AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

← News

AI Incidents Surged Over 32% in 2024, NACD Guidance Urges Boards to Adapt Oversight Frameworks

Source

Tuning Corporate Governance for AI Adoption

National Association of Corporate Directors (NACD)

What happened

The National Association of Corporate Directors (NACD) has published Tuning Corporate Governance for AI Adoption as part of its 2025 Governance Outlook series, targeting US-based corporate boards. The guidance presents a structured approach for directors to refine existing oversight mechanisms rather than build entirely new governance structures from scratch, emphasizing integration of AI considerations into established risk, audit, and reporting frameworks. Two key data points anchor the document: a 26% year-over-year increase in AI incidents from 2022 to 2023, followed by an acceleration to more than 32% growth in 2024. The NACD specifically directs boards to assess how AI deployment shifts company-wide risk profiles and to define clear escalation and reporting pathways between management and the board. The guidance also aligns with emerging ISO 42001 implementation practice, which similarly encourages integration of AI management into established organizational systems rather than siloed programs.

Why it matters

  • ·Boards at US-listed companies face growing regulatory exposure as the SEC has signaled expectations around material risk disclosure, making the absence of structured board-level AI oversight a potential disclosure liability rather than merely a governance gap.
  • ·The documented acceleration in AI incident rates, exceeding 32% growth in 2024, means operational risk profiles are shifting faster than most governance frameworks have been updated, creating tangible gaps in incident escalation, model monitoring, and third-party vendor oversight.
  • ·Organizations without formally documented AI reporting lines and risk classification processes face organizational risk during shareholder engagement seasons and regulatory inquiries, particularly in sectors subject to California, Colorado, or federal financial and healthcare AI requirements.

Governance controls affected

What to do now

  • Formally embed AI risk into the existing enterprise risk management cycle and document board reporting lines before the next governance review or shareholder engagement season.
  • Produce a current-state inventory of all AI systems in production and map each system against the company's existing risk tolerance thresholds to support board-level reporting with specificity.
  • Audit existing incident response and escalation procedures to confirm they explicitly cover AI-specific failure modes including model drift, data integrity failures, and third-party AI vendor incidents.
  • Review board reporting on AI for organizations subject to SEC disclosure obligations or state-level transparency laws in California and Colorado to assess whether frequency and specificity meet emerging regulatory and investor expectations.
  • Engage legal, risk, and technology teams jointly to evaluate whether current AI governance structures reflect the NACD and ISO 42001 principle of integration into established organizational systems rather than parallel or siloed programs.

What to watch next

Compliance teams should monitor whether the SEC issues further guidance or enforcement actions clarifying materiality thresholds for AI-related risk disclosures, as board-level accountability expectations are likely to sharpen in 2025. Ongoing rulemaking and enforcement patterns in California and Colorado regarding AI transparency obligations will also be relevant for organizations operating across multiple US jurisdictions. Teams should additionally track updates to ISO 42001 implementation guidance and any NACD follow-on publications that may provide more granular board reporting templates or incident classification frameworks.

Related Coverage

Research2026-06-15

S&P Global Report Frames AI Governance as a Principle-Based Risk Discipline, Raising the Bar for Enterprise Compliance Programs

S&P Global has published a research report titled 'The AI Governance Challenge,' arguing that enterprise AI governance should be anchored in five core principles: transparency, fairness, privacy, adaptability, and accountability. The report documents common organizational practices including ethical review boards, impact assessments, algorithmic transparency mechanisms, and risk-focused controls. Its findings map directly to compliance, model governance, and privacy programs across industries.

Standards2026-06-30

Academic Framework Proposes 7-Day Public Reporting Window for Tier 3 Agentic AI Incidents, Raising the Bar for Enterprise Anomaly Detection

A paper published on SSRN titled 'Transparent Real-Time Governance of Agentic AI Systems' proposes a tiered incident governance framework that would require AI Offices and National Authorities to publish public summaries of significant agentic AI events, including near-misses and blocked misuse attempts, within seven days of a Tier 3 classification. The framework targets agentic AI systems operating with meaningful autonomy and sets specific detection and reporting expectations for enterprise operators. Compliance teams deploying agentic AI should treat this as an early signal of the reporting granularity regulators may soon demand.

Research2026-06-23

Municipal Algorithm Registers Offer Enterprise Compliance Teams a Practical Inventory Benchmark

A CIDOB research paper published in February 2025 documents how cities are implementing algorithm lifecycle governance through centralized registers that combine risk assessment, mandatory audits for high-risk systems, and public transparency mechanisms. The research presents a structured model covering the full lifecycle from intake through retirement. For enterprise compliance teams, the municipal register architecture provides a concrete operational template as regulators increasingly require auditable AI system inventories.