THE Institute of Directors Zimbabwe (IoDZ) is developing a board-level artificial intelligence (AI) governance framework tailored to the Zimbabwean context.
The initiative comes as Zimbabwe rolls out its National Artificial Intelligence Strategy (2026–2030), launched in March.
It is aimed at promoting the development, adoption and regulation of AI technologies while accelerating economic growth, innovation and digital transformation across key sectors.
In an interview with businessdigest, IoDZ acting chief executive officer Farai Mandungumana said the framework would align with international standards, while addressing Zimbabwe’s regulatory and institutional realities.
“We are currently developing a board level AI governance framework tailored to the Zimbabwean context — one that is grounded in internationally recognised standards such as the OECD (Organisation for Economic Co-operation and Development) AI Principles and NIST AI Risk Management Framework but adapted to our regulatory and institutional realities,” he said.
The NIST AI Risk Management Framework is an internationally recognised standard intended for voluntary use to improve the incorporation of trustworthiness considerations into the design, development, use and evaluation of AI products, services and systems.
The OECD AI Principles are globally-recognised guidelines designed to promote the development, deployment and use of artificial intelligence that is innovative, trustworthy and respectful of human rights and democratic values.
Mandungumana said the framework would focus on three key areas. These are policy guidance, data governance and accountability.
- Harvest hay to prevent veldfires: Ema
- Public relations: How artificial intelligence is changing the face of PR
- Queen Lozikeyi singer preaches peace
- Public relations: How artificial intelligence is changing the face of PR
Keep Reading
“The framework will address three areas boards have told us they need most urgently. First, a clear policy template for acceptable use of AI tools by board members and executives, including the free consumer-grade tools many directors are already using,” he said.
“Second, data governance principles covering what information may and may not be processed through external AI platforms — particularly sensitive board pack content — and third, a disclosure and accountability structure that clarifies what boards should be asking management to report.”
He said IoDZ was targeting the release of a consultation draft in the third quarter, with member input to be incorporated before the framework is finalised.
“The goal is not to be prescriptive, but to give boards a defensible, principled starting point they can adapt to their own sector and risk appetite,” Mandungumana said.
He said the shift from awareness to action should become evident through a marked increase in boards placing AI and cyber risk on their agendas and defining accountability over the next 12 months.
“First, we anticipate a significant uptick in boards formally placing AI and cyber risk on their standing agendas — not as a once-a-year technology update, but as a recurring governance item with the same rigour applied to financial risk,” Mandungumana said.
“Second, we expect organisations to begin conducting structured AI and cyber risk audits, many of them for the first time. Third — and this is perhaps the most important signal — we expect boards to begin defining accountability. Who on the board owns AI risk oversight? What does management report, and how often?”
According to IoDZ, directors with formal AI or cybersecurity expertise remain a relatively small cohort across Zimbabwe’s corporate and parastatal sectors.
