AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

← News
Research2025-05-30

Harvard Law Review Finds OpenAI and Anthropic Governance Structures May Fail to Prevent Unsafe Incentives

Source

Amoral Drift in AI Corporate Governance

Harvard Law Review

Via Harvard Law Review

What happened

On May 30, 2025, the Harvard Law Review published Amoral Drift in AI Corporate Governance, a detailed legal analysis of the governance architectures at OpenAI and Anthropic, two of the most commercially significant frontier AI developers operating in the United States. The article examines OpenAI's capped-profit model and its reconstituted board following the November 2023 governance crisis, as well as Anthropic's public benefit corporation design and long-term benefit trust. The authors argue that while these mechanisms were designed to prioritize safety over shareholder returns, they may still leave boards with outsized and poorly constrained discretion, and may not create enforceable accountability when safety commitments conflict with commercial incentives. The analysis applies U.S. corporate law principles, focusing on fiduciary duties owed by directors and the degree to which stakeholder-oriented structures can be legally enforced against directors who favor growth-oriented decisions. The article connects to broader regulatory trends, including California SB 53 and the EU AI Act's GPAI provisions, which push for external accountability mechanisms in response to perceived structural unreliability in internal frontier model governance.

Why it matters

  • ·Regulatory exposure: Legislators and regulators behind frameworks such as the EU AI Act's GPAI provisions and California SB 53 may use findings like these to justify imposing external accountability requirements on frontier AI developers, which could affect enterprise obligations tied to those vendors.
  • ·Operational impact: Enterprise compliance teams that rely on vendor safety commitments from OpenAI or Anthropic as inputs to their own AI risk assessments may be overstating the durability of those commitments, given that the underlying board governance structures carry structural legal uncertainty.
  • ·Organizational risk: Boards at large enterprises with formal AI oversight responsibilities may face heightened scrutiny if they have not documented and escalated AI vendor governance risk, particularly where dependency on frontier model providers is material to high-risk applications.

Governance controls affected

CMP-008Federal AI Regulatory Monitoring and Pre-Deployment VettingCMP-010AI Use in Regulatory Reporting and Risk ModelingHOC-001AI Risk ClassificationHOC-006Escalation Path for AI DecisionsPRC-001Third-Party AI Risk AssessmentPRC-002AI Vendor Contract RequirementsPRC-004Vendor Incident Notification Requirements

What to do now

  • Revise third-party AI vendor due diligence questionnaires to include a governance tier that requests evidence of how safety-related board decisions are documented, escalated, and made enforceable at foundation model providers.
  • Update AI model registry entries for applications using OpenAI or Anthropic APIs in high-risk contexts to flag that vendor safety commitments carry structural legal uncertainty as identified by the Harvard Law Review analysis.
  • Escalate AI vendor governance risk to board-level review for enterprises with formal AI oversight responsibilities, and ensure the discussion and any conclusions are recorded in board minutes as part of audit-ready AI documentation.
  • Review existing AI vendor contracts with frontier model providers to assess whether contractual representations on safety and reliability are independently enforceable, independent of the vendor's internal board governance.
  • Identify and document the gap in current third-party AI risk frameworks regarding enterprise-level assessment of a foundation model vendor's internal board accountability and fiduciary enforceability, and assign ownership for closing that gap.

What to watch next

Compliance teams should monitor whether U.S. federal or state regulators cite academic analyses of this kind as justification for introducing mandatory external governance requirements for frontier AI developers, particularly in any forthcoming federal AI legislation or state-level rulemakings following California SB 53. Teams should also track whether OpenAI's ongoing corporate restructuring or Anthropic's public benefit corporation status attract formal regulatory scrutiny that could alter vendor risk profiles. Any enforcement actions or guidance from the FTC or state attorneys general regarding AI developer governance would serve as a significant signal that vendor due diligence standards need to be updated promptly.