AI GOVERNANCE & COMPLIANCE · SERVICENOW AI CONTROL TOWER · IRM / GRC · ENTERPRISE SERVICE MANAGEMENT · PROCESS RE-ENGINEERING · EU AI ACT · ISO/IEC 42001 · UK GDPR & DPIAs · AI GOVERNANCE & COMPLIANCE · SERVICENOW AI CONTROL TOWER · IRM / GRC · ENTERPRISE SERVICE MANAGEMENT · PROCESS RE-ENGINEERING · EU AI ACT · ISO/IEC 42001 · UK GDPR & DPIAs ·
DSIT AIME · 6 min read

AIME Explained: The UK Government's Free AI Governance Tool

Published May 2026 Nimble AI Solutions DSIT, AIME, ISO 42001, NIST

DSIT's AI Management Essentials is the most useful AI governance tool most SMEs have never heard of. It's free, it's UK government-backed, and it gives you a credible answer to the question "where do we start?". Here's what it is, what it isn't, and how to actually use it.

What is AIME?

AI Management Essentials (AIME) is a self-assessment tool published by the UK's Department for Science, Innovation and Technology. It's specifically designed for small and medium-sized enterprises that are using or deploying AI but don't have the budget or appetite for a full ISO certification programme.

Crucially (and this is the credibility hook), DSIT explicitly built AIME on three reference frameworks: ISO/IEC 42001:2023 (the international AI management system standard), the EU AI Act, and the NIST AI Risk Management Framework. So when you adopt AIME, you're not adopting an obscure local checklist. You're adopting a simplified version of the three most influential AI governance frameworks in the world, distilled into something a small team can actually complete.

What AIME covers: the ten dimensions

AIME scores your organisation across ten governance dimensions. The exact wording varies as DSIT iterates, but the substance covers:

  • Fairness: do you check for bias and disparate impact?
  • Transparency: can you explain what your AI does, to whom, and why?
  • Accountability: is there a named owner for each AI system and its risks?
  • Human oversight: where AI makes decisions, are humans meaningfully in the loop?
  • Safety and robustness: does your AI behave predictably under stress?
  • Data quality and governance: do you know what data trained your AI, and what's flowing through it now?
  • Privacy: are UK GDPR and DPIA obligations covered?
  • Security: is your AI estate protected against the new threat surfaces AI creates?
  • Third-party communication: do you tell customers, candidates and suppliers what AI is doing in their interactions?
  • Continual improvement: is there a feedback loop to catch issues and learn?

For each dimension, you self-report your current maturity and identify gaps. The output is a snapshot of where you sit and what to work on next.

"AIME is a baseline self-assessment across ten governance dimensions, from fairness to third-party communication. That 'not certification, self-assessment only' gap is exactly the space a specialist consultancy fills."

What AIME isn't

Three things to be clear about before you use it.

AIME is not a certification. Nothing you do with AIME results in a certificate, a logo or a public badge. If your customers or insurers want certification, you need ISO/IEC 42001, which AIME is a sensible stepping-stone toward but is not equivalent to.

AIME doesn't audit your AI products. It evaluates the organisational processes you have in place to enable responsible AI. It says nothing about whether a specific model is biased, accurate or safe. Those are separate, technical exercises.

AIME doesn't replace legal duties. If you have UK GDPR DPIA obligations, Article 22 ADM duties, FCA SS1/23 model risk expectations or EU AI Act exposure, AIME doesn't satisfy them. It complements them.

How we use AIME with clients

The most common failure mode we see is teams trying to self-run AIME, getting stuck on what "good" looks like, and either over-scoring themselves (and getting a false sense of security) or under-scoring themselves (and getting demoralised). Neither helps.

Our AIME-based AI Governance Health Check runs the questionnaire properly: we work through each dimension with your team, calibrate against what we see across comparable East Midlands businesses, surface the gaps you'd have missed, and deliver a maturity report with a prioritised, proportionate action plan. Government framework plus our calibration equals instant board credibility.

Why this matters for marketing-claim safety

Here's the most important thing about AIME that competitors miss. The fact that DSIT itself built AIME on the EU AI Act, ISO 42001 and NIST is your single best proof point that adopting the EU framework in a UK business isn't "imposing foreign law": it's applying the framework your own government references. That argument is bulletproof to anyone's lawyer. It's also what lets us recommend the EU AI Act's risk-tiered approach to UK SMEs without crossing the line into misleading advertising.

"The UK government's own SME AI governance tool is built on the EU AI Act. So when we recommend the EU framework to a domestic UK firm, we're not imposing foreign law. We're applying the framework the UK itself uses."

The right way to start

If you have an hour, read DSIT's AIME documentation directly. If you want to put a structured score against your business, take our free 10-minute AI Readiness Scorecard, a lightweight version built on the same ten dimensions. If you want the full thing run properly, book the AIME Health Check.

Take the Free Scorecard View the AIME Health Check

Related reading

Not sure which rules apply to you? Take the free 10-minute AI Readiness Scorecard.