AI Incidents Rose 26% From 2022 to 2023, NACD Guidance Urges Boards to Adapt Oversight
What happened
The National Association of Corporate Directors published Tuning Corporate Governance for AI Adoption in January 2025 as part of its 2025 Governance Outlook series, directing its guidance at US corporate boards and the directors who serve on them. The document identifies hallucinations, data privacy vulnerabilities, and algorithmic bias as the primary AI-specific risk categories requiring dedicated board-level attention. It grounds these concerns in quantitative data from the AI Incident Database, which recorded a 26 percent year-over-year increase in AI incidents between 2022 and 2023. Preliminary 2024 figures cited in the document indicate the trend is accelerating, with incidents expected to have grown by more than 32 percent. The guidance stops short of prescribing specific oversight structures but frames the core challenge as a mismatch between legacy corporate governance mechanisms and the pace of AI-related risk, calling on boards to actively adapt rather than apply existing frameworks by analogy.
Why it matters
- ·Regulatory exposure is increasing as boards that fail to demonstrate active AI risk oversight may face heightened scrutiny from regulators and institutional investors who are treating AI governance as a fiduciary matter rather than a technical concern.
- ·Operationally, the accelerating incident rate documented by the AI Incident Database signals that organizations relying on existing risk management frameworks without AI-specific adaptations are likely underestimating their exposure to hallucinations, bias events, and data privacy failures.
- ·Organizationally, the guidance creates a reputational risk for companies whose boards cannot demonstrate familiarity with AI incident trends, as the NACD is positioning AI risk oversight as a core competency expectation for directors at US corporations.
Governance controls affected
What to do now
- ☐Map your organization's current AI risk classification process against HOC-001 to identify gaps that board-level oversight mechanisms are not yet addressing.
- ☐Brief the board or relevant board committee on AI incident trends using the AI Incident Database figures cited in the NACD guidance as a benchmark for your own incident tracking.
- ☐Review your AI incident response playbook under IRC-001 to confirm it covers hallucination events, bias incidents, and data privacy failures as distinct severity categories.
- ☐Assess whether existing bias and fairness monitoring controls under MON-003 are generating reportable outputs suitable for board-level consumption on a regular cadence.
- ☐Document the board's AI oversight mandate explicitly in governance charters or risk committee terms of reference to align with the NACD's framing of AI oversight as a core director responsibility.
What to watch next
Compliance teams should monitor whether the NACD follows this guidance with more prescriptive recommendations on board committee structures or director competency standards for AI oversight, as the current document deliberately avoids structural mandates. Teams should also track whether US securities regulators reference incident rate data or NACD guidance in future disclosure rulemaking related to AI risk. The accelerating incident figures for 2024, once formally published by the AI Incident Database, are likely to intensify pressure on boards and may prompt institutional investors to introduce AI governance criteria into proxy voting policies.