Board-Level AI Safety Committee Charter
Establish a dedicated board-level committee with fiduciary responsibility for AI safety oversight, distinct from the operational AI governance committee, with defined authority over high-consequence AI risk decisions.
Objective
Ensure the board has a formal mechanism for discharging its fiduciary duty to oversee AI safety at the enterprise level, with sufficient authority, independence, and expertise to provide meaningful oversight of management's AI safety posture.
Maturity Levels
Initial
AI safety oversight at the board level is handled ad hoc by the full board or delegated entirely to management with no structured board review.
Developing
An existing board committee (risk or audit) has nominally added AI safety to its mandate, but without dedicated time, defined information flows, or specific authority.
Defined
A formal board committee charter defines AI safety oversight responsibilities, composition requirements, information rights, and escalation authority. The committee meets at least quarterly.
Managed
The committee reviews AI safety metrics, material incidents, and deployment decisions for the highest-risk systems. It has authority to request independent expert review of management's AI safety assessments. Findings are reported to the full board annually.
Optimizing
The committee includes at least one director with AI safety expertise or engages a standing external AI safety advisor. It commissions independent red-team assessments of frontier or high-consequence AI systems on a defined cadence.
Evidence Requirements
What an auditor or assessor would expect to see for this control.
- —Board committee charter approved by the full board, covering scope, composition, information rights, authority, and meeting cadence.
- —Committee meeting minutes for the past 12 months showing attendance and material topics reviewed.
- —Annual report to the full board from the committee summarizing AI safety posture and material issues reviewed.
Implementation Notes
Key steps
-
Determine whether to create a standalone AI safety committee or to formally assign AI safety oversight to an existing committee (risk or audit) with a charter amendment.
Standalone committee: appropriate for organizations with frontier AI systems, significant agentic AI deployment, or high public profile AI risk exposure. Signals governance seriousness to regulators and investors.
Existing committee extension: appropriate for most organizations. Less resource-intensive but requires the charter to carve out dedicated time and specific information rights for AI safety.
-
Draft the charter covering:
- Scope: What falls within AI safety oversight (catastrophic failure risk, agentic system risk, dual-use risk, regulatory safety obligations).
- Composition: Required director qualifications. At least one member should have technology, risk management, or AI-adjacent expertise.
- Information rights: What management must provide to the committee and when (pre-deployment safety assessments for high-consequence systems, post-incident reports within defined timelines, red-team results).
- Authority: What the committee can decide vs. recommend to the full board. At minimum: authority to pause deployment of a high-consequence AI system pending safety review.
- External resources: Authority to engage independent AI safety experts without management pre-approval.
-
Distinguish this committee from the operational AI Governance Committee (BRD-002). The board committee provides fiduciary oversight; the management committee provides day-to-day governance.
Fiduciary framing
Directors owe duties of care and loyalty to the company. As AI systems take on consequential roles, regulators and plaintiffs' counsel are increasingly examining whether boards exercised reasonable oversight of AI-related risks. A formal committee with documented information flows and decision records is the primary evidence of that oversight.
Example Implementation
Board AI Safety Committee Charter (excerpt)
1. Purpose The AI Safety Committee (the Committee) assists the Board of Directors in discharging its fiduciary oversight responsibility for enterprise AI safety. It provides independent board-level oversight of management's AI safety program, with particular focus on high-consequence and frontier AI systems.
2. Composition Three or more independent directors. At least one member must have expertise in technology, cybersecurity, risk management, or a field materially relevant to AI safety. The Chief AI Officer and General Counsel attend as management observers.
3. Information rights Management must provide to the Committee:
- Pre-deployment safety assessment for any AI system classified as high-consequence, no later than 14 days before deployment.
- Post-incident report for any Severity 1 AI incident within 10 business days of resolution.
- Red-team assessment results for frontier or high-consequence systems within 30 days of completion.
- Quarterly AI safety metrics dashboard.
4. Authority The Committee may: (a) request independent expert review of any management AI safety assessment; (b) recommend to the full Board that deployment of a specific high-consequence system be paused pending additional safety review; (c) commission an independent red-team assessment of any AI system at its discretion.
5. Meeting cadence: Quarterly; extraordinary session within 5 business days of a Severity 1 incident or material regulatory action related to AI safety.