It’s easy to say “we want ethical AI.” It’s harder to operationalise it. Looking at assurance checklists, a few themes always stand out: • User access management: Who can touch training data, and how often are permissions reviewed? • Vulnerability management cadence: Are model security checks monthly, quarterly, or ad-hoc? • Explainability logging: Is every model decision traceable back to inputs and assumptions? • Sustainability: Do we measure compute costs and energy us