Comment by aforwardslash

He may not actually have the authority for it; Imagine you're a cto receiving this request - you don'respond to the ceo, but to the administration board instead, just like the ceo.

In fact, if you were a cto and you carried out this request without any kind of due diligence or vetting, you'd probably be legally and criminally liable for it.

The same applies to anyone under the cto management (so basically all IT); they don't respond to the ceo, their top boss is the cto. I know, in smaller companies, where the ceo is also the owner, there is a tendency to confuse the boundaries of the roles - in my experience, it is up to the cto to politely deny these requests and educate the ceo on the "why"; if he still wants to move forward, he can hire another cto