AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

← News

AI Incidents Up 32% in 2024, NACD Urges Boards to Strengthen Oversight Structures

What happened

The National Association of Corporate Directors (NACD) has published its 2025 Governance Outlook, a guidance document directed at corporate boards across the United States calling for strengthened AI oversight structures in response to a measurable rise in AI-related incidents. Drawing on data from the AI Incident Database, the NACD reports that AI incidents increased 26% between 2022 and 2023, followed by a further increase exceeding 32% in 2024. The guidance identifies hallucinations, bias, and data privacy failures as the primary risk categories driving this trend. In response, the NACD calls on boards to implement updated governance frameworks and reporting structures that provide directors with meaningful visibility into AI risk. Although the document is non-binding, NACD guidance carries significant weight among directors and institutional investors who use it as a benchmark for evaluating governance adequacy.

Why it matters

  • ·Regulatory exposure: Although non-binding, NACD guidance is used by institutional investors and regulators as a benchmark for governance adequacy, meaning organizations that lack board-level AI oversight documentation may face heightened scrutiny during regulatory inquiries or investor reviews.
  • ·Operational impact: The identification of hallucinations, bias, and data privacy failures as primary risk areas signals that organizations must operationalize monitoring and mitigation controls for these specific categories, not treat AI risk as a single undifferentiated concern.
  • ·Organizational risk: The shift of AI oversight from an operational concern to a board-level accountability expectation means compliance and risk teams must establish clear escalation pathways to senior leadership, creating structural and resourcing obligations that many organizations have not yet addressed.

Governance controls affected

What to do now

  • Audit current board reporting materials to determine whether AI risk is explicitly surfaced and whether named accountability owners are identified for each primary risk category.
  • Establish or update a responsible AI policy that addresses the three risk areas named by the NACD: hallucinations, bias, and data privacy failures, with defined escalation pathways to the board.
  • Map existing AI governance controls to board-level visibility requirements and identify gaps where incident data, bias assessments, or privacy failures are not currently reported upward.
  • Prepare documentation demonstrating board engagement on AI risk that can be produced in response to regulatory inquiry, investor scrutiny, or an AI-related incident.
  • Review and strengthen the AI incident response playbook to ensure it includes escalation procedures that reach board level for incidents meeting defined severity thresholds.

What to watch next

Compliance teams should monitor whether the Securities and Exchange Commission or state-level regulators in the United States begin referencing NACD guidance as an informal standard when evaluating board-level AI governance adequacy in disclosure reviews or enforcement actions. The continued rise in AI incident volumes tracked by the AI Incident Database suggests that incident-driven regulatory and investor pressure on boards is likely to intensify through 2025, making the maturity of escalation and reporting structures an increasingly visible governance metric. Teams should also watch for follow-on NACD publications or peer governance body guidance that may further specify director competency expectations or required reporting cadences for AI risk.

Related Coverage

Research2026-06-15

S&P Global Report Frames AI Governance as a Principle-Based Risk Discipline, Raising the Bar for Enterprise Compliance Programs

S&P Global has published a research report titled 'The AI Governance Challenge,' arguing that enterprise AI governance should be anchored in five core principles: transparency, fairness, privacy, adaptability, and accountability. The report documents common organizational practices including ethical review boards, impact assessments, algorithmic transparency mechanisms, and risk-focused controls. Its findings map directly to compliance, model governance, and privacy programs across industries.

Research2026-07-03

NACD Board AI Governance Guide Puts Director Competency and ERM Integration at the Center of Oversight Accountability

The National Association of Corporate Directors (NACD) has published 'Director Essentials: Implementing AI Governance,' a practical guide establishing what boards must do to govern AI responsibly at the enterprise level. The guide calls on directors to integrate AI risk into enterprise risk management frameworks, assess their own AI competency, update committee charters, and establish AI-specific KPIs. Compliance teams can use the guidance to benchmark board-level accountability structures and identify gaps in governance program design.

Research2026-06-26

Board Oversight Gaps Exposed: Diligent's AI Governance Guide Maps Three Lines of Defense, Fairness Audits, and EU AI Act Alignment for Directors and Audit Leaders

Diligent has published a practitioner-focused guide titled 'AI Governance: A Guide for Boards, Risk and Audit Leaders' that outlines how organizations should structure board oversight of AI, apply a three-lines-of-defense model, conduct fairness and bias audits, and assess third-party AI risk. The guide explicitly maps recommendations to the EU AI Act, NIST AI RMF, and OECD AI Principles. It provides concrete steps for defining leadership accountability and establishing cross-functional AI ethics committees.