HUX AI

Get a demo

AI Governance Toolkit for SMEs

AI Governance Toolkit for SMEs

By Asli Di̇lara Şen, Buse Nazan Taşkin, Deni̇z Albayrak,
Ece Sülüngür, Enes Başbuğ, Tolga Arslan, Zeynep Önal

November 2025

This report provides practical guidance for SMEs on building responsible AI practices that align with ethical, governance, and sustainability goals. Through awareness-based checklists, environmental self-assessment tools, and real-world examples, it helps organisations understand the risks, accountability measures, and environmental impacts of AI systems while fostering transparency, trust, and innovation.

Download full report

AuthorS

Aslı Dilara Şen

Research Fellow

Buse Nazan Tashkin, LL.M.

Research Fellow

DenizAlbayrak, M.Sc.

Research Fellow

Ece Sülüngür, LL.M.

Research Fellow

Enes Başbuğ, M.Sc.

Research Fellow

Tolga Arslan, M.Sc.

Research Fellow

Zeynep Önal, M.Sc., M.A.

Research Fellow

Advisor & Mentor

Dr. Duygu Çakır

Advisor & Editor

Dr. Merve Ayyüce Kızrak

Originally Published
November 2025

Executive Summary

Artificial intelligence (AI) is redefining how organisations innovate and operate by presenting opportunities to work in a more intelligent way, identify opportunities, and have a better understanding of their customers. For small-and medium-sized enterprises (SMEs), these innovations are thrilling, but they are also putting additional pressure due to limited resources (e.g. people and technical capacity) to use AI applications in an ethical and compliant way. Responsible AI requires not only the technology but also clear and actionable means of incorporating transparency, fairness, and accountability in the use of that technology. The AI Governance Toolkit for SMEs aims to provide clear and actionable ways to do this, offering simple instructions, adaptable templates, and actionable steps that can help organisations use AI systems in a responsible, confident, and sustainable way.

The toolkit includes:

  • Readiness test/self-assessment to provide a clear understanding for the company's leaders on where they stand in the AI Governance process and guide them on where to begin.
  • 3 Templates on policy implementation, risk assessment and transparency & accountability. Each template aims to create a space for company leaders to reflect on their actions, particularly on issues such as data processing, regulatory compliance, risk analysis, bias detection and responsibilities in the AI Governance process. All templates consist of some questions to be answered and an explanation of significant concepts for a smooth implementation of the toolkit and understanding AI governance.
  • Quick implementation manual aiming to create tailored guidance for the company leaders on literacy and implementation of each template.
  • Environmental impacts for SMEs section that will cover the Carbon Emission calculation of the company. This section is deemed essential for SMEs to take into consideration while utilization of AI has been associated with unsustainability.
  • Use cases aiming to showcase AI governance risk in various industries. Companies may review the prepared use cases that most resemble their own AI system and/or the industry they are currently operating in to understand the potential risks posed by AI in governance.

Table 3.Incident types, examples, and actions required based on their urgency level in AI governance.

Quick Implementation Manual

This quick AI Readiness Test aims to help SMEs evaluate their status or level of preparedness for adopting AI. The test covers key areas, including data, governance, and risk.

Answer the 20 self‑assessment questions in the AI Governance Readiness Test as Step 0.

Step 1: Start with Template 2: Reflective AI Risk Awareness Checklist.

Step 2: Use the risk colour to prioritise Template 1 and Template 3.

Step 3: Book weekly 15-minute AI governance huddles.

Please visit the Interactive Quick Implementation Manual

Important Notice: The Quick Implementation Manual provides an illustrative framework to help SMEs explore responsible AI management practices.

The suggested steps and timelines are for general awareness and learning purposes only and may not fit every organisational context. Following these steps does not imply or guarantee compliance with any law, regulation, or standard.

Users are encouraged to adapt the materials to their own needs and consult professional advisors for legal or technical matters.