AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

Board & Executive Governance
BRD · Board & Executive GovernanceBRD-004Medium effort

AI Governance ESG and Investor Disclosure

Establish a structured process for disclosing AI governance maturity, AI-related risk management, and AI safety posture to shareholders, institutional investors, and ESG rating agencies.

Objective

Ensure the organization provides accurate, consistent, and decision-relevant information about its AI governance program to investors and ESG evaluators, reducing disclosure risk while positioning AI governance as a source of enterprise value.

Maturity Levels

1

Initial

AI governance is not mentioned in investor communications. ESG questionnaires that include AI governance questions are answered ad hoc.

2

Developing

AI governance is referenced in the annual report or proxy statement in general terms, but there is no structured disclosure process and responses to investor questionnaires are inconsistent.

3

Defined

A structured AI governance disclosure process exists. The annual report and proxy statement include a dedicated AI governance section. ESG questionnaire responses are reviewed by Legal and the AI governance function before submission.

4

Managed

AI governance disclosure is aligned with the board's internal view of AI risk and maturity. Material discrepancies between internal assessments and public disclosures are reviewed by Legal and the audit committee. Investor engagement on AI governance topics is coordinated.

5

Optimizing

The organization engages proactively with institutional investors on AI governance. Disclosure is benchmarked against peer organizations and leading-practice standards (SASB, GRI, TCFD analogs for AI). Material improvements in AI governance maturity are disclosed proactively.

Evidence Requirements

What an auditor or assessor would expect to see for this control.

  • AI governance section in the most recent annual report or proxy statement.
  • ESG questionnaire response log showing review and sign-off for the past 12 months.
  • AI governance investor briefing document reviewed by Legal and the Chief AI Officer.

Implementation Notes

Key steps

  • Inventory all disclosure channels where AI governance is or should be addressed: annual report, proxy statement, 10-K risk factors, 8-K material events, ESG report, CDP/Sustainalytics/MSCI questionnaires, investor day presentations, earnings call Q&A.

  • Define what the organization will disclose about its AI governance program:

    • Governance structure: board committee, management committee, reporting lines.
    • Risk management: how AI risks are identified, assessed, and mitigated.
    • Maturity: high-level maturity assessment result or program status.
    • Regulation: key applicable AI regulations and compliance status.
    • Incidents: material AI incidents and governance response (subject to legal review).

  • Establish a review process: AI governance disclosures should be reviewed by the Chief AI Officer, General Counsel, and investor relations before publication. Material changes should be reviewed by the audit committee.

  • Coordinate ESG questionnaire responses: many ESG rating agencies (MSCI, Sustainalytics, ISS) now include AI governance questions. Ensure responses are accurate, consistent with other public disclosures, and reviewed before submission.

  • Prepare a briefing document for investor relations staff covering AI governance talking points, common investor questions, and approved responses.

What investors are asking

Institutional investors increasingly ask about: board AI expertise, AI risk management framework, AI incident history, regulatory exposure, and alignment between AI strategy and AI risk management. Prepare for these questions before they arise.

Example Implementation

AI Governance Proxy Statement Disclosure (example)

AI Governance Oversight

The Board of Directors oversees enterprise AI risk through its AI Safety Committee, a standing board committee composed of three independent directors. The AI Safety Committee meets quarterly and receives management reports on AI safety posture, high-risk system deployments, and material AI incidents.

Day-to-day AI governance is the responsibility of the AI Governance Committee, a cross-functional management body chaired by the Chief AI Officer. The AI Governance Committee is accountable for the organization's AI governance framework, including the controls described below.

AI Risk Management

The organization has implemented a tiered AI risk classification system (see Human Oversight Controls). AI systems classified as high-risk are subject to pre-deployment safety assessment and board committee review before go-live.

Regulatory Compliance

The organization is subject to [applicable regulations]. Our compliance program is described in the Annual Report under Risk Factors. We are monitoring [emerging regulations] and have assessed their potential impact on our AI deployments.

Material AI Incidents

[Disclose if applicable, subject to legal review. If no material incidents: 'No material AI incidents occurred in [year] that were required to be disclosed under applicable regulations.']

Control Details

Control ID
BRD-004
Typical owner
Investor Relations / General Counsel / Chief AI Officer
Implementation effort
Medium effort
Agent-relevant
No

Tags

ESGinvestor disclosureAI governance reportingshareholder reportingproxy statement

Mapped Regulations

SEC AI Governance Guidance

Related Controls

HOC-007Board AI Risk Reporting and Escalation ThresholdsBRD-002AI Governance Committee Charter and Decision RightsBRD-005AI Governance Maturity AssessmentCMP-001Multi-Jurisdiction AI Regulatory Compliance Mapping