Corporate Boards Must Overhaul Governance for AI, NACD Urges in 2025 Report
What happened
The National Association of Corporate Directors (NACD) published Tuning Corporate Governance for AI Adoption in November 2025, urging U.S. corporate boards to modernize legacy governance frameworks to address the risks and oversight demands of enterprise AI adoption. The report identifies AI governance as a continuous board-level function rather than a one-time compliance exercise. NACD cites real-world incidents involving deepfakes, data leaks, and algorithmic bias as evidence of the consequences of inadequate board oversight. The report recommends that boards establish ongoing monitoring and adjustment mechanisms rather than relying on static policies. For enterprise compliance teams, the report signals growing expectations from institutional governance bodies that AI risk management will be embedded at the highest levels of corporate leadership, with implications for audit committee charters, risk reporting structures, and executive accountability frameworks.
Why it matters
- ·Regulatory exposure is increasing as board-level AI oversight is being reframed as a fiduciary responsibility, meaning organizations without documented AI governance structures at the board level may face heightened scrutiny from regulators and institutional investors.
- ·Operationally, the shift from static AI policies to continuous monitoring and adjustment mechanisms requires compliance teams to build ongoing review cadences, update audit committee charters, and integrate AI risk reporting into existing enterprise risk management workflows.
- ·Organizationally, the report raises the risk that inadequate board oversight of AI incidents such as deepfake fraud, data leaks, and algorithmic bias could be treated as governance failures, creating personal accountability exposure for directors and executives.
Governance controls affected
What to do now
- ☐Review and update audit committee charters to explicitly include AI risk oversight as a standing agenda item and fiduciary responsibility.
- ☐Establish a board-level AI risk reporting cadence that covers incidents, drift, bias findings, and emerging threats on at least a quarterly basis.
- ☐Map existing AI governance policies against the NACD continuous monitoring framework to identify gaps where static policies must be replaced with dynamic review processes.
- ☐Assign executive accountability for AI governance outcomes and document escalation paths that connect compliance teams to board-level oversight structures.
- ☐Conduct a tabletop exercise simulating a board-level AI incident scenario, such as a deepfake fraud event or algorithmic bias complaint, to stress-test current escalation and disclosure procedures.
What to watch next
Compliance teams should monitor whether the Securities and Exchange Commission or other U.S. regulatory bodies issue guidance that formally incorporates board-level AI oversight into disclosure or fiduciary duty requirements, building on signals from the NACD report. Enforcement patterns related to AI-driven incidents, particularly those involving deepfakes and data leaks, should be tracked as potential precedents for director liability. Organizations should also watch for updates to institutional investor proxy voting guidelines that may begin scoring board AI competency as a governance quality metric.