AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

← News

Only One-Third of S&P 100 Companies Disclose Both Board AI Oversight and Formal Policies, Harvard Law Finds

What happened

A Harvard Law School analysis of 2025 proxy statements from S&P 100 companies, published at US AI Oversight Through Three Lenses: Investor Expectations, the S&P 100, and Company-Specific Analysis, found that 54% of those companies disclose board-level AI oversight, yet only one-third disclose both board oversight structures and formal AI policies. Among companies reporting board oversight, 63% assign that responsibility to specific committees rather than the full board. The research further documents that US institutional investors are raising expectations for formalized AI governance, with 46% favoring board or committee-based oversight mechanisms. The findings establish a de facto market benchmark against which S&P 100 companies and their peers are increasingly being measured by investors and regulators. The SEC and institutional shareholders are identified as intensifying scrutiny of AI risk management disclosures, making the gap between current practice and emerging norms a material governance concern.

Why it matters

  • ·Companies lacking both a documented board oversight structure and a formal AI policy face growing regulatory exposure as the SEC increases scrutiny of AI risk management disclosures in proxy filings.
  • ·The findings set a concrete operational benchmark: compliance and governance teams at public companies must now evaluate their proxy disclosures against S&P 100 peer norms or risk being visibly out of step with market standards.
  • ·Institutional investors representing significant ownership stakes are formalizing expectations for AI governance structures, creating organizational risk for boards that have not yet assigned clear AI oversight responsibility to a named committee or body.

Governance controls affected

What to do now

  • Audit current proxy statement disclosures to confirm whether both a board or committee-level AI oversight structure and a formal AI policy are explicitly documented and publicly disclosed.
  • Map AI risk oversight responsibilities to a specific board committee and record that assignment in governance charters and proxy filings to align with the 63% committee-assignment practice among disclosing S&P 100 peers.
  • Review and update the formal AI policy to ensure it addresses risk classification, oversight accountability, and escalation paths that satisfy institutional investor expectations as documented in the Harvard Law analysis.
  • Engage investor relations and legal counsel to assess whether current AI governance disclosures meet the emerging expectations of the 46% of institutional investors favoring board or committee-based oversight mechanisms.
  • Establish an internal benchmarking process that compares the company's AI governance disclosures against S&P 100 peer disclosures on an annual proxy cycle basis.

What to watch next

Compliance teams should monitor the SEC for any forthcoming guidance or rulemaking that formalizes AI risk management disclosure requirements in proxy statements, as the Harvard Law findings signal that current voluntary disclosure norms may be a precursor to mandatory standards. Institutional investor voting guidelines for the 2026 proxy season warrant close attention, particularly from major asset managers who may begin conditioning votes on the presence of both board oversight structures and formal AI policies. Enforcement patterns related to AI-related material omissions in public company disclosures should also be tracked as a leading indicator of the SEC's evolving expectations.

Related Coverage

Research2026-06-15

S&P Global Report Frames AI Governance as a Principle-Based Risk Discipline, Raising the Bar for Enterprise Compliance Programs

S&P Global has published a research report titled 'The AI Governance Challenge,' arguing that enterprise AI governance should be anchored in five core principles: transparency, fairness, privacy, adaptability, and accountability. The report documents common organizational practices including ethical review boards, impact assessments, algorithmic transparency mechanisms, and risk-focused controls. Its findings map directly to compliance, model governance, and privacy programs across industries.

Research2026-06-02

UC Berkeley CLTC Case Studies Name Microsoft AETHER and OpenAI Staged Release as Governance Blueprints for Enterprise AI Accountability

The Center for Long-Term Cybersecurity at UC Berkeley published a research report examining three concrete examples of organizations operationalizing AI ethics principles: Microsoft's AETHER Committee, OpenAI's staged release model, and the OECD AI Policy Observatory. The report identifies standing review bodies, release gating, and structured documentation as the core mechanisms that translate abstract AI principles into enforceable organizational accountability. Compliance teams can use these documented patterns to benchmark and strengthen their own AI governance programs.

Research2026-05-30

Governance Before Deployment: Databricks Makes the Case for Architecture-First AI Control Programs

Databricks has published implementation guidance arguing that AI governance must be embedded into system architecture, identity controls, and continuous evaluation pipelines from the outset, rather than appended after deployment. The guidance covers agentic AI identity management, bias and accuracy monitoring, and cross-functional collaboration between risk, security, and technical teams. It is positioned as a practitioner framework for enterprise organizations building or scaling AI programs.