic to expect a single person to master all of this? Before answering, it is worth understanding how the catalogue is organized and what its implicit priorities are.

The competencies are divided into three main clusters, which correspond to the three fundamental pillars of the role: governance and compliance, risk management and monitoring, and communication and explainability. This is not an explicit three-way division in the standard, but it emerges clearly from reading the descriptions, in my opinion, so I’ll adopt this lens to dive further down.

5.1. The Governance and Compliance Cluster

The core of a Chief AI Officer’s competencies centers on building and maintaining the AI governance framework. S001 — “AI Strategy & Policy Governance” — requires the ability to define and maintain the corporate AI strategy, aligning ambitions, principles, and priorities with the business plan. S002 develops policies, standards, and operational guidelines for data, models, and MLOps, ensuring compliance with applicable legislation. S003 addresses data governance for AI: quality, provenance, privacy, and the responsible use of training data.

In terms of knowledge, K002 requires a thorough understanding of current legislation — the AI Act, GDPR, and UNI CEI ISO/IEC 42001 — as well as the ability to translate legal requirements into verifiable operational controls. K005 covers AI governance structures: RACI, ethics committees, decision-making chains, AI Registries, and Model Cards. K010 addresses legal and contractual liabilities: civil and criminal liability, contractual allocation of risks, and intellectual property protection.

This cluster most closely resembles the profile of a corporate lawyer specializing in technology, but with one key difference: a Chief AI Officer doesn’t need to know how to draft contracts or provide legal opinions, but they must understand the legal implications well enough to ask the right questions and to assess whether the answers they receive are actionable. It is an interface role, not a legal practice role. Again, this is an approach that can teach us a lot about the BIM Manager, who’s currently required to draft the “BIM sections” of contracts.

5.2. The Risk Monitoring and Risk Management Cluster

The second cluster concerns the ability to identify, assess, and manage risks associated with AI systems throughout their entire lifecycle. S004 — “AI Risk Assessment & Compliance Planning” — requires the ability to conduct risk and compliance assessments by risk class and use case, prioritise mitigation measures, and define action plans with assigned ownership and deadlines. S016 specifically addresses risk, safety, and incident management: establishing the Risk Management Framework, overseeing red-teaming activities, and managing incident response playbooks.

Of particular note is S019 — “Post-market Monitoring & Continuous Improvement” — which requires the ability to establish telemetry and observability systems for models in operation, detect drift and performance degradation, and prioritise remediation and retraining. The standard specifies that this telemetry data must feed into composite governance (GCI) and risk (RSI) indices to guide management decisions.

In terms of knowledge, K003 addresses information security for AI — including specific threats such as data poisoning, prompt poisoning, and jailbreaking — while K007 focuses on AI performance metrics: accuracy, robustness, latency, cost, fairness, and security as integrated evaluation dimensions.

This cluster requires familiarity with technical concepts that go beyond governance alone: the Chief AI Officer doesn’t need to know how to implement a telemetry system, but must understand what a drift in data means, why it’s significant, and when it requires action. It’s the difference between knowing how to read a dashboard and knowing how to build one: the Chief AI Officer must be able to do the former, not necessarily the latter.

5.3. The Communication and Explainability Cluster

The third cluster is the most unusual for a technical-managerial profile, and likely the one most overlooked by existing training programs. S009 — “Transparency, Documentation & AI Registry” — requires the ability to structure documentation, Model Cards, and registries to ensure transparency and accountability, but above all to “generate non-technical explanations of AI system output decisions for users and regulators.” The standard goes so far as to specify that these explanations must be supported by standardized templates, interactive dashboards, and narrative reports tailored to different audiences.

S012 — “Reporting & Stakeholder Engagement” — requires the ability to produce periodic reports for the Board of Directors that include key indicators and action logs, ensure transparency toward users and regulators, and link technical evidence to risks, benefits, and strategic decisions. K011 — “Stakeholder Communication, Reporting, and Explainability” — explicitly requires the ability to engage in adaptive communication for diverse audiences, including users, regulators, and top management as recipients with radically different needs.

This cluster involves skills traditionally associated with organisational communication, science journalism, and data visualization, not engineering or IT management, and yet they’ll resonate with many BIM managers out there. A Chief AI Officer who knows everything about risk management but cannot explain to a board of directors why an AI system made a certain decision — in ten minutes and without technical charts — is, by definition, incomplete. And developing this skill requires teaching approaches that are very different from those used for technical content.

5.4. Assigned e-competencies: a coherent yet selective framework

The five e-competences assigned to the Chief AI Officer by the e-CF complete the picture:

• covering the strategic and governance dimension:
  • A.1 (Alignment of IT Strategies with Business Strategies, Level 4);
  • E.9 (Information Technology Governance, Level 5);
• covering the portfolio management dimension:
  • E.2 (Project and Portfolio Management, Level 5);
• covering risk and quality:
  • E.3 (Risk Management, Level 4);
  • E.6 (ICT Quality Management, Level 4).

Two critical observations regarding this framework.

First: all five levels are high — between 4 and 5 on a scale of 5 — which confirms that the Chief AI Officer is intended to be a senior role requiring established experience, not a junior or entry-level position, and the established experience can’t possibly be in AI. It needs to be in governance, risk management frameworks and all the areas we’ve seen so far.

Second: as already noted regarding the duties, there is a complete absence of any competencies related to innovation or ideation. The Chief AI Officer’s e-competencies are all about control and governance, not generation. If we choose to see this not as a flaw in the standard but as a choice consistent with the vision of the role, it still is an aspect that those training this role must keep in mind: the Chief AI Officer isn’t an innovator but a guarantor.

5.6. Is this realistic?

The question this analysis inevitably raises is whether the Chief AI Officer’s comprehensive catalogue of skills and knowledge describes a real-world professional or a regulatory ideal that’s out of touch with the reality of the labour market.

The most honest answer I can give you is: it depends on how you interpret the list. If it is understood that the Chief AI Officer must master every skill and every area of knowledge at the highest level, the profile is unrealistic for anyone. If it is understood that the Officer must have a functional understanding of each area — sufficient to manage it, ask the right questions of specialists, and evaluate the answers — then the profile is challenging but not impossible.

The technical norm itself doesn’t explicitly resolve this ambiguity but the logic of the role — one of integration and coordination, not technical execution — suggests that the second interpretation is the correct one. And this interpretation has direct implications for how training is designed: the goal is not to create a cross-functional super-specialist, but to train someone with a very broad cognitive map and the ability to navigate it judiciously.